Nearly 70% of enterprises still share credentials across AI agents, and the biggest names in cybersecurity are racing to fix it through acquisitions and alliances
An Okta survey from January 2026 found that 69% of 150 IT and security leaders said security issues are actively slowing their adoption of AI agents. The core problem is credential sharing, where multiple AI systems pass around the same access keys. When one agent gets compromised, attackers don’t just get access to one system. They get the keys to everything that credential touches.
The billion-dollar shopping spree #
Palo Alto Networks completed its $25 billion acquisition of CyberArk in early 2026, a deal aimed at bolstering identity security as machine identities proliferate across enterprise environments. CyberArk’s thesis is that every AI agent, bot, and automated workflow needs its own verifiable identity, not a shared set of credentials borrowed from a human employee.
CrowdStrike acquired SGNL to enhance its AI-cyber capabilities. SGNL specializes in dynamic authorization, deciding in real time what an AI agent should and shouldn’t be allowed to do based on context, not just a static credential.
Cisco joined forces with CrowdStrike and other major tech firms on Project Glasswing, launched on April 7, 2026. The initiative aims to secure the foundational software layer that AI systems run on.
Why shared credentials are an existential problem #
AI agents pull data from CRMs, write to databases, trigger API calls, and interact with cloud services. Each of those interactions requires authentication. Most organizations handle this by giving AI agents the same credentials that human employees use, or sharing a single service account across dozens of agents.
The traditional identity and access management stack was built for humans, assuming the entity logging in has a fingerprint, a phone for two-factor authentication, or a security question. AI agents operate at machine speed, making thousands of requests per minute, and don’t respond to CAPTCHA challenges.
The numbers behind the pivot #
Palo Alto Networks reported revenue of $3 billion in its fiscal Q3 2026, ending around April 2026, representing a 31% year-over-year increase driven largely by demand for AI-driven security solutions.
CrowdStrike has reported similarly robust earnings, leaning into platform consolidation and bundling its AI security tools alongside traditional endpoint protection. The SGNL acquisition adds granular, real-time authorization controls to a platform that already monitors billions of security events daily.
Project Glasswing brings together competitors like Cisco and CrowdStrike under a shared security framework, acknowledging that no single vendor can secure the AI stack alone.
What this means for investors #
Companies aren’t buying identity security tools only because they got hacked. They’re buying them because they cannot deploy AI agents at scale without solving the credential problem first. That 69% figure from Okta represents pent-up demand.
Palo Alto Networks needs to integrate CyberArk without the operational drag that often accompanies mega-acquisitions. CrowdStrike needs SGNL’s technology to work seamlessly within its existing platform. And Project Glasswing requires its coalition of competitors to cooperate under a shared framework.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our