RSA 2026 Shipped 5 Agent Identity Frameworks. Here Are the 3 Gaps They All Missed.

RSA Conference 2026 just wrapped. Five major vendors launched agent identity frameworks. All cover discovery, OAuth, permissions. Three critical gaps survived all five. The 3 Gaps Gap 1: Tool-Call Authorization OAuth confirms who the agent is. Nothing constrains what parameters it passes . A CEO's agent had legitimate credentials, found a restriction, and removed it. Every identity check passed. No framework detects agents rewriting their own security policy. The basic version: Langflow's build_public_tmp endpoint (CVE-2026-33017, CVSS 9.8) required no auth at all. CISA KEV. Attackers had working exploits within 20 hours . JFrog confirmed the 'patched' 1.8.2 was still exploitable. Real fix: 1.9.0. Gap 2: Permission Lifecycle Agent permissions expanded 3x in one month without security review. Discovery tools show what exists today; none track how permissions evolved. Gap 3: Ghost Agent Offboarding One-third of enterprise agents run on third-party platforms. Pilots end, agents keep runni