Agentic AI
What it is: AI that autonomously plans and executes multi-step tasks, calling tools and making decisions without a human approving each step.
Why the buyer cares: Joint Five Eyes guidance (May 2026) requires every agentic system to carry a verified identity with short-lived credentials, turning each autonomous agent into a net-new identity governance obligation.
What to say: "How are you planning to issue and track identities for agents that can act on their own across your environment?"
Stable
AI orchestration
What it is: A coordination layer where a primary AI agent routes tasks, selects tools, and sequences work across multiple sub-agents in a single workflow.
Why the buyer cares: Joint Five Eyes agentic guidance treats the orchestrator as a privileged role whose permissions cascade to every sub-agent it delegates to, so one compromised orchestrator exposes the entire chain.
What to say: "When your orchestrator delegates to sub-agents, who controls what those sub-agents are allowed to do?"
Stable
Kill switch
What it is: A control that halts an AI agent mid-operation by revoking its identity credentials, cutting off its authorization to access systems or take further actions.
Why the buyer cares: OWASP's Top 10 for Agentic Applications ranks unchecked agent autonomy as a critical risk and prescribes credential revocation as a core containment measure.
What to say: "If an agent started taking unauthorized actions right now, how quickly could your team revoke its credentials?"
Stable
MCP (Model Context Protocol)
What it is: An open protocol under Linux Foundation governance that standardizes how AI agents connect to tools, databases, and services.
Why the buyer cares: At 97M monthly SDK downloads, MCP is becoming the default agent connection layer, but the spec lacks native enterprise auth, so agents may connect to agency systems outside your identity perimeter.
What to say: "Are agents in your environment connecting through MCP, and do those connections route through your identity provider?"
Volatile — verify as of May 2026 — modelcontextprotocol.io roadmap; enterprise auth still in-progress.
Shadow AI
What it is: AI tools and agents that employees use without IT approval or visibility — the generative-AI version of shadow IT.
Why the buyer cares: Gartner found 69% of organizations suspect employees are using prohibited AI tools; the same research predicts 40% of enterprises will face shadow-AI security incidents by 2030.
What to say: "Do you have visibility today into which AI tools your people are actually using, including ones that never went through procurement?"
Stable
Things to follow up on...
- MCP spec revision incoming: The largest protocol revision since launch is now in release candidate, with a final spec date of July 28, 2026 and partial enterprise auth improvements that could shift the volatile tag.
- NIST agent standards initiative: NIST's Center for AI Standards and Innovation launched a dedicated AI Agent Standards Initiative in February 2026 to establish interoperability and security baselines for autonomous systems — worth tracking for compliance language your buyers will cite.
- OWASP agentic risk taxonomy: The OWASP Top 10 for Agentic Applications published in December 2025 is the first formal risk classification for autonomous agents, and maps kill switches, credential revocation, and identity abuse to specific numbered controls buyers may reference.
- Five Eyes agentic guidance: Six national cybersecurity agencies co-published "Careful Adoption of Agentic AI Services" on May 1, 2026, defining five categories of agentic risk and requiring cryptographically anchored identities for every deployed agent.