Four security vendors shipped agent identity solutions this month. CrowdStrike bought SGNL. Microsoft released Entra Agent ID. Qualys and Exabeam launched competing products. They're racing to solve the same problem.
Traditional authorization assumes users request resources directly. Agents break that model. When a marketing employee asks an agent to analyze customer data, the agent executes using its own permissions. The employee gets information they couldn't access directly. No misconfiguration. No policy violation. The authorization system just can't see the real requester.
Audit trails show agent activity, not who made the request. Permission boundaries dissolve when agents act as intermediaries.