Risk Discussed, Security Defined: AI Agent Security Summit On-Demand

Almost two weeks have passed since the 2026 AI Agent Security Summit wrapped at the Commonwealth Club in San Francisco, and the conversations are still with me. Nineteen sessions, more than 20 speakers, and a room full of practitioners who showed up not just with curiosity, but with findings. The 2025 Summit asked whether agentic AI could be secured responsibly. The 2026 Summit answered: yes, and that’s not the only question about AI security we should be asking. Now all of it is available for you to watch on demand.

Four Themes Worth Knowing Before You Hit Play

Across two tracks and 19 sessions, four ideas kept surfacing. They're worth naming upfront because they connect dots across sessions that tell a larger story about the state of the security community

1. Autonomous security tools are not going anywhere

When Anthropic's Project Glasswing and Claude Mythos launched in April 2026, followed closely by OpenAI's GPT-5.5-Cyber, the security community took notice. For the first time, multiple frontier models built specifically for offensive security work are available simultaneously. Sessions at the Summit covered both the opportunity this creates and the accountability it demands: embrace the tooling, understand how it adds value, and take ownership of how it's deployed in your environment. That's not a new pattern. It's the same challenge every major technology shift has presented, applied to a sharper edge.

2. Ownership of agentic risk is shared, not delegated

One of the most practically useful sessions was Slalom experts’ live simulation of email prompt injection in a sample HR agent, walking through from the perspectives and recommended action of CISO, Legal Counsel, Product Owner, and HR Manager.

The takeaway was concrete: no single team owns the end-to-end security of an agentic workflow. Builders, security teams, identity owners, and business stakeholders each hold part of the risk surface. The time to map that out is before something goes wrong.

3. AI skills and persistence create a fundamentally different attack surface

Skills in agentic programs are attractive to builders because they don't require hard code. Attackers find them attractive for the same reason. Add broad, persistent access and the ability to override an agent's goals in natural language, and the risk surface becomes one that traditional endpoint and application controls weren't built to address. In particular, Jenn Gile’s session on ClawHub’s early 2026 AI skill registries made the timeline clear: this isn't a theoretical future risk. It materialized within weeks of registries going public.

4. Agent identity is a distinct consideration

As agentic workflows expand across browsers, cloud environments, and open-source tooling, one question kept coming up in sessions: who is actually acting, and why? Agent identity is distinct from both human identity and NHI. An agent may act on behalf of a user, inherit a service account's permissions, or operate across multiple systems under a single credential set, sometimes adopting new permissions as it downloads new skills or following redirected prompts. Traditional identity and access management wasn't designed for that model. Sessions at the Summit explored what a genuine agent identity framework looks like. Without a foundation, every other layer of agentic security is harder to enforce.

Watch All 19 Sessions On-Demand

Every session is now available to watch on demand, and the slides are available for download. Speakers came from across the industry, each bringing work they're doing in the field today. Whether you attended in San Francisco and want to revisit sessions you missed, or you're coming to this content for the first time, it's the fastest way to get oriented in what the AI agent security community is building together.

And if you want to recreate a little of the Summit atmosphere while you watch, here's the recipe for our signature drink:

Zentini Cocktail: Empress 1908 Indigo Gin, lemon juice, honey syrup, lemon twist

Zentini Mocktail: Pomegranate juice, lemon juice, honey syrup, sparkling water

Pour one, hit play, and let us know what you think.

Looking Ahead

The Summit continues in New York, EMEA, and APAC later this year. The landscape will keep shifting between now and then. What won't change is what makes this community worth being part of: practitioners who show up with real work, real failures, and real solutions, and share them openly so everyone moves forward together.

The agents are already in production. Come join the community securing them.