Identity security has entered its chaotic era. If you've seen the Netflix series or read the books, you already know: when the third body arrives, stability is over. 

For two decades, our industry has built controls around a single identity type: humans. We were just finding our footing with non-human identities, service accounts, API keys, and workloads when agentic AI arrived and broke the assumptions we'd built our programs on.

The result is the Three Identity Problem. Human, non-human, and agentic identities don't just coexist, they form an uncontrolled inheritance chain. A human creates an agent. That agent spawns service principals, OAuth grants, and API connections underneath it. Those machine credentials inherit the human's permissions. When the human changes roles or leaves, the agent keeps running and the credentials stay active. No system connects the chain.

The fastest-growing source of this risk isn't engineering teams building on cloud-native AI platforms. It's business users creating agents on low-code platforms, from Copilot Studio to Salesforce Agentforce, outside traditional identity controls and invisible to most security programs. Drawing on real enterprise data from organizations already dealing with agent sprawl, this keynote examines what security leaders need to see, correlate, and act across the full identity chain before the next wave hits. The next stable era in identity won't arrive on its own; this talk is about what it takes to get there.