Your agents are already running. In production. Today. Querying your databases, acting in your Salesforce, shipping to prod - authenticated once, as a person, sometimes hours ago. Identity was designed for humans with sessions: a single login carries trust through everything downstream. Agents break that model. They don't click. They don't have sessions - they have actions. The 9am approval drives the midnight write.

The first response was more just-in-time: ephemeral credentials, workload identity, tighter scoping. Real advances - but all answer the login-era question. Agents force a different one: "is this action, right now, still within intent?"

This talk argues the identity perimeter has moved from the login to the action. Runtime identity has to answer two questions on every call - does this match what the operator asked for, and is the target (and timing) still in bounds?

We'll walk through a realistic Saturday install - open-source agent, Salesforce, GitHub, a database, CI/CD - under an hour, no approvals, no procurement. Then see the two realities: what the identity team sees versus what's actually running. Not a breach. A gap the identity layer wasn't designed to reason about.