At RSAC 2026, Nametag CEO Aaron Painter sat down with Security Weekly to discuss a growing problem in enterprise security: organizations can no longer be certain who is actually behind a human or AI identity.

Most companies feel confident in their authentication stack. Phishing-resistant MFA like passkeys and hardware keys are widely deployed and work as intended. But as Aaron explains, the real risk lies in everything that happens around those systems. Onboarding, account recovery, and helpdesk interactions are easy paths for attackers to exploit. 

And as impersonation attacks scale with AI, these gaps are getting harder to detect and easier to abuse.

Agentic AI is accelerating the problem. AI agents are beginning to act on behalf of users, and organizations are losing visibility into who is actually taking action. Credentials can be stored, shared, or accessed by systems, and actions can be attributed to an agent rather than a person. Without a clear connection back to a verified human, accountability breaks down in exactly the moments that matter most.

“We’re not very far from this world where we’re going to say, “Well, I didn’t do that. My agent did that. My agent approved this. My agent bought this thing. I didn’t mean to. It’s not fraud, but it wasn’t me.” That’s a very hard line. And so our logic is to allow that agent to do certain things, but you should have a human that’s behind that agent who is accountable. An audit trail. Let’s go back and verify the human.”

Watch the full conversation on YouTube to hear how these threats are evolving and what organizations can do to close the gap.