2026 Cybersecurity Predictions by Teleport CEO Ev Kontsevoy

2025 was a turning point for identity security. Many professionals realized that traditional human and machine-focused identity solutions just don’t work for AI. AI is non-deterministic like a human, yet it’s still software. This creates an entirely new identity category.

Traditional IAM tools would treat AI identities as yet another separate type, creating new silos. To security teams, that sounds like: “Great, now we have to replicate all the work we did securing human identities for AI.”

The problem is, AI is powerful because it’s autonomous. To be autonomous, it needs access across systems: Kubernetes, cloud platforms, identity tools, and even other AI agents. Each of these interactions, potentially thousands per AI, needs an identity. Calling this a headache would be a massive understatement.

In fact, this highlights a bigger issue: tech has got identity wrong. Treating every new identity type separately only digs a deeper hole - one that becomes harder to escape with every new system we implement.

In 2026, the industry will feel the consequences of this realization. Here are my thoughts on how organizations will demand a unified approach to identity management.

1. Non-human identity (NHI) will become part of larger markets.

When your AI machines are behaving like humans, why separate humans and non-human identities? This distinction will become obsolete, as organizations will stop deploying security strategies that treat identities separately and will tackle identity from a unified perspective.

This means there will no longer be a need for tools that treat non-human identities alone. Instead, we’ll see increased identity-related market consolidation as different identity types (human, AI, software, machine) converge into one single identity layer. This identity convergence will spill into adjacent security categories, accelerating consolidation across the cybersecurity stack.

2. The role of engineering in cybersecurity will expand

Traditionally, the responsibility for securing computing infrastructure has belonged to the “IT corner” of the org chart. But the rise of AI identities adds an ever-increasing complexity to computing that will shift identity into the engineer’s role. IT and engineering will join forces to guard the organizational infrastructure from sophisticated attacks that take advantage of this complexity.

3. Agentic AI will be defined in more granular terms

A unified approach to governing identity will also enable organizations to get more granular with how they identify AI Agents. In 2025, the broad term ‘AI Agent’ was used to refer to all software utilising LLM for decision-making. This term ignores a more complicated reality. Some agents run in datacenters, others are fully local, others act on behalf of a human owner, and some have their own identity. You can’t secure what you can’t identify.

By removing the complexity of governing identities, having all identity types in a single source of truth also increases visibility. This enables organizations to understand the nuances of securing different agentic AI types based on their deployment.

While AI has definitely left its mark in the identity space, the implications will go far beyond cybersecurity.

4. AI-native talent is going to be in short supply.

Every tech boom shakes up the talent market, and the idea that “AI is replacing jobs” misses the point. The real challenge is the shortage of highly skilled, AI-native professionals. This gap will be especially felt in security and security-engineering functions, as AI is embedded directly into infrastructure.

Identity complexity is already a significant challenge in modern environments. As AI continues to automate decisions around access, threat detection, and remediation in 2026, we may see a rise in misconfigurations and privilege creep.

To combat this, every CEO should be thinking hard about how to recruit and train AI-native security engineers who understand how to use AI tools, how models behave, where automation should stop, and how to design guardrails.

5. SaaS companies feeling threatened by AI are likely to tighten restrictions on their APIs

As AI agents get smarter, traditional user interfaces will matter less, letting AI tap directly into SaaS data. This risks sidelining legacy vendors, reducing them to little more than data storage. To protect their role, many will limit AI access to their APIs, trying to slow—or even stop—this disintermediation.

Identity is heading toward its biggest rethink since the invention of IAM itself. The rise of AI has exposed just how fragmented today’s identity foundations are, and 2026 will be the year organizations finally confront the problem head-on. The industry is moving away from siloed tools and toward a single, unified identity layer, one that treats humans, machines, software, and AI agents as variations of the same fundamental concept.