Shahar Tal, CEO and co-founder of Cyata, discusses how the company is building the control plane for agentic identity. With deep roots in Israel’s Unit 8200 and Check Point, Cyata is tackling one of the next big security challenges: governing, securing and managing identities in an agent-driven AI world.

Tal argues that organizations have spent decades refining how they onboard employees, grant permissions, monitor access, and audit behavior. But agents don’t behave like employees. They can reason dynamically, operate across tools, and take action with broad connectivity to SaaS platforms, endpoints, and data stores—often with little visibility into what’s running where. That’s creating a fast-growing wave of “shadow agents,” as teams adopt agent capabilities organically, or as vendors embed agent features into products by default.

The core challenge isn’t simply whether an agent is “secure” in the application security sense. It’s whether the organization can discover agents, understand what they can access, and enforce guardrails around what they’re allowed to do—consistently and at scale. Tal describes the need for a unified control plane that brings these capabilities together: discovery of agent activity, policy and posture management, and ongoing oversight that supports measurable, auditable accountability.

They also touch on the broader state of agent adoption. While many early agent initiatives underdelivered, Tal says the narrative is shifting as reasoning models improve and more platforms introduce background agents designed to pursue longer-term goals. That momentum is accelerating experimentation from the bottom up—while executives push adoption from the top down—creating what Tal calls a “risk sandwich” that security teams can’t ignore.

His bottom line: as agentic work becomes real work, identity security becomes the most practical way to govern it. Without clear policies, least-privilege access, and audit trails, the AI workforce will scale faster than the controls meant to keep it safe.