Zero Trust Programs Stall at Year Two as Identity Gaps and AI‑Agent Scale Challenge Organizations
What Happened – A Help Net Security video featuring Oleria CEO Jim Alkove reveals that many zero‑trust initiatives have plateaued after 12‑24 months. While endpoint hardening and network segmentation have improved, identity‑related issues—sprawl, legacy exceptions, and workforce friction—remain unresolved. The emergence of AI‑driven, ephemeral agents further strains existing zero‑trust controls.
Why It Matters for TPRM –
- Identity‑centric weaknesses can expose third‑party data flows to unauthorized access.
- AI‑generated workloads create new attack surfaces that vendors may not have accounted for.
- Inadequate zero‑trust maturity can undermine contractual security clauses and audit readiness.
Who Is Affected – Enterprises across all sectors that rely on third‑party SaaS, cloud, and API services; particularly firms with large remote workforces and AI‑enabled automation pipelines.
Recommended Actions –
- Conduct a zero‑trust maturity assessment focused on identity governance.
- Map and remediate identity sprawl across all third‑party integrations.
- Implement AI‑agent lifecycle controls (verification, least‑privilege, audit logging).
Technical Notes – The discussion highlights identity‑sprawl, legacy system exceptions, and the need for behavioral analytics to monitor AI‑generated agents. No specific CVE or vulnerability is cited. Source: Help Net Security – Zero trust at year two: What nobody planned for