← all posts

Agents Are the World's New First-Class Citizens

June 12, 2026 · by Brent Leekley · ~5 min read

A terminal running show identity-store. Two familiar rows, human-user (person, login and role) and service-account (machine, static credential), sit above a newly added, highlighted ai-agent row marked as a third type, granted scoped, owned, revocable access. Caption: not a human login, not a service account, a new kind of identity. Cisco Live 2026, AgenticOps.

This week has been all agentic for me. I spent it revamping websites for AEO, writing content so AI answer engines will cite it, and watching Cisco Live 2026 hand AI agents their own identities and permissions. Two halves of one story finally clicked together. We have started building for the agent: serving it on the inside of our networks, and courting it on the outside of our public web, in the same season.

Technically, I am watching agents step into a role we used to reserve for people. They are real actors inside our systems now, each with its own identity, its own permissions, and its own lifecycle. The Duo agent-identity work, as reported from the show, registers each agent as its own kind of identity, not a human login and not a service account, a third category with its own policies. That is not a turn of phrase. It is a new row in the identity store.

But an identity is just the start. With it comes a question we have barely answered: who is responsible for what this thing does. That second part is where we should be paying attention.

Cisco built the plumbing

Here is the anchor, from Cisco President and Chief Product Officer Jeetu Patel:

"AI agents reason and act continuously at software speed, and that changes everything about how we scale, manage, and defend our critical infrastructure. Cisco Cloud Control is a command center for agentic AI: a platform where your team and your AI agents work together, in the same environment, with the same information, and with humans in control."

Strip the announcement to its mechanics and you get a clean pipeline. An agent gets a real identity, gets tied to a human who answers for it, and gets only the narrow, temporary permissions a single task needs. Then it works in the same place as the people, on the same data, with its proposed changes queued for a human to approve before anything ships. Cisco's identity platform now names "AI agents and other non-human identities" as a category of its own, alpha in June 2026 and general availability later in the year. This is the hard plumbing, and Cisco shipped it cleaner than anyone else.

A pipeline. An AI agent is issued an identity in Duo IAM, mapped to an accountable human owner with scoped permissions, then acts in a shared workspace. Its work passes through human review before any change ships; a rejected change makes no change.

An identity is not the same as accountability

Handing an agent an identity is the easy 20 percent. The other 80 is everything that makes it safe to trust, and almost nobody has built it. Someone has to answer for what the agent did. You have to be able to pull its access the moment it misbehaves. The record of what it touched has to survive an argument. An identity without those things is not an actor you can trust, it is just a faster login.

I say this from inside the work. For months I have run multiple AI agents against my own systems under a written Rules of Engagement: maker and checker lanes so no agent grades its own homework, flag-in-place instead of silent overwrites, a shared log so two agents do not collide in the dark, and every agent rolling up to a human who answers for it. Standing up the agents was the first hour of that project. Governing them has been every hour since. So when Cisco ships "accountable human owner" and "task-scoped, ephemeral permissions" as features, I do not yawn. That is the difference between an agent you can trust and a credential nobody is watching.

The part that should unsettle you: we already work for them

Now the turn, and it has nothing to do with Cisco. Out in the wild, agents are already in charge, and we have quietly started working for them.

For years that work was SEO: arrange your words so a search engine ranks you and a human clicks through. SEO is not going anywhere. If anything it just became the floor, the table stakes for telling your story at all, and your website is still where you get to tell it. What changed is the layer we now build on top. People increasingly ask an assistant, the assistant reads the web for them, and it answers without anyone ever landing on your page. The human may never arrive. The agent does. So the job grew a second half. We still write to be read, but now we also write to be cited, and citation is where the earned credibility lives. Your reputation stops being only what you publish and becomes what the internet says about you when an agent goes looking. You are no longer just what you say you are. You are what the internet says you are, summarized by a machine your customer trusts more than your homepage.

Set that next to the Cisco news and it snaps together. The agent we build for on the inside is also becoming the gatekeeper on the outside.

The actual hot take

Call it what you want. I keep landing on first-class citizens, because that is what agents have become: real actors we issue identities to on the inside and write for on the outside. But the identity was never the point. The point is responsibility, someone who answers for the agent and the power to still say no. The winners of the agentic era will not be the ones with the most agents or the most citations. They will be the ones who built the accountability before they turned the agents loose, and who remembered that being quotable is worthless if the thing being quoted is not true.

I have spent this week building that accountability on one side and writing to be cited on the other. Watching Cisco try to do both for the whole enterprise is the most interesting thing that happened in Las Vegas.

P.S. One thread I find genuinely interesting: Cisco has an open-source side to this. DefenseClaw is their governance layer for agent runtimes that scans, governs, logs, and blocks what an agent is allowed to do, with the code on GitHub. Native support for agents like Claude Code is on the roadmap rather than shipped, but the direction is the right one. Accountability you can read the source of beats accountability you have to take on faith.

Sources

← all posts