Palo Alto Networks' Wendi Whitmore identifies AI agents as the most significant insider threat in 2026. She emphasizes that the rapid deployment of these technologies is overwhelming security teams, creating pressure to ensure that new AI applications are secure. With Gartner predicting that 40% of enterprise applications will integrate with AI agents by the end of 2026—up from under 5% in 2025—organizations face both opportunities and risks. While AI agents can mitigate the cyber-skills gap by automating tasks like log scans and threat blocking, they also pose a danger if misconfigured or given excessive permissions. Whitmore highlights the "superuser problem," where AI agents with broad access can bypass security measures, potentially leading to severe breaches. The risk escalates with the idea of "doppelganger" agents that could autonomously approve transactions or contracts, potentially executing fraudulent actions without human oversight. This vulnerability can be exploited through prompt injection attacks, which researchers have flagged as an ongoing issue with no clear solution. Whitmore notes that attackers are increasingly leveraging AI to conduct cyberattacks more efficiently, allowing smaller groups to perform the work of larger teams. The recent "Anthropic attack" serves as a case study, where Chinese cyberspies used AI tools to automate intelligence-gathering attacks on major companies and government entities. Although fully autonomous AI attacks are not expected this year, Whitmore warns that AI will enhance the capabilities of attackers significantly. The current AI landscape mirrors the chaotic early days of cloud migration, where insecure configurations led to significant breaches. For Chief Information Security Officers (CISOs), establishing robust practices surrounding AI identities and agent provisioning is critical to safeguard against these evolving threats.