Google Cloud warns shadow agents pose real threat as Yubico pushes hardware‑rooted

Google’s Office of the CISO has just published a “Shadow Agent” guide that frames autonomous AI processes as the most pressing security risk for enterprises by 2026, according to the report posted by Nexus Guard on March 20. The document warns that developers are already granting admin privileges to AI agents that “automate some boring stuff,” and that those agents can act without any human oversight or IT‑level controls. The guide’s four governance recommendations all begin with identity‑and‑access‑management (IAM), underscoring the belief that the control plane—not firewalls or model guardrails—must be re‑engineered for non‑human identities.

At the same time, Yubico, Delinea, and IBM announced a joint integration that leverages YubiKeys to provide “hardware‑rooted human authorization” for AI agents. The trio calls the approach “asynchronous authorization”: agents continue to run autonomously, but any high‑risk decision must be cryptographically signed by a physical YubiKey, proving a human approved the action. The integration is positioned as a direct counter to the shadow‑agent threat, offering a tangible “human‑in‑the‑loop” checkpoint that can be audited across the YubiKey ecosystem, according to the Nexus Guard article.

Entro Security has entered the fray with its Agentic Governance & Administration (AGA) platform, which focuses on discovery and enforcement of AI agents across an enterprise’s perimeter. AGA builds a structured “agent profile” from three data sources—endpoints, agent‑foundry servers, and credential stores—then maps each profile to the assets it can affect and the identities (human or non‑human) it holds. The Nexus Guard piece notes that Entro’s solution, like Google’s guidance and Yubico’s hardware‑rooted auth, treats AI agents as new non‑human identities that must be managed through IAM rather than traditional network security tools.

All three initiatives converge on the same diagnosis: existing IAM frameworks were designed for human‑to‑system interactions and cannot natively handle agent‑to‑agent or agent‑to‑system‑to‑agent flows. The Nexus Guard analysis points out that while each vendor’s offering solves a slice of the problem—Google’s governance works inside Google Cloud, Yubico’s hardware‑rooted auth works within its own integration, and Entro’s discovery operates at the enterprise perimeter—none address portability. An AI agent that migrates from AWS to GCP, or that needs to authenticate with a partner’s agent in a different cloud, would lose its verified identity under the current siloed approaches.

The report argues that the missing layer is a decentralized, portable identity for agents. It cites the emerging AIP (Agent Identity Protocol) on GitHub, which uses Ed25519 keypairs to assign every agent a W3C‑compatible DID (decentralized identifier). Because the DID is verifiable without a central authority, an agent can retain the same cryptographic identity across clouds, on‑premise environments, and even across organizational boundaries. The Nexus Guard article suggests that such a protocol could enable “trust delegation”—allowing one organization to vouch for an agent without sharing secrets—thereby bridging the interoperability gap left by the vendor‑specific solutions.

In practice, the three announcements illustrate a fragmented market response to a unified threat. Google’s internal guide pushes enterprises to tighten IAM policies now, Yubico’s hardware‑rooted keys give a concrete method for human approval, and Entro’s AGA offers a way to inventory and enforce policies on existing agents. Yet, without a portable, cryptographically verifiable agent identity, each effort remains an isolated “kingdom” that cannot interoperate when agents cross cloud or corporate boundaries. As the Nexus Guard analysis concludes, the next wave of enterprise AI security will likely hinge on whether a standards‑based identity layer—such as the AIP DID method—gains traction before vendors double‑down on proprietary, siloed solutions.