Over the past year, agent identities have moved from a theoretical concept to an operational reality. From service principals and workload identities to autonomous agents and AI-driven processes, non-human identities are increasingly at the center of security incidents. In this session, we look back on one year of real-world experience implementing, operating, and protecting agent identities at scale. Through practical examples and war stories, we’ll explore what actually worked, what failed spectacularly, and which assumptions turned out to be dangerously wrong. Expect lessons learned from production environments, including identity sprawl, over-privileged agents, broken lifecycle management, and the challenges of visibility and accountability when “no human is in the loop.” We’ll discuss governance techniques, protective security controls, how to detect misuse, and the various ways of remediating agents and their related identity. It is a practical, experience-driven session for security engineers, IAM professionals, and architects who want to understand the realities of agent identities today.