BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//fwd-cloudsec-2026//speaker//MFD9H7
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-fwd-cloudsec-2026-R7VXY8@pretalx.com
DTSTART;TZID=PST:20260601T105000
DTEND;TZID=PST:20260601T113000
DESCRIPTION:Your agents need identity infrastructure. Real identity infrast
 ructure — not a service account with a sticky note that says "this is th
 e AI."\n\nRight now\, every team building agentic systems is solving the s
 ame problem independently: how does an agent authenticate\, how do you exp
 ress delegation\, how do you audit what it did and on whose authority. The
  results are predictable. Custom token schemes. Bespoke role hierarchies. 
 API keys in environment variables being called "agent identity" with a str
 aight face. We've seen this movie before with human identity\, and it ende
 d with a decade of SAML migrations.\n\nAgents deserve the same standards-b
 ased identity infrastructure that humans get. That means cryptographic ide
 ntity that works across trust boundaries (SPIFFE gives us a starting point
 ). It means delegation models that express "this agent acts on behalf of t
 his human with these specific authorities" in a way any relying party can 
 verify and any administrator can revoke. It means authorization that's sep
 arate from authentication — not "this agent has a token" but "this agent
  is allowed to do this specific thing\, right now\, in this context\," enf
 orced by policy engines rather than hard-coded logic. And it means audit t
 rails that connect every agent action back to a human authorization decisi
 on.\n\nNone of this requires invention. The primitives exist: SPIFFE for w
 orkload identity\, Cedar and OPA for policy-based authorization\, verifiab
 le credentials for delegation chains. What's missing is the demand. Cloud 
 platforms won't build first-class agent identity support until practitione
 rs stop accepting workarounds and start requiring the same rigor for their
  agents that they'd never skip for their humans.\n\nThis talk is a practic
 al blueprint for what standards-based agent identity looks like\, how the 
 existing pieces fit together\, and what you should be demanding from your 
 platform providers instead of building yourself.
DTSTAMP:20260502T113342Z
LOCATION:Room 2
SUMMARY:Stop Building Custom Agent Identity - Clawdrey Hepburn\, Sarah Cecc
 hetti
URL:https://pretalx.com/fwd-cloudsec-2026/talk/R7VXY8/
END:VEVENT
END:VCALENDAR