Federal zero trust faces challenges with AI agents

https://cdn.nextgov.com/media/img/cd/2026/06/30/GettyImages_2224257366/open-graph.jpg

JTKPHOTOz/Getty Images

ByAdam McBride and Jim St. Clair

July 2, 2026 09:00 AM ET

COMMENTARY | There is no realistic path where federal agencies opt out of agentic AI.

Since the establishment of executive order 14028, Federal agencies have spent four years rebuilding their security posture around zero trust to meet the deadlines set in OMB Memorandum M-22-09. By any reasonable measure, this has been one of the most consequential federal cybersecurity efforts in a decade.

It will not survive contact with AI agents.

The problem is not that zero trust principles are wrong. “Never trust, always verify” and least-privilege access remain exactly right. The problem is that zero trust architectures currently deployed across federal agencies was built around a specific assumption: that the entity behind a request is a human user — someone who logs in at human speed, clicks through interfaces in human...

Copyright of this story solely belongs to nextgov.com. To see the full text click HERE