If you're only looking at identity in your cloud, you're missing part of the equation. If you're only looking at it in SaaS, you're missing part of the equation. And if you're only looking at it in AI, you're leaving a big blind spot.
As Scott Hennon, CISO of Cetera Financial Group, puts it:
"Identity is the core of what bad guys are after these days. They used to try to take over your network, your devices, your systems. Now, if they could just take over your identity, they've got everything."
That shift is why a single-environment view of identity no longer holds. The work now is to see identity across cloud, SaaS, and AI in one place rather than a bunch of disconnected views you stitch together after an incident.
When Brian Contos asked where security leaders still feel most exposed despite years of investment, Hennon pointed straight at AI:
"AI has grown significantly in our environment. It's expanded the threat risk footprint."
AI systems, LLMs, agents, and MCP servers all introduce new identities, many of them non-human. But the harder problem than the count is the visibility. Security teams often don't know where these identities exist, what they can access, or how they're being used.
For Hennon, that's where every investigation begins. Teams need to see identities across cloud, SaaS, and AI environments together, or they're working a case with only part of the story. Securing AI is one thing; understanding the identities AI creates — what they can reach, and where they live — before an incident is another.
Ask Hennon what would make him trust an agentic SOC, and the answer is plain: it has to prove itself.
Today, an analyst can spend days, weeks, or months pulling data from cloud, SaaS, AI, and other systems. The data exists. It's just scattered across tools. An agentic SOC can do that gathering far faster, connect the dots across environments, and help teams reach a conclusion about what happened and what to do next, instead of hand-assembling the picture.
But speed isn't the bar. Trust comes from results.
"If they're proving themselves to be like a senior SOC analyst — where they're detecting what they need to detect, responding to those things appropriately, and addressing the risks without human intervention — then I would feel a lot more comfortable. But to get there, it has to show me first."
Hennon's view lines up with how Mitiga approaches the problem. You have to assume someone will get in. You don't have to assume impact. That's the idea behind Zero-Impact Breach Prevention: see identity and activity across cloud, SaaS, and AI in one place, decode what an attacker is actually doing, and contain it before it becomes a breach that matters.
Everybody gets breached. The question is whether it lands.
Let them come.
