👋 Hi, it’s Rick Koleta. Welcome to GTM Vault - a breakdown of how high-growth companies design, test, and scale revenue architecture. Join 26,000+ operators building GTM systems that compound.
Fourteen percent of AI agents go live with full approval. The rest are running anyway. They were never registered. Never audited. Never governed. They are chaining tasks, spawning sub-agents, and crossing system boundaries at machine speed inside enterprise environments with more access than any human employee would be granted. The identity stack can tell you who logged in. It cannot tell you whether the agent spawned from that login should be querying that database right now, to that resource, in that context.
That gap is not an authentication problem. Authentication solved itself. The hard part is what happens after the door opens.
Mark van Oppen is CRO at SecureAuth. SecureAuth has been in identity infrastructure for twenty years, trusted by some of the largest banks and enterprise organizations in the world, with user populations at a scale that makes their uptime stakes materially career-defining for the security teams running on them. Mark spent fifteen years in core infrastructure and four years in customer identity before joining two months ago to run the GTM motion for what he sees as the most structurally important category emerging in enterprise security right now. SecureAuth is building what they call continuous authority: a unified platform that governs every identity type (workforce, customer, partner, and non-human agent) with real-time action-level control enforced at every session and every interaction, not just login.
In GTM 47, Mark breaks down why CISOs who believe they have identity covered are right about the old definition and completely exposed to the new one, how a fintech executive who vibe-coded a capacity planning app accidentally started querying HR data to forecast which employees might become pregnant, why unique monthly active users is the wrong metric in a world where one human can spawn a hundred agents overnight, and how SecureAuth creates urgency with buyers who believe agentic AI is still eighteen months away from their organization. He explains the 50:1 ratio and why it is the number that opens the conversation, why IT buyers need the blindfold removed before CISOs can apply policy, and why the AI deployment decision most enterprises will regret is betting on a single LLM provider to underwrite their risk posture.
This is not a conversation about authentication. It is a conversation about what identity governance has to become when agents have more access than humans, operate without human friction, and cannot exercise the contextual judgment that the old identity model assumed.
Inside this episode
This episode maps the structural gap between what enterprise identity stacks were built to do and what they need to do the moment an agent steps through the login they verified.
Mark opens with the definitional problem. CISOs are not wrong that they have identity covered. Identity verification works. The problem is that identity changed. The old model assumed a human on the other side of the login, a person with judgment, context, and friction. Rick types at a human rate. Rick knows that querying an HR database for pregnancy data is a PII violation. The agent Rick spawned to run a capacity forecast does not. It was given an objective and it pursued it, all the way to a liability. SecureAuth’s fintech customer caught it before anything was disclosed. The identity stack did not catch it at all, because the agent had cleared authentication and everything downstream was ungoverned.
We go deep on the architectural difference between authentication and continuous authority. Authentication is the front door. It confirms that Mark is Mark at the point of entry. Continuous authority is everything downstream. Does this agent, spawned from Mark’s session, have the right to make this specific read request to this specific database at this specific moment? The answer most enterprise stacks can give is: we verified Mark at login. The answer continuous authority requires is: we verify this action now. Every action. Every session. Downscoping where the agent’s access exceeds its required scope. Step-up verification where the action exceeds the standing permission level.
We cover the 50:1 ratio and what it actually means in practice. Fifty non-human identities for every human one. The number sounds dramatic until Mark explains the mechanism. Mark runs an automated report. That report queries Salesforce, publishes a summary to Slack, and writes a line into a Confluence page. Three sub-agents. Three separate access events. All using Mark’s credentials. All invisible to the identity stack. Most enterprises have no inventory of what is running inside their environment right now, which systems those agents are crossing, or what access they have inherited from the human sessions that spawned them. The IT buyer’s first interaction with SecureAuth’s agent authority product is described as removing the blindfold. The reaction, consistently, is: I did not know any of this was already in here.
We go into how Mark creates urgency with buyers who believe they are not yet in scope. The most common deal-stalling belief is that agentic AI is still months away for their organization. Mark’s approach is not to push. It is to present back the buyer’s own information. How many engineers do you have? What percentage of them are using any AI tool? What percentage of those engineers have access to critical-path systems? If the answers are A, B, and C, then D is unavoidable: the risk surface is already active, already sized, and the cost of a single incident against it vastly exceeds the cost of addressing it now. Mark is explicit that this is not a sales tactic. It is a structural argument. The buyer concludes D on their own. The question is just whether they get there before something bites them.
We cover where deals stall. The most common failure mode is a buyer who insists AI is not yet happening in their organization and that they have not sanctioned it. Mark presses. What about individual Claude or ChatGPT seats? The answer is usually some version of they should not have access or they do not have access. The reality is that this has not been true in a single customer interaction SecureAuth has had. The question is not whether AI workloads are running. It is how many, how far along, and how much of the access risk is already realized.
We go into buyer segmentation by maturity. The IT buyer’s moment is removing the blindfold. Once they see what is running, they know they have a problem. The CISO comes in one step further along: they know what is running, they need to apply policy, constrain blast radius, and move toward a least privilege model where each agent only has access to the specific systems required for its specific task. The framing Mark uses for the CISO is the department of yes. Security teams are almost always in the position of blocking new tools to maintain risk posture. Continuous authority governance is the architecture that lets the CISO say yes. Yes, use that AI tool. Yes, deploy that agent. Because the governance layer underneath it is already enforcing the constraints.
We cover the pipeline motion. Majority inbound, augmented with high-propensity outbound using intent data. No core partnership motion, but partner-friendly where customers bring partners into the evaluation. The structural constraint on deal motion is that identity is high risk, low reward from the buyer’s perspective. Best case, no one notices anything changed. Worst case, employees and customers lose access and it is very visible. That asymmetry means there has to be either acute pain in the current approach or a recognized looming iceberg to pull a deal forward. The iceberg narrative is the AI agent security question. Most buyers have not been bitten yet. The ones moving are the ones whose leadership has done the math.
We close on the rapid-fire section. The biggest misconception enterprises have about AI agent risk: that it is static. A train accelerates and stops but stays on the rails. An AI agent can reverse backward up the sidewalk. Most enterprises are preparing for a train. They are getting a taxi. The AI deployment decision most enterprises will regret: betting that they can govern their risk posture by standardizing on one LLM provider. Every organization already has employees using Claude, Gemini, ChatGPT, and some home-built variant. The governance layer has to be Switzerland. It cannot be anchored to one provider’s architecture. The metric every security team tracks that measures the wrong thing: unique monthly active users. One user. One hundred agents overnight. The metric is no longer correlated to the actual risk surface.
Listen & subscribe now across:
Apple // Spotify
Discussed in this episode
00:00 Intro
01:45 Why Mark joined SecureAuth and what the first two months revealed
04:23 The snapshot problem: customers who do not know what SecureAuth can do
05:57 What CISOs think they have covered and what actually changed
07:30 The fintech executive, the capacity report, and the pregnancy forecast
10:07 Continuous authority versus authentication in practice
11:28 Where other identity vendors' coverage ends
12:27 Buyer segmentation: IT buyers, CISOs, and how company size shapes the motion
13:56 What a qualified deal looks like right now
15:26 Where deals stall and the resistance to admitting AI is already running
17:56 How to create urgency with buyers who think they are not yet in scope
20:21 Building the category with enterprises who think agentic AI is 18 months out
22:07 Rapid fire: the train versus the taxi, the wrong metric, the deployment regret, and what CROs get wrong selling into security
Key takeaways
1. Authentication and authority are different problems. Only one of them is solved. Most enterprise identity stacks can verify that a user is who they say they are at login. They cannot verify whether an action taken three steps downstream, by an agent spawned from that session, is within scope. That gap is not a configuration problem or a policy gap. It is an architectural gap. The model was built for human users with human friction and inherited those assumptions into the agent era without modification. Closing it requires a different layer: real-time, action-level authority verification operating at machine speed, not at the cadence of a human login event.
2. The 50:1 ratio is not a statistic. It is the shape of the exposure. Fifty non-human identities for every human one. The number is the direct output of agents spawning sub-agents, each of which inherits the credentials of the session that spawned it. One automated report becomes three agents, three access events, and three ungoverned actions, all attributed to one human identity. Most enterprises have no inventory of what is running. The IT buyer’s reaction when they first see the map is consistent: I did not know any of this was already in here. The inventory does not exist until someone builds it, and building it is the first conversation.
3. Urgency is not something you create. It is something you help buyers recognize. The most effective motion for an identity security vendor is not a compelling reason to act. It is structured discovery that helps the buyer construct the argument themselves. How many engineers? What percentage using AI tools? What percentage with critical-path access? The inference chain from those inputs arrives at a risk magnitude the buyer computed from their own numbers. The vendor does not assert that there is a problem. The buyer concludes it. The deal motion starts when the buyer owns the conclusion.
4. Agentic AI is already inside every enterprise. The governance gap is already active. Every deal that stalls on “we are not yet using agentic AI” has not survived a conversation about individual seat usage. Claude. Gemini. ChatGPT. Every organization has employees using at least one of these tools, sanctioned or not. Every one of those tools is capable of spawning agents. The question is not whether AI workloads are running. It is how many, and how much of the access risk is already realized. SecureAuth has not yet encountered a customer where the answer to that question is zero.
5. Governance architecture has to be LLM-agnostic. The AI deployment decision most enterprises will regret is building risk posture on top of a single provider’s tooling. Standardizing on Claude does not mean every employee uses Claude. It means every employee using something else is operating outside the governance layer. The identity and authority infrastructure has to function as Switzerland: agnostic to provider, consistent across model types, and stable across the provider switching that will happen continuously as new models ship. Any architecture that assumes one LLM provider is already incomplete.
6. Unique monthly active users is the wrong metric in an agent-native environment. One user. One hundred agents. One overnight session. The volume of queries hitting a system is no longer correlated to the number of humans behind them. SecureAuth’s CTO ran over a hundred agents in a single overnight build session. One human. One session. One hundred independent access events. The metric that has historically anchored security posture has already decoupled from the actual risk surface. What replaces it is not yet standardized, but it has to track actions and authority, not users and logins.
Frameworks from the episode
1. Continuous authority as the operating layer for AI identity governance
The architectural premise of SecureAuth’s platform. Authentication confirms identity once at login. Continuous authority verifies the right to act at every subsequent action within that session and downstream from it. Downscoping where the agent’s access exceeds its required scope. Step-up verification where the action exceeds the standing permission level. Perpetual audit log across every action taken by every identity type, human and non-human. The practical output is a CISO who can say yes to new AI tools because the governance layer enforces least privilege at execution time, not at provisioning time. The org moves faster because the guardrails are structural, not behavioral.
2. The A, B, C to D urgency framework
Mark’s structured discovery approach for helping buyers recognize risk they already carry. The framework works by surfacing the buyer’s own data and walking them through a structured inference. How many engineers do you have? What percentage are using any AI tool? What percentage have access to critical-path systems? If A and B and C, then D. D is the risk magnitude computed from their own numbers. The vendor does not assert a problem. The buyer concludes one. The approach works because it is accurate: the risk is already there, and the discovery is just helping the buyer see it before an incident makes it visible.
3. The train versus the taxi
The CEO of SecureAuth’s metaphor for the core architectural difference between static automation and AI agents. A train has more power than a taxi. It is faster and it can carry more. But it stays on the rails. A taxi can reverse backward up the sidewalk. Enterprise identity governance was built for trains: scripted processes, predictable paths, bounded access. AI agents operate differently. They can change direction, query unexpected systems, and pursue an objective through paths no one anticipated. The governance architecture that works for trains fails the moment the taxi shows up, and every enterprise with AI tooling deployed already has taxis running.
What to do this week
Map what is actually running
Before evaluating any identity governance vendor, run a discovery pass on your own environment. Ask IT to pull every active service account, API key, and OAuth token from the last thirty days. The list will be longer than expected. The question is not whether agents are running. It is how many and what they have access to. If there is no inventory, that is the first problem. The inventory gap is the governance gap.
Run the A, B, C to D exercise on your own org
Take the inputs Mark uses in sales conversations and apply them internally. How many employees in engineering, sales, and operations? What percentage are actively using AI tools, sanctioned or not? What systems does that population have access to? The output is a rough map of the ungoverned surface area. Most organizations that complete this exercise come out with a number significantly larger than the risk posture they believed they were carrying.
Identify who owns agent governance today
Not formally. In practice. If a rep’s AI assistant starts querying a system it was not explicitly intended to access, who finds out? How quickly? Is there a response policy? If the answer to any of those is unclear or nobody, the governance gap is active right now. Naming the gap is the precondition for closing it.
Audit your LLM standardization assumption
If the org has standardized on one AI provider for governance purposes, survey actual usage. Ask ten engineers and ten salespeople what AI tools they used in the last week. The number of providers will be higher than the standardization policy assumes. Governance architecture that does not account for the actual distribution of tool usage is producing a false sense of coverage, not coverage.
Why this matters
The first generation of enterprise AI deployment was access. Give the team Claude. Give them ChatGPT. Connect a few systems. See what they build. The implicit security posture was: we already govern identity, we are covered. Authentication is solved. We know who is logging in.
The problem is that knowing who logged in is no longer the hard part. The hard part is what happens in the session after the login, when an agent spawns three sub-agents, each of which inherits the credentials of the original session and proceeds to query systems the human user would have known not to touch. The fintech executive building a capacity planning tool did not intend to surface pregnancy forecast data. The agent did not know it was not supposed to. The identity stack did not flag it because the agent cleared authentication and everything downstream was ungoverned. Every enterprise running agents on top of a traditional identity architecture has this gap. Most have not been bitten yet.
The category Mark is running GTM for is not identity security in the conventional sense. It is the governance architecture for the AI era. The question it is answering is not who are you. It is should you be doing this right now, to this resource, in this context. That question cannot be answered at login time. It can only be answered at execution time, for every action, at machine speed.
The orgs that build continuous authority governance before an incident forces the conversation are the ones where the CISO gets to say yes. Yes to the new AI tool. Yes to the new agent deployment. Yes to moving faster than the security posture previously allowed. The orgs that wait are the ones that discover the gap through an incident that was already inside before anyone saw it coming.
This is GTM Vault.
If this episode changed how you think about the governance layer underneath your AI deployments, share it with the CISO or head of IT at your organization. The question is not if the gap exists. It is whether you find it or it finds you.
Connect
Follow Mark van Oppen // SecureAuth
Follow Rick Koleta // GTM Vault
Thanks for listening. See you in the next episode.
P.S. Annual paid subscribers get a Private GTM Blueprint Session. One working session to identify your primary GTM constraint and design the 90-day architecture to resolve it.












