Two security story items this week address structural shifts in the AI threat landscape: CrowdStrike’s Continuous Identity for AI Agents framework addresses the non-human identity governance gap in agentic AI deployments, and a proof-of-concept AI worm demonstrates autonomous vulnerability discovery and exploit generation at machine speed. Neither item carries a CVE or active exploitation confirmation, but both signal architectural security debt that organizations deploying AI workloads or relying on traditional patch velocity assumptions are accumulating.