--- title: "You Can’t Secure What You Can’t See: Putting ATARC’s Guidance to CIOs & CISOs Into Practice " id: "2517" type: "insights" slug: "atarc-cio-guidance-observability-first" published_at: "2026-06-02T17:29:40+00:00" modified_at: "2026-06-02T17:29:41+00:00" url: "https://jetstream.security/insights/atarc-cio-guidance-observability-first/" markdown_url: "https://jetstream.security/insights/atarc-cio-guidance-observability-first.md" excerpt: "ATARC’s new federal IAM guide projects that 1,000 agents can generate 7.4 million authentication events a day, a 148x jump over human users. Its closing instruction to CIOs is the one that anchors all the others: build observability first. Here..." taxonomy_content_type: - "Blog" taxonomy_topic: - "Agentic AI" - "AI Runtime Governance" - "AI Security" - "Discovery" - "Governance" - "Key Management" - "Security" --- [Back to Insights](/insights) Blog Jun 02, 2026 ### You Can’t Secure What You Can’t See: Putting ATARC’s Guidance to CIOs & CISOs Into Practice Paul Loeffler Agentic AI AI Runtime Governance AI Security Discovery Governance Key Management Security ##### ATARC’s new federal IAM guide projects that 1,000 agents can generate 7.4 million authentication events a day, a 148x jump over human users. Its closing instruction to CIOs is the one that anchors all the others: build observability first. Here is what that looks like in production. Over the weekend I was watching *The Great Flood* (2025), a South Korean disaster thriller on Netflix, which follows a mother fighting to save her child in a flooded, sinking apartment building. Obligatory spoiler-free disclaimer, so keep reading. Each day brings another reminder that we still have a chance to get ahead of the agentic wave heading our way. It also reminds me that the tsunami wave alerts already sounded. That does not mean we just sit back and wait. Frankly, we don’t have that option. The tides are not receding, and our fate isn’t determined by a 6-year-old boy. Enterprises already face this situation, metaphor aside, and the most recent reminderwas ATARC’s Identity Management Working Group publication, [Securing the Agentic State: A Practical Guide to Identity & Access Management for AI Agents in Federal Government](https://atarc.org/wp-content/uploads/2026/05/atarc_securing-the-agentic-state_v3.pdf) . The report’s projection for CIOs is direct: 1,000 agents can generate 7.4 million authentication events per day, a 148x increase over human users. The IAM systems that ran the last decade were not designed for any of it. ([ATARC, Securing the Agentic State](https://atarc.org/wp-content/uploads/2026/05/atarc_securing-the-agentic-state_v3.pdf) , April 2026) Buried at the end of Section 6, ATARC closes its CIO recommendations with the bullet that, on my reading, anchors every other one: *“Build observability first. Deploy comprehensive agent logging and behavioral analytics before scaling — you can’t secure what you can’t see.”* That sentence is the operating principle of JetStream’s platform. ##### **What ATARC Advises CIOs to Do** Section 6 gives Federal CIOs four directives: - **Acknowledge current infrastructure gaps.**Conduct IAM capacity assessments and develop a multi-year modernization roadmap. Patching will not work. - **Adopt decentralized identity now.** Evaluate decentralized identifier (DID) methods, pilot verifiable credential (VC) issuance, and train security teams on decentralized identity. - **Implement Zero Trust for agents.** Use agent deployment as a catalyst for broader Zero Trust adoption with agent-specific policies. - **Build observability first.** Deploy comprehensive agent logging and behavioral analytics before scaling. Each directive depends on the others. Decentralized identity without observability is unverifiable in production. Zero Trust without observability is policy without proof. The bullets are ordered deliberately and observability is the precondition for everything else. ##### **The Crosswalk** [The JetStream SAIG Platform™](https://jetstream.security/platform/) (Security-first AI Governance) was architected against the same risks ATARC puts front and center. ATARC’s call for a **rich, cryptographically verifiable agent identity** for every agent, a digital passport that carries provenance and authorized capabilities. JetStream Identity Broker™ and JetStream Key Broker™ deliver that digital passport in the enterprise. Virtual, revocable, scoped credentials replace exposed master API keys hard-coded into workflows. Every agent action is bound to the invoking end-user and the human product owner accountable for it. Y*ou can’t trust what you can’t attribute.* ATARC’s **dynamic authorization** and **continuous verification** map to JetStream Runtime Governance. Live agent behavior is compared against an approved blueprint, drift surfaces immediately, and a kill switch is available through JetStream Key Broker™. *You can’t enforce what you can’t verify.* ATARC’s **traceable delegation**, the cryptographically recorded hand-offs where permissions narrow and never broaden, maps to JetStream AI Blueprints™. Blueprints are living operational contracts that document every agent, model, tool, dataset, and identity, with version control and approval. *You can’t approve what you can’t describe.* And ATARC’s closing call to CIOs, “build observability first”, could not be any more aligned to JetStream’s first principal:*You can’t govern what you can’t see.*No different than traditional assessment management, this demands continuous, ephemeral discovery across endpoints, browsers, APIs, cloud, and inside an existing authorized system boundary. The output is a real-time inventory that stays current as the environment changes, including those agents IT never provisioned and the MCP servers they never deployed. ##### **Why Observability Has to Come First** ATARC ordering the CIO bullets the way they did is likely for the same reason JetStream starts with visibility. A CIO cannot deploy decentralized identity to agents that haven’t been inventoried. A CIO cannot scope Zero Trust to behaviors that have never been measured. A CIO cannot defend a budget request, a board update, or an FOIA response with telemetry that only captures the agents IT already knew about. Observability first is not a sequencing preference. ##### **What “Act Now” Looks Like for a CIO** - **Inventory every AI agent, model, MCP server, and AI tool in your environment**, including the ones discovered in browser sessions and SaaS workflows, not just the ones IT provisioned. - **Replace raw provider credentials with virtual, revocable keys** scoped to an approved system definition. - **Stand up runtime governance against that definition**, so drift is detected and stopped before incident, not after. - **Tie every agent action to a human identity** and an accountable product owner. JetStream does all four without deploying another endpoint agent. That is the architectural choice ATARC’s report quietly demands, and that most existing security stacks were not built to make. That is the architectural choice ATARC’s report quietly demands, and that most existing security stacks were not built to make. If you have read *Securing the Agentic State* and are trying to figure out where to start this quarter, start where ATARC ends: Build observability first. [Request a demo of the JetStream SAIG Platform™](https://jetstream.security/contact-us/) **to see what observability-first AI governance looks like in production.** ##### Get insights in your inbox Weekly thought leadership and product updates from the JetStream team. #### Explore more insights [See all Insights](/insights) [https://jetstream.security/insights/make-the-ai-agent-a-reportable-asset/](https://jetstream.security/insights/make-the-ai-agent-a-reportable-asset/) Blog Jun 4, 2026 ###### Make the AI Agent a Reportable Asset The June 2, 2026 executive order makes CISA the lead for defending civilian federal systems as agencies adopt advanced AI. Section 2 tells agencies to upgrade f… [https://jetstream.security/insights/make-the-ai-agent-a-reportable-asset/](https://jetstream.security/insights/make-the-ai-agent-a-reportable-asset/) [https://jetstream.security/insights/what-boards-are-asking-about-ai-risk/](https://jetstream.security/insights/what-boards-are-asking-about-ai-risk/) AI Advisory May 8, 2026 ###### What Boards of Directors Are Actually Asking About AI Risk This post is authored by Patrick E. Zeller and Keith Weisman. Patrick is General Counsel at JetStream Security and a legal and complian… [https://jetstream.security/insights/what-boards-are-asking-about-ai-risk/](https://jetstream.security/insights/what-boards-are-asking-about-ai-risk/) [https://jetstream.security/insights/llm-keys-are-getting-compromised-are-you-protected/](https://jetstream.security/insights/llm-keys-are-getting-compromised-are-you-protected/) Blog May 7, 2026 ###### LLM Keys Are Being Targeted. Are You Protected? JetStream Security is reporting a credential stealer attack that exfiltrates LLM API keys using a sophisticated AI-assisted social engineering approach. As of M… [https://jetstream.security/insights/llm-keys-are-getting-compromised-are-you-protected/](https://jetstream.security/insights/llm-keys-are-getting-compromised-are-you-protected/)