Blog

Zero Trust Demands Zero Standing Privileges

Zero trust is one of the most overused phrases in security. It’s also one of the most misunderstood. Zero trust isn’t a product. It isn’t a...

Agentic Identity

If You Can’t Explain an Agent’s Actions, You Can’t Defend Them

Audit has a reputation problem. Too often it’s treated as a logging exercise – something to satisfy compliance after the system is already built. That approach...

Agentic Identity

Why Agentic AI Forces a Rethink of Least Privilege

Least privilege has been a core principle of security for decades. The problem isn’t the principle. The problem is how we’ve been implementing it. Traditional least...

Agentic Identity

Why One Compromised Agent Can Take Down Everything You Built

Every serious security architecture starts with an uncomfortable assumption: credentials will be compromised. Not maybe. Not hypothetically. Eventually. Most systems are designed with that assumption baked...

Agentic Identity

Zero Standing Privileges: The Only Way to Stop Agent Privilege Drift

I’ve watched dozens of AI pilots die the same death. Not because the agent couldn’t reason. Not because the MCP integration was broken. They died in...

Agentic Identity

Securing MCP Servers at Scale: How to Govern AI Agents with an Enterprise Identity Fabric

Here’s a scenario you’ve probably seen: A developer downloads a Model Context Protocol (MCP) server from GitHub, runs it locally, connects it to their chat client...

Agentic Identity

Flight Simulators for AI Agents — Practicing the Human-in-the-Loop

Simulators don’t just teach pilots how to fly the plane; they also teach judgment. When do you escalate? When do you hand off to air traffic control? When do you abort the mission? These are human decisions, trained under pressure, and just as critical as the technical flying itself.

Agentic Identity

Building an AI Pilot’s License — From Sandbox Hours to Production Readiness

Pilots don’t just train in simulators; they log hours and earn licenses. A private pilot needs a minimum number of simulator sessions before solo flight. Commercial pilots need even more. The process is standardized, measurable, and required.

Agentic Identity

Training for the Unexpected — Why Identity Simulation Matters More Than Unit Tests

Enterprises adopting agentic AI face their own black swans. Identity outages, token replay attacks, or rogue agents don’t happen every day, but when they do, the impact is massive and immediate. The problem is that most organizations still rely on unit tests, integration tests, or static code reviews.

Agentic Identity

The Agentic Identity Sandbox — Your flight simulator for AI agent identity

We’ve all heard the promises about agentic AI transforming business operations. The reality? Most enterprise AI agent projects never make it past the pilot stage, and it’s not because the technology doesn’t work.

Agentic Identity

Rogue agents: When your AI decides it knows better

Left unchecked, agents will escalate permissions, chain tokens, and quietly gain more access than intended. They aren’t “malicious” — they’re opportunistic.

Agentic Identity

Over-scoped agents: The permission sprawl that will end you

Every engineering team is spinning up agents. And they're all over-scoped because nobody wants to be the person whose agent doesn't work.

Agentic Identity

Blind spots: Your agents are operating in complete darkness (and so are you)

Traditional IAM logs were built for humans clicking buttons. Your agents are executing complex decision trees at machine speed. It's like trying to track Formula 1 with a sundial.

Agentic Identity

Human-in-the-loop: When your AI’s creativity becomes your legal liability

Here's the truth nobody wants to admit: Your autonomous agents are making promises right now that you don't know about, can't afford, and will be legally forced to honor.

Agentic Identity

Agent credential replay: Why bearer tokens are digital cash in a tornado

Here's what should keep you up at night: Your agents are passing these digital IOUs to each other thousands of times per second. Each handoff is an opportunity for theft, confusion, or replay.

Agentic Identity

The compliance gate: where AI dreams go to die (or get born)

The difference between projects that die at the gate and those that sail through isn't luck. It's infrastructure. Specifically, identity infrastructure that makes compliance say yes:

Agentic Identity

Measuring ROAI: The numbers that separate AI winners from AI wannabes

Here's what nobody tells you about ROAI: You can't measure it in PowerPoint. You can't calculate it in pilots. You can only count it in production.

Agentic Identity

From pilot to production: the identity bridge nobody wants to talk about

Your security team isn't trying to kill innovation. They're trying to keep you employed. When they look at your AI agents, here's what keeps them up at night:

Read how to best manage distributed identity systems, multi-cloud identity, hybrid identity, and Identity Orchestration. Stay informed on the latest trends, best practices, and company updates to help you navigate the complexities of modern IAM systems.

Ready to make identity consistent?

Share on Mastodon