Agentic Identity
I Gave 4 AI Agents a Corporate Bank Account. Here’s How I Stopped Them From Draining It.

A technical build log of the Multi-Agent Control Room, where AI agents pay invoices, escalate denials, and every action is identity-governed through OPA policies, RFC 8693...
Agentic Identity
Your MCP Server Is a Resource Server Now. Act Like It.

TL;DR — Without an identity layer, AI agents accessing enterprise tools create real exposure: data exfiltration through unscoped access, audit failures when no one can trace...
Agentic Identity
Agentic AI Governance: How to Approach It

Simulators don’t just teach pilots how to fly the plane; they also teach judgment. When do you escalate? When do you hand off to air traffic control? When do you abort the mission? These are human decisions, trained under pressure, and just as critical as the technical flying itself.
Agentic Identity
A Guide to Agentic AI Risks in 2026

Simulators don’t just teach pilots how to fly the plane; they also teach judgment. When do you escalate? When do you hand off to air traffic control? When do you abort the mission? These are human decisions, trained under pressure, and just as critical as the technical flying itself.
Agentic Identity
The Agentic Virus: How AI Agents Become Self-Spreading Malware

In my previous post, I walked through how disconnected MCP servers and AI agents create a growing blind spot in enterprise identity. The problem: thousands of...
Agentic Identity
Human-in-the-Loop: A 2026 Guide to AI Oversight That Actually Works

Simulators don’t just teach pilots how to fly the plane; they also teach judgment. When do you escalate? When do you hand off to air traffic control? When do you abort the mission? These are human decisions, trained under pressure, and just as critical as the technical flying itself.
Agentic Identity
The AI Agent Identity Crisis: New Research Reveals a Governance Gap

Key Takeaways Enterprises can’t move AI agents from pilot to production because identity governance isn’t there yet. Teams are sharing human credentials and access tokens with...
Agentic Identity
Zero Trust Demands Zero Standing Privileges

Zero trust is one of the most overused phrases in security. It’s also one of the most misunderstood. Zero trust isn’t a product. It isn’t a...
Agentic Identity
If You Can’t Explain an Agent’s Actions, You Can’t Defend Them

Audit has a reputation problem. Too often it’s treated as a logging exercise – something to satisfy compliance after the system is already built. That approach...
Agentic Identity
Why Agentic AI Forces a Rethink of Least Privilege

Key Takeaways The static way we implement least privilege is broken. Traditional least privilege assumes access can be designed in advance. Agents reason, plan, and adapt...
Agentic Identity
Why One Compromised Agent Can Take Down Everything You Built

Every serious security architecture starts with an uncomfortable assumption: credentials will be compromised. Not maybe. Not hypothetically. Eventually. Most systems are designed with that assumption baked...
Agentic Identity
Zero Standing Privileges for AI Agents: How to Stop Privilege Drift in Agentic Systems

Key Takeaways Privilege drift is the number one reason AI pilots die in security review. Access must be considered from the creation of an AI pilot;...
Agentic Identity
Securing MCP Servers at Scale: How to Govern AI Agents with an Enterprise Identity Fabric

Here’s a scenario you’ve probably seen: A developer downloads a Model Context Protocol (MCP) server from GitHub, runs it locally, connects it to their chat client...
Agentic Identity
Building an AI Pilot’s License — From Sandbox Hours to Production Readiness

Pilots don’t just train in simulators; they log hours and earn licenses. A private pilot needs a minimum number of simulator sessions before solo flight. Commercial pilots need even more. The process is standardized, measurable, and required.
Agentic Identity
Training for the Unexpected — Why Identity Simulation Matters More Than Unit Tests

Enterprises adopting agentic AI face their own black swans. Identity outages, token replay attacks, or rogue agents don’t happen every day, but when they do, the impact is massive and immediate. The problem is that most organizations still rely on unit tests, integration tests, or static code reviews.
Agentic Identity
The Agentic Identity Sandbox — Your flight simulator for AI agent identity

We’ve all heard the promises about agentic AI transforming business operations. The reality? Most enterprise AI agent projects never make it past the pilot stage, and it’s not because the technology doesn’t work.
Agentic Identity
Rogue agents: When your AI decides it knows better

Left unchecked, agents will escalate permissions, chain tokens, and quietly gain more access than intended. They aren’t “malicious” — they’re opportunistic.
Agentic Identity
Over-scoped agents: The permission sprawl that will end you

Every engineering team is spinning up agents. And they're all over-scoped because nobody wants to be the person whose agent doesn't work.