Tag: identity
-
Your Next Employee Might Not Exist: LexisNexis Report Exposes the Synthetic Identity Explosion
The cybercrime landscape has always rewarded speed, smash-and-grab credential theft, rapid account takeovers, opportunistic phishing. But the LexisNexis Risk Solutions 2026 Cybercrime Report, derived from analysis of more than 116 billion online transactions, signals a fundamental strategic shift. Fraud is no longer just fast. Increasingly, it is deliberate, methodical, and terrifyingly patient. The report.. First…
-
7 Identity and API Security Tools Modern SaaS Teams Should Evaluate in 2026
Discover 7 essential identity and API security tools for modern SaaS teams. Expert comparison of SSO, DAST, MCP security, and passwordless authentication tools First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/7-identity-and-api-security-tools-modern-saas-teams-should-evaluate-in-2026/
-
9 ways CISOs can combat AI hallucinations
Tags: access, ai, breach, ciso, compliance, control, corporate, cybersecurity, data, defense, encryption, flaw, framework, GDPR, governance, identity, metric, penetration-testing, regulation, risk, soc, tool, trainingTreat AI outputs as drafts, not finished products: One of the biggest risks is over-trusting AI, according to security experts. Coté says her organization changed its policy so AI-generated content cannot go straight into compliance documentation without a human review.”The moment your team starts treating an AI-generated answer as a finished work product, you have…
-
Financial groups lay out a plan to fight AI identity attacks
Generative AI tools have brought the cost of deepfake production low enough that criminals and state-sponsored actors now use them routinely against financial institutions. A … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/fight-ai-identity-fraud/
-
Workload Identity and Access Management: The Definitive Guide
6 min readFor every human identity your IAM program governs, there are roughly 82 machine identities operating outside it. Most of them authenticate with static credentials that were provisioned once and never reviewed. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/workload-identity-and-access-management-the-definitive-guide/
-
Workload IAM vs. Secrets Management: A Practical Decision Guide
6 min readMost organizations start their nonhuman identity security program with a secrets manager. It’s a sensible first step. But as workloads multiply across clouds and the credential sprawl grows, the question shifts from “where do we store secrets?” to “do we need secrets at all?” First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/workload-iam-vs-secrets-management-a-practical-decision-guide/
-
Pentagon’s Zero Trust Push Faces a 2027 Reality Check
Analysts Warn Compliance Goals May Outpace Real Security Outcomes. The Pentagon’s zero trust overhaul aims to unify cyber defenses, but with a small percentage of target activities reportedly complete, persistent gaps in identity, data and governance are raising doubts about whether the 2027 deadline will deliver real security gains. First seen on govinfosecurity.com Jump to…
-
RSAC 2026 News: RSA Security and Microsoft Advance Identity Security for AI Era
I sat down with RSA Security at RSAC 2026 to discuss identity security. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cybersecurity/rsac-2026-news-rsa-security-and-microsoft-advance-identity-security-for-ai-era/
-
2026 SANS Identity Threats Report: Why Attacks Still Work
SANS findings highlight the real issue, compromised credentials enable access long before traditional security controls detect a problem. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/2026-sans-identity-threats-report-why-attacks-still-work/
-
How we made Trail of Bits AI-native (so far)
Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerabilityThis post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
-
Download: 2026 SANS Identity Threats Defenses Survey
New research from the 2026 SANS Identity Threats Defenses Survey shows that 55% of organizations experienced an identity-related compromise last year, while 26% … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/enzoic-2026-sans-identity-threats-defenses-survey/
-
8 ways to bolster your security posture on the cheap
Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
-
Ransomware in 2025: Blending in is the strategy
A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ransomware-in-2025-blending-in-is-the-strategy/
-
6 key takeaways from RSA Conference 2026
Tags: ai, api, attack, ceo, cio, ciso, compliance, conference, control, cyber, cybersecurity, data, framework, google, governance, government, identity, infrastructure, injection, intelligence, jobs, LLM, office, RedTeam, regulation, risk, saas, service, technology, threat, tool, trainingSecuring the AI stack: Yes, but the threat surface has grown: The first technical priority I offered for CISOs in my conference preview was securing the AI stack, RAG workflows, LLM data pipelines, vector databases, and model APIs, on the basis that prompt injection, training data poisoning, and model inversion attacks were no longer theoretical.The…
-
How can you be certain your AI is compliant?
How Does Non-Human Identity Management Enhance AI Compliance? When it comes to ensuring compliance in artificial intelligence systems, how do organizations manage the thousands of machine interactions that occur daily? This question is at the heart of discussions around AI compliance and underscores the importance of non-human identity (NHI) management. With the rise of AI……
-
Oasis Raises $120M Series B to Safeguard Agentic Identities
CEO Danny Brickman on Intent-Based Access and Non-Human Identity Governance. Oasis Security has raised $120 million in a Series B round to expand its identity platform focused on non-human identities and AI agents. CEO Danny Brickman says enterprises need intent-based access controls and automated governance to securely scale agentic adoption. First seen on govinfosecurity.com Jump…
-
ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime
ey Takeaways What Happened AI assistants now handle some of the most sensitive data people own. Users discuss symptoms and medical history. They ask questions about taxes, debts, and personal finances, upload PDFs, contracts, lab results, and identity-rich documents that contain names, addresses, account details, and private records. That trust depends on a simple expectation:…
-
North Korean IT Worker Used Stolen Identity, AI-Generated Resume in Job Scam
Tags: ai, breach, cyber, data-breach, fraud, identity, intelligence, jobs, north-korea, scam, threatA recent investigation as exposed how a suspected North Korean IT worker allegedly used a stolen identity, AI-generated resume content, and scripted interview answers to try to secure a senior remote role at U.S.-based threat intelligence firm Nisos. The case highlights how DPRK IT employment schemes are evolving by combining traditional fraud with modern AI…
-
Are your NHIs fully supported for optimal performance?
The Strategic Imperative of Non-Human Identity Management How secure is your organization when it comes to managing Non-Human Identities (NHIs)? With the increasing prevalence of cyber threats, optimizing NHI performance has become a cornerstone of effective cybersecurity strategies. NHIs, essentially machine identities, are pivotal in maintaining a secure digital, especially in cloud-based environments. Their management……
-
Is your Agentic AI impenetrable by cyber threats?
Is Your Organization Equipped to Handle Machine Identities? Have you ever pondered the impact of machine identities on your organization’s security? While we delve into the intricacies of Non-Human Identity (NHI) management, we uncover where machine identities are pivotal in ensuring cybersecurity across various sectors. These identities, akin to digital passports, control access and permissions……
-
What Is CIAM? A Complete Guide to Customer Identity and Access Management in 2026
CIAM is the technology layer that decides how your customers log in, what they can access, and how their data is protected. Here’s a complete breakdown of what it is, how it works, and why it’s become a $14 billion market. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/what-is-ciam-a-complete-guide-to-customer-identity-and-access-management-in-2026/
-
Identity is the first line of defense, especially in an AI-fueled threat landscape
Two new reports illustrate why companies need to do a better job of scrutinizing what their human employees and AI agents are doing. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/identity-governance-ai-cybersecurity/815964/
-
European Identity and Cloud Conference 2026 (EIC 2026) 19. bis 22. Mai 2026 in Berlin
Als führende europäische Konferenz für digitale Identität, Sicherheit, Datenschutz und Governance kehrt die European Identity and Cloud Conference (EIC) 2026 vom 19. bis 22. Mai 2026 nach Berlin zurück. First seen on ap-verlag.de Jump to article: ap-verlag.de/european-identity-and-cloud-conference-2026-eic-2026-19-bis-22-mai-2026-in-berlin/103464/
-
Top product launches at RSAC 2026
RSAC 2026 showcased a wave of innovation, with vendors unveiling technologies poised to redefine cybersecurity. From AI-powered defense to breakthroughs in identity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/rsac-2026-top-product-launches/
-
How are NHIs supported in regulatory compliance?
Can Effective Non-Human Identity Management Elevate Your Compliance Strategy? The management of Non-Human Identities (NHIs) has become a crucial aspect of regulatory compliance. NHIs, often referred to as machine identities, play an integral role in securing digital infrastructures. They are composed of an encrypted password, token, or key (the “Secret”) and the permissions granted by……
-
The $25 Million Deepfake: Why Your Video Calls Can No Longer Be Trusted
An employee saw the CFO on video. Heard colleagues speaking. Authorized $25M in transfers. Every person was an AI-generated deepfake. Identity verification is broken. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-25-million-deepfake-why-your-video-calls-can-no-longer-be-trusted/