Tag: identity
-
Why Traditional IAM Is No Match for Agentic AI
6 min readLegacy IAM can’t govern autonomous AI agents that spin up, execute and terminate in seconds. New identity patterns are now emerging. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/why-traditional-iam-is-no-match-for-agentic-ai/
-
AWS leans on prior ingenuity to face future AI and quantum threats
Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, updateSymmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
-
AWS leans on prior ingenuity to face future AI and quantum threats
Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, updateSymmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
-
Studie von Rubrik Zero Labs zeigt bedenkliche Defizite in der Identity Governance
Neue Studie von Rubrik Zero Labs zeigt bedenkliche Defizite in der Identity Governance: Unternehmen setzen autonome Systeme ohne Überwachung ein First seen on infopoint-security.de Jump to article: www.infopoint-security.de/studie-von-rubrik-zero-labs-zeigt-bedenkliche-defizite-in-der-identity-governance/a44817/
-
Identity discovery: The overlooked lever in strategic risk reduction
If you ask a CISO what keeps them up at night, the answer usually isn’t “lack of tools.” It’s uncertainty. Uncertainty about what they don’t see. Uncertainty about how far an … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/29/delinea-identity-discovery-strategy/
-
How Identity, Geopolitics and Data Integrity Define Cyber Resilience
A good cyber framework is built on the assumption that disruption is inevitable, so it must be capable of anticipating, absorbing, and adapting to it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/how-identity-geopolitics-and-data-integrity-define-cyber-resilience/
-
Warum Identity Attack Path Management durch KI immer wichtiger wird
Unternehmen priorisieren aktuell Transparenz über Angriffspfade (43 %) und Rechtebeziehungen (36 %) höher als die Integration generativer oder agentischer KI (40 %) First seen on infopoint-security.de Jump to article: www.infopoint-security.de/warum-identity-attack-path-management-durch-ki-immer-wichtiger-wird/a44809/
-
Warum Identity Attack Path Management durch KI immer wichtiger wird
Unternehmen priorisieren aktuell Transparenz über Angriffspfade (43 %) und Rechtebeziehungen (36 %) höher als die Integration generativer oder agentischer KI (40 %) First seen on infopoint-security.de Jump to article: www.infopoint-security.de/warum-identity-attack-path-management-durch-ki-immer-wichtiger-wird/a44809/
-
Inside an OPSEC Playbook: How Threat Actors Evade Detection
Threat actors are now publishing structured OPSEC playbooks to stay undetected. Flare reveals how these guides outline layered infrastructure, identity separation, and long-term evasion strategies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/inside-an-opsec-playbook-how-threat-actors-evade-detection/
-
The Evolution of Scattered Spider: How Organizations Are Strengthening Defenses
An On Demand video from ID Dataweb. Scattered Spider is rapidly expanding its reach, exploiting identity processes and help desks to infiltrate organizations. Discover their tactics and the steps you can take now to reduce risk. Watch the webinar. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/evolution-scattered-spider-how-organizations-are-strengthening-defenses-a-31524
-
What CISOs need to get right as identity enters the agentic era
Tags: access, ai, ciso, conference, control, credentials, cybersecurity, defense, governance, identity, jobs, least-privilege, malicious, mfa, monitoring, phishing, risk, technology, toolWilcox and Adams are speaking at the CSO Cybersecurity Awards & Conference, May 1113. Reserve your place.As a result, Adams says CISOs will increasingly need to adopt an identity-centric security architecture and there are several key tenets to consider.Build a strong foundation before layering on complexity. The instinct when modernizing an identity program, says Adams, is…
-
Stopping AiTM attacks: The defenses that actually work after authentication succeeds
Tags: 2fa, access, attack, authentication, awareness, breach, communications, compliance, control, credentials, data, defense, detection, email, finance, framework, identity, incident response, login, mfa, microsoft, monitoring, nist, passkey, phishing, risk, service, threat, tool, trainingThe 3 controls that close the gap: Control #1: Bind sessions to managed devices The most impactful single control for session security is requiring managed, compliant devices as a condition of accessing sensitive resources. When access policies, such as Microsoft Entra Conditional Access, require that the device presenting a session token is enrolled, managed and…
-
Beyond the perimeter: Why identity and cyber security are one single story
By James Odom, Director of Cyber, and Jim Small, Director of Identity at Hippo Digital For years, identity and cyber security have been treated as separate disciplines, with identity focusing on authentication, onboarding and access and cyber security focusing on networks, monitoring and threat response. That separation made sense when systems had clearer boundaries. The…
-
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort.Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent’s identity lifecycle operations…
-
Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting
CVE-2026-6770 let attackers fingerprint Firefox and Tor users, even in Private mode. Firefox 150 and Tor Browser 15.0.10 fixed it. A vulnerability, tracked as CVE-2026-6770, allowed attackers to fingerprint Firefox users, even in Private Browsing, and also impacted the Tor Browser. The flaw worked even when Tor’s New Identity feature was used, bypassing protections meant…
-
Is Your IAM Ready for AI?
e=4>Explore how AI is reshaping the security landscape”, uncover emerging threats, identity challenges, and the strategies needed to stay ahead. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/your-iam-ready-for-ai-a-31509
-
Your IAM was built for humans, AI agents don’t care
Identity and access management was built for a simpler world. One where the hardest problem was a human logging in, and where >>Who are you?<< was sufficient to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/ai-agents-access-control-model/
-
Your IAM was built for humans, AI agents don’t care
Identity and access management was built for a simpler world. One where the hardest problem was a human logging in, and where >>Who are you?<< was sufficient to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/ai-agents-access-control-model/
-
Quantum-Resistant Identity and Access Management for MCP Resources
Secure your MCP hosts with quantum-resistant IAM. Learn about lattice-based signatures, PQuAKE, and 4D context-aware access for AI agents. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/quantum-resistant-identity-and-access-management-for-mcp-resources/
-
9 Identity-Based Threats Redefining Cybersecurity in 2026 (Beyond Credential Stuffing)
Tags: ai, attack, authentication, credentials, cybersecurity, deep-fake, identity, mfa, phishing, threatDiscover the 9 most dangerous identity-based threats in 2026, from AI phishing attacks and deepfake authentication bypass to MFA fatigue and harvest-now-decrypt-later quantum threats. Learn why legacy authentication fails against each one and how phishing-resistant, passwordless authentication changes the equation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/9-identity-based-threats-redefining-cybersecurity-in-2026-beyond-credential-stuffing/
-
9 Identity-Based Threats Redefining Cybersecurity in 2026 (Beyond Credential Stuffing)
Tags: ai, attack, authentication, credentials, cybersecurity, deep-fake, identity, mfa, phishing, threatDiscover the 9 most dangerous identity-based threats in 2026, from AI phishing attacks and deepfake authentication bypass to MFA fatigue and harvest-now-decrypt-later quantum threats. Learn why legacy authentication fails against each one and how phishing-resistant, passwordless authentication changes the equation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/9-identity-based-threats-redefining-cybersecurity-in-2026-beyond-credential-stuffing/
-
Saviynt stellt IdentityAgenten vor
Neue Lösung ermöglicht Steuerung autonomer KI-Agenten über den gesamten Lebenszyklus von der Erkennung bis zur Laufzeitkontrolle. Saviynt, Anbieter einer Identity-Security-Plattform, hat heute seine Lösung Saviynt Identity Security for AI vorgestellt. Die Lösung unterstützt Unternehmen dabei, autonome KI-Agenten vergleichbar mit menschlichen und maschinellen Identitäten zu verwalten: mit durchgehender Sichtbarkeit, Lifecycle-Governance und kontextbasierter Zugriffskontrolle in… First seen…
-
The Rise of ‘Shadow AI Agents’ Inside Enterprises
Okta’s Shiven Ramji on Visibility, Identity and Hidden Risk. Enterprises are rapidly deploying AI agents, but many don’t know where they are or what they’re accessing. Shiven Ramji of Okta explains why shadow agents are the next major security risk and how identity, visibility and governance must evolve to keep up. First seen on govinfosecurity.com…
-
New US House privacy bills raise hard questions about enterprise data collection
Tags: access, ai, awareness, banking, business, cio, ciso, compliance, credentials, data, finance, framework, governance, group, identity, insurance, Internet, jobs, law, privacy, regulation, risk, service, strategy, supply-chainWhere privacy law overlaps with AI governance: The SECURE Data Act does not contain broad, standalone AI governance rules, but it still touches AI in meaningful ways.The bill includes opt-outs for fully automated profiling used for decisions with legal or similarly significant effects. That language can clearly implicate some uses of AI, particularly in hiring,…
-
Why AI Agents Need Least Privilege Too, and How to Enforce It Automatically
AI agents are cloud identities. They don’t get a badge or a login. They get a service account, an IAM role, or an API key, just like any other non-human identity running in your environment. Mechanically, there’s nothing new. What’s new is how many of them are being deployed, how fast, and with how much……
-
Hackers Exploit Agent ID Administrator Role to Hijack Service Principals
A severe scoping vulnerability was recently discovered in Microsoft Entra ID’s new Agent Identity Platform. The security flaw allowed users assigned the Agent ID Administrator role to hijack arbitrary service principals across an organization’s tenant, leading to potential privilege escalation. Although the administrative role was designed strictly to manage AI agent identities, a boundary breakdown…
-
Google drafts AI agents to secure systems against AI hackers
Wiz, AI-BOMs, and securing the AI development sprawl: Google has expanded its Wiz portfolio to tackle the chaos of AI development and multi-cloud risk.Wiz is being positioned as the connective tissue across environments, supporting everything from AWS and Azure to SaaS platforms and AI agent studios.”Wiz now supports Databricks as well as new agent studios…
-
3 practical ways AI threat detection improves enterprise cyber resilience
Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
-
3 practical ways AI threat detection improves enterprise cyber resilience
Legitimate admin activity and malicious behavior often look similar without contextHybrid environments generate fragmented telemetry that rule sets can’t correlateLean teams don’t have time to manually connect the dots across systemsPlatforms like Adlumin MDR apply behavioral models and automated triage to suppress low”‘value alerts and elevate incidents that actually matter. Fewer alerts, better context, and…
-
Google drafts AI agents secure systems against AI hackers
Wiz, AI-BOMs, and securing the AI development sprawl: Google has expanded its Wiz portfolio to tackle the chaos of AI development and multi-cloud risk.Wiz is being positioned as the connective tissue across environments, supporting everything from AWS and Azure to SaaS platforms and AI agent studios.”Wiz now supports Databricks as well as new agent studios…