The Cyber Hut Radar - Emerging Technology Research

Latest On Demand Industry Webinar

Closing the AD Privileged Access Gap

Up Coming Event Attendance

Identiverse - Las Vegas - June 15-18

Open Source Research Cheat Sheets

A Demo Discussion on JiT for SSH

A demo walk through by P0 Security taking a look at just in time access for SSH services

Latest Podcast Episode

E73 The Analyst Brief: AI Impact on Access Decisioning and Runtime Security

Latest Research Report

Identities Under Attack: How Adversaries Exploit the Human–Machine–Agent Divide (Panel)

Latest Insight by The Cyber Hut

Unified by Design: Consolidating Access Across Physical and Digital Realms

Best Practices for AI Powered IVIP

From Anonymous to Accountable: Giving AI Agents a Digital Identity

The Unified Identity Imperative: Breaking the Cycle of Fragmentation

Enroll. Forget. Reset. Repeat: How Broken Identity Journeys Undermine Identity Assurance

Always On, Always Aware: Building a Continuous Identity Strategy

Recent Industry Webinars by The Cyber Hut

Identity-First Security for AI Agents with Token Security

Addressing the IAM Data Problem: A fireside chat with Radiant Logic

An Identity Security Playbook: The What and The Why with Silverfort

Putting the AI in IAM a fireside chat with Apono

The Cyber Hut Academy - Training Service

Training Academy Episodes by The Cyber Hut

40: How to Measure Identity Security?

13 days ago · The Cyber Hut

39: What is Just in Time access and Zero Standing Privileges?

38: How does Identity and Access Management relate to Zero Trust?

Latest Getting Started Guide

Getting Started with Access Consolidation: A Practical Guide to Unified Identity

Read Now

Latest Vendor Introduction Interviews

Order IAM and Identity Security Books on Amazon

IAM at 2035: A Future Guide to Identity Security - Paperback, Audio, Kindle and Hardback

CIAM Design Fundamentals - Paperback, Audio and Kindle

C1 Headless Identity, Palo Alto Human Identity, Sailpoint Agentic Fabric, Strata Agentic Sprawl

The Cyber Hut — Tue, 12 May 2026 10:38:35 GMT

Select Strategic & Emerging Headlines

Industry Announcements

Identity Threat Intelligence Updates

Latest On Demand Industry Webinar

Closing the AD Privileged Access Gap

Up Coming Event Attendance

Identiverse - Las Vegas - June 15-18

Open Source Research Cheat Sheets

A Demo Discussion on JiT for SSH

A demo walk through by P0 Security taking a look at just in time access for SSH services

Latest Podcast Episode

E72 The Analyst Brief: Mythos and the Vulnerability Revolution

Latest Research Report

Unified by Design: Consolidating Access Across Physical and Digital Realms

Latest Analyst Insight by The Cyber Hut

Best Practices for AI Powered IVIP

From Anonymous to Accountable: Giving AI Agents a Digital Identity

The Unified Identity Imperative: Breaking the Cycle of Fragmentation

Enroll. Forget. Reset. Repeat: How Broken Identity Journeys Undermine Identity Assurance

Always On, Always Aware: Building a Continuous Identity Strategy

Latest Recent Industry Webinars by The Cyber Hut

Identity-First Security for AI Agents with Token Security

Addressing the IAM Data Problem: A fireside chat with Radiant Logic

An Identity Security Playbook: The What and The Why with Silverfort

Putting the AI in IAM a fireside chat with Apono

The Cyber Hut Academy - Training Service

Latest Training Academy Episodes by The Cyber Hut

40: How to Measure Identity Security?

12 days ago · The Cyber Hut

39: What is Just in Time access and Zero Standing Privileges?

38: How does Identity and Access Management relate to Zero Trust?

Latest Vendor Assessment Report

As assessment of Radiant Logic - analysing their identity-data view of ISPM

Our Recent Vendor Introduction Interviews

What is Teleport’s Agentic Security Framework?

Order IAM and Identity Security Books on Amazon

IAM at 2035: A Future Guide to Identity Security - Paperback, Audio, Kindle and Hardback

CIAM Design Fundamentals - Paperback, Audio and Kindle

Capsule Security raises $7 million Seed to secure enterprise AI agents

Acquisitions: Cisco + Astrix Security, Silverfort + Fabrix Security

The Cyber Hut — Tue, 05 May 2026 11:10:18 GMT

Cisco to Acquire Astrix Security

Cisco this week announced they are to acquire NHI startup Astrix Security. Traditional security models focus on human users, but modern systems rely heavily on AI agents and non-human identities, which often operate with excessive privileges and limited oversight.

What will Astrix bring to Cisco? Astrix provides capabilities to discover and map AI agents and their activities, govern access and lifecycle of non-human identities, detect and respond to threats in real time and manage secrets (credentials, tokens) centrally.

This will impact Cisco’s strategic vision in a few ways. They aim to extend their Zero Trust security model to the “agentic workforce”—ensuring AI agents are continuously verified, monitored, and controlled, not implicitly trusted.

The Astrix stack will be integrated into Cisco’s security ecosystem, including:

Identity Intelligence (for visibility and context) (previous Oort acquisition)
Secure Access and Duo (for access control and authentication)

“Joining Cisco means Astrix now has the scale, the reach, and the platform to bring agentic and NHI security to organizations worldwide. Astrix’s capabilities will be integrated across the Cisco Security platform — including Cisco Identity Intelligence, Secure Access, Duo, and Splunk — to deliver end-to-end discovery, governance, and threat detection for every agentic and non-human identity and AI agent. Cisco’s unmatched visibility across identity, network, application, and infrastructure layers — combined with Astrix’s deep NHI and agentic security capabilities — creates an opportunity to protect enterprises at a level that simply wasn’t possible before.” - Alon Jackson CEO Astrix Security

Silverfort to Acquire Fabrix

Silverfort recently announced it has acquired Fabrix Security, a startup focused on AI-driven identity security. Financial terms were not disclosed. The acquisition aims to create an autonomous identity security platform that can make and enforce access decisions in real time—something traditional, rule-based systems struggle to do at scale.

Silverfort has long been developing a range of identity security capabilities and acquired Rezonate in 2024 to expand ITDR functionality to cloud systems.

So what will Fabrix add? Fabrix adds an AI-driven decisioning engine and identity knowledge graph Together, they enable dynamic, context-aware decisions about whether an identity (human, machine, or AI agent) should access a resource at any moment. The rise of non-human identities and AI agents is overwhelming static access control models. This combined platform is designed to handle access decisions continuously and autonomously, at the speed required in modern environments.

“We founded Fabrix with a clear vision: making Identity Security easier, faster, and more scalable using an AI-native approach,” said Raz Rotenberg, CEO and Co-Founder of Fabrix. “By joining Silverfort, we can bring this transformation to the largest companies in the world and combine our AI engine with Silverfort’s runtime enforcement to create something no one has achieved before. We are excited to become part of the team shaping the future of Identity Security.”

Select Strategic & Emerging Headlines

Industry Announcements

OpenAI Launches Passkey Security for ChatGPT with Yubico Partnership

Can I do that with policy? Understanding the AWS Service Authorization Reference

Identity in the Age of AI: Rethinking Zero Trust’s First Pillar

Identity Threat Intelligence Updates

The Danger of Multi-SSO AWS Cognito User Pools

Top 10 Ways Hackers Use AI for Cyber Attacks

Vercel April 2026 Security Incident: How a Compromised OAuth App Led to a Major Breach

Latest On Demand Industry Webinar

Closing the AD Privileged Access Gap

Up Coming Event Attendance

Identiverse - Las Vegas - June 15-18

Open Source Research Cheat Sheets

A Demo Discussion on JiT for SSH

A demo walk through by P0 Security taking a look at just in time access for SSH services

Latest Podcast Episode

E71 The Analyst Brief: A Review of RSAC 2026

Latest Research Report

Unified by Design: Consolidating Access Across Physical and Digital Realms

Latest Analyst Insight by The Cyber Hut

Best Practices for AI Powered IVIP

From Anonymous to Accountable: Giving AI Agents a Digital Identity

The Unified Identity Imperative: Breaking the Cycle of Fragmentation

Enroll. Forget. Reset. Repeat: How Broken Identity Journeys Undermine Identity Assurance

Always On, Always Aware: Building a Continuous Identity Strategy

Latest Recent Industry Webinars by The Cyber Hut

Identity-First Security for AI Agents with Token Security

Addressing the IAM Data Problem: A fireside chat with Radiant Logic

An Identity Security Playbook: The What and The Why with Silverfort

Putting the AI in IAM a fireside chat with Apono

39: What is Just in Time access and Zero Standing Privileges?

Latest Training Academy Episodes by The Cyber Hut

38: How does Identity and Access Management relate to Zero Trust?

Latest Vendor Assessment Report

As assessment of Radiant Logic - analysing their identity-data view of ISPM

Our Recent Vendor Introduction Interviews

What is Teleport’s Agentic Security Framework?

Order IAM and Identity Security Books on Amazon

IAM at 2035: A Future Guide to Identity Security - Paperback, Audio, Kindle and Hardback

CIAM Design Fundamentals - Paperback, Audio and Kindle

Book 90 Minute Discussion Workshop

Review of IAM Tech Day Sao Paulo 2026

The Cyber Hut — Tue, 28 Apr 2026 11:44:32 GMT

Last week I had the pleasure of attending and presenting at this years IAM Tech Day down in Sao Paulo, Brazil. Alfredo Santos and team have created a great community of identity experts from a broad range of sectors and locations across Latin America.

The 2-day event attracted over 2500 attendees and a strong vendor sponsor list - from large established players to more niche startups, along with numerous systems integrators and consultancies.

Where Is IAM Heading?

I opened day 1 with a presentation entitled “A Dynamic World Needs Dynamic IAM: Where Are We Heading?” - and provided a look into the main research areas we have seen at The Cyber Hut over the past 12 months.

As identity and access management has moved from being a tactical and responsive part of the internal workforce infrastructure, to a strategic enabler that improves productivity, drives revenue and online experiences for B2C ecosystems and integrates with a broad array of cyber security technologies, it has become a major attack vector for adversarial activity. Many would argue it has become the attack vector.

Complex and fragmented infrastructure combined with a highly evolving black market for attack tooling (potentially coupled with AI-based vulnerability exploitation platforms) has lead to a huge spike in identity related risk. That risk is focused at both the identity data layer and post-auth runtime layer too.

To that end we have seen a new set of technology areas emerge since 2022 that look to improve the security and risk posture of the entire IAM infrastructure world.

At the identity data layer (and with respect to identity data I mainly refer to profiles, policies and permissions) we see a slew of acronyms from IVIP (identity visibility and intelligence platforms), ISPM (identity security posture management) and further expansion of IGA (identity governance and administration) that leads into application governance and AI-governance.

A Future Guide to Identity Security

Available globally on Amazon, in Kindle, paperback and hardback

Order Now on Amazon

The strategic focus here is to essentially augment our access request and access review processing with more context - leveraging data sources that already exist within the modern enterprise - and make our decision making smarter. AI is accelerating this decision making too and we’re seeing a range of use cases that improve integration, permissions analysis and policy removal as a result.

From a runtime point of view, we’re seeing numerous initiatives here - including ITDR (identity threat detection and response) and many subtle sub-classes of behaviour analysis. The focus is understanding the intent of an identity - not just making sure they have the correct permissions. This will involve analysing usage and comparing behaviour across-applications. This often requires composite-risk analysis engines - taking into consideration several signals to help triangulate risk and trigger a responsive action.

Understanding when to act is often as difficult as deciding what to do as a response. The response aspect is also evolving and will require more than just a simple allow/deny choice. Disrupting, degrading, redirecting and more subtle response measures are now common - and especially in the external B2C space and aim to deliver security AND usability simultaneously.

A more strategic view of course is not just how to handle the data and runtime aspects of identity risk but do so across ALL identity types. We’re seeing innovation within IGA, ISPM and PAM with the increased usage of generative and agentic AI to improve decision making - alongside expansions into the non-human governance space too.

Ultimately both identity data and behaviour monitoring needs to support non-human, workloads, and agentic-AI as well as both B2E and B2C identity types.

Further Resources on Identity Data Risk

IAM for AI and AI for IAM

Every cyber or IAM conference in 2026 is going to have a heavy focus on AI - either to accelerate IAM adoption or in attempt to secure parts of the AI ecosystem.

Okta started day 1 with a generic focus on how both the LLM and agentic are firstly different components, but also have different control requirements. They articulated that a focus on the “information flows” between assets is a more strategic approach alongside a central plane that looks at both the identity creation flows and the runtime interception and enforcement of permissions.

Sailpoint extended the AI focus, with a need to provide IGA and life cycle management features for non-human identities as well as humans. A key first-principle to that model is to assign owners to agents, workloads and NHIs. This needs to be done for both existing live identities (that are essentially orphaned) as well as imposing sponsors during identity creation time.

Later in the morning, an Okta hosted a panel with ySec and TecPar that looked at AI from a more security exploitation standpoint. The rise of deepfakes, the increased speed of attacks and the ability to craft attacks in a “no-code” way has essentially given the attackers the advantage - for the time being. To that end, AI can be used to help discover the landscape first - what identities exist, where they are stored and what they are permitted to do. It really becomes essential to move from a reactive security standpoint to one that is more pro-active.

eTrust articled that AI is really in its “toddler” years - and emphasised again that using a sponsor and ownership is key to governance (take a look here at our recent Agentic Ownership guide).

Thales - the long time authentication specialists - amplified the story that AI is accelerating login based attacks. From improvements to how attackers can craft phishing emails. Later in the day they also presented a case study where they show how an authentication assessment (internal and external identities versus high and low risk) can help to identify future authentication modality requirements.

Platform providers CoffeeBean discussed how the combination of identity orchestration alongside AI is the strategic way to manage workforce IAM. As B2E has evolved, organisations need to integrate IAM into more systems, consume different data points and be more modular and fine grained with how IAM capabilities are deployed. The integration of logs and activity data can provide a continuous feedback loop into policies and controls. The key is augment existing pillars of IAM capability to improve coverage and usability.

Day 2 saw a panel hosted by NetBR that included practitioners from Itaú Unibanco and Bradesco that discussed how AI can help with IAM but also the controls needed to secure it. From an IAM point of view, access request, IDV analysis and account take over (ATO) protection were prime uses of emerging AI capabilities. The panel also observed how AI adoption is amplifying the need for data protection and how the concepts of external authorization platforms and policy based access control (PBAC) are key parts of that journey.

Identity for Security and Security for Identity

There are very few cyber security technology sectors (think XDR, data, mobile, cloud, network) that don’t either relying hugely on IAM working effectively (which is rarely does) or expect bi-directional integrations for data and runtime tokens and decision making. To that end, there were numerous talks amplifying the security angle of identity - either to protect the IAM infrastructure and its components, as well as the identities, accounts and usage of those components.

Sec4U on day 1 introduced the concept of the “identity attack surface” and how it is increasing. As organisational maturity gravitates to an all-digital approach for staff, customers, services and products, the level of risk increases. As a result, IAM strategy needs to move away from standard joiner-mover-leaver concepts and focus on being continual, continuous and contextual.

A practitioner panel from the airline manufacturer Embraer discussed how security considerations such as intellectual property protection are driving their IAM design. Insider threat, external attacks and complex supply chains can increase risk through visibility blind-spots and a lack of full coverage IGA capabilities. An increased focus on IAM process automation not only reduces error and human effort, it can also allow the organisation to become more risk adverse, by having confidence in the underlying processes. That then allows Embraer to move faster, collaborate and be more competitive. Some tactical comments also emerged, from the need to migrate to just in time (JiT) access to making sure IAM can fully integrate into the security operations centre (SoC) for analysis and investigations.

ManageEngine gave a talk looking at the huge rise in shadow identity - the impact of that and what can be done to tackle it. Whilst traditionally AD-centric, they articulated a broader strategy to improve both IT-security controls adoption and cleanup of the core identity data landscape.

The end of day 1 saw Prove discuss not just security of IAM, but more the privacy of identity data components. The attributes that make up a profile (especially in the B2C space) can be abused as part of identity verification, fraud and PII theft. They articulated the multi-source issue of how identity attributes can be leaked - and in turn used to create synthetic or blended identities that are then used for future attacks and data theft. These false identities can also be used in disinformation campaigns and influence operations that are proliferating into concerns such as election interference. Their solution is provide an identity-graph model that can continuously check identity attribute location and usage, verifying usage, integrity and historical assurance.

B2C CIAM Design Fundamentals

Available globally on Amazon, in paperback and Kindle.

Buy now on Amazon

Day 2 saw Banco Bradesco (the third largest bank by assets in Brazil) discuss a case study. Some interesting aspects included the need to future proof against emerging security threats - such as post-quantum readiness and protection against the rise of deepfakes. Identity and security in general is a process not a product and they have developed modular approach to both designing, implementing and deploying IAM components for staff, customers and non-human identities, with composable features for authentication and authorization.

Further Insight and Whitepapers

Raise IT (a partner of Transmit Security) discussed the security and fraud components that are emerging within the B2C CIAM space. Fraud is no longer just attacking the account creation and on-boarding phases, but must be handled end to end at all parts of the B2C life cycle. With the advent of agentic-AI within the B2C world, a transaction signing lineage must be considered that can provide assurance and integrity protection for transactions.

JumpCloud gave a novel description of how device analysis and mobile device management (MDM) systems have evolved into more generic endpoint protection platforms - and must be more closely linked into the privilege access management flows. They argued that identity on its own cannot live in a vacuum and the originating device must be considered during authentication and authorization enforcement checks. Hexnode delivered a similar message later in the day, with their solution offering a broad array of mobile and device integration options in order to strengthen the coverage for device security.

Later on day 2, Silverfort argued that original joiner-mover-leaver processes were not built for security - they were built for productivity and compliance. As organisations move towards a more hybrid deployment model, visibility and control of identity usage becomes a vulnerability. Their view of identity security involves a “runtime access protection RAP” component that can augment and extend Active Directory authentication and access with a range of behaviour and threat detection capabilities.

Recent Industry Interviews

Final Comment

IAM Tech Day is one of the premier identity events globally, not just for LATAM. The core themes of AI and identity security amplified what is happening in North America, EMEA and APAC too.

As IAM becomes a strategic enabler for technology transformation, business productivity and revenue generation, the security and privacy aspects become critical.

How we measure and deploy IAM services is changing massively. Several talks (including those by Shield Security, Sec4U and NetBR) all showcased modern and strategic approaches of how to embed IAM within the C-level talk track. From improved communications and metrics to how to find and in turn manage risk. IAM strategies and tactics need to be co-authored with a broad array of stakeholders. The use of natural language processing as the standard user experience (UX) of choice can open up previously complex IAM policy components to non-technical leaders who can both consume performance data, but also contribute to the overall management of the IAM world.

It becomes critical to work in a top-down model - identifying business and team objectives before identifying the data, cyber and identity components that help or hinder those plans. What does MFA really do for the business? How can just in time access help their partners or customers? These lower level controls must be translated and presented in a way that matters to the key budget holders.

If organisations can achieve that, their future identity strategy will both enable security but also improve usability.

Saúde!

Vendor and Integrator Shout Outs

Authcube - Orchestrate and protect identities in one unique platform what unite security and experience

CoffeeBean Technology - Orchestration in IAM refers to the automated coordination of identity and access management processes across systems, applications, and security tools.

eTrust Security - We are cyber security. We are identity.

JumpCloud - Securely manage devices and access for all human, non-human, and agentic identities.

NetBR - We are an extension of your company, generating knowledge through interaction with your teams , delivering greater value to your identity program.

Prove - Prove transforms identity from a one-time verification event into a persistent foundation of trust-built to verify every person, business, and AI agent, at every interaction.

Sec4U - Your security doesn't have to be complex! Protect your workforce and digital customers without impacting your business flows and usability.

Shield Security - Shield Security has a broad portfolio of services associated with the best manufacturers on the market. The goal is to offer excellent service, seeking to understand the needs of each client for a personalized delivery.

Silverfort - Discover and protect every dimension of identity, everywhere. Human, machine or AI, cloud or on-prem—including systems that couldn’t be protected befor

About The Author

Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of The Cyber Hut – a specialist research and advisory firm based out of the UK. He is author of CIAM Design Fundamentals and IAM at 2035: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.

Designing for Converged Access

The Cyber Hut — Tue, 21 Apr 2026 10:49:43 GMT

Organizations today manage access in two very different domains: physical spaces (buildings, offices, secure areas) and digital environments (applications, systems, data). Historically, these have evolved separately, using different technologies, teams, and policies.

That separation is increasingly becoming a problem.

The Challenge of Fragmented Access

When physical and digital access are handled in silos, organizations struggle with:

Inconsistent policies across systems
Gaps in security, especially during onboarding and offboarding
Limited visibility into who has access to what
Operational inefficiencies from duplicated processes

For example, an employee may lose system access immediately after leaving—but still retain access to a building. These disconnects introduce risk and complexity.

A Shift Toward Unified Access

To address this, organizations are moving toward a unified design model, where identity becomes the central control point for all types of access.

In this approach:

A single identity governs access to both physical and digital resources
Policies are applied consistently across environments
Access decisions are centralized and context-aware

This represents a shift from system-centric security to identity-centric security.

As organizations continue to digitize and expand, managing access in silos is no longer sustainable. A unified, identity-centric approach provides stronger security, better efficiency, and a more seamless user experience—bringing together the physical and digital worlds under a single access strategy.

I wrote about this concept in more detail in a recent analyst opinion piece written for HID.

Read Full Article

About The Author

Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of The Cyber Hut — a specialist research and advisory firm based out of the UK. He is author of CIAM Design Fundamentals and IAM at 2035: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.

Thanks for reading The Cyber Hut Radar - Emerging Technology Research! This post is public so feel free to share it.

Cheat Sheet: Agentic Identity Owner Discovery

The Cyber Hut — Tue, 14 Apr 2026 09:57:28 GMT

The What

In early 2025 The Cyber Hut released a discussion-focused article on the “Laws of Identity Security”. The idea behind this was to create interest around what identity security is and how we can start to pragmatically approach the security controls and architectural design stages.

Law 3 in that series was: “Every digital identity (human and non-human) must resolve to a carbon physical person who is accountable for it”.

As AI agents proliferate — often outnumbering human identities by 50:1 or more — the ability to trace every agent back to a responsible human owner is foundational to governance, incident response, compliance, and risk management. Without it, organisations face ‘ghost agents’ with active privileges and no accountability.

Agents need accountability yes, but they also need to be strategically managed as part of a life cycle. That life cycle in turn needs to be linked to a human life cycle for completeness.

The Why

The human B2E employee life cycle can be quite well defined. A basic Google search (or other) will likely generate something like the following:

Joiner (Onboarding)
- Creation of the digital identity from an authoritative source (HR system)
- Account creation + initial access provisioning
- Often automated for Day 1 readiness
Identity Proofing & Verification
- Ensuring the person is who they claim to be
- Background checks, document validation, etc. (more critical in high-assurance roles)
Authentication Setup
- Credential issuance (passwords, MFA, passkeys)
- Binding user to authentication methods/devices
Authorization / Access Provisioning
- Assigning roles, groups, entitlements
- Based on RBAC/ABAC policies (least privilege principle)
Access Request & Approval
- Ongoing process where users request additional access
- Workflow-driven approvals (manager, app owner, etc.)
Access Review & Certification
- Periodic audits of user access (compliance-driven)
- Managers/app owners validate “who still needs what”
Mover (Role Change / Lifecycle Update)
- Adjusting access when a user changes role, department, or project
- Prevents privilege creep
Leaver (Offboarding / Deprovisioning)
- Timely removal of access when a user leaves
- Includes account disablement, session termination, and cleanup

Now clearly, each of those stages will also have sub-life cycles too. Especially for things like credential management and and issuance. Of course, many organisations struggle to automate these components and are faced with issues such as:

Orphan accounts - no longer linked to a real identity
Ghost accounts - never linked to a real identity
Excess Permissions - assigned versus used out of sync

So what? Well we now need to consider an equivalent agentic life cycle - even if that world is relatively new in comparison.

An example life cycle model for agents could look something like the following:

The management of the agentic life cycle is going to require some different approaches and likely tooling to that of the human world. That is out of scope for this cheat sheet however.

What becomes clear though, is that we need to link the agentic life cycle with the human one. Agents do not and cannot live in a vacuum.

Capabilities

We are now presented with several issues:

How to find an owner for agents already live that are orphaned
How to assign ownership during agent creation in a way that doesn’t inhibit development
How to enforce life cycle changes for humans and agents together

A few ways seem to exist with respect to how this could be done.

AI/ML correlation — analyses logs, code commits, device telemetry, or behavioural signals to infer the likely human owner.
Blended/delegated identity — binds the human’s IdP token to the agent at session initiation (e.g. OAuth On-Behalf-Of flow).
Manual/admin assignment — a human administrator explicitly designates an owner in the platform UI or via policy.
Sponsor/succession model — a formal sponsor is required at creation; ownership auto-transfers if the sponsor leaves.
Creation-time attribution — the identity of the creator/deployer is captured when the agent is registered or provisioned.
HR/directory integration — ownership is inferred from organisational data (Active Directory, Okta, HR systems).
Access review/certification campaigns — periodic campaigns prompt stakeholders to confirm or reassign ownership.

Not all methods are comparative of course and rely on different information sources and dependencies within the infrastructure.

There is also a subtle difference between live agents and future-created processes needed to assign an owner at creation time. The current state many organisations are likely to be in, is the former - facing discovery and inventory exercises for agents that are already live.

Let us know your approaches to this emerging problem:

Start Survey on Agentic Ownership

Market Considerations

Many vendors consider ownership as a secondary function - even if they provide the capability. Immediate focus is often on discovery, then authentication, authorization and permission management
Two dominant paradigms exist: proactive discovery vs. creation-time capture - the use of “live” data such as logs, telemetry are used as inference of ownership. Creation capture provides support for the longer-term governance model.
Sponsor model seems most compliant-ready - having a dedicated human sponsor used during agent creation (and in turn provides downstream changes if the human sponsor undergoes changes themselves) seems the most likely to support compliance interrogation.
Linking of human identity provider tokens to downstream agents can provide an end to end level of cryptographic traceability.
Post creation access review campaigns need context - reviewing existing agent permissions and “liveness” requirements really needs an owner to be identified first for them to be effective

Example Vendor Solutions for Agentic Ownership

There are numerous vendors delivering agentic identity solutions. A sample of those have capabilities with respect to ownership discovery and assignment.

Aembit

https://aembit.io/iam-for-agentic-ai/

Aembit uses a ‘Blended Identity’ model that cryptographically combines the AI agent’s non-human identity with the human user operating it at authentication time. It integrates with existing IdPs (Okta, Azure AD, Google) via OIDC/OAuth 2.1 so every access request carries verifiable human context. The human is not discovered post-hoc — they are bound into the access token at session initiation.

Andromeda Security

https://www.andromedasecurity.com/use-case/agentic-ai

Andromeda explicitly offers a ‘Human Ownership and Governance’ capability. It identifies and certifies human owners for each discovered agent, runs ownership and access review campaigns, and enforces least privilege based on confirmed ownership. The platform maintains a centralised inventory mapping agents to humans and supports ongoing certification cycles.

Clutch Security

https://www.clutch.security/use-cases/workforce-attribution

Clutch has a dedicated ‘Workforce Attribution’ use case that reveals every human-NHI relationship — creator, owner, user, or value exposer — for the full NHI estate including AI agents. Its Identity Lineage™ feature aggregates and correlates data from Cloud, SaaS, Code/CI-CD, Vaults, and on-prem environments to build a visual map of origin, consumers, attribution to the workforce (owners/creators), storage, and resources. Shadow AI Discovery surfaces unmanaged agents, and the Agentic AI Governance module controls how agents use and share NHIs.

Entro Security

https://entro.security/platform-ai-agents/

Entro automatically correlates agent activity with human users through logs, code commits, and device telemetry, then enforces ownership via policies, alerts, and automation. Its AGA module uses three data layers — Sources (EDR telemetry, agent foundries like AWS Bedrock/Copilot Studio, cloud environments, MCP servers), Targets (enterprise systems the agent touches), and Identities (human/NHI/secrets) — to build a complete agent profile and attribute each agent to a creator/owner. Ownership is then enforced through access review campaigns aligned with IGA principles.

Microsoft Entra (Agent ID)

https://www.microsoft.com/en-gb/security/business/identity-access/microsoft-entra-agent-id

Microsoft Entra Agent ID (in public preview) introduces a formal ‘Sponsor’ model: every agent identity must have one or more human sponsors, who are accountable for its lifecycle and access decisions. Sponsors are assigned at creation or via the admin centre. If a sponsor leaves the organisation, their sponsorship is automatically transferred to their manager via lifecycle workflows, ensuring no agent becomes ownerless. Access packages requiring sponsor approval enforce human accountability at each access request. The Agent Identity Blueprint also records publisher, roles, and permissions at the type level. Both attended (on-behalf-of OAuth OBO flow, tying the agent to an authenticated human) and unattended (autonomous) modes are supported.

Oasis Security

https://www.oasis.security/product#ownership

The Oasis NHI Ownership Discovery Engine uses purpose-built AI/ML algorithms to suggest and assign owners by analysing the digital footprint and behaviours of those who consume NHIs — without requiring pre-existing metadata, tags, or naming conventions. Its AAM™ product tracks a full chain of custody: Human → Agent → Prompt → Intent → Policy → Identity → Actions → Results. Ownership recommendations are automated and then attested by security teams. The platform also covers ownership succession and flags orphaned agents when creators leave.

SailPoint

https://www.sailpoint.com/products/agent-identity-security

SailPoint’s Agent Identity Security (AIS) product formally certifies AI agents by assigning clear human owner and user accountability, enforcing permissions, and linking agents to the identity context of the users they represent and the data they access. Owners are aggregated from cloud and agent platforms (AWS, Azure, GCP, Salesforce, Copilot Studio) and can have multiple owners per agent. Ownership data is maintained for audit and succession planning — when an owner changes roles or leaves, ownership is quickly reassigned without losing visibility. SailPoint’s unified platform governs human, machine, and agent identities together, enabling consistent access review certifications across all identity types.

Saviynt

https://saviynt.com/blog/ai-agent-lifecycle-management

Saviynt’s view is that if registration establishes the identity, ownership establishes accountability—and without it, governance collapses into ambiguity. Every AI agent must have a named, accountable owner from day one, and that ownership must persist and be enforced throughout its lifecycle. AI agents do not belong to systems; they belong to a human sponsor, a team, and a defined business purpose. This means a specific individual—not a shared mailbox—is responsible for the agent’s behaviour, access, and compliance, with clear alignment to business and executive oversight.

Saviynt identifies owners by leveraging authoritative sources such as HR systems and identity directories to map agents and accounts to real individuals and reporting structures. It correlates access patterns, entitlement usage, and system relationships to infer likely ownership where it is not explicitly defined. These inferred owners are then validated through governance workflows, such as certification campaigns and attestation, to establish and confirm accountability.

Token Security

https://www.token.security/use-cases/establish-ai-agent-ownership-and-accountability

Token Security has a dedicated ‘Establish AI Agent Ownership and Accountability’ use case. It automatically discovers every AI agent (custom GPTs, autonomous services, MCP servers, coding agents) and assigns clear human and departmental ownership to each. Orphaned agents — those without a responsible owner or linked to a departed employee — are flagged, and ownership assignment is enforced. Token’s unified identity graph correlates AI agents, humans, secrets, permissions, and data to reveal blast radius. Intent-based controls (declared and observed agent intent) further align permissions to agent purpose.

Twine Security

https://www.twinesecurity.com/use-cases/account-ownership-integrity

Twine’s AI employee ‘Alex’ specifically identifies orphaned accounts — users/agents that have access but no valid owner — investigates which employee should be responsible for each account, and updates the record with the correct owner. This is an active investigation workflow rather than passive metadata correlation. Alex integrates with existing IGA platforms and improves the efficiency of access certification by providing richer context to managers during reviews.

Other Vendors of Note

Anetac, Astrix Security, Eqty Lab, Knostic AI, Radiant Logic, SecureAuth, Sonrai Security, Teleport

Recommendations

For shadow AI / legacy environments (no existing metadata): Prioritise vendors with AI/ML-based correlation approaches.
For Microsoft-centric organisations: Microsoft Entra Agent ID provides the deepest native integration with existing Entra governance tooling and the most formally specified ownership succession model.
For organisations prioritising cryptographic accountability look to see if vendors support the ability for per-session linking of human tokens to agent access materials.
For organisations with mature IGA programmes look to see if existing access governance can be built upon a foundation of linking agents to human reviewers via additional context

About The Author

Simon Moffatt has over 25 years of experience in IAM, cyber, and identity security. He is the founder of The Cyber Hut, a specialist research and advisory firm based out of the UK. He is the author of CIAM Design Fundamentals and IAM at 2035: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker, and a strategic advisor to entities in the public and private sectors.

Book Consultation to Discuss

Share The Cyber Hut Radar - Emerging Technology Research

Last updated 16 April 2026

Claude Mythos and Project Glasswing: The End of Cyber Security As We Know It?

The Cyber Hut — Fri, 10 Apr 2026 10:40:19 GMT

Analyst Comment

Anthropic recently announced something called Project Glasswing. A partnership with leading technology vendors to improve cyber security. Organisations such as Microsoft, Palo Alto, Nvidia and Cisco were part of an initial consort of 12 companies that have been given access something called Claude Mythos. Mythos is a new frontier model that is not currently available for general release.

Whilst not created specifically for cyber related tasks, it has emerged at being highly effective at finding and in turn writing exploits against existing software.

Image Source: red.anthropic.com blog

In a blog on the red.anthropic.com site, numerous zero day vulnerabilities were found across a range of operating systems, cryptographic libraries and web applications. Many several decades old. The model then in turn - and often autonomously - wrote exploits against those vulnerabilities. In hours and days.

Why is this important? What impact does this have?

The use of models for vulnerability identification is not new. The interesting aspect is clearly the speed and effectiveness at which this can now be achieved, across a broad array of software platforms and libraries. Human involvement is still there - with scaffolding and prep work, but in reality, once operating, the model will iteratively identify and at times chain together issues that can lead to severe system compromise or denial of service. It is almost like a magic wand pentester.

Anthropic are not making this model available for general release currently - for obvious reasons. They are amassing an arsenal of zero day vulnerabilities and exploits that many providers will take several months to fix. In the wrong hands of course would have significant consequences. I guess in turn, that makes Anthropic a target?

Image Source: Anthropic site

Alas, Project Glasswing is an initiative to take this frontier model and support a defensive position first - by enabling this select first group of technology providers (with 40 others in next level discussion) about how they can strengthen either their own or their clients’s infrastructure.

What are the immediate impacts?

Vulnerability management has become a commodity capability
Triage, Remediation and Response may become an immediate bottleneck
Immediate defensive position may become weakened
Longer term defensive position becomes strengthened
The speed and accuracy of patch code should dramatically improve

Clearly this is a new era in both cyber security offensive and defensive operations - but not necessarily an entire sea-change. As with all technology change, there will be an asymmetric distribution in the usage and in turn benefits. Whilst clearly adversary activity is likely already using existing models in an offensive way, over time the intention (and I believe a realistic one) is that code vulnerabilities reduce from day 0 and in turn future issues will be continually (instead of periodically) identified and in turn resolved before full exploit.

If the majority of adversarial attacks rely upon unpatched systems and zero-day exploitation, that must surely be a good strategic position to take.

AI Generated Summary of Claude Mythos Assessment

The Anthropic Mythos Preview blog describes a step-change in AI capability, particularly in cybersecurity, that signals the beginning of a new era in software vulnerability discovery and exploitation.

1. A fundamental leap in AI capability

Mythos Preview is Anthropic’s most advanced model to date, with major improvements in:

reasoning
software engineering
autonomous task execution

Crucially, its cybersecurity abilities are not the result of specialised training, but emerge from general advances in these core capabilities.

This suggests that powerful offensive cyber capabilities may become a default property of advanced AI systems.

2. From bug discovery → exploit generation

Previous AI models were already strong at finding vulnerabilities, but Mythos changes the balance:

Can discover zero-day vulnerabilities
Can build working exploits, not just identify bugs
Can chain vulnerabilities into full system compromise

Benchmarks show a dramatic increase in exploit success rates compared to earlier models, indicating that AI is moving from analysis → operational capability.

3. The “new zero-day era”

The blog frames this as a shift in tempo, not just capability:

AI can find vulnerabilities faster than they can be patched
Disclosure and remediation processes are no longer sufficient
The backlog of unpatched vulnerabilities becomes a systemic risk

The key change is not just better tools—it’s that AI accelerates the entire vulnerability lifecycle

4. Dual-use risk: defenders vs attackers

Anthropic explicitly highlights a transitional risk period:

Defenders can use Mythos to find and fix vulnerabilities
But attackers could use similar models to weaponise them

This creates a scenario where:

short-term advantage may favour attackers
long-term advantage depends on how responsibly models are deployed

5. Controlled release as a policy response

Because of these risks, Mythos is not publicly released.

Instead, Anthropic launched Project Glasswing, giving access only to:

major tech companies
infrastructure providers
security organisations

The goal is to:

patch vulnerabilities before wider model release
adapt industry processes to AI-driven discovery

6. Implications for cybersecurity

The blog’s core message is that security assumptions must change now:

Vulnerability discovery will be continuous and automated
Exploit development will become faster and more accessible
Patch cycles and validation workflows must accelerate

This is effectively the beginning of:

AI-native cybersecurity—where both attack and defence are machine-driven

About The Author

Book an inquiry consultation to discuss any of the above concerns.

Review of RSAC 2026

The Cyber Hut — Tue, 31 Mar 2026 08:22:29 GMT

Last week I travelled over to San Francisco for the 35th edition of the RSAC conference. I joined over 40,000 security professionals from around the globe all wondering if AI can be “secured” - by what and how. We got some answers to that during week - for which I will return later - but perhaps that wasn’t necessarily the main question we should have been trying to answer. More on that too.

I have personally being going to RSAC for over 15 years, and this was the 5th consecutive year of taking The Cyber Hut there as an analyst firm.

Even in that relatively short half-decade, technology, world events and business needs have iterated hugely - often going through the entire invention-innovation-obsolescence cycle. I think the biggest contribution AI is currently making, is the significant reduction in time that cycle is taking to complete - which in turn is driving further adoption of AI, but also making the measurable impact more tangible.

Show Floor Splashes

Let’s be clear, if your vendor booth wasn’t “securing AI”, “discovering agents”, “being the AI control plane” your marketing team wasn’t on point. The fascinating thing of course, is that many vendors claiming these capabilities were - 12 months ago - likely to be non-competitive with one another. What does that tell us?

Firstly there is a lot of froth and marketing fluff emerging from many vendors as it pertains to AI security. Secondly, many of the topics that numerous small and emerging technology vendors were trying to solve 12-18 months ago were clearly not attacking the correct problem statements.

Of course, there are many vendors who are developing some series capabilities to secure the AI world. But not all AI is the same. Firstly AI is hugely broad and equally it will take a “village” to secure both the end to end usage of AI - including the building blocks such as agents, MCP, models and tools - as well as the most critical aspect of all: the thing which makes AI tick, is of course data.

So by association it is quite legitimate to see so many vendors from a broad ecosystem of security to be promoting and gravitating to the AI world. No one single vendor or even platform will be able to handle this complexity today. And I suffix “today” to that statement as things may well change - as a result of the use of AI to the extent that consolidation, feature innovation and understanding, may well allow multiple aspects of the AI world to be secured from a single source.

But we need to first understand AI:

has lots of moving parts
interacts with humans - remember those?
should be designed with higher level objectives in mind
will be influenced by external factors such as ethics and compliance

So the show floor was dominated by AI - from the data, identity, endpoint and operations worlds. These are big broad buckets for sure, but these pillars have many existing concepts that can be applied to the AI world. A few interesting questions and use cases though I feel are not necessarily getting the attention they deserve.

We also need to consider:

How AI links to human actions, ownership and risk
Who or what can access an agent - not just what the agent can do
How to manage the AI-mesh

This AI-mesh concept is emerging more and more with the B2C identity world. Typically the modus-operandi for B2C identity is for the service provider to try and deliver personalised experiences for an end user - and in turn be a position to engage more and sell more. To do this of course the service provider requires data - which brings in a privacy conflict (see CIAM Design Fundamentals for why this occurs and how it can solved) and a primary need to “own the user identity”.

The introduction of agentic AI can potentially create a barrier between a service provider and a consumer or purchaser of a service. This was discussed in detail on episode 70 of The Analyst Brief podcast and it will be interesting to see if this does materialise into a real issue.

I guess the AI-mesh may ultimately end up to be a “robot wars” style evolution - with agent to agent being the standard interaction model, which in turn is a race to the bottom with respect to having only AI being the apparatus that can truly interact with and ultimately secure other AI components.

From the show floor, the immediate capabilities that have emerged into relatively stable value points:

Discovery - being able to rapidly find AI components - be that agents running, shadow AI services being used and MCP services deployed
JiT - being able to at least design a just in time access model for agents, so they only have the access they need for a very short period of time
Behaviour - being able to monitor agent behaviour to identify malicious intent, changes in usage or optimization steps that look dangerous or damaging
Ownership - whilst acknowledged as being vitally important, the approach and consistency here for linking agents to carbon life forms is lacking a little

The Cyber Hut Recent AI Research

Topical Talks

Whilst most of my time was in vendor briefings and show floor hopping I did manage to get some live session action in - and as always I tried to select a broad cross-section of topics.

Star Dot Typhoon

My first session, was literally the first talk of the week and a Day 1 0830 start to listen to Inside the Hunt for China’s Typhoons: Disrupt, Deter, and Defend. The “typhoon” campaigns have brought some considerable disruption to numerous private sector entities. These attacks are being attributed to Chinese nation state actions - but with some subtle nuances between Volt Typhoon and Salt Typhoon with respect to attribution, behaviours and more importantly defensive response.

If Salt Typhoon was focused more on espionage and knowledge collection, Volt Typhoon was being classified as “military pre-positioning” and unpicking the why with strong attribution in turn helps defensive actions be more focused.

This defensive response of course relies on threat intelligence sharing - and the link between public agencies and private enterprise and in turn between private enterprises (who may well be competitive in their respect sectors) has been brought up on numerous occasions, with no real solution to strategically improve this. The talk ended with a discussion on the “hack back” option - and whilst this may well be “off the table” with respect to recent US cyber strategy, it generated several audience questions around pro-actively defending core assets.

As an aside, the number one recommendation with respect to lessons learnt was of course identity-centric defense. Not only from an attribution point of (knowing who and what has strongly authenticated) but by analysing account behaviour, permissions usage and the like, can strongly help with intent analysis too.

Drones Need Identities Too

Another talk that caught my eye was entitled Beyond the Fence: Securing Our Skies from the Drone Threat. Whilst this may seem like an obvious candidate for both military and physical related security discussion, it was rapidly boiled down into a cyber and more specifically an identity related issue. Whilst the threat vector has moved from being 2D to 3D - the digital and logical side of drone management has become a major issue.

The rise of anonymous drone activity across many US cities in recent years has sky rocketed - with a lack of both drone identifier information but also lineage of drones to physical people. Sound familiar? It’s exactly the same conceptual use case for both non-human identity and agentic usage today. First discover all instances, then remove anonymous entities and then apply risk analysis functions.

There is a basic “remote ID” concept but lacks integrity protection, is optional and also doesn’t necessarily contain information relating to the physical owner. It would seem the most sensible option to bind the drone to an owner on purchase. Likely via a mobile app with strong MFA. There are numerous existing standards here that could help - from FIDO for authn, but also OAuth2 Device Authorization grant perhaps too - allowing the drone to “act on a user’s behalf”. Preventing the drone from powering on until an owner had been authenticated may not fly (pun intended) commercially but seems like the most sensible way of improving lineage and trust.

Venture Capital + AI = Market Transformation?

One of the first sessions on the final day brought not only coffee requirements but some insight from the VC and investment world on how they are viewing the AI revolution: what might happen next, how they evaluate AI startups and what might happen to the existing incumbents.

The AI Gold Rush in Cybersecurity: Where Venture Dollars Go was a great panel and the amplification of a “gold rush” is so apt.

The concept of a trillion dollar cyber security company emerged and will AI make this possible? The industry pendulum moves consistently between best of breed and best of suite and will AI accelerate either of these end goals?

Some interesting points were made about how AI is impacting existing market trends - namely that feature implementation and code generation is increasing innovation. So platform providers can rapidly add new capabilities at the edge of their core competency - namely as building stuff now takes less time. That in turn has had a knock on with respect to merger activity. It will be interesting how long that continues for, but for sure, feature differences between organisations is becoming extremely narrow.

But having features alone is no longer enough. The “Balkanisation” of markets and the general anti-American global sentiment is what Dave DeWalt says will be one of the key issues in the coming period with respect to how to get to being a trillion dollar business. How can vendors aim to deliver global services to different geographic markets, with different compliance, sovereignty and supply chain constraints? Does AI help or hinder this?

They also brought up the interesting maturity of companies such as Salesforce, ServiceNow and Mastercard who now have significant cyber security offerings when historically that has not been their core aim. Will this trend continue, with essentially ever organisations providing cyber capabilities at some level?

Midnight at the War Room

The final talk I caught, was literally one of the final sessions on the final day. A distinguished panel of Chase Cunningham (Dr Zero Trust), Sarah Gosler, former Deputy Director of the NSA Chris Inglis and RSAC exec and cyber luminary Jen Easterley dived into the world of cyber warfare.

The panel was supporting and showcasing clips of an up and coming documentary called “Midnight in the War Room” being developed by Semperis. The full documentary will be released in August at Blackhat USA but the panel gave some interesting glimpses into what cyber war in 2026 really means, how it’s evolving and what can be done to respond to it.

The most headline catching line was likely delivered by Chase, articulating that “if your dog is wearing an Internet-enabled dog collar, it’s part of the battle field!”. Meaning that we are now entering an age where digital and cyber warfare is real - and the private sector has become the 6th domain of war fare after land, air, sea, space and cyber.

Innovation Sandbox

The annual innovation sandbox is a chance for early stage cyber vendors to pitch in front of both an esteemed panel put together by RSAC as well as a few hundred audience members. Each vendor gets exactly 3 minutes to pitch their idea, vision and strategy before being grilled by the panel. An hour or so deliberation results in a winner - with funding and glory - with each of the 10 finalists receiving a healthy $5 Million to boost their growth.

The winner of the accolade of “most innovative startup 2026” went to Geordie AI with their AI governance platform. An end to end view of usage as well as linkage to human ownership were core mentions. They describe themselves as “Geordie gives your organization a holistic, real-time understanding of its agentic footprint, whether agents are locally coded, self or SaaS hosted, or built on low or no-code platforms. Geordie combines behavioral observability and posture context to build a living picture of how agents operate.”.

Numerous startups during the week talked the same talk. Time will tell which wins out.

Other participants included:

ZeroPath - looking to improve app sec scaling
Token Security - improving identity security for NHI and agents
Realm Labs - detection and response for AI with a deep neural scanner
Humanix - improving social engineering detection and response
Glide Identity - reducing login phishing with SIM authentication
Fig - security operations optimization
Crash Override - becoming the control for software development life cycle
Clearly AI - compliance, data and privacy security analyser and assessment
Charm Security - scam and fraud prevention platform using agents

Early Stage Standouts

In addition to both the Innovation Sandbox and the main vendor show floor expo, there is the Early Stage Expo - which is essentially a combination of the two. Around 80 vendors - some entirely new, some with a bit of funding and a year or two in the market - exhibit and engage in prospect discussion. A few that caught my attention from an identity point of view:

12 Port Inc - looking to reinvigorate the privileged access space
Identity Rules - a Mexico based ITDR and identity behaviour startup
Klyro - IGA focused helping to accelerate application onboarding
WideField Security - visibility and behaviour monitoring
Hush Security - NHI and machine security platform

Vendor Briefing Shout Outs

A quick shout out to vendors who I met with more formally to discuss their product, sales and technical go to market updates. It is always exciting to get updates from so many smart and innovative leaders, passionate to help solve some of today’s most pressing identity and cyber security problems. Over the week I spoke with:

Andromeda Security - “Intelligently discover, secure, and govern AI agents, humans, and NHIs—driven by risk and behavioral context.”
AppViewX - “Automate certificate management and PKI. Govern agentic and machine IAM. AppViewX secures enterprises for the AI and quantum era.”
Axiad - “Trusted Identity. At the speed of now.”
Cy4Data Labs - “Unlimited Encryption Keys. Unbreakable Security. Zero Performance Impact.”
Britive - “We don’t manage standing privileges. We eliminate them. One control plane, one policy, every identity.”
Cisco - “Leverage intel from across your stack to enforce policy, manage endpoints and deliver trusted access. Multi-cloud NAC with zero trust makes it possible.”
Delinea - “Redefining identity security for the agentic AI era”
Descope - “Reduce user friction, prevent account takeover, and get a 360° view of your customer and agentic identities with the Descope External IAM platform.”
Entro Security - “Unified identity security and lifecycle across Non-Humans, AI Agents & Humans”
ManageEngine - “Secure and manage enterprise digital identities and
privileged access.”
P0 Security - “The P0 AuthZ Control Plane™ makes production access fast, secure and easy to manage. No standing privilege, no manual overhead, no audit surprises.”
Pathlock - “When traditional IGA isn’t enough, companies turn to Pathlock for compliant provisioning, fine-grained SoD analysis, user access reviews, privileged access, and continuous controls monitoring.”
Permiso - “Discover.Protect. Defend. Monitor All Identities In All Environments. Redefining identity security for the agentic AI era”
PlainID - “Agentic AI changes everything, Run-time Authorization makes it secure.”
pQCee - “Be Quantum Ready. Start your quantum readiness journey early”
Unosecur - “Discover, govern, and enforce least privilege for every AI agent, NHI and human identity across multi-cloud, SaaS, IdPs, and on-prem in run-time.”
Crowdstrike/SGNL - “SGNL sits at the center of your IAM architecture. It eliminates standing privilege and instantly adapts access when conditions change.”
Silverfort - “Discover and protect every dimension of identity, everywhere. Human, machine or AI, cloud or on-prem—including systems that couldn't be protected before.”
Teleport - “Teleport unifies identities — humans, machines, and AI — with strong identity implementation to speed up engineering, improve resiliency against identity-based attacks, and control AI in production infrastructure.”
Zluri - “Gain complete visibility into identities and access, automate governance, and continuously manage identity risk across your enterprise.”

Pick of the Parties

And finally…RSAC wouldn’t be RSAC without some legendary parties. Whilst the jeg lag inevitably kicked in, I did manage to float across the evenings to continue the networking, grab a beer and even on one night - shock horror - get away from RSAC entirely and see one of my favourite musicians, the iconic Johnny Marr former guitarist of The Smiths at the fantastic small venue the Great American Music Hall.

A few specific shout outs should be raised. Wednesday I attended the Security Founders' Oasis at the great Chinese restaurant Fang hosted by Leen, Ross Haleliuk (Venture in Security), Caleb Sima (White Rabbit VC), Cimento AI and Paul Lanzi (IDenovate). Really packed party with a broad selection of startups and founder leaders.

Monday I got to attend someone else’s podcast (instead of host The Analyst Brief) for a change and watched a live recording of the Silicon Zombies record an episode called 'The Art of the Possible in Cyber-security' with experts from Acalvio Technologies and accuknox over at the Embacadero Center.

The final night on Wednesday I headed down to Yerba Buena bar for The Hive Reception hosted by Bugcrowd, HPE Networking, Menlo Security, and Unosecur - which should get the marks for the best craft beer during RSAC with a great Drakes Hazy IPA on draught.

After that was the Insight Partners ScaleUp party on Minna sponsored by Veeam, Teleport, Island and Delinea amongst others.

One final party shout out should really go to investors Thoma Bravo for hosting a great event at the Museum of Modern Art. A key highlight is yet another musical one, this time with Kings of Leon entertaining the cyber masses.

Final Comment

From a technology point of view AI dominated. There’s no question. From how it can be protected to how it can be used within cyber. There are clearly lots of unknowns and lots of moving parts, but the innovation cycles are collapsing rapidly. Feature implementation has accelerated hugely. But whilst the “how to build” may have become easier with vibe coding and faster integrations, the “what to build” can still be tough.

As that needs humans. And I think that was a key underlying theme throughout the entire week. Either being explicitly called out in several of the key notes - specifically about the power of the community within cyber - but also more subtly when trying to understand where AI is taking us.

We must not forget the human-aspect within AI and technology in general. How we will integrate and use technology, the benefits (and potential damage) it can bring to us and our actions as responsible and accountable people.

I guess this was brought to a funny pinnacle, with the actor Kevin Bacon (and this brother) encouraging a packed key note audience to become only one-degree away from a Bacon with a mass singalong. Let’s end it there.

Further Resources

About The Author

Book an inquiry consultation to discuss any of the above vendors.

The Hidden Risk of Fragmented Identity

The Cyber Hut — Thu, 26 Mar 2026 14:18:16 GMT

As organisations scale across cloud, SaaS, and AI-driven environments, identity has become the primary control plane for security and access. Yet most enterprises still operate with a fragmented identity architecture—multiple tools, disconnected policies, and incomplete visibility.

This fragmentation is no longer just inefficient—it is a fundamental business and security risk.

The Problem: Identity Fragmentation at Scale

Modern enterprises manage a rapidly expanding set of identities:

employees and contractors
service accounts and APIs
cloud workloads and automation
emerging AI agents

However, these identities are typically governed by multiple IAM systems operating in silos, often 6–16 different tools in a single organisation.

This creates a fragmented environment where:

visibility is partial
policies are inconsistently enforced
identity relationships are poorly understood

The result is an incomplete and unreliable view of access and risk.

What Can Be Done: Migration to Unified Identity

The core need is for a unified identity model, often described as an “identity mesh.”

This approach connects all identity systems—legacy, cloud, SaaS—into a single, orchestrated layer.

Key characteristics include:

1. Centralised visibility

A complete inventory of all identities (human and non-human)
Clear mapping of permissions and relationships

2. Consistent policy enforcement

Unified access controls across all environments
Standardised authentication and governance

3. Continuous monitoring

Real-time tracking of identity behaviour
Detection of anomalies and misuse

4. Lifecycle orchestration

Integrated joiner–mover–leaver processes
Automated provisioning and deprovisioning

These concepts are part of an analyst comment series written for Unosecur. The first article is available to read now.

About The Author

Why Isolated User Authentication Undermines Security

The Cyber Hut — Tue, 24 Mar 2026 14:10:55 GMT

Modern identity systems are often designed with strong authentication technologies - fulti-factor authentication (MFA), biometrics, and passwordless methods in the digital space and possession based in the physical (site and building) domain.

Yet despite these advances, many organisations still suffer from weak identity assurance. The reason is not a lack of technology, but a failure in how identity is experienced across the user journey, that merges the physical and digital realms.

The Problem: Fragmented Access & Authentication

Most organisations treat identity as a series of disconnected events:

Enrolment (initial setup of credentials)
Authentication (logging in)
Recovery (password resets, account unlocks)

In practice, these stages are often handled by different systems, policies, and processes. This leads to:

inconsistent user experiences
duplicated credentials
gaps in assurance between steps

If we then multiple this fragmentation across different systems and different scenarios across the physical and digital realms, we have a cascade of issues.

Why This Matters: Assurance Breaks at the Weakest Point

Identity assurance is only as strong as its weakest link. Even if authentication is robust, weaknesses in enrolment or recovery can undermine the entire system.

For example:

Weak identity proofing during enrolment allows false identities
Poor recovery processes enable account takeover
Inconsistent policies create exploitable gaps

In a recent analyst comment article written for HID I emphasise that recovery and reset processes are often the least secure parts of the journey. If this in turn is amplified by isolated physical and digital integration this problem becomes one of high risk and poor user experience.

What Can Be Done: Shift From Authentication to Journeys

The key insight from the article is that identity should not be treated as isolated controls, but as a continuous, end-to-end journey.

This requires a move toward:

1. Converged identity

A unified system across digital and physical access
Single identity spanning enrolment, authentication, and recovery

2. Continuous assurance

Identity confidence maintained over time, not just at login
Contextual signals (device, behaviour, location) informing access

3. Seamless user experience

Reduced friction through passwordless or adaptive authentication
Consistent processes across all identity interactions

About The Author

Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of The Cyber Hut — a specialist research and advisory firm based out of the UK. He is author of Consumer Identity & Access Management: Design Fundamentals and “IAM at 2035: A Future Guide to Identity Security”. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.

Can We Solve The Broken Identity Journey?

The Cyber Hut — Fri, 20 Mar 2026 11:37:42 GMT

Identity systems are under more pressure than ever. With more users, devices, and AI-driven identities accessing more systems across a broader array of deployment models. But there’s a growing problem: the identity journey is broken.

The Fragmentation Problem

In many organisation, authentication is fragmented across multiple systems, tools, and environments. Employees move between physical access (badges, PINs) and digital systems (passwords, MFA, SSO), each with different processes for enrollment, login, and credential reset.

The result? A disjointed and inconsistent experience that creates what can only be described as credential chaos.

More Friction, Less Security

This fragmentation doesn’t just frustrate users—it actively undermines security.

Users are forced to manage multiple credentials and workflows, leading to frequent resets, workarounds, and mistakes. At the same time, IT teams struggle with rising support costs and operational complexity.

Critically, organisations lose end-to-end visibility of identity. There’s no reliable way to ensure that the person who entered a building is the same one accessing sensitive systems later.

Identity Assurance Breaks Down

Identity assurance—the confidence that someone is truly who they claim to be—depends on consistency across the entire access journey. But when authentication is siloed and inconsistent, that assurance collapses.

Security controls become difficult to enforce, measure, and scale. Integration between systems becomes fragile. Costs increase while trust decreases.

The Case for Unified Authentication

By unifying authentication across physical and digital environments, organizations can create a single, consistent identity journey. This results in:

One cohesive authentication experience
Centralized visibility and control
Stronger, measurable identity assurance

A unified approach not only improves security but also reduces friction and enables future scalability—especially as non-human identities continue to grow.

This is a topic I wrote about in more detail in a recent analyst comment made for HID.

About The Author

Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of The Cyber Hut — a specialist research and advisory firm based out of the UK. He is author of Consumer Identity & Access Management: Design Fundamentals and “IAM at 2035: A Future Guide to Identity Security”. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.

Apono Agent Priv Guard, Bravura IAM Insurance Controls, C1 2026 Future IAM Report, Omada new CEO

The Cyber Hut — Thu, 19 Mar 2026 10:25:32 GMT

Strategic & Emerging Headlines

Curated Industry Announcements

Aembit: SPIFFE vs. OAuth: Access Control for Nonhuman Identities
Apono: Apono Launches Agent Privilege Guard, Bringing Runtime Privilege Guardrails to Enterprise AI Agents
AWS: Deploy AWS applications and access AWS accounts across multiple Regions with IAM Identity Center
Bravura Security: What Your Insurer Actually Wants to See in Your Identity Controls
Cisco: Cisco Access Manager: Identity-Based Access Control That Lean IT Teams Can Actually Deploy
ConductorOne: 2026 Future of Identity Report
Entro Security: How smart should your secrets rotation technology be?
Omada: Omada Appoints Jakob H. Kraglund as CEO to Accelerate Global Growth
Google Cloud: Simplify your Cloud Run security with Identity Aware Proxy (IAP)
LoginRadius: Model Context Protocol (MCP): Security Risks Explained
Sailpoint: Launches Shadow AI Remediation
SpyCloud: SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft
Strata Identity: Secure Identity for TAK/ATAK at the Tactical Edge

Identity Threat Intelligence Updates

CO-PILOT, DISENGAGE AUTOPHISH: The New Phishing Surface Hiding Inside AI Email Summaries
The MCP AuthN/Z Nightmare
Under the hood: Security architecture of GitHub Agentic Workflows
Recorded Future: 2025 Identity Threat Landscape Report

Latest On Demand Industry Webinar

Closing the AD Privileged Access Gap

Up Coming Event Attendance

RSAC 2026 - San Francisco - March 23-26

IDSA - Identity Management Day 2026 - April 14

IAM Tech Day - Sao Paolo - April 22-23

Identiverse - Las Vegas - June 15-18

Downloadable Cheat Sheets

Cheat Sheet: Agentic-AI Security Architecture Example

Cheat Sheet: Application Governance

Cheat Sheet: Top 30 IAM Metrics for B2C

Cheat Sheet: Top Metrics for B2E IAM

Cheat Sheet: MCP Security

Latest Identity Security Vendor Reports

A Demo Discussion on JiT for SSH

A demo walk through by P0 Security taking a look at just in time access for SSH services

Latest Podcast Episode

E70 The Analyst Brief: The Rise of AI Browsers. A Game changer for B2C IAM?

Latest Research Report

The Unified Identity Imperative: Breaking the Cycle of Fragmentation

A Fireside Chat with Identity at the Center Podcast

Latest Analyst Insight by The Cyber Hut

Enroll. Forget. Reset. Repeat: How Broken Identity Journeys Undermine Identity Assurance

“From Operations to Strategic Enabler: Why IAM Must Adapt”

Architecting Identity for a Real-time World

Defining and Securing The Enterprise Production Stack

Always On, Always Aware: Building a Continuous Identity Strategy

Latest Recent Industry Webinars by The Cyber Hut

Identity-First Security for AI Agents with Token Security

Addressing the IAM Data Problem: A fireside chat with Radiant Logic

An Identity Security Playbook: The What and The Why with Silverfort

Putting the AI in IAM a fireside chat with Apono

39: What is Just in Time access and Zero Standing Privileges?

Latest Training Academy Episodes by The Cyber Hut

38: How does Identity and Access Management relate to Zero Trust?

Latest Vendor Assessment Report

As assessment of Radiant Logic - analysing their identity-data view of ISPM

Our Recent Vendor Introduction Interviews

Interviews with Stackbob, Reva.ai and Scalekit

What is Teleport’s Agentic Security Framework?

Order IAM and Identity Security Books on Amazon

IAM at 2035: A Future Guide to Identity Security - Paperback, Audio, Kindle and Hardback

CIAM Design Fundamentals - Paperback, Audio and Kindle

Do Agents Need A Cryptographic Identity?

The Cyber Hut — Tue, 17 Mar 2026 11:17:41 GMT

As AI agents become more autonomous and deeply embedded in modern systems, they’re no longer just tools—they’re active participants. They access data, trigger workflows, and interact across platforms with minimal human intervention. Yet despite this growing responsibility, most AI agents still rely on outdated authentication methods never designed for non-human actors.

This mismatch is becoming a serious security and governance problem.

The Identity Gap

Today, many AI agents authenticate using hardcoded API keys or long-lived credentials. These approaches are fragile: secrets get leaked, permissions sprawl out of control, and there’s often no clear way to trace actions back to a specific agent—or its owner. As the number of agents scales, so does the risk.

Traditional identity systems assume relatively static users and predictable access patterns. AI agents break both assumptions. They operate continuously, move across environments, and can generate thousands of interactions in minutes. In some cases, they may even expose their own credentials through logs or outputs.

A Better Model: Identity-First AI

To secure this new class of actors, AI agents need something fundamentally different: a verifiable, dynamic digital identity.

Instead of relying on shared secrets, agents should authenticate using cryptographic methods—proving who they are without exposing sensitive credentials. Access should be granted through short-lived, just-in-time tokens that expire quickly, reducing the blast radius of any compromise.

This approach aligns with zero-trust principles: never assume trust, always verify identity.

Centralizing Trust

A key part of this model is a centralized identity provider (IdP) that manages authentication and authorization for all agents. This creates a single control plane where policies can be enforced consistently, regardless of where the agent operates.

With this structure in place, organizations gain something they’ve long lacked: true visibility and accountability. Every action taken by an agent can be tied back to a unique identity—and, ultimately, to the human or system that deployed it.

Why It Matters Now

As AI adoption accelerates, the number of non-human identities is set to explode. Without a robust identity framework, organizations risk building powerful systems on top of weak security foundations.

These topics are covered in more detail in an analyst comment written for AKeyless.

About the Author

Industry Webinar: Closing the AD Privileged Access Gap

The Cyber Hut — Thu, 12 Mar 2026 11:26:51 GMT

The Changing Face of PAM

Privileged access management (PAM) has undergone a tremendous evolution in the past 5 years. No longer are we focused solely on a subset of systems - that only reside within an on-premises environment. Organisations have to contend with a broader array of identities, high risk systems and deployment models that span on-prem, private cloud, infrastructure, containers and SaaS environments.

The breadth and depth of identity types has increased too - from server root accounts, to workloads, service accounts and more latterly specific instances of non-human identities (NHI) along with agentic-AI too.

That initial PAM deployment model - using credential rotation and checkout services alongside basic vaulting - only really supported a subset of the critical high risk systems under management. As the number of variety of systems and services under management increased, the approach to privilege evolved too.

Is AD the PAM Weak Link?

If we pick on Active Directory (AD) for a second, has it become the weak link in the privileged access battle? AD was not built for security. In 2000 the basic security design pattern was built upon private/public network boundaries - coarse grained trust areas that focused on location and IP address. Fast forward to 2026 and organisations design via a zero trust approach - often with the assumption that “controlled” network components and applications are really open to internet access and likely be “breached” already by unauthorised users.

Whilst AD is not solely a PAM platform, it does contain high risk identities, along with being a jump off point for service accounts, administration functions and a broad array of infrastructure support and configuration functions.

Remote access approaches such as VPNs, RDP, MS Terminal Services and RADIUS may well leverage AD as a repository, before vectoring off into an array of on-prem and cloud-integrated relying parties, applications and federated services. But has AD kept up with the variety and complexity of identity related attacks that target both standard and high risk accounts?

Being at the centre of enterprise identity, it can become a fulcrum for cross-identity, privilege-abuse related flows for both internal and external adversarial activity.

What Does Modern PAM Look Like?

PAM is a journey - an evolution - that many organisations are embarking on. We are starting to see PAM require a broader set of integrated identities and systems, but also from an AD point of view, identify a more flexible and just in time approach that covers service accounts and high risk events.

A consistent approach to high-risk access across AD and related systems is needed - that allows organisations to “scale-up” their security strategy to include NHI, agentic-AI and hybrid deployment model.

The Cyber Hut’s next industry webinar will be tackling this topic in more detail. The Cyber Hut founder Simon Moffatt will be in conversation with EMEA Chief Identity Security Advisor Rob Ainscough from Silverfort on March 16th.

They’ll explore:

Why traditional PAM models break down in modern, identity-driven environments
How runtime, identity-aware enforcement changes the privileged access security model
How organizations can expand privileged access coverage to meet protection goals - without slowing the business down
How to mitigate the risk of static human and non-human credentials, and move to Zero Standing Privilege
How to mature from protecting accounts, to blast radius controls & containing risk

Reserve Your Seat

Market Guide to Securing the Production Stack

The Cyber Hut — Fri, 06 Mar 2026 16:10:40 GMT

Executive Summary

Modern production infrastructure has outpaced traditional Privileged Access Management (PAM), leading to an increase in the identity attack surface along with significant operational drag.

Traditional, on-premises, vault-centric PAM systems, which were designed for a small, static set of accounts, can no longer manage the breadth of modern systems, protocols, and identity types, including human, non-human, and agentic identities.

This complexity results in over-provisioned, standing privileges and slow, manual access workflows that frustrate developers and increase risk. This guide outlines a strategic shift from legacy, isolated PAM to an Identity-Native, API-first model that supports a decoupled, “zero-touch” production access environment.

Capabilities in this modern approach leverage:

Just-in-Time (JIT) access and Zero Standing Privilege (ZSP): JIT allows identities to request access only when needed, and only for as long as needed, which is critical for minimizing the identity attack surface and enforcing a least-privilege policy. (See our Academy episode for an explainer on JiT and ZSP)
Broad, consistent coverage: A modern privileged access platform must cover the full spectrum of high-risk assets, including cloud consoles, databases, Kubernetes and code repositories, and all identity types, particularly non-human identities (NHIs) which often hold unchecked privileged access.

Okta and Crowdstrike Earnings Update, Veza+ServiceNpw for Agent Identity, Ping and PAM Plan

The Cyber Hut — Thu, 05 Mar 2026 12:05:20 GMT

Strategic & Emerging Headlines

Curated Industry Announcements

Identity Threat Intelligence Updates

Up Coming Industry Webinar

Closing the AD Privileged Access Gap

Up Coming Event Attendance

Orchid Security Community Event - London - March 12

RSAC 2026 - San Francisco - March 23-26

IDSA - Identity Management Day 2026 - April 14

IAM Tech Day - Sao Paolo - April 22-23

Identiverse - Las Vegas - June 15-18

Downloadable Cheat Sheets

Cheat Sheet: Agentic-AI Security Architecture Example

Cheat Sheet: Application Governance

Cheat Sheet: Top 30 IAM Metrics for B2C

Cheat Sheet: Top Metrics for B2E IAM

Cheat Sheet: MCP Security

Latest Identity Security Vendor Reports

A Demo Discussion on JiT for CSP

A demo walk through by P0 Security taking a look at just in time access for cloud service provider components such as S3 storage buckets

Latest Podcast Episode

E69 The Analyst Brief: The Rise of IAM Resilience and Why Semperis is buying MightyID

Latest Research Report

A Fireside Chat with Identity at the Center Podcast

Latest Analyst Insight

“From Operations to Strategic Enabler: Why IAM Must Adapt”

Architecting Identity for a Real-time World

Defining and Securing The Enterprise Production Stack

Analysing Application Activity

Always On, Always Aware: Building a Continuous Identity Strategy

Latest Recent Industry Webinars

Identity-First Security for AI Agents with Token Security

Addressing the IAM Data Problem: A fireside chat with Radiant Logic

An Identity Security Playbook: The What and The Why with Silverfort

Putting the AI in IAM a fireside chat with Apono

39: What is Just in Time access and Zero Standing Privileges?

Latest Training Academy Episodes

38: How does Identity and Access Management relate to Zero Trust?

Latest Vendor Assessment Report

As assessment of Radiant Logic - analysing their identity-data view of ISPM

Our Recent Vendor Introduction Interviews

Interviews with Reva.ai and Scalekit

Latest Video Shorts: Podcast and Interview Highlights

Order IAM and Identity Security Books on Amazon

IAM at 2035: A Future Guide to Identity Security - Paperback, Audio, Kindle and Hardback

CIAM Design Fundamentals - Paperback, Audio and Kindle

The Rise of Autonomous Ticket Resolution

The Cyber Hut — Mon, 02 Mar 2026 10:13:46 GMT

IAM Ticket Resolution Today: Oversubscribed and Ineffective

Broad variety of ticket types
Lack of fulfilment efficiency

Service desk ticketing systems today are routinely overworked and ineffective when it comes to identity and access management (IAM) - and for several core reasons. The volume and variety of identity types and systems has increased - but so have the volume and variety of tickets being raised.

Broad and disjointed multi-factor authentication (MFA) strategies typically correlate with an increase in enrolment issues, as well as the avoidable troubles associated with credential and password reset work flows.

New user on-boarding inevitably generates interactions with respect to device configuration and a lack of familiarity with technology or systems registration. But ultimately it is in the access management and misalignment domain that are generating the most interactions - many of which are becoming complex to complete and fulfil.

Many of these requests are repeatable, routine and avoidable - yet are still being completed by human operators. Requests often lack the appropriate level of context and detail - missing basic details such as the user’s current role or access, a system owner or a more risk-aligned description of what is needed and why.

Fulfilment times are increasing too as a result. The breadth and depth of request coverage likely means that many downstream systems are disconnected from the core automated provisioning apparatus - resulting in error prone and customised fulfilment of access additions or removals. A lack of context can also impair risk based decision making as it comes to changing access that is in alignment with both business requirements and security controls.

Risk Increasing & Productivity Decreasing

Lack of consistency
Human error and complex operating procedures

The impact of this is not just overworked employees and inefficient service desk fulfilment. As the strategic role of IAM has increased to enable productivity, security and revenue generation opportunities, the ineffectiveness of ticket management creates systemic failures in many parts of the modern business.

Delays in access fulfilment have a material impact on risk management. A slowdown in access removal - be it for a terminated employee, insider threat scenario or task completion - introduces significant issues with respect to privilege escalation opportunities or privilege abuse. In addition to delay, a lack of context, disconnected systems and human-centric process results in inconsistent completion and a lack of repeatable execution. This has a cascading effect on both productivity and risk.

Productivity also needs to be considered from both a fulfilment and end user point of view. A lack of context, repeatability and manual completion results in reduced effort to closure rates, but delays and inconsistencies in closure impact the end user too. Ticket bounce backs - often due to incorrectly assigned permissions or the removal of the wrong permissions - prevent task completion or result in timely escalations with no clear incident resolution pathway.

Rise of The AI Digital Employee: Automation, Consistency, Repeatability

Specialised learning based on company and context
Human augmentation

So what can be done? Vendors like Twine Security are certain that the rise of the AI digital employee is showing significant inroads in solving some of these key issues. An ability to train an agent with the specific nuances of an organisation, system and their joiner-mover-leaver processes is now quite possible. AI thrives on data - and the data relating to how an organisation manages their identity and access management processes is often readily available. This form of specialist learning is critical.

Twine Security describe themselves as: “Reduce manual cybersecurity work by 70% with Twine's AI Digital Employees. Automate identity management, cut costs, and improve team efficiency.”

Not all organisations are the same. Not all on-boarding and off-boarding processes are the same. Access request approvals will vary, the connected systems will vary and how they are connected will also vary. And as technology never lives in a vacuum, all of these components are constantly in a state of flux - which many traditional IAM systems fail to handle - often designed from a very static point of view. Each of these components and workflows will also see execution variability based on a combination of end user involved in the request, the approver and the context too. AI of course is designed to consume both vast amounts of data but also the nuances within it - allowing optimisation to take place.

A key part of deploying not just digital employees but agentic-AI in general, is building trust. Trust from an interaction point of view but also from an operational perspective. Evidence of hallucination and negative optimisation are now common, so it becomes critical to leverage a digital employee function that knows its own limitations. Knows when risk is present, a lack of information is present and knows when an optimal outcome can not be achieved without human guidance. It is important the agentic-approach not only knows when to escalate, but how to escalate.

Full Accountability, With Strategic Automation

Smarter decision making
Operational improvement
Security and audit traceability

There are touch-points where guardrails are critical. Initial on-boarding with respect to agent credential configuration, permissioning and credential issuance should be deterministic and transparent. This on-boarding process is critical to understand the existing nuance of both manual and automated processes - why have they been created, what might go wrong and who from an approval and escalation process is needed to complete both the happy and unhappy paths.

That learning process should also contribute to the identification of data concerns, or inefficiencies with respect to process or execution. By analysing existing processes and the ticket instances that have previously been completed, digital employees should be able to understand patterns and capture the subtle context needed (or lacking) to accelerate completion.

The immediate metric of success is operational improvement. Tickets can be fulfilled faster, with more automation and more consistency, but can also be optimised. Redundant stages, poorly completed or missing form entries can all be removed.

The key to both adoption and continual improvement is the ability to have full traceability of all of the AI digital employee events and ticket fulfilment stages. Audit and monitoring of all individual events and tasks is a given, but also the linkage back to a carbon life-form. This essentially is supporting the “on-behalf” of authorization flow for agentic-AI where it is critical to understand why and how an employee was triggered and is it authorised.

IAM is complex. Organisations have to deal with a range of asymmetric information problems, disconnected systems, missing workflows and an increasing rise in the volume and variety of identities and systems under management. The rise of Agentic AI adoption across all parts of the technology landscape is delivering huge productivity gains and competitive opportunities. The specific focus on the often stagnant IAM fulfilment flows will reduce considerable effort and security risk that many organisations are now facing.

An interview with Twine Security for The Cyber Hut’s vendor introduction series:

About The Author

Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of The Cyber Hut - a specialist research and advisory firm based out of the UK. He is author of CIAM Design Fundamentals and IAM at 2035: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.

IGA Success Metrics Template

The Cyber Hut — Fri, 27 Feb 2026 16:51:23 GMT

1. Security and Risk Reduction Metrics

The primary goal of a modern identity governance and administration (IGA) solution is to enforce concepts like the Principle of Least Privilege and actively reduce the identity attack surface, as emphasized in the transition to Zero Standing Privilege (ZSP) and the focus on Identity Security Posture Management (ISPM).

Access Risk Reduction: Target a reduction in users with unneeded or excessive access (Orphaned Accounts, Stale Access).
Segregation of Duties (SoD) Violations: Decrease in total SoD policy violations by a measurable percentage within a finite timeframe (e.g. within 6 months).
Time-to-Remediation: Decrease the time required to revoke access for high-risk or compromised identities.

Apono Agentic Report, Auth0 B2C Revenue Analysis, SentinelOne IAM Offering, P0 AuthZ Plane for AI

The Cyber Hut — Thu, 26 Feb 2026 10:35:59 GMT

Strategic & Emerging Headlines

Curated Industry Announcements

Apono: New Apono Report Reveals 98% of Cybersecurity Leaders Are Slowing Agentic AI Adoption Due to Insufficient Security Controls
Auth0: The Revenue Potential of Shared Accounts With Fine-Grained Authorization (FGA)
CrowdStrike: Exposing Insider Threats through Data Protection, Identity, and HR Context
Gathid: The Silent Breach: How Organizational Drift Becomes An Identity Threat
LoginRadius: MCP Authorization: The Key to Safe and Simple AI Integrations
P0 Security: P0 Security extends its Authz Control Plane to service accounts, workloads and AI agents
Ping Identity: Ping Identity’s Secure Containers in Iron Bank Strengthen DOW Data Security
Saviynt: Saviynt bolsters Its AI-powered Identity Security through integrations with Amazon Quick
SentinelOne: SentinelOne Unveils New Identity Portfolio and Strategy for Securing Human and Non-Human Identities
Segura: Announces $25M Growth Round from Riverwood Capital to Strengthen Identity Security Platform
Teleport: From Zero Trust to SPIFFE: How to Secure Microservices with Istio and Teleport
Veza: The Enterprise Agent Identity Control Plane

Identity Threat Intelligence Updates

Up Coming Event Attendance:

RSAC 2026 - San Francisco - March 23-26
IDSA - Identity Management Day 2026 - April 14
IAM Tech Day - Sao Paolo - April 22-23
Identiverse - Las Vegas - June 15-18

Let's Meet at RSAC 2026

Free Identity Security Cheat Sheets

Cheat Sheet: Agentic-AI Security Architecture Example
Cheat Sheet: Application Governance
Cheat Sheet: Top 30 IAM Metrics for B2C
Cheat Sheet: Top Metrics for B2E IAM
Cheat Sheet: MCP Security

Recent Identity Security Vendor Reports

Recently Added:

A Demo Discussion on JiT for CSP

A demo walk through by P0 Security taking a look at just in time access for cloud service provider components such as S3 storage buckets

Our Recent Podcast Episodes

E69 The Analyst Brief: The Rise of IAM Resilience and Why Semperis is buying MightyID…

Our Recent Research Reports:

A Market Guide to Securing the Production Stack

Our Recent Comments and Analyst Insight

A fireside chat with the Identity at the Center podcast on Identity Security:

Our Recent Industry Webinars

Always On, Always Aware: Building a Continuous Identity Strategy
Identity-First Security for AI Agents with Token Security
Addressing the IAM Data Problem: A fireside chat with Radiant Logic
An Identity Security Playbook: The What and The Why with Silverfort
Putting the AI in IAM a fireside chat with Apono
Too Many IDPs: Why Now, How to Rationalize?

Our Recent Training Academy Episodes

Our Recent Deep Dive Vendor Assessment Reports

As assessment of Radiant Logic - analysing their identity-data view of ISPM

Our Recent Vendor Introduction Interviews

What is the new auth-stack? We sat down with Scalekit to find out more…

Download Latest 120 Vendor Directory

Our Recent Video Shorts

Order IAM and Identity Security Books on Amazon

IAM at 2035: A Future Guide to Identity Security - Paperback, Audio, Kindle and Hardback
CIAM Design Fundamentals - Paperback, Audio and Kindle

Cheat Sheet: Agentic-AI Security Architecture Example

The Cyber Hut — Tue, 17 Feb 2026 12:46:12 GMT

Agent Identity and Access Management

We need to verify the agent's identity via attestation, before issuing bound credentials and unique attributes. We need to be dynamically granting access to data, apps, and other agents. All wrapped in ephemeral and just-in-time concepts.

Considerations:

Secret-zero issue - how to attest processes or requesting party before credentials are minted, issued and bound
How to identify what permissions an agent needs?
How to verify a human has access to an agent?
Should the agent “claim” permissions from the requesting party?
How to handle agent to agent combined permissions risk and union of access?
How to handle MFA requirements? Is a possession factor enough?
Should credentials be auto-rotated, or rotated only during high risk?

Data and Knowledge Protection

Policies are needed to prevent unauthorized use of critical data by AI agents, ensuring access permissions are based on the type of data or resource being accessed - so this is a combination of PEP and also data confidentiality protection measures.

Considerations:

Can existing DLP and DSPM products support the necessary discovery, classification and risk tagging of data resources?
Can data objects be protected at rest, in transit and in use?
Are concepts like homomorphic encryption and multi-party computing, understood, applicable?
Are integrity protection mechanisms necessary?
Are content authenticity measures in place? Are they scaleable? Can they be verified offline and at scale?
How is the data returned back from an agent protected?

Agent Operational Integrity and Resilience

We need to ensure the agent's behavioral integrity is upheld by detecting and preventing tampering, drifting off-task, or malicious manipulation. This is tricky as some behaviour changes are expected for optimization and learning.

Considerations:

What does success look like for an agent?
Can that success be articulated during creation?
Can agents be compared to each other?
Can and should agent behaviour be compared and tied to a human-requestor’s behaviour?
Are historical behaviour patterns for agents useful?
Agents are likely to be targets - how can they be protected?
Can they be stolen, replicated, impersonated?

Agentic Governance, Risk and Compliance (GRC)

We need to establish guidelines for agent behavior, risk changes, and ensuring that the agent's actions are auditable and traceable. Everything needs to be in sync for regulatory adherence.

Considerations:

End to end traceability is important - that links agent tasks to human tasks
Can agent actions be reversed?
At what point do agent events need approval?
What is the process for agent creation?
What level of explainability is available?
What level of agent action transparency is available?

Policy Engine with Runtime Enforcement

A system that provides granular, adaptive access control that changes dynamically based on real-time context and assessed risk levels. It enforces policies for access to corporate systems, inter-agent sharing, access periods (JIT), and memory retention. Can today’s human-centric PBAC systems do this?

Considerations:

How are policies created?
How are policies stored and made available to enforcing systems?
Are policies part of the governance model?
How are policies changed and analysed for effectiveness?
How should policy be changed post-incident?
Can enforcement points scale and be effective away from a central hub?

Human Oversight, Accountability, and Attribution

We need to ensure that all actions by autonomous agents can be traced back to an originating human user or organizational policy, often utilizing "human-in-the-loop" mechanisms for critical or sensitive actions.

Considerations:

These are extension points that anchor both policy design and enforcement and how the GRC components are executed