<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0"><channel><title><![CDATA[The Cyber Hut Radar - Identity Security and IAM Intelligence]]></title><description><![CDATA[Independent identity security research and IAM vendor intelligence for CISOs, security architects and IAM professionals — covering NHI, PAM, IGA, ITDR, zero trust and more]]></description><link>https://radar.thecyberhut.com</link><image><url>https://substackcdn.com/image/fetch/$s_!Lq6a!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png</url><title>The Cyber Hut Radar - Identity Security and IAM Intelligence</title><link>https://radar.thecyberhut.com</link></image><generator>Substack</generator><lastBuildDate>Tue, 07 Jul 2026 17:38:33 GMT</lastBuildDate><atom:link href="https://radar.thecyberhut.com/feed" rel="self" type="application/rss+xml"/><copyright><![CDATA[The Cyber Hut]]></copyright><language><![CDATA[en]]></language><webMaster><![CDATA[thecyberhut@substack.com]]></webMaster><itunes:owner><itunes:email><![CDATA[thecyberhut@substack.com]]></itunes:email><itunes:name><![CDATA[The Cyber Hut]]></itunes:name></itunes:owner><itunes:author><![CDATA[The Cyber Hut]]></itunes:author><googleplay:owner><![CDATA[thecyberhut@substack.com]]></googleplay:owner><googleplay:email><![CDATA[thecyberhut@substack.com]]></googleplay:email><googleplay:author><![CDATA[The Cyber Hut]]></googleplay:author><itunes:block><![CDATA[Yes]]></itunes:block><item><title><![CDATA[A Primer on Identity Security Threat Modelling ]]></title><description><![CDATA[Improving our analysis and control selection approach for critical IAM components]]></description><link>https://radar.thecyberhut.com/p/a-primer-on-identity-security-threat</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/a-primer-on-identity-security-threat</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Fri, 03 Jul 2026 15:43:46 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!471_!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<div class="captioned-image-container"><figure><a class="image-link image2" target="_blank" href="https://substackcdn.com/image/fetch/$s_!XLVi!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!XLVi!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png 424w, https://substackcdn.com/image/fetch/$s_!XLVi!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png 848w, https://substackcdn.com/image/fetch/$s_!XLVi!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png 1272w, https://substackcdn.com/image/fetch/$s_!XLVi!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!XLVi!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png" width="1456" height="364" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:364,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1074470,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/204906533?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!XLVi!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png 424w, https://substackcdn.com/image/fetch/$s_!XLVi!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png 848w, https://substackcdn.com/image/fetch/$s_!XLVi!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png 1272w, https://substackcdn.com/image/fetch/$s_!XLVi!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F60fbd47d-d08c-4f70-b5a6-6f48c1e7df33_2508x627.png 1456w" sizes="100vw" fetchpriority="high"></picture><div></div></div></a></figure></div><h2>Introduction</h2><p><strong>Identity security threat modelling</strong> is a structured way of identifying how an attacker could abuse, bypass, or manipulate the components that make up an identity systems to gain unauthorised access, support data ex-filtration or disruption to core services.</p><p>As identity and access management (IAM) has become more important - and moved from being a tactical and reactive component, to more strategic and proactive - by design it has become a target for both internal and external malicious operators.</p><p>The vulnerabilities within the IAM landscape are both numerous and often difficult to identify. And whilst our approach to controls selection has improved, as an industry we are facing considerably more automated and sophisticated approaches that exploit weakness across the entire IAM landscape.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!Hgir!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!Hgir!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png 424w, https://substackcdn.com/image/fetch/$s_!Hgir!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png 848w, https://substackcdn.com/image/fetch/$s_!Hgir!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png 1272w, https://substackcdn.com/image/fetch/$s_!Hgir!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!Hgir!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png" width="1280" height="720" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/b3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:720,&quot;width&quot;:1280,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:545669,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/204906533?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!Hgir!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png 424w, https://substackcdn.com/image/fetch/$s_!Hgir!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png 848w, https://substackcdn.com/image/fetch/$s_!Hgir!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png 1272w, https://substackcdn.com/image/fetch/$s_!Hgir!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb3a72320-453c-49f0-bf6e-19ddcb43dd16_1280x720.png 1456w" sizes="100vw"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Organisations have numerous issues to contend with. Existing IAM infrastructure is often isolated, disconnected and delivered by a patchwork quilt of different vendors and homegrown components. A lack of visibility and central control is also likely. This contributes to a general lack of visibility - visibility as it pertains to infrastructure usage and configuration, but also with respect to identity usage too. </p><p>Hybrid deployments - with both applications, relying services and IAM components - are also common, with PaaS, SaaS and on-premise deployments resulting in inconsistent user experiences for both administrators and end users, alongside common mis-configuration issues.</p><p>To that end we need to combine some existing concepts in new ways - both existing threat modelling and our knowledge of IAM components and usage flows.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!471_!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!471_!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png 424w, https://substackcdn.com/image/fetch/$s_!471_!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png 848w, https://substackcdn.com/image/fetch/$s_!471_!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png 1272w, https://substackcdn.com/image/fetch/$s_!471_!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!471_!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png" width="1265" height="607" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:607,&quot;width&quot;:1265,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:596857,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/204906533?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!471_!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png 424w, https://substackcdn.com/image/fetch/$s_!471_!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png 848w, https://substackcdn.com/image/fetch/$s_!471_!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png 1272w, https://substackcdn.com/image/fetch/$s_!471_!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F22686a46-3f6b-4432-add1-1c3f01d95215_1265x607.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div>
      <p>
          <a href="https://radar.thecyberhut.com/p/a-primer-on-identity-security-threat">
              Read more
          </a>
      </p>
   ]]></content:encoded></item><item><title><![CDATA[Cheat Sheet: Agentic Intent Based Access Control]]></title><description><![CDATA[A key capability for handling agentic risk analysis and response at runtime]]></description><link>https://radar.thecyberhut.com/p/cheat-sheet-agentic-intent-based</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/cheat-sheet-agentic-intent-based</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Mon, 29 Jun 2026 15:43:45 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!1I4W!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>The What</h2><p>Let us take a step back before focusing our attention on agentic identity. If we think merely in terms of humans and existing intent management capabilities,  intent management relates to the analysing and predicting user <strong>behaviour</strong> through classic behavioural science and digital signals.</p><p>The core concept involves understanding what a user is likely to do - mainly in terms of buying signals or decision-making - taking a look at either their physical body language, or more latterly by analysing their <strong>digital body language</strong>.</p><p>This includes thousands of behavioural micro-expressions captured while a user interacts with a digital interface - perhaps an advert, digital store front or filling out an online application. From there marketing technology (martech) scoring functions can be used to identify if a user is &#8220;mad, sad or glad&#8221; when interacting with a piece of digital content.</p><p>This &#8220;intent data&#8221; can be used to better predict and react to user signals in real time - either by showcasing different products or adverts.</p><p>Of course these concepts can also be applied to <strong>information</strong> <strong>security</strong> - and in the digital setting trying to &#8220;<em>spy the lie</em>&#8221; as it pertains to access management such as on-boarding or authorization decision making and enforcement.</p><p>Specifically from an <strong>identity</strong> security perspective, this connects to broader themes around runtime attribution - namely understanding <strong>who</strong> is doing <strong>what</strong> and <strong>why. </strong>Digital attribution can leverage the ability for biometric lineage and tying back an event to a specific identity. This not only helps with traceability but also contributes to <strong>risk</strong> analysis and composite understanding regarding motive and opportunity with respect to malicious behaviour.  Of course not all identities will have biometric attributes - aka non-human identities or agentic-identities so we need to consider how to proxy this.</p><p>But returning back to intent, we need to consider where it sits in the overall identity security space and then specifically within agentic-identity security.</p><p>Can we therefore start to think of a simple and broader identity security question that intent management can help solve?</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!b8LU!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!b8LU!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png 424w, https://substackcdn.com/image/fetch/$s_!b8LU!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png 848w, https://substackcdn.com/image/fetch/$s_!b8LU!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png 1272w, https://substackcdn.com/image/fetch/$s_!b8LU!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!b8LU!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png" width="1239" height="593" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:593,&quot;width&quot;:1239,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:583683,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/203680123?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!b8LU!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png 424w, https://substackcdn.com/image/fetch/$s_!b8LU!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png 848w, https://substackcdn.com/image/fetch/$s_!b8LU!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png 1272w, https://substackcdn.com/image/fetch/$s_!b8LU!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F17b4bbb1-453a-49dd-85bd-34fac9a9439d_1239x593.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The word &#8220;trusted&#8221; here is important (as opposed to trustworthy). <strong>Trusted</strong> is more likely aligned with a volatile action and changeable decision. <strong>Trustworthy</strong> is more likely to an inherent repeatably proven trait. For example boot attestation may result in a measurably &#8220;trustworthy&#8221; operating system. A process on top of that is &#8220;trusted&#8221; after obtaining specific credentials.</p><div><hr></div><p>Let us move back to agentic-identity security. Two other ingredients are needed for our &#8220;Trusted Interaction&#8221; story: <strong>authorization</strong> and <strong>guardrails</strong>. (N.B Authorization is such a large topic it will be treated in a separate cheat sheet).</p><p>Authorization will require several well known building blocks: policy decision points, policy enforcement points and of course a policy to link those together. In the framework above, authorization is determining whether an agent should have &#8220;read&#8221; or &#8220;read and write&#8221; access based on rules, context, the task being completed and so on. </p><blockquote><p><em>The intent aspect is going to analyse whether the agent is using that &#8220;read&#8221; access to read a document to complete legitimate work, or read a document to send to a nation state for espionage purposes.</em></p></blockquote><p>Guardrails are merely there to help with prompt engineering, ingress and egress filtering and helping to define the outer bounds of expected behaviour.</p><div><hr></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!SeWL!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!SeWL!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!SeWL!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!SeWL!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!SeWL!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!SeWL!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png" width="1456" height="971" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:971,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1417426,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/203680123?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!SeWL!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png 424w, https://substackcdn.com/image/fetch/$s_!SeWL!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png 848w, https://substackcdn.com/image/fetch/$s_!SeWL!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png 1272w, https://substackcdn.com/image/fetch/$s_!SeWL!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b6c392d-4846-4c3e-a187-3d20aaadff82_1536x1024.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>This is taken from The Cyber Hut&#8217;s Academy series Episode 41 &#8220;<a href="https://academy.thecyberhut.com/p/41-what-is-agentic-identity-security">What is Agentic Identity Security - Part 1&#8221;</a></p><div class="embedded-post-wrap" data-attrs="{&quot;id&quot;:203526150,&quot;url&quot;:&quot;https://academy.thecyberhut.com/p/41-what-is-agentic-identity-security&quot;,&quot;publication_id&quot;:1795411,&quot;publication_name&quot;:&quot;The Cyber Hut Academy - IAM and Identity Security Training&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!LgyR!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef8056ca-aa12-4401-b02e-ad4f183f5eeb_300x300.png&quot;,&quot;title&quot;:&quot;41: What is Agentic Identity Security - Part 1?&quot;,&quot;truncated_body_text&quot;:&quot;&quot;,&quot;date&quot;:&quot;2026-06-25T10:41:59.329Z&quot;,&quot;like_count&quot;:3,&quot;comment_count&quot;:0,&quot;bylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;handle&quot;:&quot;thecyberhut&quot;,&quot;previous_name&quot;:null,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;bio&quot;:&quot;Independent identity security research and IAM vendor intelligence&quot;,&quot;profile_set_up_at&quot;:&quot;2022-10-21T09:39:20.518Z&quot;,&quot;reader_installed_at&quot;:&quot;2024-11-12T21:34:06.194Z&quot;,&quot;publicationUsers&quot;:[{&quot;id&quot;:1104346,&quot;user_id&quot;:34112948,&quot;publication_id&quot;:1152167,&quot;role&quot;:&quot;admin&quot;,&quot;public&quot;:true,&quot;is_primary&quot;:true,&quot;publication&quot;:{&quot;id&quot;:1152167,&quot;name&quot;:&quot;The Cyber Hut Radar - Identity Security and IAM Intelligence&quot;,&quot;subdomain&quot;:&quot;thecyberhut&quot;,&quot;custom_domain&quot;:&quot;radar.thecyberhut.com&quot;,&quot;custom_domain_optional&quot;:false,&quot;hero_text&quot;:&quot;Independent identity security research and IAM vendor intelligence for CISOs, security architects and IAM professionals &#8212; covering NHI, PAM, IGA, ITDR, zero trust and more&quot;,&quot;logo_url&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;author_id&quot;:34112948,&quot;primary_user_id&quot;:34112948,&quot;theme_var_background_pop&quot;:&quot;#FF0000&quot;,&quot;created_at&quot;:&quot;2022-10-21T09:41:35.891Z&quot;,&quot;email_from_name&quot;:&quot;The Cyber Hut Radar&quot;,&quot;copyright&quot;:&quot;The Cyber Hut&quot;,&quot;founding_plan_name&quot;:null,&quot;community_enabled&quot;:true,&quot;invite_only&quot;:false,&quot;payments_state&quot;:&quot;enabled&quot;,&quot;language&quot;:null,&quot;explicit&quot;:false,&quot;homepage_type&quot;:&quot;newspaper&quot;,&quot;is_personal_mode&quot;:false,&quot;logo_url_wide&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/92e276a4-0fa6-491e-8b41-0778f35ea407_556x230.png&quot;}},{&quot;id&quot;:1778865,&quot;user_id&quot;:34112948,&quot;publication_id&quot;:1795411,&quot;role&quot;:&quot;admin&quot;,&quot;public&quot;:true,&quot;is_primary&quot;:false,&quot;publication&quot;:{&quot;id&quot;:1795411,&quot;name&quot;:&quot;The Cyber Hut Academy - IAM and Identity Security Training&quot;,&quot;subdomain&quot;:&quot;iambitesize&quot;,&quot;custom_domain&quot;:&quot;academy.thecyberhut.com&quot;,&quot;custom_domain_optional&quot;:false,&quot;hero_text&quot;:&quot;Zero-to-hero identity security training for IAM professionals, security architects and CISOs &#8212; key concepts, acronyms and market sectors explained in 10 minutes or less by analyst Simon Moffatt&quot;,&quot;logo_url&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/ef8056ca-aa12-4401-b02e-ad4f183f5eeb_300x300.png&quot;,&quot;author_id&quot;:34112948,&quot;primary_user_id&quot;:null,&quot;theme_var_background_pop&quot;:&quot;#EA82FF&quot;,&quot;created_at&quot;:&quot;2023-07-11T15:14:18.664Z&quot;,&quot;email_from_name&quot;:&quot;The Cyber Hut Academy&quot;,&quot;copyright&quot;:&quot;The Cyber Hut&quot;,&quot;founding_plan_name&quot;:null,&quot;community_enabled&quot;:true,&quot;invite_only&quot;:false,&quot;payments_state&quot;:&quot;enabled&quot;,&quot;language&quot;:null,&quot;explicit&quot;:false,&quot;homepage_type&quot;:&quot;newspaper&quot;,&quot;is_personal_mode&quot;:false,&quot;logo_url_wide&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/da748bb7-4564-41e6-b0ac-4f01c9b5c203_556x230.png&quot;}}],&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null,&quot;status&quot;:{&quot;bestsellerTier&quot;:null,&quot;subscriberTier&quot;:null,&quot;leaderboard&quot;:null,&quot;vip&quot;:false,&quot;badge&quot;:null,&quot;subscriber&quot;:null}}],&quot;utm_campaign&quot;:null,&quot;belowTheFold&quot;:true,&quot;type&quot;:&quot;newsletter&quot;,&quot;language&quot;:&quot;en&quot;,&quot;source&quot;:null}" data-component-name="EmbeddedPostToDOM"><a class="embedded-post" native="true" href="https://academy.thecyberhut.com/p/41-what-is-agentic-identity-security?utm_source=substack&amp;utm_campaign=post_embed&amp;utm_medium=web"><div class="embedded-post-header"><img class="embedded-post-publication-logo" src="https://substackcdn.com/image/fetch/$s_!LgyR!,w_56,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef8056ca-aa12-4401-b02e-ad4f183f5eeb_300x300.png" loading="lazy"><span class="embedded-post-publication-name">The Cyber Hut Academy - IAM and Identity Security Training</span></div><div class="embedded-post-title-wrapper"><div class="embedded-post-title">41: What is Agentic Identity Security - Part 1?</div></div><div class="embedded-post-cta-wrapper"><span class="embedded-post-cta">Read more</span></div><div class="embedded-post-meta">12 days ago &#183; 3 likes &#183; The Cyber Hut</div></a></div><div><hr></div><h2>The Why</h2><p>Why has Intent Management become interesting now? Isn&#8217;t this just the same as standard behaviour monitoring that we have seen with user entity behaviour analytics (UEBA) or more latterly in concepts like identity threat detection and response (ITDR)?</p><p>Yes, and no.</p><p><span>Intent management is a critical mechanism in agentic identity security that focuses on validating the underlying </span><strong><span>rationale</span></strong><span> and </span><strong><span>expected</span></strong><span> behavioral boundaries of an autonomous AI agent's actions. This generates some subtly new requirements. </span></p><p><span>Traditional identity security platforms had evaluated whether a user has permission to access an object or resource.</span></p><p>Agents introduce two more subtle issues: a level of <strong>autonomy</strong> and <strong>optimisation</strong>. Both of which result in the now commonly used term &#8220;non-deterministic&#8221; behaviour. Essentially we can&#8217;t easily predict what the agent will do. Some of its moves will seem strange - but will be entirely legitimate - some of its moves will seem &#8220;OK&#8221; but will be entirely malicious. It is also quite likely that access changes, multiple-system usage and a broad array of permissions is entirely likely during the completion of a task. Knowing what to allow, block and monitor is complex.</p><p><span>So we move away from a simple authorization decision + monitor pattern, to something more along the lines of </span><strong><span>"</span></strong><em><span>Yes, they have permission to do something, but why are they doing it now, and is it expected?</span></em><strong><span>&#8221;.</span></strong></p><p><span>This layer of security addresses the behavioural reality that autonomous agents do not operate within human social constructs - that of trusted colleagues for example.</span></p><div><hr></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://radar.thecyberhut.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">The Cyber Hut Radar - become a free or paid subscriber for future updates:</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><div><hr></div><h2>Capabilities</h2><p>Capabilities in this area are both new and evolving rapidly. However, we can frame our thinking about what questions we want to answer. The following is taken from our Academy episode 42 &#8220;What is Agentic Identity Security - Part 2&#8221; that takes a high level look at the top 6 control areas we need to consider for risk reduction. Part 6 is about observability and intent.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!HnKc!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!HnKc!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png 424w, https://substackcdn.com/image/fetch/$s_!HnKc!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png 848w, https://substackcdn.com/image/fetch/$s_!HnKc!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png 1272w, https://substackcdn.com/image/fetch/$s_!HnKc!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!HnKc!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png" width="600" height="596" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/f2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:596,&quot;width&quot;:600,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:341882,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/203680123?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!HnKc!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png 424w, https://substackcdn.com/image/fetch/$s_!HnKc!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png 848w, https://substackcdn.com/image/fetch/$s_!HnKc!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png 1272w, https://substackcdn.com/image/fetch/$s_!HnKc!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff2015ae9-aee4-4f22-822f-7a5311d0790b_600x596.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Here we need to look at what agent is trying to do - what has it done before in the current sequence and can we predict a sequence of events going forward? What triggered it and has it been influenced in anyway?</p><p>Example capabilities to consider should include:</p><ul><li><p><strong>Runtime</strong> <strong>observability</strong> - being able to both monitor, judge and respond during post-provisioning and post-authentication events - the judging aspect may well be another LLM powered component</p></li><li><p><strong>Intent</strong> <strong>declaration</strong> - for any drift or analysis steps to take place, the agent must declare that it intends to do - and this needs capturing with integrity protection</p></li><li><p><strong>Sequence</strong> and <strong>access</strong> <strong>path</strong> tracking - it&#8217;s important not to just analysis the agent during a single  API call or access request - but look at before and potentially the after steps in the full access path</p></li><li><p><strong>Intent</strong> <strong>drift</strong> - once the intent has been declared, deviations from that first need to be analysed and then responded to</p></li><li><p><strong>Context</strong> <strong>grounding</strong> - an ability to know not only the owner/agent trigger, but also the context the user-lineage operates in to find deviations</p></li><li><p><strong>Purpose</strong>-<strong>driven</strong> <strong>policy</strong> - access policies are important, but must not fall into the basic coarse-grained models - they must be specific, fine grained and linked to the purpose at hand</p></li><li><p><strong>Graduated</strong>-<strong>response</strong> - risk will be volatile and not all responses should be allow/deny - with a flexible way of handling evaluated risk. E.g. honeypot, monitoring, degradation etc</p></li></ul><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!1I4W!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!1I4W!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png 424w, https://substackcdn.com/image/fetch/$s_!1I4W!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png 848w, https://substackcdn.com/image/fetch/$s_!1I4W!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png 1272w, https://substackcdn.com/image/fetch/$s_!1I4W!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!1I4W!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png" width="1256" height="638" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/d649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:638,&quot;width&quot;:1256,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:609897,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/203680123?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!1I4W!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png 424w, https://substackcdn.com/image/fetch/$s_!1I4W!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png 848w, https://substackcdn.com/image/fetch/$s_!1I4W!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png 1272w, https://substackcdn.com/image/fetch/$s_!1I4W!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fd649a6f6-1fd7-497e-bcde-c2f2e545ce89_1256x638.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><h2>Example Vendor Solutions for Intent Based Access Control &amp; Management</h2><h3><a href="https://www.apono.io/agent-privilege-guard/">Apono</a> (now part of 1Password)</h3><p>Apono implements intent-based access control by shifting from static rules to context-aware, just-in-time (JIT) runtime authorization for both human and AI agents. Using the Agent Privilege Guard, it validates declared intentions in real-time, enforcing least-privilege access and automatically revoking permissions to eliminate standing privileges.</p><p><span>Apono positions itself at the intersection of dynamic access control, identity-native security, and modern operations by delivering Zero Standing Privileges (ZSP) and friction-free, Just-in-Time (JIT) access across cloud services, databases, and servers. Moving away from traditional, static vault-centric architectures, the platform manages risk through an iterative lifecycle of discovery, detection, assessment, and policy-driven control. Its core innovation revolves around "Access Flows" and dynamic "access guardrails".</span></p><h3><a href="https://clevrsecurity.com/#solutions">Clvr Security</a></h3><p><span>Clevr Security</span> manages intent specifically for AI agents, copilots, and autonomous workflows through Intent Analysis at the execution boundary. Instead of just analyzing prompts or applying static rules, they evaluate the underlying intent of an agent&#8217;s multi-step plan before any action is allowed to run. They describe three main aims:</p><p>1. Goal Drift Detection</p><ul><li><p><span>Multi-Step Tracking: Clevr tracks every step of an agent&#8217;s plan against the user&#8217;s original instruction.</span></p></li><li><p><span>Off-Script Flags: It catches the exact moment an agent&#8217;s goal shifts from what was authorized (e.g., if a task is to &#8220;send a report,&#8221; but the agent&#8217;s plan expands to &#8220;query all contacts&#8221; and &#8220;export to external storage&#8221;).</span></p></li></ul><p>2. Pre-Execution Interception</p><ul><li><p><span>Context Accumulation: The platform continuously accumulates session state and historical context to weigh the agent&#8217;s current action against its stated intent.</span></p></li><li><p><span>Real-Time Intervention: If an action is deemed &#8220;out of bounds&#8221; or misaligned with the original intent, Clevr intercepts it before it reaches business systems, routing the request to Deny, Modify, or Escalate for human approval.</span></p></li></ul><p><strong>3.</strong> Intent-Driven Policy Enforcement</p><ul><li><p><span>Live System Checks: It maps the agent&#8217;s intent against real-time business parameters like change windows, budget caps, data sensitivity, and segregation of duties.</span></p></li><li><p><span>AARM Compliance: Clevr aligns its intent validation with the </span><em><span>AI Agent Runtime Security (AARM)</span></em><span> open standard, specifically fulfilling requirements for pre-execution evaluation and identity-to-intent binding.</span></p></li></ul><h3><a href="https://kontext.security/blog/runtime-authorization-is-safety-evaluation">Kontext Security</a></h3><p><span>Kontext addresses intent-management within its runtime authorization framework by treating intent as a core variable to compare requested actions with authorized tasks. Rather than relying solely on credentials or token presence, the system evaluates the underlying reason for an action to protect against vulnerabilities like prompt injection and excessive agency. Kontext structures and manages intent include:</span></p><p><span>1. Interception at the Action Boundary</span></p><p><span>Kontext positions its runtime policy checks immediately preceding tool invocation, API execution, or data access. Intercepting actions at this boundary ensures that a model&#8217;s generated plan can be analyzed before any external side effects occur.</span></p><p><span>2. Processing Structured Intent Context</span></p><p><span>The authorization system processes an explicit JSON payload detailing the runtime intent. Key evaluation variables include:</span></p><ul><li><p><span>Declared Task: The specific task the agent is trying to complete.</span></p></li><li><p><span>Source: The origin of the instruction (e.g., user prompt vs. third-party data inputs).</span></p></li><li><p><span>Confidence Scores: Structural context determining how confidently the intent matches authorized workflows.</span></p></li><li><p><span>Session History: Context chains that look at prior tools called and data accessed to catch drift or multi-hop data exfiltration paths.</span></p><p></p></li></ul><p><span>3. Mitigating Malicious Purpose Mapping</span></p><p><span>Kontext uses intent data to differentiate between identical API calls carrying vastly different risk profiles. For example, a policy can evaluate the task intent to allow a standard tool read parameter while simultaneously blocking a bulk export triggered by an indirect prompt injection payload.</span></p><p><span>4. Auditable Evidence Generation</span></p><p><span>Intent classification functions as a required log parameter for framework compliance, such as the NIST AI Risk Management Framework (AI RMF). Kontext logs the classified intent alongside the specific user delegation path, agent identity, parameters, and matching policy version to generate an immutable, reviewable audit trail.</span></p><h3><a href="https://www.oasis.security/agentic-access-management">Oasis Security</a></h3><p><span>Oasis Security</span> manages intent through a capability called Agentic Intent &amp; Access Control, which is a core component of its Agentic Access Management (AAM) platform. Rather than relying on traditional, rigid static roles and permissions, Oasis focuses on understanding <em>why</em> an AI agent is requesting access before granting it.</p><p>This can be described in three main areas:</p><p>1. Intent-Aware Access Decisions</p><ul><li><p><span>Context Over Permissions: The platform actively analyzes the real-time context of what each non-human identity or AI agent is doing and why.</span></p></li><li><p><span>Dynamic Approval: Instead of granting permanent privileges, access control decisions are tightly bound to the agent&#8217;s specific, declared intent at that moment.</span></p></li></ul><p>2. Time-Bound Governance</p><ul><li><p><span>Automated Provisioning: Oasis automatically maps and provisions the specific permissions an agent needs to execute its task.</span></p></li><li><p><span>Time Restrictions: Access is strictly time-bound. The moment the agent&#8217;s intent is fulfilled or the allowed window expires, the access is automatically restricted or removed to prevent over-privileged standing access.</span></p></li></ul><p>3. Comprehensive Ecosystem Integration</p><ul><li><p><span>Cross-Environment Tracking: Oasis tracks agentic intent across a wide hybrid footprint, including cloud providers (AWS, Azure, GCP), development hubs (GitHub), data ecosystems (Snowflake, BigQuery), and AI endpoints (ChatGPT, Copilot, Bedrock).</span></p></li><li><p><span>Inventory &amp; Visibility: It creates a real-time inventory that ties every active AI agent identity back to a clear human owner or core internal system, ensuring that intent can always be traced back to an accountable source.</span></p></li></ul><h3><a href="https://www.plainid.com/introducing-agentic-identity-platform/">PlainID</a></h3><p><span>PlainID</span> addresses intent management through its recently launched Agentic Identity Platform, which utilizes Intent-Based Access Control (IBAC) to secure AI agents, Retrieval-Augmented Generation (RAG) systems, and Model Context Protocol (MCP) tool flows.</p><p>1. Intent-Based Access Control (IBAC)</p><ul><li><p><span>Moving Past Static Roles: PlainID shifts authorization away from rigid user roles to dynamically evaluate what an AI agent intends to execute in real time.</span></p></li><li><p><span>End-to-End AI Boundaries: It defines and enforces clear guardrails across the entire AI session lifecycle to dictate what an agentic identity can safely access, modify, or expose.</span></p></li></ul><p>2. Runtime Authorization &amp; Zero Standing Privileges</p><ul><li><p><span>Dynamic Decision Engine: Every intent is intercepted and parsed by a smart decision engine that applies fine-grained precision and context to the request.</span></p></li><li><p><span>Just-In-Time Rules: Instead of allowing persistent background data access, permissions are granted dynamically for the specific task at hand, enforcing Zero Standing Privileges across connected apps and databases.</span></p></li></ul><p>3. Policy-Based Access Control (PBAC) Standardization</p><ul><li><p><span>Unified Policy Language: PlainID allows organizations to write an authorization policy once and distribute it everywhere across SaaS apps, APIs, microservices, and AI models.</span></p></li><li><p><span>Integration Hub: It embeds directly into AI frameworks (like </span><em><span>LangChain</span></em><span>) to evaluate intent natively before the agent calls an external data platform or internal service.</span></p></li></ul><p>4. Agentic AI Observability</p><ul><li><p><span>Auditable Intent Traces: The platform logs every agent action, intent evaluation, and authorization decision into clear, business-readable language.</span></p></li><li><p><span>Compliance &amp; Governance: Security teams and auditors can track exactly </span><em><span>why</span></em><span> a bot requested a specific tool execution and </span><em><span>how</span></em><span> the policy reacted to it.</span></p></li></ul><h3><a href="https://www.reva.ai/blog/intent-based-access-control-a-technical-primer">Reva</a></h3><p><a href="https://www.reva.ai/"><span>Reva.AI</span></a> brands itself as the industry&#8217;s first Intent &amp; Behavior Based Access Control (IBAC) platform. They treat intent not just as a buzzword, but as the strict &#8220;semantic backbone&#8221; of least-privilege authorization for autonomous AI agents.</p><p><span>According to their technical framework, Reva.AI implements intent-based access control through the following core technical mechanisms</span>:</p><p>1. The Core Paradigm Shift: &#8220;Actions to Intents&#8221;</p><p>Traditional access control answers <em>who</em> can invoke an API. Reva&#8217;s IBAC shifts the entire authorization question to: &#8220;For the current task and context, is this specific action over these resources allowed?&#8221; It decouples security from static roles and maps access directly to a defined purpose.</p><p>2. The 5-Step Runtime Enforcement Architecture</p><p>Reva maps out a concrete technical pipeline that executes at machine speed before an agent can cause damage:</p><ul><li><p><span>Step 1: Intent Templates: Organizations define canonical, YAML-style templates for workflows (e.g., </span><code>patch_production_service</code><span>). These explicitly specify allowed actions, resources, and hard constraints (like max lines edited or database rows read).</span></p></li><li><p><span>Step 2: Parsing Natural Language: A classifier or small LLM maps a user&#8217;s natural language instruction into one of these strict template formats.</span></p></li><li><p><span>Step 3: Fine-Grained (FGA) Mapping: Reva&#8217;s platform acts as a &#8220;policy generator,&#8221; translating that approved intent into standard Fine-Grained Authorization (FGA) tuples (e.g., </span><code>agent:read#table:finance_2025</code><span>).</span></p></li><li><p><span>Step 4: Cryptographic Intent Tokens: At the start of a session, Reva binds these allowed tuples and constraints into a highly temporary, signed JWT token.</span></p></li><li><p><span>Step 5: Gateway Interception: The Reva Trust Gateway checks every single tool or Model Context Protocol (MCP) call against the token. If the agent tries to wander off-script&#8212;even due to prompt injection or model hallucination&#8212;the gateway hard-blocks the tool execution before it hits production systems.</span></p></li></ul><p>3. Domain-Specific Ontologies</p><p>Instead of generic guardrails, Reva structures intent around a domain-specific vocabulary mapping Users/Agents, Tasks, Actions, Resources, and Constraints. This enables highly contextual rules, such as allowing a healthcare agent to read patient labs for a &#8220;clinical review&#8221; task, but automatically denying the action if the agent attempts to mass-export the data.</p><p>4. Built on Open Standards</p><p>Rather than forcing proprietary lock-in, Reva applies its intent management layer on top of industry-standard policy languages and engines like Cedar, OPA (Open Policy Agent), OpenFGA, and AuthZEN.</p><h3><a href="https://www.silverfort.com/blog/fabrix-security-joins-silverfort-to-deliver-autonomous-identity-security-at-runtime/">Silverfort</a></h3><p>Silverforts&#8217;s recent acquisition of Fabrix adds further agentic-centric decision capabilities to their existing ITDR plans.</p><p><span>They</span> address intent management by treating AI agents as dynamic, non-human identities and applying identity-first runtime protection to control their actions. Rather than allowing an agent to wander &#8220;off-script,&#8221; Silverfort mitigates behavioral drift and malicious intent by intercepting unauthorized tool and access requests before they execute.</p><p>They handle intent and runtime security through several key capabilities:</p><p>1. Stopping Behavioral Drift and Misguided Intent</p><ul><li><p><span>Detecting Deviant Behavior: Silverfort continuously monitors agent sessions for internal risks, specifically focusing on &#8220;behavioral drift&#8221;- instances where an autonomous agent acts outside its original intent or designated scope.</span></p></li><li><p><span>Blocking Attack Delegation: It detects and blocks prohibited agent-to-agent delegation chains, ensuring an agent cannot pass instructions or privileges to another bot to bypass restrictions.</span></p></li><li><p><span>Defending Against Malicious Override: Its runtime layer stops external, adversarial intents like prompt injections or poisoned Model Context Protocol (MCP) servers from hijacking the agent&#8217;s logic.</span></p></li></ul><p><strong>2. Dual-Architecture Runtime Enforcement</strong></p><p>Silverfort ensures that regardless of an agent&#8217;s intended action, it must clear a hard identity policy boundary via two enforcement methods:</p><ul><li><p><strong><span>MCP Gateway (Universal Inline Security):</span></strong><span> For custom or open-framework agents using the Model Context Protocol, Silverfort routes traffic through an inline MCP Gateway. It evaluates the agent&#8217;s identity and policy in real time, intercepting unauthorized tool calls before they hit internal data servers.</span></p></li><li><p><strong><span>Native Platform Integrations:</span></strong><span> For cloud-managed ecosystems (like </span><em><strong><a href="https://learn.microsoft.com/en-us/microsoft-copilot-studio/fundamentals-what-is-copilot-studio"><span>Microsoft Copilot Studio</span></a></strong></em><span> or </span><em><span>Google Cloud Agent Gateway</span></em><span>), Silverfort embeds directly into the platform&#8217;s control plane to block actions without requiring separate traffic routing.</span></p></li></ul><p><strong>3. Least-Privilege Identity Binding</strong></p><ul><li><p><strong><span>Context-Aware Decisions:</span></strong><span> Every access request is evaluated against a centralized policy defined by the agent&#8217;s identity, the user context, the target application, and the specific action type.</span></p></li><li><p><strong><span>Eliminating Over-Privileged Access:</span></strong><span> By continuously mapping agents to clear human owners and auditing their exact blast radius, Silverfort ensures agents do not possess standing privileges that exceed their day-to-day administrative intent.</span></p></li></ul><h3><a href="https://goteleport.com/about/newsroom/press-releases/teleport-launches-beams-trusted-agent-runtimes-for-infrastructure/">Teleport</a></h3><p>Teleport recently released an <a href="https://goteleport.com/platform/agentic-identity-framework/">Agentic Identity Framework</a> - covering a broad array of use cases to protect the agentic life cycle and runtime access.</p><p>The framework manages intent by enforcing strict cryptographic bindings and infrastructure boundaries, rather than interpreting natural language. It secures agentic intent through "Identity-to-Intent" binding, delegated authorization, dynamic ABAC, and granular auditing of tool execution.</p><p>Teleport defines Identity-Intent Binding through a zero-trust, infrastructure-first approach that treats AI agents as distinct, authenticated workloads rather than relying on reactive text-based analysis. Their strategy utilizes ephemeral, hardware-isolated runtimes and short-lived cryptographic certificates to enforce strict, "steady-state" computing where agent access is bound to specific, time-limited tasks.</p><div><hr></div><h2>Recommendations</h2><p>The rise of agentic AI strips away a fundamental assumption that identity security has relied on for decades: predictability. When autonomous, non-deterministic agents are given the keys to enterprise data ecosystems, static roles and traditional privilege monitoring are no longer enough to prevent catastrophic drift or malicious exploitation. Security can no longer safely operate on an &#8220;allow or deny&#8221; permission structure when an agent&#8217;s technical access looks perfectly legitimate on paper but deviates entirely from its actual business task.</p><p>Intent-Based Access Control (IBAC) represents the necessary evolution of zero-trust architecture for the AI era. By forcing agents to declare their goals, tracking their multi-step execution paths, and binding identity directly to an authorized purpose in real-time, security teams can safely govern systems without choking innovation.</p><p>To prepare enterprise infrastructure for non-deterministic workloads, identity and security architects must transition from static access management to dynamic runtime controls. </p><p>Some core initiatives to consider over the next 90 days:</p><ul><li><p><strong><span>Consider Intent Declaration:</span></strong><span> Mandate that any autonomous agent or copilot must cryptographically or programmatically declare its multi-step execution path </span><em><span>before</span></em><span> it is granted access to high-value enterprise endpoints.</span></p></li><li><p><strong><span>Establish Identity-Intent Binding:</span></strong><span> Bridge the attribution gap by ensuring every API or database call initiated by an agent inherits a time-bound, ephemeral token that explicitly maps back to a verified human owner and a specific, approved business goal.</span></p></li><li><p><strong><span>Monitor and Mitigate Intent Drift:</span></strong><span> Deploy boundary instrumentation capable of checking the state of a live session. If an agent shifts from its declared task (e.g., changing a task from &#8220;summarising data&#8221; to &#8220;exporting data&#8221;), the platform must instantly flag the drift or automatically revoke access - essentially an observability problem.</span></p></li><li><p><strong><span>Adopt Graduated-Response Policies:</span></strong><span> Move away from binary &#8220;allow/deny&#8221; logic. For ambiguous or moderate-risk agent behaviour, implement flexible, automated guardrails such as routing requests to a human-in-the-loop approval queue, downgrading session permissions, or steering the agent into an isolated monitoring sandbox.</span></p></li></ul><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!IFBE!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!IFBE!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png 424w, https://substackcdn.com/image/fetch/$s_!IFBE!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png 848w, https://substackcdn.com/image/fetch/$s_!IFBE!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png 1272w, https://substackcdn.com/image/fetch/$s_!IFBE!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!IFBE!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png" width="1256" height="638" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:638,&quot;width&quot;:1256,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:610679,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/203680123?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!IFBE!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png 424w, https://substackcdn.com/image/fetch/$s_!IFBE!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png 848w, https://substackcdn.com/image/fetch/$s_!IFBE!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png 1272w, https://substackcdn.com/image/fetch/$s_!IFBE!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F66551640-93ce-4956-90c2-6a75d8aa5dbb_1256x638.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><h3><strong>About The Author</strong></h3><p>Simon Moffatt has over 25 years of experience in IAM, cyber, and identity security. He is the founder of <a href="https://www.thecyberhut.com/">The Cyber Hut</a>, a specialist research and advisory firm based out of the UK. He is the author of <a href="https://a.co/d/7oO2oOW">CIAM Design Fundamentals</a> and <a href="https://www.thecyberhut.com/iam%20at%202035/">IAM at 2035</a>: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker, and a strategic advisor to entities in the public and private sectors.</p><p>Last updated 29 June 2026. </p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://calendly.com/simonmof/payg-1hr-vendor-discussion?back=1&quot;,&quot;text&quot;:&quot;Book Consultation to Discuss&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://calendly.com/simonmof/payg-1hr-vendor-discussion?back=1"><span>Book Consultation to Discuss</span></a></p><div><hr></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://radar.thecyberhut.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share&quot;,&quot;text&quot;:&quot;Share The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;action&quot;:null,&quot;class&quot;:&quot;button-wrapper&quot;}" data-component-name="ButtonCreateButton"><a class="button primary button-wrapper" href="https://radar.thecyberhut.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share"><span>Share The Cyber Hut Radar - Emerging Technology Research</span></a></p><p></p>]]></content:encoded></item><item><title><![CDATA[Guide for Adopting Identity-Aware Privileged Access Management]]></title><description><![CDATA[Supporting Zero Touch Production Access]]></description><link>https://radar.thecyberhut.com/p/guide-for-adopting-identity-aware</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/guide-for-adopting-identity-aware</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Fri, 26 Jun 2026 10:31:10 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!qe6M!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F389668c1-fc70-4b96-87dd-ac8f82851742_1227x1282.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>Executive Summary</h2><p><span>Identity-aware modern privileged access management (PAM) introduces the ability for organisations to deliver improved capabilities for discovering, securing and monitoring privileged&#8230;</span></p>
      <p>
          <a href="https://radar.thecyberhut.com/p/guide-for-adopting-identity-aware">
              Read more
          </a>
      </p>
   ]]></content:encoded></item><item><title><![CDATA[Identiverse 2026 Reviewed: Are We Ready for the AI Era?]]></title><description><![CDATA[Buzz words abound, but it's only the beginning of the AI era]]></description><link>https://radar.thecyberhut.com/p/identiverse-2026-reviewed-are-we</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/identiverse-2026-reviewed-are-we</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Wed, 24 Jun 2026 09:42:27 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!QbOD!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>"Now this is not the end. It is not even the beginning of the end. But it is, perhaps, the end of the beginning."</em> Albeit attributed to one Winston Churchill in somewhat more serious times, the identity and access management era has definitely moved into a different epoch. The world of static permissions, human-centric platforms, blinds spots and isolated systems is over.</p><p>Non-human discover-ability, runtime controls and agentic intent management are now becoming table stakes - in conversations at least.</p><p>Has the AI-identity era begun, or are just saying goodbye to the beginning of IAM as we know it?</p><div><hr></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!3BpQ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!3BpQ!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png 424w, https://substackcdn.com/image/fetch/$s_!3BpQ!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png 848w, https://substackcdn.com/image/fetch/$s_!3BpQ!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png 1272w, https://substackcdn.com/image/fetch/$s_!3BpQ!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!3BpQ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png" width="1391" height="471" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:471,&quot;width&quot;:1391,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:157085,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/203239992?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!3BpQ!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png 424w, https://substackcdn.com/image/fetch/$s_!3BpQ!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png 848w, https://substackcdn.com/image/fetch/$s_!3BpQ!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png 1272w, https://substackcdn.com/image/fetch/$s_!3BpQ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F199a745e-37b7-47b1-9da1-9187222352ad_1391x471.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Last week I braved the 41 degree heat to travel over to Las Vegas for the <a href="https://identiverse.com/idv26/?utm_source=radar.thecyberhut.com">Identiverse</a> 2026 event. As always, an immersive 4 day conference, with a range of established and emerging vendors, practitioner talks, breakout sessions and of course World Cup games.</p><p>Whilst I didn&#8217;t attend as many event talks as I would have liked, vendor briefings, side hustles, beer and coffee chat and general wanderings proved incredibly insightful to what is happening and what may be emerging.</p><div><hr></div><h2>What it is in the Rear View Mirror</h2><p>Technology evolves, standards come, go and come back again and capabilities disappear. Several &#8220;perfect storm&#8221; moments are happening in identity right now and are changing entirely how we design, buy and think about IAM features.</p><h3>Zero Trust, Cloud and API Economy</h3><p>Let&#8217;s start with a few givens. The multi-decade migration to zero trust (ZTNA) is of course still a thing. Many organisations are not fully there and are slowly but surely embracing a perimeter-less approach to data access, edge security and continuous forms of authentication and access management. No one explains this anymore. Business cases rarely need to be made internally, but the implementation, migration and operational management still needs to be done. All in ZTNA is just the defacto way of discussing general network security - and of course IAM is central to this design paradigm.</p><p>Two other concepts that are really just &#8220;givens&#8221; are the cloud-first consumption of IAM features and the ability to consume these services as APIs. Absolutely the &#8220;hybrid&#8221; deployment approach is and will continue to be a thing for a long time yet - and this is something I&#8217;ve discussed many times on <a href="https://www.thecyberhut.com/podcast/">The Analyst Brief Podcast</a> - but these two non-functional requirements are the default deployment and consumption facade and not the exception.</p><p>The general narratives from vendors and system integrators follows this, with the general assumption that a buy-side org will engage with identity services via a subscription, cloud and API deployment that will fit natively into a &#8220;continuous&#8221; IAM strategy that supports ZTNA. Of course, what &#8220;continuous IAM&#8221; actually is I will cover later.</p><div><hr></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://radar.thecyberhut.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">The Cyber Hut Radar - Identity Security and IAM Intelligence - become a free or paid subscriber for future updates.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><div><hr></div><h3>Moving Towards Obsolescence</h3><p>Of course AI is and was everywhere. Nearly every (maybe <em>every) </em>vendor had some narrative around AI. Perhaps securing all of AI (ambitious) or more likely agentic-identity security. Suddenly, since the end of say 2024 we&#8217;re seeing many often confusing, conflicting and sometimes conflating ideas, questions and concepts relating to AI security.</p><p>We see two distinct phases: <strong><a href="https://academy.thecyberhut.com/p/33-what-role-does-ai-play-in-iam">AI for IAM</a></strong> and <strong>IAM for AI</strong>. If we tackle the former for a moment and add in some ideas around what might suddenly start to become obsolete from an IAM point of view in the not too distant future. Of course any predictions of the like are able to come back and haunt, so take this with a pinch of salt. </p><p>What can AI help us with in the IAM world and let us get on with some &#8220;real problems&#8221;.</p><ol><li><p><strong>Populating</strong> <strong>descriptions</strong> <strong>for AD group, roles and policies:</strong> this is boring manual work that expensive humans hate. We avoided it and the result was group and role explosions.</p></li><li><p><strong>Access review certifications:</strong> instead of managers rubber-stamping yes/no on lists they don't understand, AI can pre-analyse each entitlement, flag anomalies and recommend approve or revoke with a rationale, reducing certification to exception handling.</p></li><li><p><strong>Writing access request justifications:</strong> users currently struggle to articulate why they need access; AI can draft the justification based on their role, peer group and the resource being requested, reducing friction and improving audit quality</p></li><li><p><strong>Application on-boarding and connector configuration:</strong> mapping an application's roles, attributes and entitlements into an IGA or access management platform is largely a pattern-recognition task - either for filling in template documents or perhaps even building the basic connector</p></li><li><p><strong>Writing and maintaining access policies: </strong>this is a game changing one, and may not be entirely made redundant, but translating business rules like "only finance team members in the EU can access payroll data during business hours" into formal policy syntax (XACML (remember that?), OPA, Rego, Cedar et al) is exactly the kind of structured translation task AI handles well, removing the bottleneck between business intent and technical policy enforcement</p></li></ol><p>Many of the above are likely to get to the 80% &#8220;automagic&#8221; point (see <a href="https://en.wikipedia.org/wiki/Pareto_efficiency">Pareto Efficiency</a> for that) without really start to &#8220;cost&#8221; anything. The last 20% might well start to make other areas less well off in the short term, but humans getting involved just for the &#8220;last mile&#8221; exceptional cases would be a huge improvement.</p><div><hr></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!QbOD!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!QbOD!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg 424w, https://substackcdn.com/image/fetch/$s_!QbOD!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg 848w, https://substackcdn.com/image/fetch/$s_!QbOD!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!QbOD!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!QbOD!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg" width="1456" height="1456" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/bcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1456,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:501993,&quot;alt&quot;:&quot;&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/203239992?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" title="" srcset="https://substackcdn.com/image/fetch/$s_!QbOD!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg 424w, https://substackcdn.com/image/fetch/$s_!QbOD!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg 848w, https://substackcdn.com/image/fetch/$s_!QbOD!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!QbOD!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbcd3d96a-6189-4d91-8f16-ed7873b34a9e_2048x2048.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><h2>What Car Are We Tailing</h2><p>So we can definitely see &#8220;light&#8221; at the end of the old-world IAM tunnel with many issues hopefully starting to disappear - or at least move towards a potential obsolescence time line. But we can&#8217;t just put our feet up at this point. </p><p>We (as identity and cyber security nerds) now have <em>more </em>to worry about, as instead of just fixating on human-identity, we have to manage non-human and agentic-identity too.</p><p>Identiverse generated many interesting points around AI and agentic security - some exciting, some insightful, some obvious, some very wrong (?!), some tedious but all entirely useful as signals to what is happening in both the vendor land and practitioners worlds. </p><p>Let me jot down a synthesised view of some of the key statements and questions that dominated many of conversations and briefings I had last week:</p><h3>Statements</h3><ol><li><p>Agentic access without governance is a risk</p></li><li><p>Secrets sprawl is the new shadow IT</p></li><li><p>NHI: the identity problem nobody planned for</p></li><li><p>Non-human identities now outnumber human identities in the enterprise</p></li><li><p>AI agents are the new insider threat vector</p></li><li><p>Every AI agent needs an identity, a role and an access policy</p></li><li><p>Agents amplify the weaknesses inherit in human authorization management</p></li></ol><h3>Questions</h3><ol><li><p>Who authorises the AI agent?</p></li><li><p>Who should access an AI agent?</p></li><li><p>How to support JiT/ZSP for agents?</p></li><li><p>How to find an owner for an agent?</p></li><li><p>Can you revoke access from an AI agent in real time?</p></li><li><p>Can you see all of your AI agents?</p></li><li><p>What happens when your AI agent gets compromised?</p></li><li><p>Does your IAM strategy cover non-human identities?</p></li><li><p>What is intent management?</p></li></ol><p>So we have the <strong>fear</strong> - volume, variety and vulnerability - and the <strong>complexity</strong> - intent, governance and management.</p><p>I would like to add in a few more comments here. We need to step back a little and think about what we <em>really</em> want to fix as an industry. If we return back to the World Cup for a second, Agentic-identity is a little like a friendly match before the tournament starts, or perhaps the first half of group game 1. It&#8217;s frantic, hot, full of mistakes and to be honest, the result doesn&#8217;t mean a great deal. But we can use it to learn.</p><p>We are very early with respect to deployment, design patterns, standards and real world experience when it comes to agentic-identity. Yes AI and specifically agentic-deployments are sky rocketing, but equally we don&#8217;t have decades worth of project scars to rely upon. We are generating more questions than answers right now, and that is perfectly fine.</p><p>But it is important to work out what is tactical versus what is long term and strategic.</p><h4>Tactical Concerns</h4><ol><li><p>Securing MCP</p></li><li><p>Securing RAG</p></li><li><p>Agentic Discovery and Ownership</p></li></ol><h4>Stragetic Concerns</h4><ol><li><p>Attribution and Intent (biological, lineage, behaviour, accountability)</p></li><li><p>Trusted Interactions (humans, non-humans, agents, service providers)</p></li><li><p>Data Authentication and Integrity (organisational, geo-politcal, societal)</p></li></ol><p>The divide between tactical and strategic is important - namely as the tactical phases of technology evolution are moving increasingly fast. AI makes feature acquisition &#8220;fast&#8221; - in the sense incumbent platforms can extend at the edge of their horizontal capabilities very quickly. Previously this may have required acquisitions or partnerships. Today that means AI-assisted development.</p><p>As today we see &#8220;AI Security&#8221; and &#8220;Agentic Security&#8221; vendors, whereas tomorrow all &#8220;infosec vendors&#8221; will be AI and agentic security vendors by proxy.</p><div><hr></div><p>Further Resources:</p><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;98caa07c-02cd-497f-bccd-82effb6be60e&quot;,&quot;caption&quot;:&quot;The What&quot;,&quot;cta&quot;:null,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Cheat Sheet: Agentic AI Identity Security&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Independent identity security research and IAM vendor intelligence&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2025-06-13T11:09:55.415Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!oSWp!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2b94653e-c1ac-4b4d-a801-b2b909d84cdf_730x678.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/cheatsheet-agentic-ai-identity-security&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:165631024,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:5,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Identity Security and IAM Intelligence&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;5856b347-3be5-44b5-99c8-e4a07f43988b&quot;,&quot;caption&quot;:&quot;The What&quot;,&quot;cta&quot;:null,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Cheat Sheet: Agentic Identity Owner Discovery&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Independent identity security research and IAM vendor intelligence&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2026-04-14T09:57:28.119Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!cpBS!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/cheat-sheet-agentic-identity-owner&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:194074390,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:2,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Identity Security and IAM Intelligence&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;e73713cf-c176-4bf1-9291-118d6f23bb1a&quot;,&quot;caption&quot;:&quot;The What&quot;,&quot;cta&quot;:null,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Cheat Sheet: MCP Security&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Independent identity security research and IAM vendor intelligence&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2025-07-09T13:18:09.673Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!yZjh!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff3768f6d-1f64-456d-a83c-ad7316982ca3_743x516.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/cheatsheet-mcp-security&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:166967702,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:0,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Identity Security and IAM Intelligence&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div><hr></div><h2>Where Are We Heading</h2><p>The strategic concerns are really where we we are heading towards - with several bumps in the road as we get there.</p><p>There has been considerable uptick in the past 24 months in concepts like data encryption, post-quantum crypto, <a href="https://academy.thecyberhut.com/p/27-what-is-the-role-of-cryptography">crypto-agility</a> and authorization. None are AI-specific, but AI deployments are amplifying vulnerabilities in some of these core areas.</p><p>A more AI-centric concept that has emerged both in 2024 and certainly at Identiverse was that of Intent Management. (This is a concept The Cyber Hut are actively tracking and are looking to release a <a href="https://radar.thecyberhut.com/t/cheatsheet">cheat sheet</a> on this in July 2026 - if you are a vendor in this area get in <a href="http://thecyberhut.com/contact">touch</a> for a briefing). </p><p>I will cover intent in more detail next month, but essentially agentic access management requires three distinct anchor components:</p><ol><li><p>Guardrails (outer bounds for expected behaviour - prompting, ingress, egress)</p></li><li><p>Authorization (PDP/PEP, PBAC, <a href="https://academy.thecyberhut.com/p/39-what-is-just-in-time-access-and">JiT</a>)</p></li><li><p>Intent Analysis (behaviour, drift, sequencing)</p></li></ol><p>What do these components ultimately do? They identify risk (at runtime), detect if a composite threshold has been reached and do something about it. Both the &#8220;threshold&#8221; crossing and &#8220;do something about it&#8221; are still very much in their infancy but solutions are developing rapidly here. For certain the response will be more than just an &#8220;allow or deny&#8221; and must contend with fine grained access changes, perhaps deceptive redirection and monitoring along with degradation and disruption ideas.</p><h3>Bumps in the Road</h3><p>Several conversations (nods to the likes of Transmit, Descope and LoginRadius here) have touched on the agentic-commerce area - with agents operating on the behalf of a consumer. This can have some very interesting consequences with respect to how a service provider binds and owns a B2C identity. Will the agent essentially act as a barrier to a personalised experience and disrupt data capture? Or improve privacy? The ability to expose services, products, pricing and the like to AI search engines is popular. The secondary aspect here is to expose agents that can in turn &#8220;talk&#8221; to agents operating on-behalf-off (OBO) of a B2C identity. This is emerging and patterns have not become stable.</p><p>A further comment on intent and agentic behaviour observation. A term that is popping up more is that of an LLM &#8220;judge&#8221; or observer. This is essentially trying to act as the independent analyser of behaviour that also carriers the same non-functional characteristics of the thing it is monitoring - namely optimization and learn-from-doing. </p><p>To that end are we simply heading to a &#8220;robot-wars&#8221; scenario, where only AI can protect AI?</p><div><hr></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!cuYK!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!cuYK!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png 424w, https://substackcdn.com/image/fetch/$s_!cuYK!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png 848w, https://substackcdn.com/image/fetch/$s_!cuYK!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png 1272w, https://substackcdn.com/image/fetch/$s_!cuYK!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!cuYK!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png" width="1456" height="1456" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/f9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1456,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:12432306,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/203239992?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!cuYK!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png 424w, https://substackcdn.com/image/fetch/$s_!cuYK!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png 848w, https://substackcdn.com/image/fetch/$s_!cuYK!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png 1272w, https://substackcdn.com/image/fetch/$s_!cuYK!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9ec6f67-c580-4f58-a207-5a03e96a238f_3264x3264.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><h2>Event Shout Outs</h2><p>I did manage some &#8220;time out&#8221; from briefings and the Expo floor and shout outs to P0 Security, The Identity Underground, Silverfort, Britive and Saviynt for some great post-event &#8220;parties&#8221;.</p><p>Thanks also to those that attended The Cyber Hut watch event for the England -v- Croatia World Cup game at Flanker Kitchen and Sports Bar.  Great turnout and an England victory!</p><h2>Podcast Shout Outs</h2><p>Thanks also to the <a href="https://www.silverfort.com/identity-decoded-podcast/">Silverfort Identity Decoded Podcast</a> and <a href="https://saviynt.com/en-gb/savitalk">Saviynt SaviTalk Podcast</a> for having me on your shows and the great conversations. Watch out for when those shows drop soon!</p><h2>Vendor Briefing Shout Outs</h2><p>As a former vendor guy for 15 years I understand totally that conferences can be exhausting for vendors. Customer meetings, prospect meetings, partner meetings, VC meetings, then booth duty, then having to brief analysts on your current (and often changing) plans. I spoke to many vendors last week, but a specific shout out to those I met for 1-2-1s and briefings:</p><p>Aembit, AppViewX, Britive, C1, Crowdstrike, Descope, ManageEngine, Ory, P0 Security, Redblock, Reva, Saviynt, Silverfort, Stackbob, WSO2</p><div><hr></div><p>Further Training Resources:</p><div class="embedded-post-wrap" data-attrs="{&quot;id&quot;:189244734,&quot;url&quot;:&quot;https://academy.thecyberhut.com/p/39-what-is-just-in-time-access-and&quot;,&quot;publication_id&quot;:1795411,&quot;publication_name&quot;:&quot;The Cyber Hut Academy - IAM and Identity Security Training&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!LgyR!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef8056ca-aa12-4401-b02e-ad4f183f5eeb_300x300.png&quot;,&quot;title&quot;:&quot;39: Just-in-Time Access and Zero Standing Privileges Explained: The Future of Least Privilege&quot;,&quot;truncated_body_text&quot;:null,&quot;date&quot;:&quot;2026-02-26T12:57:36.833Z&quot;,&quot;like_count&quot;:3,&quot;comment_count&quot;:0,&quot;bylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;handle&quot;:&quot;thecyberhut&quot;,&quot;previous_name&quot;:null,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;bio&quot;:&quot;Independent identity security research and IAM vendor intelligence&quot;,&quot;profile_set_up_at&quot;:&quot;2022-10-21T09:39:20.518Z&quot;,&quot;reader_installed_at&quot;:&quot;2024-11-12T21:34:06.194Z&quot;,&quot;publicationUsers&quot;:[{&quot;id&quot;:1104346,&quot;user_id&quot;:34112948,&quot;publication_id&quot;:1152167,&quot;role&quot;:&quot;admin&quot;,&quot;public&quot;:true,&quot;is_primary&quot;:true,&quot;publication&quot;:{&quot;id&quot;:1152167,&quot;name&quot;:&quot;The Cyber Hut Radar - Identity Security and IAM Intelligence&quot;,&quot;subdomain&quot;:&quot;thecyberhut&quot;,&quot;custom_domain&quot;:&quot;radar.thecyberhut.com&quot;,&quot;custom_domain_optional&quot;:false,&quot;hero_text&quot;:&quot;Independent identity security research and IAM vendor intelligence for CISOs, security architects and IAM professionals &#8212; covering NHI, PAM, IGA, ITDR, zero trust and more&quot;,&quot;logo_url&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;author_id&quot;:34112948,&quot;primary_user_id&quot;:34112948,&quot;theme_var_background_pop&quot;:&quot;#FF0000&quot;,&quot;created_at&quot;:&quot;2022-10-21T09:41:35.891Z&quot;,&quot;email_from_name&quot;:&quot;The Cyber Hut Radar&quot;,&quot;copyright&quot;:&quot;The Cyber Hut&quot;,&quot;founding_plan_name&quot;:null,&quot;community_enabled&quot;:true,&quot;invite_only&quot;:false,&quot;payments_state&quot;:&quot;enabled&quot;,&quot;language&quot;:null,&quot;explicit&quot;:false,&quot;homepage_type&quot;:&quot;newspaper&quot;,&quot;is_personal_mode&quot;:false,&quot;logo_url_wide&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/92e276a4-0fa6-491e-8b41-0778f35ea407_556x230.png&quot;}},{&quot;id&quot;:1778865,&quot;user_id&quot;:34112948,&quot;publication_id&quot;:1795411,&quot;role&quot;:&quot;admin&quot;,&quot;public&quot;:true,&quot;is_primary&quot;:false,&quot;publication&quot;:{&quot;id&quot;:1795411,&quot;name&quot;:&quot;The Cyber Hut Academy - IAM and Identity Security Training&quot;,&quot;subdomain&quot;:&quot;iambitesize&quot;,&quot;custom_domain&quot;:&quot;academy.thecyberhut.com&quot;,&quot;custom_domain_optional&quot;:false,&quot;hero_text&quot;:&quot;Zero-to-hero identity security training for IAM professionals, security architects and CISOs &#8212; key concepts, acronyms and market sectors explained in 10 minutes or less by analyst Simon Moffatt&quot;,&quot;logo_url&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/ef8056ca-aa12-4401-b02e-ad4f183f5eeb_300x300.png&quot;,&quot;author_id&quot;:34112948,&quot;primary_user_id&quot;:null,&quot;theme_var_background_pop&quot;:&quot;#EA82FF&quot;,&quot;created_at&quot;:&quot;2023-07-11T15:14:18.664Z&quot;,&quot;email_from_name&quot;:&quot;The Cyber Hut Academy&quot;,&quot;copyright&quot;:&quot;The Cyber Hut&quot;,&quot;founding_plan_name&quot;:null,&quot;community_enabled&quot;:true,&quot;invite_only&quot;:false,&quot;payments_state&quot;:&quot;enabled&quot;,&quot;language&quot;:null,&quot;explicit&quot;:false,&quot;homepage_type&quot;:&quot;newspaper&quot;,&quot;is_personal_mode&quot;:false,&quot;logo_url_wide&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/da748bb7-4564-41e6-b0ac-4f01c9b5c203_556x230.png&quot;}}],&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null,&quot;status&quot;:{&quot;bestsellerTier&quot;:null,&quot;subscriberTier&quot;:null,&quot;leaderboard&quot;:null,&quot;vip&quot;:false,&quot;badge&quot;:null,&quot;subscriber&quot;:null}}],&quot;utm_campaign&quot;:null,&quot;belowTheFold&quot;:true,&quot;type&quot;:&quot;newsletter&quot;,&quot;language&quot;:&quot;en&quot;,&quot;source&quot;:null}" data-component-name="EmbeddedPostToDOM"><a class="embedded-post" native="true" href="https://academy.thecyberhut.com/p/39-what-is-just-in-time-access-and?utm_source=substack&amp;utm_campaign=post_embed&amp;utm_medium=web"><div class="embedded-post-header"><img class="embedded-post-publication-logo" src="https://substackcdn.com/image/fetch/$s_!LgyR!,w_56,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef8056ca-aa12-4401-b02e-ad4f183f5eeb_300x300.png" loading="lazy"><span class="embedded-post-publication-name">The Cyber Hut Academy - IAM and Identity Security Training</span></div><div class="embedded-post-title-wrapper"><div class="embedded-post-title">39: Just-in-Time Access and Zero Standing Privileges Explained: The Future of Least Privilege</div></div><div class="embedded-post-cta-wrapper"><span class="embedded-post-cta">Read more</span></div><div class="embedded-post-meta">4 months ago &#183; 3 likes &#183; The Cyber Hut</div></a></div><div class="embedded-post-wrap" data-attrs="{&quot;id&quot;:165265482,&quot;url&quot;:&quot;https://academy.thecyberhut.com/p/33-what-role-does-ai-play-in-iam&quot;,&quot;publication_id&quot;:1795411,&quot;publication_name&quot;:&quot;The Cyber Hut Academy - IAM and Identity Security Training&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!LgyR!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef8056ca-aa12-4401-b02e-ad4f183f5eeb_300x300.png&quot;,&quot;title&quot;:&quot;33: What Role does AI play in IAM?&quot;,&quot;truncated_body_text&quot;:null,&quot;date&quot;:&quot;2025-06-05T13:37:24.590Z&quot;,&quot;like_count&quot;:0,&quot;comment_count&quot;:0,&quot;bylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;handle&quot;:&quot;thecyberhut&quot;,&quot;previous_name&quot;:null,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;bio&quot;:&quot;Independent identity security research and IAM vendor intelligence&quot;,&quot;profile_set_up_at&quot;:&quot;2022-10-21T09:39:20.518Z&quot;,&quot;reader_installed_at&quot;:&quot;2024-11-12T21:34:06.194Z&quot;,&quot;publicationUsers&quot;:[{&quot;id&quot;:1104346,&quot;user_id&quot;:34112948,&quot;publication_id&quot;:1152167,&quot;role&quot;:&quot;admin&quot;,&quot;public&quot;:true,&quot;is_primary&quot;:true,&quot;publication&quot;:{&quot;id&quot;:1152167,&quot;name&quot;:&quot;The Cyber Hut Radar - Identity Security and IAM Intelligence&quot;,&quot;subdomain&quot;:&quot;thecyberhut&quot;,&quot;custom_domain&quot;:&quot;radar.thecyberhut.com&quot;,&quot;custom_domain_optional&quot;:false,&quot;hero_text&quot;:&quot;Independent identity security research and IAM vendor intelligence for CISOs, security architects and IAM professionals &#8212; covering NHI, PAM, IGA, ITDR, zero trust and more&quot;,&quot;logo_url&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;author_id&quot;:34112948,&quot;primary_user_id&quot;:34112948,&quot;theme_var_background_pop&quot;:&quot;#FF0000&quot;,&quot;created_at&quot;:&quot;2022-10-21T09:41:35.891Z&quot;,&quot;email_from_name&quot;:&quot;The Cyber Hut Radar&quot;,&quot;copyright&quot;:&quot;The Cyber Hut&quot;,&quot;founding_plan_name&quot;:null,&quot;community_enabled&quot;:true,&quot;invite_only&quot;:false,&quot;payments_state&quot;:&quot;enabled&quot;,&quot;language&quot;:null,&quot;explicit&quot;:false,&quot;homepage_type&quot;:&quot;newspaper&quot;,&quot;is_personal_mode&quot;:false,&quot;logo_url_wide&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/92e276a4-0fa6-491e-8b41-0778f35ea407_556x230.png&quot;}},{&quot;id&quot;:1778865,&quot;user_id&quot;:34112948,&quot;publication_id&quot;:1795411,&quot;role&quot;:&quot;admin&quot;,&quot;public&quot;:true,&quot;is_primary&quot;:false,&quot;publication&quot;:{&quot;id&quot;:1795411,&quot;name&quot;:&quot;The Cyber Hut Academy - IAM and Identity Security Training&quot;,&quot;subdomain&quot;:&quot;iambitesize&quot;,&quot;custom_domain&quot;:&quot;academy.thecyberhut.com&quot;,&quot;custom_domain_optional&quot;:false,&quot;hero_text&quot;:&quot;Zero-to-hero identity security training for IAM professionals, security architects and CISOs &#8212; key concepts, acronyms and market sectors explained in 10 minutes or less by analyst Simon Moffatt&quot;,&quot;logo_url&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/ef8056ca-aa12-4401-b02e-ad4f183f5eeb_300x300.png&quot;,&quot;author_id&quot;:34112948,&quot;primary_user_id&quot;:null,&quot;theme_var_background_pop&quot;:&quot;#EA82FF&quot;,&quot;created_at&quot;:&quot;2023-07-11T15:14:18.664Z&quot;,&quot;email_from_name&quot;:&quot;The Cyber Hut Academy&quot;,&quot;copyright&quot;:&quot;The Cyber Hut&quot;,&quot;founding_plan_name&quot;:null,&quot;community_enabled&quot;:true,&quot;invite_only&quot;:false,&quot;payments_state&quot;:&quot;enabled&quot;,&quot;language&quot;:null,&quot;explicit&quot;:false,&quot;homepage_type&quot;:&quot;newspaper&quot;,&quot;is_personal_mode&quot;:false,&quot;logo_url_wide&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/da748bb7-4564-41e6-b0ac-4f01c9b5c203_556x230.png&quot;}}],&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null,&quot;status&quot;:{&quot;bestsellerTier&quot;:null,&quot;subscriberTier&quot;:null,&quot;leaderboard&quot;:null,&quot;vip&quot;:false,&quot;badge&quot;:null,&quot;subscriber&quot;:null}}],&quot;utm_campaign&quot;:null,&quot;belowTheFold&quot;:true,&quot;type&quot;:&quot;newsletter&quot;,&quot;language&quot;:&quot;en&quot;,&quot;source&quot;:null}" data-component-name="EmbeddedPostToDOM"><a class="embedded-post" native="true" href="https://academy.thecyberhut.com/p/33-what-role-does-ai-play-in-iam?utm_source=substack&amp;utm_campaign=post_embed&amp;utm_medium=web"><div class="embedded-post-header"><img class="embedded-post-publication-logo" src="https://substackcdn.com/image/fetch/$s_!LgyR!,w_56,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fef8056ca-aa12-4401-b02e-ad4f183f5eeb_300x300.png" loading="lazy"><span class="embedded-post-publication-name">The Cyber Hut Academy - IAM and Identity Security Training</span></div><div class="embedded-post-title-wrapper"><div class="embedded-post-title">33: What Role does AI play in IAM?</div></div><div class="embedded-post-cta-wrapper"><span class="embedded-post-cta">Read more</span></div><div class="embedded-post-meta">a year ago &#183; The Cyber Hut</div></a></div><div><hr></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!oViu!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!oViu!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png 424w, https://substackcdn.com/image/fetch/$s_!oViu!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png 848w, https://substackcdn.com/image/fetch/$s_!oViu!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png 1272w, https://substackcdn.com/image/fetch/$s_!oViu!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!oViu!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png" width="1324" height="800" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:800,&quot;width&quot;:1324,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:466857,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/203239992?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!oViu!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png 424w, https://substackcdn.com/image/fetch/$s_!oViu!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png 848w, https://substackcdn.com/image/fetch/$s_!oViu!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png 1272w, https://substackcdn.com/image/fetch/$s_!oViu!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2469e6de-f795-43cf-9baa-1cd66141a8eb_1324x800.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://www.youtube.com/@thecyberhutTV&quot;,&quot;text&quot;:&quot;Follow The Cyber Hut TV&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://www.youtube.com/@thecyberhutTV"><span>Follow The Cyber Hut TV</span></a></p><div><hr></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://join.slack.com/t/thecyberhut/shared_invite/zt-40mnz64xh-QJbbuMJUPOS8qew3zids9A&quot;,&quot;text&quot;:&quot;Carry on the Chat - The Cyber Hut Slack&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://join.slack.com/t/thecyberhut/shared_invite/zt-40mnz64xh-QJbbuMJUPOS8qew3zids9A"><span>Carry on the Chat - The Cyber Hut Slack</span></a></p><div><hr></div><h2><strong>About The Author</strong></h2><p><span>Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of </span><a href="https://www.thecyberhut.com/">The Cyber Hut</a><span> - a specialist research and advisory firm based out of the UK. He is author of </span><a href="https://a.co/d/7oO2oOW">CIAM Design Fundamentals</a><span> and </span><a href="https://www.thecyberhut.com/iam%20at%202035/">IAM at 2035</a><span>: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.</span></p>]]></content:encoded></item><item><title><![CDATA[Analyst Comment: What Does Entro Security Give Sailpoint?]]></title><description><![CDATA[Last week identity governance and administration (IGA) giants SailPoint announced its intention to acquire Israeli startup Entro Security as part of a broader strategy to expand beyond traditional IG&#8230;]]></description><link>https://radar.thecyberhut.com/p/analyst-comment-what-does-entro-security</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/analyst-comment-what-does-entro-security</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 23 Jun 2026 10:07:39 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!mNHK!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fcd9f2e70-9ae6-454b-912d-6903bd46f72d_1536x1024.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Last week identity governance and administration (IGA) giants <a href="https://www.sailpoint.com/">SailPoint</a> <a href="https://www.sailpoint.com/press-releases/sailpoint-announces-intent-to-acquire-entro-security?utm_source=radar.thecyberhut.com">announced</a> its intention to acquire Israeli startup <a href="https://entro.security/">Entro Security</a> as part of a broader strategy to expand beyond traditional IG&#8230;</p>
      <p>
          <a href="https://radar.thecyberhut.com/p/analyst-comment-what-does-entro-security">
              Read more
          </a>
      </p>
   ]]></content:encoded></item><item><title><![CDATA[From DIY to Done Right]]></title><description><![CDATA[How Production IAM Turns Identity into a Builder Advantage]]></description><link>https://radar.thecyberhut.com/p/from-diy-to-done-right</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/from-diy-to-done-right</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 09 Jun 2026 17:01:58 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!GP36!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>IAM is More Than Just Login</h2><ul><li><p>Scale - volume, throughput, usage</p></li><li><p>Complexity - security, usability, privacy and personalisation</p></li><li><p>Flexibility and modularity</p></li></ul><p>Identity and Access Management (IAM) is more than just the login box. Whilst that is the first thing many customers and citizens encounter when they attempt to access a downstream system or application, the underlying capabilities and skills required to build such an authentication flow are clearly more complicated than that. In addition, authentication is only ever part of a broader set of requirements that span the entire end to end life-cycle of an identity - from acquisition and on-boarding to storage, session management, privacy and robust access control.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!GP36!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!GP36!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!GP36!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!GP36!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!GP36!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!GP36!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png" width="1402" height="1122" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/ad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1122,&quot;width&quot;:1402,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1134980,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/201277930?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!GP36!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png 424w, https://substackcdn.com/image/fetch/$s_!GP36!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png 848w, https://substackcdn.com/image/fetch/$s_!GP36!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png 1272w, https://substackcdn.com/image/fetch/$s_!GP36!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fad2ae0bc-0ef4-4412-b53a-6723dfa96f65_1402x1122.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The counter point of course, is that you can go faster on your own, but further in a crowd and in some respects that applies perfectly to IAM platforms. Whilst many initiatives often start with minimal IAM requirements, they can rapidly morph into a sprawling mix of security, data, scale and privacy needs. At first glance the initial signup and sign-in flows seem like easy candidates for self-build and DIY initiatives but will soon run into scale and complexity challenges.</p><p>Scale is not just associated with the volume of identities from a storage point of view though - we need to also consider concepts such a throughput - which is likely to be non-linear and elasticity. By this I mean there is a certain level of uncertainty and uncontrollability in B2C and even B2B2x environments where throughput for both signup and sign-in can vary hugely during particular external events - such as competitions, marketing campaigns or government deadlines. A more recent amplification of scale requirements comes in the form of NHI and agentic identity - where volume of identities and transaction rates for things like authorization enforcement are considerably higher than traditional environments.</p><p>From a feature requirements perspective too, we also see several conflicts - the classic security versus usability aspect and also personalisation versus privacy - which can be complex to solve with homegrown and DIY solutions.</p><div><hr></div><h2>Secure, Usable and Privacy Enabling</h2><ul><li><p>Evolving Threats and Standards</p></li><li><p>Compliance and Consent</p></li></ul><p>Supporting both a usable and secure, compliant and omni-channel experience that empowers and attracts end users requires a blended approach of many different options.</p><p>Building that for one application or service is possible - but a strategic view of IAM requires that to be completed for all systems and services, in a repeatable and cost effective manner. This latter point is becoming increasingly important - as poor experiences certainly impact sign up and in turn revenue generation - and combining that with the personnel costs of home grown solutions can result in a significant negative cost situation.</p><p>The impact of strategically supporting a usable experience across multiple applications, sites and brands is complex. It requires a deep understanding of end user types and preferences, subtle differences in localization and age-related patterns of usage as well as supporting a variety of options for authentication, signup, transaction processing and content management. Whilst some of those signals are controllable, the security aspect may not be.</p><p>B2C identity introduces considerably more uncontrollable elements than workforce identity. Not only are volume, growth and throughput often difficult to estimate, external threats and changes in the tactics, techniques and procedures (TTPs) used by adversaries changes constantly. Traditional ways of approaching external facing sites was to build first and test last - as seen with the classic pen-test way of performing periodic validation of external facing components.</p><p>This has evolved hugely in the past decade and the advent of AI-centric continuous testing can allow development teams to build security in from the start, with code and dataflow analysis allowing immediate comparison to compliance requirements and the organisational risk posture.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!DPLM!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!DPLM!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png 424w, https://substackcdn.com/image/fetch/$s_!DPLM!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png 848w, https://substackcdn.com/image/fetch/$s_!DPLM!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png 1272w, https://substackcdn.com/image/fetch/$s_!DPLM!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!DPLM!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png" width="1313" height="1198" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1198,&quot;width&quot;:1313,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1396426,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/201277930?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!DPLM!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png 424w, https://substackcdn.com/image/fetch/$s_!DPLM!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png 848w, https://substackcdn.com/image/fetch/$s_!DPLM!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png 1272w, https://substackcdn.com/image/fetch/$s_!DPLM!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F29069cce-eff3-4623-bdf2-de852d0388f4_1313x1198.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The constantly evolving threat landscape is only one aspect of the many uncontrollable aspects of B2C and B2C IAM development. Standards such as OAuth2, OIDC, SCIM, FIDO and more lately AI related MCP and AgentAuth whilst mature in many respects have numerous profiles and implementation patterns that do change and require adherence to. With a specific focus on AI, more recent design patterns focused upon harness engineering and plugin-development is a good example where solution emergence often occurs faster than operational design.</p><p>Open standards provide numerous benefits including improved interoperability, simpler design and threat modelling, and knowledge economies of scale with respect to repeatable integration options. However, attempting to conform to open standards in-house requires both deep specification and also time and effort with respect to tracking, understanding and often participating in standards groups.</p><div><hr></div><div class="callout-block" data-callout="true"><p><strong>Vendor</strong> <strong>Profile</strong>: https://www.ory.com/</p><p><strong>In</strong> <strong>Their</strong> <strong>Words</strong>: &#8220;Ory. Identity for Builders. Composable, scalable, transparent IAM for agents, customers, and B2B&#8221;</p><p><strong>Headcount</strong>: ~50</p><p><strong>Funding</strong>: ~$27.5 Million</p><p><strong>The Cyber Hut Comment</strong>: Ory are a modern IAM platform, with a broad and modular set of capabilities for B2C, B2B and agentic identity. Their core foundation is to support builders and developers with a range of open source components, with production-grade platform support for repeatable deployment.</p></div><div><hr></div><h2>What Production Platforms Enable</h2><ul><li><p>Managing Uncertainty</p></li></ul><ul><li><p>Future Proofing - Building for AI and Beyond</p></li></ul><p>Uncertainty in both technology evolution and B2C identity environments cannot be avoided or removed - but it can be managed. A core benefit of a production IAM platform is that it can cloak both the business and technical change that is constantly occurring. Changes in scale, standards, application integration requirements or privacy enablement are not one-off periodic considerations that would historically have been managed by long-tail Waterfall methodologies for development. They need to be handled not in a periodic way, but in a more continuous and iterative manner - by the selection of composable capabilities as and when they are needed.</p><p>A production IAM platform like <a href="https://www.ory.com/?utm_source=radar.thecyberhut.com">Ory</a> supports a modular and customizable deployment model. This deployment model must support a range of options as the modern enterprise must contend with a growing number of application locations - from on-premises and virtual, to SaaS or API-only delivery. But that is only one aspect of the matrix - as the consumable capabilities such as user storage, federation, signup or sign-in features must also be available both in a modular fashion and a range of integration options.</p><p>A key concern of feature integration is the ability to future-proof and have a clear roadmap of new requirements. Emerging technologies and challenges with respect to non-human identity (NHI) and agentic-access management are two of those new road map items. Firstly these areas are still relatively nascent compared to design patterns for areas such as credential reset or MFA enrolment. The standards associated with them are either immature or non-existent - so building from scratch will likely lead to rip-and-replace steps in the future.</p><p>An example of this is recent extensions to the Ory platform to support API key management requirements. AI is intrinsically reliant upon data and that data is integrated via APIs. Traditional approaches to API access often relied upon hardcoded and static credentials with broad scoped access. Even though that is known to be an anti-pattern, many deployments follow such characteristics, namely due to an inability to deliver repeatable and composable solutions across numerous platforms and deployments. An externalised approach to this challenge is how production platforms like Ory can support technology evolution but also improve developer productivity. Capabilities such as short lived tokens, decentralized and distributed approaches to capability management (ie the Google Macaroons design pattern) provide a much more strategic approach.</p><p>A second aspect of the need for future-proofing also relates to AI. The gateway model of coarse grained API protection has been readily adopted for AI-world. However, with any complex technology, a broad array of security controls are needed, as is a desire to implement fine grained protection. The recent emergence of the harness-design pattern sees the ability to apply lifecycle controls via a plugin-architecture to the core LLM platforms. Ory supports such a model with the ability to restrict not only access to certain tools to AI actors (for example the Bash shell) but also restrict commands being executed within the tool itself - to helping to prevent the dreaded &#8220;rm -rf&#8221; force delete command in *nix. The ability to provide agent security across LLM platforms such as ChatGTP OpenAI or Anthropic&#8217;s Claude consistently is where a platform like Ory helps - with a range of npms:</p><ul><li><p>Claude Code &#8212;<a href="https://www.npmjs.com/package/@ory/claude-code"> @ory/claude-code</a></p></li><li><p>Gemini CLI &#8212;<a href="https://www.npmjs.com/package/@ory/gemini-cli"> @ory/gemini-cli</a></p></li><li><p>OpenAI Codex &#8212;<a href="https://www.npmjs.com/package/@ory/codex"> @ory/codex</a></p></li><li><p>OpenClaw &#8212;<a href="https://www.npmjs.com/package/@ory/openclaw"> @ory/openclaw</a></p></li><li><p>OpenCode &#8212;<a href="https://www.npmjs.com/package/@ory/opencode">@ory/opencode</a></p></li></ul><div><hr></div><h2>Benefits for Builders and Business</h2><ul><li><p>Lets Builders Build Apps</p></li><li><p>Lets the Business Grow</p></li></ul><p>A final comment on benefits. IAM is becoming more complex than ever before. We have more identities, systems and requirements to support - across a more varied deployment ecosystem. As IAM becomes more measurable and impactful for areas such as revenue generation, usability and developer productivity, a production platform essentially allows app owners and builders to do what they do best: build systems and deliver value. Externalisation of many IAM functions has been happening over the past two decades, but we now see maturity across many capabilities that can be deployed in a modular and composable design pattern. Platforms like Ory are now seen as enablers for the builders on top of them, not merely libraries and SDKs.</p><p>A more fundamental aspect, is that if builders are building more effectively and efficiently, the business by design becomes more adept at responding to change (be that external competitive pressure or compliance) and in turn can deliver more personalised experiences and revenue.</p><h2>About The Author</h2><p>Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of <a href="https://www.thecyberhut.com/">The Cyber Hut</a> - a specialist research and advisory firm based out of the UK. He is author of <a href="https://a.co/d/7oO2oOW">CIAM Design Fundamentals</a> and <a href="https://www.thecyberhut.com/iam%20at%202035/">IAM at 2035</a>: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.</p><div><hr></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://calendly.com/simonmof/payg-1hr-vendor-discussion?back=1&amp;month=2026-06&quot;,&quot;text&quot;:&quot;Book Inquiry Call&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://calendly.com/simonmof/payg-1hr-vendor-discussion?back=1&amp;month=2026-06"><span>Book Inquiry Call</span></a></p><p></p>]]></content:encoded></item><item><title><![CDATA[Auth0 Agent Permissions, Saviynt in Japan, Radiant Logic Agentic Updates, Token Security and Enzo]]></title><description><![CDATA[Plus a round up of Identity Threat Intelligence updates]]></description><link>https://radar.thecyberhut.com/p/auth0-agent-permissions-saviynt-in</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/auth0-agent-permissions-saviynt-in</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 09 Jun 2026 10:04:55 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!SsEJ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F412d66db-81fe-4d7d-a70f-8013a7db1bb1_1402x696.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2 style="text-align: center;">We Need to Build a New Trust Architecture</h2><p>We are facing a market failure in trust. Period. The past decade organisations have been racing towards adopting a zero-trust approach to network access - yet&#8230;</p>
      <p>
          <a href="https://radar.thecyberhut.com/p/auth0-agent-permissions-saviynt-in">
              Read more
          </a>
      </p>
   ]]></content:encoded></item><item><title><![CDATA[Runtime Identity Security: The Winning Move Against Frontier AI Attacks]]></title><description><![CDATA[Why we need to move identity security to runtime]]></description><link>https://radar.thecyberhut.com/p/runtime-identity-security-the-winning</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/runtime-identity-security-the-winning</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Fri, 05 Jun 2026 12:28:50 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!RFGg!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>I wrote in April on <strong><a href="https://radar.thecyberhut.com/p/claude-mythos-and-project-glasswing">Claude Mythos and Project Glasswing: The End of Cyber Security As We Know It?</a> </strong>and how the vulnerability discovery explosion will have a profound impact on both current attack methodology and future defence.</p><div class="callout-block" data-callout="true"><p><em><strong>&#8220;What are the immediate impacts?</strong></em></p><ol><li><p><em><strong>Vulnerability management has become a commodity capability</strong></em></p></li><li><p><em><strong>Triage, Remediation and Response may become an immediate bottleneck</strong></em></p></li><li><p><em><strong>Immediate defensive position may become weakened</strong></em></p></li><li><p><em><strong>Longer term defensive position becomes strengthened</strong></em></p></li><li><p><em><strong>The speed and accuracy of patch code should dramatically improve&#8221;</strong></em></p></li></ol></div><p>Mythos was not the first LLM to be used for vulnerability discovery (and exploitation) and both red and blue teamers have done this for the past 3 years using existing and competing models. The bad guys have too of course. I think what Mythos did was both amplify the ability and by using a restricted access process via Glasswing perhaps made the concept seem more alarming. Alarming it is though and introduces numerous pragmatic and strategic issues with respect to how we detect, design and respond to risk.</p><div><hr></div><p>From an identity point of view, we already have numerous issues to deal with: more identities, more types of identities, more systems and more attacks. Coupled with hybrid deployments organisations face an ever growing number of blind spots to identify and integration pathways to protect.</p><p>The litany of existing vulnerabilities across our identity landscape is both increasing and having a greater impact on both risk and productivity.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!roUe!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!roUe!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!roUe!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!roUe!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!roUe!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!roUe!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png" width="960" height="540" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:540,&quot;width&quot;:960,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:69351,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/200746397?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!roUe!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!roUe!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!roUe!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!roUe!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F9f7768cb-fc1c-44e5-8026-781d2547cfe3_960x540.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>As the inter-relation between identity types grows (think B2E and agentic, agentic and agentic, agentic to B2C etc) so too does the cascade of risk across operational boundaries. Excess permissions for an employee, married to behaviour visibility issues coupled with long lived creds and intent drift for an agent results in an almost exponential level of concern.</p><p>So to that end, we have seen an ever growing focus upon <strong>identity</strong> <strong>security</strong> - the overlay model that helps to detect and protect across the often poorly integrated pillars of identity and access management capability. This overlay focuses upon both <strong>data</strong> and <strong>runtime</strong> concerns - looking at excess permissions, session misuse, cross-application behaviour and runtime control.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!Q_CI!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!Q_CI!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!Q_CI!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!Q_CI!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!Q_CI!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!Q_CI!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png" width="960" height="540" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/bdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:540,&quot;width&quot;:960,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:102155,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/200746397?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!Q_CI!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!Q_CI!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!Q_CI!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!Q_CI!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbdf5f227-3485-4c73-b707-08fb5bc4fae9_960x540.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>How can this identity security stuff be measured? The Cyber Hut took a holistic approach to this back in 2024 when we launched our <a href="https://thecyberhut.com/idss">Identity Security Scorecard</a> concept. The main idea behind this was conceived from numerous buy-side workshops and architecture analysis sessions where I introduced several exercises to help organisations understand both their strengths and weaknesses with respect to discovering, protecting and detecting security drift across their entire identity worlds.</p><p>Ultimately though, we&#8217;re trying to &#8220;disrupt&#8221; the identity attackers flow. Clearly we also want to do this <em>before </em>their attack plans have completed. Can we detect, perform some sort of interceptive control and return the business back to a normal running state but with enhanced security?</p><div><hr></div><p>We still need to do this. But now of course, we need to also consider how AI-centric attacks are accelerating the exploitation of existing vulnerabilities across the entire end to end life cycle of identities - for people, NHIs and agents.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!fXJf!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!fXJf!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!fXJf!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!fXJf!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!fXJf!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!fXJf!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png" width="960" height="540" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:540,&quot;width&quot;:960,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:193098,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/200746397?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!fXJf!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!fXJf!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!fXJf!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!fXJf!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F803b0ea7-f111-4dc3-8eae-ea0eed58034b_960x540.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>That will include attacks against:</p><ul><li><p>Identity verification and on-boarding flows</p></li><li><p>Profile directories and databases without integrity protection</p></li><li><p>Credentials and MFA bypass</p></li><li><p>Session issuance, verification and binding functions</p></li><li><p>Reset and recovery flows</p></li><li><p>The chaining of vulnerabilities</p></li><li><p>Administrative interfaces, APIs and CLIs</p></li></ul><div><hr></div><p>In The Cyber Hut&#8217;s next industry webinar these topics will be the main focus. I will be sitting down with Roy Akerman and Rob Ainscough from <a href="https://www.silverfort.com/">Silverfort</a> for a webinar entitled &#8220;<strong>Runtime Identity Security: The Winning Move Against Frontier AI Attacks</strong>&#8221;</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!RFGg!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!RFGg!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!RFGg!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!RFGg!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!RFGg!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!RFGg!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png" width="960" height="540" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:540,&quot;width&quot;:960,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:988077,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/200746397?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!RFGg!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!RFGg!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!RFGg!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!RFGg!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F4000f5ae-0a32-4ebe-af43-433f4bbbab67_960x540.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>We&#8217;ll discuss:</p><ol><li><p>What AI-powered attacks are and how they break traditional security assumptions</p></li><li><p>The identity gaps attackers will exploit first across your environment</p></li><li><p>Security controls that can help</p></li><li><p>How to enforce Identity Security at runtime</p></li></ol><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://us06web.zoom.us/webinar/register/7417786648856/WN_4GT6Iuh8RJW22qGsGsF_pw#/registration&quot;,&quot;text&quot;:&quot;Register for Live or On Demand&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://us06web.zoom.us/webinar/register/7417786648856/WN_4GT6Iuh8RJW22qGsGsF_pw#/registration"><span>Register for Live or On Demand</span></a></p><div><hr></div><h3>About The Author</h3><p>Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of <a href="https://www.thecyberhut.com/">The Cyber Hut</a> - a specialist research and advisory firm based out of the UK. He is author of <a href="https://a.co/d/7oO2oOW">CIAM Design Fundamentals</a> and <a href="https://www.thecyberhut.com/iam%20at%202035/">IAM at 2035</a>: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.</p><div><hr></div><p></p>]]></content:encoded></item><item><title><![CDATA[Runtime Attribution, Identity + Browser Matrix, The Rise of Intent Management]]></title><description><![CDATA[Plus a round up of Identity Threat Intelligence updates]]></description><link>https://radar.thecyberhut.com/p/runtime-attribution-identity-browser</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/runtime-attribution-identity-browser</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 19 May 2026 11:32:31 GMT</pubDate><enclosure url="https://substackcdn.com/image/youtube/w_728,c_limit/5JjW456A0eY" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>Why We Built Identity Runtime Attribution for AI Agents</h2><p>Permiso Security have <a href="https://permiso.io/blog/why-we-built-identity-runtime-attribution-for-ai-agents?utm_source=thecyberhut.com">brought up the point</a> that agents need more than just posture management to make them secure. They articulate that guardrai&#8230;</p>
      <p>
          <a href="https://radar.thecyberhut.com/p/runtime-attribution-identity-browser">
              Read more
          </a>
      </p>
   ]]></content:encoded></item><item><title><![CDATA[C1 Headless Identity, Palo Alto Human Identity, Sailpoint Agentic Fabric, Strata Agentic Sprawl]]></title><description><![CDATA[Plus a round up of Identity Threat Intelligence updates]]></description><link>https://radar.thecyberhut.com/p/c1-headless-identity-palo-alto-human</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/c1-headless-identity-palo-alto-human</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 12 May 2026 10:38:35 GMT</pubDate><enclosure url="https://substackcdn.com/image/youtube/w_728,c_limit/0C_gZ3HNklE" length="0" type="image/jpeg"/><content:encoded><![CDATA[
      <p>
          <a href="https://radar.thecyberhut.com/p/c1-headless-identity-palo-alto-human">
              Read more
          </a>
      </p>
   ]]></content:encoded></item><item><title><![CDATA[Acquisitions: Cisco + Astrix Security, Silverfort + Fabrix Security]]></title><description><![CDATA[Plus a round up of Identity Threat Intelligence updates]]></description><link>https://radar.thecyberhut.com/p/acquisitions-cisco-astrix-security</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/acquisitions-cisco-astrix-security</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 05 May 2026 11:10:18 GMT</pubDate><enclosure url="https://substackcdn.com/image/youtube/w_728,c_limit/1qCSmEAjQ9E" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2 style="text-align: center;">Cisco to Acquire Astrix Security</h2><p>Cisco this week announced they are to acquire NHI startup <a href="https://astrix.security/">Astrix Security</a>. Traditional security models focus on human users, but modern systems rely heavily on <strong>AI agen&#8230;</strong></p>
      <p>
          <a href="https://radar.thecyberhut.com/p/acquisitions-cisco-astrix-security">
              Read more
          </a>
      </p>
   ]]></content:encoded></item><item><title><![CDATA[Review of IAM Tech Day Sao Paulo 2026]]></title><description><![CDATA[The largest IAM event in LATAM]]></description><link>https://radar.thecyberhut.com/p/review-of-iam-tech-day-sao-paulo</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/review-of-iam-tech-day-sao-paulo</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 28 Apr 2026 11:44:32 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!mrHk!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Last week I had the pleasure of attending and presenting at this years <a href="https://iamtechday.org/eventos/iam-tech-day-sao-paulo-abril-2026/?utm_source=thecyberhut.com">IAM Tech Day</a> down in Sao Paulo, Brazil. <a href="https://www.linkedin.com/in/alfredosantos/">Alfredo Santos</a> and team have created a great community of identity experts from a broad range of sectors and locations across Latin America.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!mrHk!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!mrHk!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!mrHk!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!mrHk!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!mrHk!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!mrHk!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg" width="1456" height="1456" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/dd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1456,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2542455,&quot;alt&quot;:&quot;&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" title="" srcset="https://substackcdn.com/image/fetch/$s_!mrHk!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!mrHk!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!mrHk!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!mrHk!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd9b526f-badd-41bf-8745-e4648c664090_3264x3264.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The 2-day event attracted over 2500 attendees and a strong vendor sponsor list - from large established players to more niche startups, along with numerous systems integrators and consultancies.</p><div><hr></div><h3>Where Is IAM Heading?</h3><p>I opened day 1 with a presentation entitled &#8220;A Dynamic World Needs Dynamic IAM: Where Are We Heading?&#8221; - and provided a look into the main research areas we have seen at <a href="https://www.thecyberhut.com/">The Cyber Hut</a> over the past 12 months.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!BhiK!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!BhiK!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg 424w, https://substackcdn.com/image/fetch/$s_!BhiK!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg 848w, https://substackcdn.com/image/fetch/$s_!BhiK!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!BhiK!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!BhiK!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg" width="1080" height="1440" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1440,&quot;width&quot;:1080,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:225018,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!BhiK!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg 424w, https://substackcdn.com/image/fetch/$s_!BhiK!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg 848w, https://substackcdn.com/image/fetch/$s_!BhiK!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!BhiK!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F58673a97-03df-4553-9799-941bc4aac0b8_1080x1440.jpeg 1456w" sizes="100vw"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>As identity and access management has moved from being a tactical and responsive part of the internal workforce infrastructure, to a strategic enabler that improves productivity, drives revenue and online experiences for B2C ecosystems and integrates with a broad array of cyber security technologies, it has become a major attack vector for adversarial activity. Many would argue it has become <em>the</em> attack vector.</p><p>Complex and fragmented infrastructure combined with a highly evolving black market for attack tooling (potentially coupled with AI-based vulnerability exploitation platforms) has lead to a huge spike in identity related risk. That risk is focused at both the identity data layer and post-auth runtime layer too.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!RVvy!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!RVvy!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!RVvy!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!RVvy!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!RVvy!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!RVvy!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png" width="960" height="540" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:540,&quot;width&quot;:960,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:101083,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!RVvy!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!RVvy!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!RVvy!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!RVvy!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3be1d0db-42e1-4e31-9977-3685045e1309_960x540.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>To that end we have seen a new set of technology areas emerge since 2022 that look to improve the security and risk posture of the entire IAM infrastructure world.</p><p>At the identity data layer (and with respect to identity data I mainly refer to profiles, policies and permissions) we see a slew of acronyms from IVIP (identity visibility and intelligence platforms), ISPM (identity security posture management) and further expansion of IGA (identity governance and administration) that leads into application governance and AI-governance.</p><div><hr></div><h3 style="text-align: center;">A Future Guide to Identity Security</h3><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!oev9!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!oev9!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg 424w, https://substackcdn.com/image/fetch/$s_!oev9!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg 848w, https://substackcdn.com/image/fetch/$s_!oev9!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!oev9!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!oev9!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg" width="1456" height="1043" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/f6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1043,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2382107,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!oev9!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg 424w, https://substackcdn.com/image/fetch/$s_!oev9!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg 848w, https://substackcdn.com/image/fetch/$s_!oev9!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!oev9!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff6d138bf-dbaa-470b-91e7-f82e18b55bf6_3875x2775.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p style="text-align: center;">Available globally on Amazon, in Kindle, paperback and hardback</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://a.co/d/05cZyHDB&quot;,&quot;text&quot;:&quot;Order Now on Amazon&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://a.co/d/05cZyHDB"><span>Order Now on Amazon</span></a></p><div><hr></div><p>The strategic focus here is to essentially augment our access request and access review processing with more context - leveraging data sources that already exist within the modern enterprise - and make our decision making smarter. AI is accelerating this decision making too and we&#8217;re seeing a range of use cases that improve integration, permissions analysis and policy removal as a result.</p><p>From a runtime point of view, we&#8217;re seeing numerous initiatives here - including ITDR (identity threat detection and response) and many subtle sub-classes of behaviour analysis. The focus is understanding the <em><strong>intent </strong></em>of an identity - not just making sure they have the correct permissions. This will involve analysing usage and comparing behaviour across-applications. This often requires composite-risk analysis engines - taking into consideration several signals to help triangulate risk and trigger a responsive action. </p><p>Understanding <em><strong>when </strong></em>to act is often as difficult as deciding what to do as a response. The response aspect is also evolving and will require more than just a simple allow/deny choice. Disrupting, degrading, redirecting and more subtle response measures are now common - and especially in the external B2C space and aim to deliver security AND usability simultaneously.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!gi57!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!gi57!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!gi57!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!gi57!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!gi57!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!gi57!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png" width="960" height="540" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/5f21906a-6bba-4927-a67e-16152295db5f_960x540.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:540,&quot;width&quot;:960,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:111319,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!gi57!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png 424w, https://substackcdn.com/image/fetch/$s_!gi57!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png 848w, https://substackcdn.com/image/fetch/$s_!gi57!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png 1272w, https://substackcdn.com/image/fetch/$s_!gi57!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5f21906a-6bba-4927-a67e-16152295db5f_960x540.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>A more strategic view of course is not just how to handle the <strong>data</strong> and <strong>runtime</strong> aspects of identity risk but do so across ALL identity types. We&#8217;re seeing innovation within IGA, ISPM and PAM with the increased usage of generative and agentic AI to improve decision making - alongside expansions into the non-human governance space too.</p><p>Ultimately both identity data and behaviour monitoring needs to support non-human, workloads, and agentic-AI as well as both B2E and B2C identity types. </p><div><hr></div><h3>Further Resources on Identity Data Risk</h3><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;cfa9cf15-4f1e-4942-9742-5618abbec1c9&quot;,&quot;caption&quot;:&quot;The What&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Cheat Sheet: Agentic Identity Owner Discovery&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2026-04-14T09:57:28.119Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!cpBS!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/cheat-sheet-agentic-identity-owner&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:194074390,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:1,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;e894b339-a9d1-4b21-8384-d396fbedcc84&quot;,&quot;caption&quot;:&quot;Agent Identity and Access Management&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Cheat Sheet: Agentic-AI Security Architecture Example&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2026-02-17T12:46:12.060Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!eanl!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa711daef-288e-4da5-8ee8-74f1c50c4089_818x731.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/cheat-sheet-agentic-ai-security-architecture&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:188254238,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:1,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;bab45bb2-dc8d-4aae-9c24-28b079c7c20e&quot;,&quot;caption&quot;:&quot;The What&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Cheat Sheet: Application Governance&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2026-02-06T10:09:46.814Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!P0RZ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fde1e4343-db88-4fc8-8fa3-6e2fda041f92_959x658.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/cheat-sheet-application-governance&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:187004317,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:3,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div><hr></div><h3>IAM for AI and AI for IAM</h3><p>Every cyber or IAM conference in 2026 is going to have a heavy focus on AI - either to accelerate IAM adoption or in attempt to secure parts of the AI ecosystem.</p><p>Okta started day 1 with a generic focus on how both the LLM and agentic are firstly  different components, but also have different control requirements.  They articulated that a focus on the &#8220;information flows&#8221; between assets is a more strategic approach alongside a central plane that looks at both the identity creation flows and the runtime interception and enforcement of permissions.</p><p>Sailpoint extended the AI focus, with a need to provide IGA and life cycle management features for non-human identities as well as humans. A key first-principle to that model is to assign <strong>owners</strong> to agents, workloads and NHIs. This needs to be done for both existing live identities (that are essentially orphaned) as well as imposing sponsors during identity creation time.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!TvB5!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!TvB5!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!TvB5!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!TvB5!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!TvB5!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!TvB5!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg" width="1456" height="1456" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/aa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1456,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:3408693,&quot;alt&quot;:&quot;&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" title="" srcset="https://substackcdn.com/image/fetch/$s_!TvB5!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!TvB5!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!TvB5!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!TvB5!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Faa430ec6-acc1-4983-a9e1-fc62cde2a903_3264x3264.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Later in the morning, an Okta hosted a panel with ySec and TecPar that looked at AI from a more security exploitation standpoint. The rise of deepfakes, the increased speed of attacks and the ability to craft attacks in a &#8220;no-code&#8221; way has essentially given the attackers the advantage - for the time being.  To that end, AI can be used to help discover the landscape first - what identities exist, where they are stored and what they are permitted to do. It really becomes essential to move from a reactive security standpoint to one that is more pro-active.</p><p>eTrust articled that AI is really in its &#8220;toddler&#8221; years - and emphasised again that using a sponsor and ownership is key to governance (take a look here at our recent <a href="https://radar.thecyberhut.com/p/cheat-sheet-agentic-identity-owner">Agentic Ownership</a> guide).</p><p>Thales - the long time authentication specialists - amplified the story that AI is accelerating login based attacks. From improvements to how attackers can craft phishing emails. Later in the day they also presented a case study where they show how an authentication assessment (internal and external identities versus high and low risk) can help to identify future authentication modality requirements. </p><p>Platform providers CoffeeBean discussed how the combination of identity orchestration alongside AI is the strategic way to manage workforce IAM. As B2E has evolved, organisations need to integrate IAM into more systems, consume different data points and be more modular and fine grained with how IAM capabilities are deployed. The integration of logs and activity data can provide a continuous feedback loop into policies and controls. The key is augment existing pillars of IAM capability to improve coverage and usability.</p><p>Day 2 saw a panel hosted by NetBR that included practitioners from Ita&#250; Unibanco and Bradesco that discussed how AI can help with IAM but also the controls needed to secure it. From an IAM point of view, access request, IDV analysis and account take over (ATO) protection were prime uses of emerging AI capabilities. The panel also observed how AI adoption is amplifying the need for data protection and how the concepts of external authorization platforms and policy based access control (PBAC) are key parts of that journey.</p><div><hr></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!Aqqq!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!Aqqq!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!Aqqq!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!Aqqq!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!Aqqq!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!Aqqq!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg" width="1456" height="1456" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1456,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:4420472,&quot;alt&quot;:&quot;&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" title="" srcset="https://substackcdn.com/image/fetch/$s_!Aqqq!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!Aqqq!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!Aqqq!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!Aqqq!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7fbd2f47-d333-4dd3-a9b7-78f79d40b42d_3264x3264.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://radar.thecyberhut.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">The Cyber Hut Radar - Emerging Technology Research is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><div><hr></div><h3>Identity for Security and Security for Identity</h3><p>There are very few cyber security technology sectors (think XDR, data, mobile, cloud, network) that don&#8217;t either relying hugely on IAM working effectively (which is rarely does) or expect bi-directional integrations for data and runtime tokens and decision making. To that end, there were numerous talks amplifying the security angle of identity - either to protect the IAM infrastructure and its components, as well as the identities, accounts and usage of those components.</p><p>Sec4U on day 1 introduced the concept of the &#8220;identity attack surface&#8221; and how it is increasing. As organisational maturity gravitates to an all-digital approach for staff, customers, services and products, the level of risk increases. As a result, IAM strategy needs to move away from standard joiner-mover-leaver concepts and focus on being continual, continuous and contextual.</p><p>A practitioner panel from the airline manufacturer Embraer discussed how security considerations such as intellectual property protection are driving their IAM design. Insider threat, external attacks and complex supply chains can increase risk through visibility blind-spots and a lack of full coverage IGA capabilities. An increased focus on IAM process automation not only reduces error and human effort, it can also allow the organisation to become more risk adverse, by having confidence in the underlying processes. That then allows Embraer to move faster, collaborate and be more competitive. Some tactical comments also emerged, from the need to migrate to just in time (JiT) access to making sure IAM can fully integrate into the security operations centre (SoC) for analysis and investigations.</p><p>ManageEngine gave a talk looking at the huge rise in shadow identity - the impact of that and what can be done to tackle it. Whilst traditionally AD-centric, they articulated a broader strategy to improve both IT-security controls adoption and cleanup of the core identity data landscape.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!Q7UC!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!Q7UC!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!Q7UC!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!Q7UC!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!Q7UC!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!Q7UC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg" width="1456" height="1456" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1456,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:3306145,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!Q7UC!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!Q7UC!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!Q7UC!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!Q7UC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F67072821-2d5e-46ce-bfc6-99ec5b95e756_3264x3264.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The end of day 1 saw Prove discuss not just security of IAM, but more the privacy of identity data components. The attributes that make up a profile (especially in the B2C space) can be abused as part of identity verification, fraud and PII theft. They articulated the multi-source issue of how identity attributes can be leaked - and in turn used to create synthetic or blended identities that are then used for future attacks and data theft. These false identities can also be used in disinformation campaigns and influence operations that are proliferating into concerns such as election interference. Their solution is provide an identity-graph model that can continuously check identity attribute location and usage, verifying usage, integrity and historical assurance.</p><div><hr></div><h3 style="text-align: center;">B2C CIAM Design Fundamentals</h3><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!CgVU!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!CgVU!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png 424w, https://substackcdn.com/image/fetch/$s_!CgVU!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png 848w, https://substackcdn.com/image/fetch/$s_!CgVU!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png 1272w, https://substackcdn.com/image/fetch/$s_!CgVU!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!CgVU!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png" width="573" height="610" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/7db81543-915a-4f64-89a6-062579c0500a_573x610.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:610,&quot;width&quot;:573,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:68923,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!CgVU!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png 424w, https://substackcdn.com/image/fetch/$s_!CgVU!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png 848w, https://substackcdn.com/image/fetch/$s_!CgVU!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png 1272w, https://substackcdn.com/image/fetch/$s_!CgVU!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F7db81543-915a-4f64-89a6-062579c0500a_573x610.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p style="text-align: center;">Available globally on Amazon, in paperback and Kindle.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://a.co/d/0bATIiLy&quot;,&quot;text&quot;:&quot;Buy now on Amazon&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://a.co/d/0bATIiLy"><span>Buy now on Amazon</span></a></p><div><hr></div><p>Day 2 saw Banco Bradesco (the third largest bank by assets in Brazil) discuss a case study. Some interesting aspects included the need to future proof against emerging security threats - such as post-quantum readiness and protection against the rise of deepfakes. Identity and security in general is a process not a product and they have developed modular approach to both designing, implementing and deploying IAM components for staff, customers and non-human identities, with composable features for authentication and authorization.</p><div><hr></div><h3>Further Insight and Whitepapers</h3><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;2014d16a-0b28-4a88-bbbc-3a3894404fa6&quot;,&quot;caption&quot;:&quot;Organizations today manage access in two very different domains: physical spaces (buildings, offices, secure areas) and digital environments (applications, systems, data). Historically, these have evolved separately, using different technologies, teams, and policies.&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Designing for Converged Access&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2026-04-21T10:49:43.940Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!cmZH!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/designing-for-converged-access&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:194782050,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:0,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;a76cbbe7-a81e-4bfe-8d65-081c11ab6e7e&quot;,&quot;caption&quot;:&quot;Analyst Comment&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Claude Mythos and Project Glasswing: The End of Cyber Security As We Know It?&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2026-04-10T10:40:19.523Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!U6if!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F92c08413-1ad7-41c4-9da7-85c810fddfff_3840x2160.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/claude-mythos-and-project-glasswing&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:193777338,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:5,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;d1c3d471-abdd-486e-a3ef-8c2904662176&quot;,&quot;caption&quot;:&quot;As organisations scale across cloud, SaaS, and AI-driven environments, identity has become the primary control plane for security and access. Yet most enterprises still operate with a fragmented identity architecture&#8212;multiple tools, disconnected policies, and incomplete visibility.&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;The Hidden Risk of Fragmented Identity&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2026-03-26T14:18:16.856Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!K-kJ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/the-hidden-risk-of-fragmented-identity&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:191585404,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:0,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div><hr></div><p>Raise IT (a partner of Transmit Security) discussed the security and fraud components that are emerging within the B2C CIAM space. Fraud is no longer just attacking the account creation and on-boarding phases, but must be handled end to end at all parts of the B2C life cycle. With the advent of agentic-AI within the B2C world, a transaction signing lineage must be considered that can provide assurance and integrity protection for transactions.</p><p>JumpCloud gave a novel description of how device analysis and mobile device management (MDM) systems have evolved into more generic endpoint protection platforms - and must be more closely linked into the privilege access management flows. They argued that identity on its own cannot live in a vacuum and the originating device must be considered during authentication and authorization enforcement checks. Hexnode delivered a similar message later in the day, with their solution offering a broad array of mobile and device integration options in order to strengthen the coverage for device security.</p><p>Later on day 2, Silverfort argued that original joiner-mover-leaver processes were not built for security - they were built for productivity and compliance. As organisations move towards a more hybrid deployment model, visibility and control of identity usage becomes a vulnerability. Their view of identity security involves a &#8220;runtime access protection RAP&#8221; component that can augment and extend Active Directory authentication and access with a range of behaviour and threat detection capabilities.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!xSs2!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!xSs2!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!xSs2!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!xSs2!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!xSs2!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!xSs2!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg" width="1456" height="1456" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1456,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:4553935,&quot;alt&quot;:&quot;&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" title="" srcset="https://substackcdn.com/image/fetch/$s_!xSs2!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!xSs2!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!xSs2!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!xSs2!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6ba15291-86f8-4eda-8eec-fe72265bdf00_3264x3264.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><h3>Recent Industry Interviews</h3><div id="youtube2-AHIUFtGOWvY" class="youtube-wrap" data-attrs="{&quot;videoId&quot;:&quot;AHIUFtGOWvY&quot;,&quot;startTime&quot;:null,&quot;endTime&quot;:null}" data-component-name="Youtube2ToDOM"><div class="youtube-inner"><iframe src="https://www.youtube-nocookie.com/embed/AHIUFtGOWvY?rel=0&amp;autoplay=0&amp;showinfo=0&amp;enablejsapi=0" frameborder="0" loading="lazy" gesture="media" allow="autoplay; fullscreen" allowautoplay="true" allowfullscreen="true" width="728" height="409"></iframe></div></div><div id="youtube2-3BSI0gRu1GQ" class="youtube-wrap" data-attrs="{&quot;videoId&quot;:&quot;3BSI0gRu1GQ&quot;,&quot;startTime&quot;:null,&quot;endTime&quot;:null}" data-component-name="Youtube2ToDOM"><div class="youtube-inner"><iframe src="https://www.youtube-nocookie.com/embed/3BSI0gRu1GQ?rel=0&amp;autoplay=0&amp;showinfo=0&amp;enablejsapi=0" frameborder="0" loading="lazy" gesture="media" allow="autoplay; fullscreen" allowautoplay="true" allowfullscreen="true" width="728" height="409"></iframe></div></div><div id="youtube2-3_RNdwGdsfM" class="youtube-wrap" data-attrs="{&quot;videoId&quot;:&quot;3_RNdwGdsfM&quot;,&quot;startTime&quot;:null,&quot;endTime&quot;:null}" data-component-name="Youtube2ToDOM"><div class="youtube-inner"><iframe src="https://www.youtube-nocookie.com/embed/3_RNdwGdsfM?rel=0&amp;autoplay=0&amp;showinfo=0&amp;enablejsapi=0" frameborder="0" loading="lazy" gesture="media" allow="autoplay; fullscreen" allowautoplay="true" allowfullscreen="true" width="728" height="409"></iframe></div></div><div><hr></div><h3>Final Comment</h3><p>IAM Tech Day is one of the premier identity events globally, not just for LATAM. The core themes of AI and identity security amplified what is happening in North America, EMEA and APAC too.</p><p>As IAM becomes a strategic enabler for technology transformation, business productivity and revenue generation, the security and privacy aspects become critical.</p><p>How we measure and deploy IAM services is changing massively. Several talks (including those by Shield Security, Sec4U and NetBR) all showcased modern and strategic approaches of how to embed IAM within the C-level talk track. From improved communications and metrics to how to find and in turn manage risk. IAM strategies and tactics need to be co-authored with a broad array of stakeholders. The use of natural language processing as the standard user experience (UX) of choice can open up previously complex IAM policy components to non-technical leaders who can both consume performance data, but also contribute to the overall management of the IAM world.</p><p>It becomes critical to work in a top-down model - identifying business and team objectives <em><strong>before </strong></em>identifying the data, cyber and identity components that help or hinder those plans. What does MFA really do for the business? How can just in time access help their partners or customers? These lower level controls must be translated and presented in a way that matters to the key budget holders.</p><p>If organisations can achieve that, their future identity strategy will both enable security but also improve usability.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!4PXT!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!4PXT!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg 424w, https://substackcdn.com/image/fetch/$s_!4PXT!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg 848w, https://substackcdn.com/image/fetch/$s_!4PXT!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!4PXT!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!4PXT!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg" width="1456" height="1711" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1711,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:1695796,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!4PXT!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg 424w, https://substackcdn.com/image/fetch/$s_!4PXT!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg 848w, https://substackcdn.com/image/fetch/$s_!4PXT!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!4PXT!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6d4d8177-e116-4d70-b642-d34418af85a9_3320x2825.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Sa&#250;de!</p><div><hr></div><h3>Vendor and Integrator Shout Outs</h3><p><a href="https://authcube.com/?utm_source=radar.thecyberhut.com">Authcube</a> - Orchestrate and protect identities in one unique platform what unite security and <em>experience</em></p><p><a href="https://coffeebeantech.com/?utm_source=radar.thecyberhut.com">CoffeeBean Technology</a> - <em>Orchestration in IAM refers to the automated coordination of identity and access management processes across systems, applications, and security tools.</em></p><p><a href="https://www.e-trustsecurity.com/?utm_source=radar.thecyberhut.com">eTrust Security</a> - <em>We are cyber security. We are identity.</em></p><p><a href="https://jumpcloud.com/?utm_source=radar.thecyberhut.com">JumpCloud</a> - <em>Securely manage devices and access for all human, non-human, and agentic identities.</em></p><p><a href="https://www.netbr.com.br/?utm_source=radar.thecyberhut.com">NetBR</a> - <em>We are an extension of your company, generating knowledge through interaction with your teams , delivering greater value to your identity program.</em></p><p><a href="https://www.prove.com/?utm_source=radar.thecyberhut.com">Prove</a> - <em>Prove transforms identity from a one-time verification event into a persistent foundation of trust-built to verify every person, business, and AI agent, at every interaction.</em></p><p><a href="https://www.sec4u.com.br/en?utm_source=radar.thecyberhut.com">Sec4U</a> - <em>Your security doesn't have to be complex! Protect your workforce and digital customers without impacting your business flows and usability. </em></p><p><a href="https://shieldsec.com.br/?utm_source=radar.thecyberhut.com">Shield Security</a> - <em>Shield Security has a broad portfolio of services associated with the best manufacturers on the market. The goal is to offer excellent service, seeking to understand the needs of each client for a personalized delivery.</em></p><p><a href="https://www.silverfort.com/?utm_source=radar.thecyberhut.com">Silverfort</a> - <em>Discover and protect every dimension of identity, everywhere. Human, machine or AI, cloud or on-prem&#8212;including systems that couldn&#8217;t be protected befor</em></p><div><hr></div><h3><strong>About The Author</strong></h3><p>Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of <a href="https://www.thecyberhut.com/">The Cyber Hut</a> &#8211; a specialist research and advisory firm based out of the UK. He is author of <a href="https://a.co/d/7oO2oOW">CIAM Design Fundamentals</a> and <a href="https://www.thecyberhut.com/iam%20at%202035/">IAM at 2035</a>: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!uKCq!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!uKCq!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!uKCq!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!uKCq!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!uKCq!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!uKCq!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg" width="1456" height="1456" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1456,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:3606491,&quot;alt&quot;:&quot;&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/195632015?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" title="" srcset="https://substackcdn.com/image/fetch/$s_!uKCq!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg 424w, https://substackcdn.com/image/fetch/$s_!uKCq!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg 848w, https://substackcdn.com/image/fetch/$s_!uKCq!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!uKCq!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F47e374f0-094c-4e1c-80eb-0a678c58b91d_3264x3264.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://calendly.com/simonmof/market-overview-discussion?back=1&amp;month=2026-04&quot;,&quot;text&quot;:&quot;Book 90 Minute Discussion Workshop&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://calendly.com/simonmof/market-overview-discussion?back=1&amp;month=2026-04"><span>Book 90 Minute Discussion Workshop</span></a></p><p></p><p></p>]]></content:encoded></item><item><title><![CDATA[Designing for Converged Access]]></title><description><![CDATA[The importance of unifying identity data across physical and digital landscapes]]></description><link>https://radar.thecyberhut.com/p/designing-for-converged-access</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/designing-for-converged-access</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 21 Apr 2026 10:49:43 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!cmZH!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Organizations today manage access in two very different domains: <strong>physical spaces</strong> (buildings, offices, secure areas) and <strong>digital environments</strong> (applications, systems, data). Historically, these have evolved separately, using different technologies, teams, and policies.</p><p>That separation is increasingly becoming a problem.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://radar.thecyberhut.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">The Cyber Hut Radar - Emerging Technology Research is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><h3><strong>The Challenge of Fragmented Access</strong></h3><p>When physical and digital access are handled in silos, organizations struggle with:</p><ul><li><p><strong>Inconsistent policies</strong> across systems</p></li><li><p><strong>Gaps in security</strong>, especially during onboarding and offboarding</p></li><li><p><strong>Limited visibility</strong> into who has access to what</p></li><li><p><strong>Operational inefficiencies</strong> from duplicated processes</p></li></ul><p>For example, an employee may lose system access immediately after leaving&#8212;but still retain access to a building. These disconnects introduce risk and complexity.</p><h3><strong>A Shift Toward Unified Access</strong></h3><p>To address this, organizations are moving toward a <strong>unified design model</strong>, where <strong>identity becomes the central control point</strong> for all types of access.</p><p>In this approach:</p><ul><li><p>A single identity governs access to <strong>both physical and digital resources</strong></p></li><li><p>Policies are applied consistently across environments</p></li><li><p>Access decisions are centralized and context-aware</p></li></ul><p>This represents a shift from <strong>system-centric security</strong> to <strong>identity-centric security</strong>.</p><p>As organizations continue to digitize and expand, managing access in silos is no longer sustainable. A <strong>unified, identity-centric approach</strong> provides stronger security, better efficiency, and a more seamless user experience&#8212;bringing together the physical and digital worlds under a single access strategy.</p><div><hr></div><p>I wrote about this concept in more detail in a recent analyst opinion piece written for <a href="https://www.hidglobal.com/">HID</a>.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!cmZH!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!cmZH!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png 424w, https://substackcdn.com/image/fetch/$s_!cmZH!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png 848w, https://substackcdn.com/image/fetch/$s_!cmZH!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png 1272w, https://substackcdn.com/image/fetch/$s_!cmZH!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!cmZH!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png" width="812" height="598" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:598,&quot;width&quot;:812,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:397563,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/194782050?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!cmZH!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png 424w, https://substackcdn.com/image/fetch/$s_!cmZH!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png 848w, https://substackcdn.com/image/fetch/$s_!cmZH!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png 1272w, https://substackcdn.com/image/fetch/$s_!cmZH!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3bebe1cc-fa56-4bbc-a65a-ba16afda0899_812x598.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://blog.hidglobal.com/unified-design-consolidating-access-across-physical-and-digital-realms?utm_source=thecyberhut.com&quot;,&quot;text&quot;:&quot;Read Full Article&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://blog.hidglobal.com/unified-design-consolidating-access-across-physical-and-digital-realms?utm_source=thecyberhut.com"><span>Read Full Article</span></a></p><div><hr></div><h3>About The Author</h3><p>Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of <a href="https://www.thecyberhut.com/">The Cyber Hut</a> &#8212; a specialist research and advisory firm based out of the UK. He is author of <a href="https://a.co/d/7oO2oOW">CIAM Design Fundamentals</a> and <a href="https://www.thecyberhut.com/iam%20at%202035/">IAM at 2035</a>: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.</p><div><hr></div><div class="captioned-button-wrap" data-attrs="{&quot;url&quot;:&quot;https://radar.thecyberhut.com/p/designing-for-converged-access?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="CaptionedButtonToDOM"><div class="preamble"><p class="cta-caption">Thanks for reading The Cyber Hut Radar - Emerging Technology Research! This post is public so feel free to share it.</p></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://radar.thecyberhut.com/p/designing-for-converged-access?utm_source=substack&utm_medium=email&utm_content=share&action=share&quot;,&quot;text&quot;:&quot;Share&quot;}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://radar.thecyberhut.com/p/designing-for-converged-access?utm_source=substack&utm_medium=email&utm_content=share&action=share"><span>Share</span></a></p></div><p></p>]]></content:encoded></item><item><title><![CDATA[Cheat Sheet: Agentic Identity Owner Discovery]]></title><description><![CDATA[A key capability for developing life cycle management governance]]></description><link>https://radar.thecyberhut.com/p/cheat-sheet-agentic-identity-owner</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/cheat-sheet-agentic-identity-owner</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 14 Apr 2026 09:57:28 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!cpBS!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>The What</h2><p>In early 2025 The Cyber Hut released a discussion-focused article on the &#8220;<a href="https://www.thecyberhut.com/10-laws-of-identity-security/">Laws of Identity Security</a>&#8221;. The idea behind this was to create interest around what identity security is and how we can start to pragmatically approach the security controls and architectural design stages.</p><p>Law 3 in that series was: <em><strong>&#8220;Every digital identity (human and non-human) must resolve to a carbon physical person who is accountable for it&#8221;.</strong></em></p><p>As AI agents proliferate &#8212; often outnumbering human identities by 50:1 or more &#8212; the ability to trace every agent back to a responsible human owner is foundational to governance, incident response, compliance, and risk management. Without it, organisations face &#8216;ghost agents&#8217; with active privileges and no accountability.</p><p>Agents need accountability yes, but they also need to be strategically managed as part of a life cycle. That life cycle in turn needs to be linked to a human life cycle for completeness.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://radar.thecyberhut.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">The Cyber Hut Radar - Emerging Technology Research is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><div><hr></div><h2>The Why</h2><p>The human B2E employee life cycle can be quite well defined. A basic Google search (or other) will likely generate something like the following:</p><ul><li><p><strong>Joiner (Onboarding)</strong></p><ul><li><p>Creation of the digital identity from an authoritative source (HR system)</p></li><li><p>Account creation + initial access provisioning</p></li><li><p>Often automated for Day 1 readiness</p></li></ul></li><li><p><strong>Identity Proofing &amp; Verification</strong></p><ul><li><p>Ensuring the person is who they claim to be</p></li><li><p>Background checks, document validation, etc. (more critical in high-assurance roles)</p></li></ul></li><li><p><strong>Authentication Setup</strong></p><ul><li><p>Credential issuance (passwords, MFA, passkeys)</p></li><li><p>Binding user to authentication methods/devices</p></li></ul></li><li><p><strong>Authorization / Access Provisioning</strong></p><ul><li><p>Assigning roles, groups, entitlements</p></li><li><p>Based on RBAC/ABAC policies (least privilege principle)</p></li></ul></li><li><p><strong>Access Request &amp; Approval</strong></p><ul><li><p>Ongoing process where users request additional access</p></li><li><p>Workflow-driven approvals (manager, app owner, etc.)</p></li></ul></li><li><p><strong>Access Review &amp; Certification</strong></p><ul><li><p>Periodic audits of user access (compliance-driven)</p></li><li><p>Managers/app owners validate &#8220;who still needs what&#8221;</p></li></ul></li><li><p><strong>Mover (Role Change / Lifecycle Update)</strong></p><ul><li><p>Adjusting access when a user changes role, department, or project</p></li><li><p>Prevents privilege creep</p></li></ul></li><li><p><strong>Leaver (Offboarding / Deprovisioning)</strong></p><ul><li><p>Timely removal of access when a user leaves</p></li><li><p>Includes account disablement, session termination, and cleanup</p></li></ul></li></ul><p>Now clearly, each of those stages will also have sub-life cycles too. Especially for things like credential management and and issuance. Of course, many organisations struggle to automate these components and are faced with issues such as:</p><ul><li><p>Orphan accounts - no longer linked to a real identity</p></li><li><p>Ghost accounts - never linked to a real identity</p></li><li><p>Excess Permissions - assigned versus used out of sync</p></li></ul><p>So what? Well we now need to consider an equivalent <strong>agentic</strong> life cycle - even if that world is relatively new in comparison.</p><p>An example life cycle model for agents could look something like the following:</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!jT7J!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!jT7J!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png 424w, https://substackcdn.com/image/fetch/$s_!jT7J!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png 848w, https://substackcdn.com/image/fetch/$s_!jT7J!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png 1272w, https://substackcdn.com/image/fetch/$s_!jT7J!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!jT7J!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png" width="935" height="814" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/88a07aac-8608-49b4-9843-e639484f55ea_935x814.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:814,&quot;width&quot;:935,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:161325,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/194074390?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!jT7J!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png 424w, https://substackcdn.com/image/fetch/$s_!jT7J!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png 848w, https://substackcdn.com/image/fetch/$s_!jT7J!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png 1272w, https://substackcdn.com/image/fetch/$s_!jT7J!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F88a07aac-8608-49b4-9843-e639484f55ea_935x814.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The management of the agentic life cycle is going to require some different approaches and likely tooling to that of the human world. That is out of scope for this cheat sheet however.</p><p>What becomes clear though, is that we need to link the agentic life cycle with the human one. Agents do not and cannot live in a vacuum.</p><div><hr></div><h2>Capabilities</h2><p>We are now presented with several issues:</p><ol><li><p>How to find an owner for agents already live that are orphaned</p></li><li><p>How to assign ownership during agent creation in a way that doesn&#8217;t inhibit development</p></li><li><p>How to enforce life cycle changes for humans and agents together</p></li></ol><p>A few ways seem to exist with respect to how this could be done.</p><ul><li><p><strong>AI/ML correlation</strong> &#8212; analyses logs, code commits, device telemetry, or behavioural signals to infer the likely human owner.</p></li><li><p><strong>Blended/delegated identity</strong> &#8212; binds the human&#8217;s IdP token to the agent at session initiation (e.g. OAuth On-Behalf-Of flow).</p></li><li><p><strong>Manual/admin assignment</strong> &#8212; a human administrator explicitly designates an owner in the platform UI or via policy.</p></li><li><p><strong>Sponsor/succession model</strong> &#8212; a formal sponsor is required at creation; ownership auto-transfers if the sponsor leaves.</p></li><li><p><strong>Creation-time attribution</strong> &#8212; the identity of the creator/deployer is captured when the agent is registered or provisioned.</p></li><li><p><strong>HR/directory integration</strong> &#8212; ownership is inferred from organisational data (Active Directory, Okta, HR systems).</p></li><li><p><strong>Access review/certification campaigns</strong> &#8212; periodic campaigns prompt stakeholders to confirm or reassign ownership.</p></li></ul><p>Not all methods are comparative of course and rely on different information sources and dependencies within the infrastructure.</p><p>There is also a subtle difference between <strong>live</strong> agents and <strong>future</strong>-<strong>created</strong> processes needed to assign an owner at creation time. The current state many organisations are likely to be in, is the former - facing discovery and inventory exercises for agents that are already live.</p><div><hr></div><p style="text-align: center;"><strong>Let us know your approaches to this emerging problem:</strong></p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://radar.thecyberhut.com/survey/6814645?token=&quot;,&quot;text&quot;:&quot;Start Survey on Agentic Ownership&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://radar.thecyberhut.com/survey/6814645?token="><span>Start Survey on Agentic Ownership</span></a></p><div><hr></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!cpBS!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!cpBS!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png 424w, https://substackcdn.com/image/fetch/$s_!cpBS!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png 848w, https://substackcdn.com/image/fetch/$s_!cpBS!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png 1272w, https://substackcdn.com/image/fetch/$s_!cpBS!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!cpBS!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png" width="748" height="455" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/e53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:455,&quot;width&quot;:748,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:61765,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/194074390?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!cpBS!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png 424w, https://substackcdn.com/image/fetch/$s_!cpBS!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png 848w, https://substackcdn.com/image/fetch/$s_!cpBS!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png 1272w, https://substackcdn.com/image/fetch/$s_!cpBS!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fe53b2cc7-0335-47d9-aa6a-e4fe6d188ad4_748x455.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><h2>Market Considerations</h2><ol><li><p>Many vendors consider ownership as a <strong>secondary</strong> function - even if they provide the capability. Immediate focus is often on discovery, then authentication, authorization and permission management</p></li><li><p>Two dominant paradigms exist: <strong>proactive</strong> discovery vs. <strong>creation</strong>-<strong>time</strong> capture - the use of &#8220;live&#8221; data such as logs, telemetry are used as inference of ownership. Creation capture provides support for the longer-term governance model.</p></li><li><p><strong>Sponsor</strong> model seems most compliant-ready - having a dedicated human sponsor used during agent creation (and in turn provides downstream changes if the human sponsor undergoes changes themselves) seems the most likely to support compliance interrogation. </p></li><li><p><strong>Linking</strong> of human identity provider tokens to downstream agents can provide an end to end level of cryptographic traceability.</p></li><li><p>Post creation access review campaigns need <strong>context</strong> - reviewing existing agent permissions and &#8220;liveness&#8221; requirements really needs an owner to be identified first for them to be effective</p></li></ol><div><hr></div><h2>Example Vendor Solutions for Agentic Ownership</h2><p>There are numerous vendors delivering agentic identity solutions. A sample of those have capabilities with respect to ownership discovery and assignment. </p><h3>Aembit</h3><p>https://aembit.io/iam-for-agentic-ai/ </p><p>Aembit uses a &#8216;Blended Identity&#8217; model that cryptographically combines the AI agent&#8217;s non-human identity with the human user operating it at authentication time. It integrates with existing IdPs (Okta, Azure AD, Google) via OIDC/OAuth 2.1 so every access request carries verifiable human context. The human is not discovered post-hoc &#8212; they are bound into the access token at session initiation.</p><h3>Andromeda Security</h3><p>https://www.andromedasecurity.com/use-case/agentic-ai </p><p>Andromeda explicitly offers a &#8216;Human Ownership and Governance&#8217; capability. It identifies and certifies human owners for each discovered agent, runs ownership and access review campaigns, and enforces least privilege based on confirmed ownership. The platform maintains a centralised inventory mapping agents to humans and supports ongoing certification cycles.</p><h3><strong>Clutch Security</strong></h3><p>https://www.clutch.security/use-cases/workforce-attribution</p><p>Clutch has a dedicated &#8216;Workforce Attribution&#8217; use case that reveals every human-NHI relationship &#8212; creator, owner, user, or value exposer &#8212; for the full NHI estate including AI agents. Its Identity Lineage&#8482; feature aggregates and correlates data from Cloud, SaaS, Code/CI-CD, Vaults, and on-prem environments to build a visual map of origin, consumers, attribution to the workforce (owners/creators), storage, and resources. Shadow AI Discovery surfaces unmanaged agents, and the Agentic AI Governance module controls how agents use and share NHIs.</p><h3><strong>Entro Security</strong></h3><p>https://entro.security/platform-ai-agents/</p><p>Entro automatically correlates agent activity with human users through logs, code commits, and device telemetry, then enforces ownership via policies, alerts, and automation. Its AGA module uses three data layers &#8212; Sources (EDR telemetry, agent foundries like AWS Bedrock/Copilot Studio, cloud environments, MCP servers), Targets (enterprise systems the agent touches), and Identities (human/NHI/secrets) &#8212; to build a complete agent profile and attribute each agent to a creator/owner. Ownership is then enforced through access review campaigns aligned with IGA principles.</p><h3><strong>Microsoft Entra (Agent ID)</strong></h3><p>https://www.microsoft.com/en-gb/security/business/identity-access/microsoft-entra-agent-id</p><p>Microsoft Entra Agent ID (in public preview) introduces a formal &#8216;Sponsor&#8217; model: every agent identity must have one or more human sponsors, who are accountable for its lifecycle and access decisions. Sponsors are assigned at creation or via the admin centre. If a sponsor leaves the organisation, their sponsorship is automatically transferred to their manager via lifecycle workflows, ensuring no agent becomes ownerless. Access packages requiring sponsor approval enforce human accountability at each access request. The Agent Identity Blueprint also records publisher, roles, and permissions at the type level. Both attended (on-behalf-of OAuth OBO flow, tying the agent to an authenticated human) and unattended (autonomous) modes are supported.</p><h3><strong>Oasis Security</strong></h3><p>https://www.oasis.security/product#ownership</p><p>The Oasis NHI Ownership Discovery Engine uses purpose-built AI/ML algorithms to suggest and assign owners by analysing the digital footprint and behaviours of those who consume NHIs &#8212; without requiring pre-existing metadata, tags, or naming conventions. Its AAM&#8482; product tracks a full chain of custody: Human &#8594; Agent &#8594; Prompt &#8594; Intent &#8594; Policy &#8594; Identity &#8594; Actions &#8594; Results. Ownership recommendations are automated and then attested by security teams. The platform also covers ownership succession and flags orphaned agents when creators leave.</p><h3><strong>SailPoint</strong></h3><p>https://www.sailpoint.com/products/agent-identity-security</p><p>SailPoint&#8217;s Agent Identity Security (AIS) product formally certifies AI agents by assigning clear human owner and user accountability, enforcing permissions, and linking agents to the identity context of the users they represent and the data they access. Owners are aggregated from cloud and agent platforms (AWS, Azure, GCP, Salesforce, Copilot Studio) and can have multiple owners per agent. Ownership data is maintained for audit and succession planning &#8212; when an owner changes roles or leaves, ownership is quickly reassigned without losing visibility. SailPoint&#8217;s unified platform governs human, machine, and agent identities together, enabling consistent access review certifications across all identity types.</p><h3>Saviynt</h3><p>https://saviynt.com/blog/ai-agent-lifecycle-management</p><p>Saviynt&#8217;s view is that if registration establishes the  identity, ownership establishes accountability&#8212;and without it, governance collapses into ambiguity. Every AI agent must have a named, accountable owner from day one, and that ownership must persist and be enforced throughout its lifecycle. AI agents do not belong to systems; they belong to a human sponsor, a team, and a defined business purpose. This means a specific individual&#8212;not a shared mailbox&#8212;is responsible for the agent&#8217;s behaviour, access, and compliance, with clear alignment to business and executive oversight. </p><p>Saviynt identifies owners by leveraging authoritative sources such as HR systems and identity directories to map agents and accounts to real individuals and reporting structures. It correlates access patterns, entitlement usage, and system relationships to infer likely ownership where it is not explicitly defined. These inferred owners are then validated through governance workflows, such as certification campaigns and attestation, to establish and confirm accountability.</p><h3><strong>Token Security</strong></h3><p>https://www.token.security/use-cases/establish-ai-agent-ownership-and-accountability</p><p>Token Security has a dedicated &#8216;Establish AI Agent Ownership and Accountability&#8217; use case. It automatically discovers every AI agent (custom GPTs, autonomous services, MCP servers, coding agents) and assigns clear human and departmental ownership to each. Orphaned agents &#8212; those without a responsible owner or linked to a departed employee &#8212; are flagged, and ownership assignment is enforced. Token&#8217;s unified identity graph correlates AI agents, humans, secrets, permissions, and data to reveal blast radius. Intent-based controls (declared and observed agent intent) further align permissions to agent purpose.</p><h3><strong>Twine Security</strong></h3><p>https://www.twinesecurity.com/use-cases/account-ownership-integrity</p><p>Twine&#8217;s AI employee &#8216;Alex&#8217; specifically identifies orphaned accounts &#8212; users/agents that have access but no valid owner &#8212; investigates which employee should be responsible for each account, and updates the record with the correct owner. This is an active investigation workflow rather than passive metadata correlation. Alex integrates with existing IGA platforms and improves the efficiency of access certification by providing richer context to managers during reviews.</p><h3>Other Vendors of Note</h3><p>Anetac, Astrix Security, Eqty Lab, Knostic AI, Radiant Logic, SecureAuth, Sonrai Security, Teleport</p><div><hr></div><h2>Recommendations</h2><ul><li><p>For shadow AI / legacy environments (no existing metadata): Prioritise vendors with AI/ML-based correlation approaches.</p></li><li><p>For Microsoft-centric organisations: Microsoft Entra Agent ID provides the deepest native integration with existing Entra governance tooling and the most formally specified ownership succession model.</p></li><li><p>For organisations prioritising cryptographic accountability look to see if vendors support the ability for per-session linking of human tokens to agent access materials.</p></li><li><p>For organisations with mature IGA programmes look to see if existing access governance can be built upon a foundation of linking agents to human reviewers via additional context</p></li></ul><div><hr></div><p><strong>About The Author</strong></p><p>Simon Moffatt has over 25 years of experience in IAM, cyber, and identity security. He is the founder of <a href="https://www.thecyberhut.com/">The Cyber Hut</a>, a specialist research and advisory firm based out of the UK. He is the author of <a href="https://a.co/d/7oO2oOW">CIAM Design Fundamentals</a> and <a href="https://www.thecyberhut.com/iam%20at%202035/">IAM at 2035</a>: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker, and a strategic advisor to entities in the public and private sectors.</p><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://calendly.com/simonmof/payg-1hr-vendor-discussion?back=1&quot;,&quot;text&quot;:&quot;Book Consultation to Discuss&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://calendly.com/simonmof/payg-1hr-vendor-discussion?back=1"><span>Book Consultation to Discuss</span></a></p><div><hr></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://radar.thecyberhut.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share&quot;,&quot;text&quot;:&quot;Share The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;action&quot;:null,&quot;class&quot;:&quot;button-wrapper&quot;}" data-component-name="ButtonCreateButton"><a class="button primary button-wrapper" href="https://radar.thecyberhut.com/?utm_source=substack&amp;utm_medium=email&amp;utm_content=share&amp;action=share"><span>Share The Cyber Hut Radar - Emerging Technology Research</span></a></p><p>Last updated 16 April 2026</p>]]></content:encoded></item><item><title><![CDATA[Claude Mythos and Project Glasswing: The End of Cyber Security As We Know It?]]></title><description><![CDATA[Analyst Comment]]></description><link>https://radar.thecyberhut.com/p/claude-mythos-and-project-glasswing</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/claude-mythos-and-project-glasswing</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Fri, 10 Apr 2026 10:40:19 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!U6if!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F92c08413-1ad7-41c4-9da7-85c810fddfff_3840x2160.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2>Analyst Comment</h2><p>Anthropic recently announced something called <a href="https://www.anthropic.com/glasswing">Project Glasswing</a>. A partnership with leading technology vendors to improve cyber security. Organisations such as Microsoft, Palo Alto, Nv&#8230;</p>
      <p>
          <a href="https://radar.thecyberhut.com/p/claude-mythos-and-project-glasswing">
              Read more
          </a>
      </p>
   ]]></content:encoded></item><item><title><![CDATA[Review of RSAC 2026]]></title><description><![CDATA[A retrospective on emerging security trends from the 35th anniversary of the key conference]]></description><link>https://radar.thecyberhut.com/p/review-of-rsac-2026</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/review-of-rsac-2026</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 31 Mar 2026 08:22:29 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!AfHC!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Last week I travelled over to San Francisco for the <a href="https://www.rsaconference.com/library/video/rsac-conference-35th-anniversary">35th edition</a> of the <a href="https://www.rsaconference.com/">RSAC</a> conference. I joined over 40,000 security professionals from around the globe all wondering if AI can be &#8220;secured&#8221; - by what and how. We got <em>some</em> answers to that during week - for which I will return later - but perhaps that wasn&#8217;t necessarily the main question we should have been trying to answer. More on that too.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!AfHC!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!AfHC!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png 424w, https://substackcdn.com/image/fetch/$s_!AfHC!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png 848w, https://substackcdn.com/image/fetch/$s_!AfHC!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png 1272w, https://substackcdn.com/image/fetch/$s_!AfHC!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!AfHC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png" width="1456" height="1456" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1456,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:18629380,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!AfHC!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png 424w, https://substackcdn.com/image/fetch/$s_!AfHC!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png 848w, https://substackcdn.com/image/fetch/$s_!AfHC!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png 1272w, https://substackcdn.com/image/fetch/$s_!AfHC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F431b3c1e-de2c-4410-81b7-feba09220bec_3264x3264.png 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>I have personally being going to RSAC for over 15 years, and this was the 5th consecutive  year of taking <a href="https://www.thecyberhut.com/">The Cyber Hut</a> there as an analyst firm. </p><p>Even in that relatively short half-decade, technology, world events and business needs have iterated hugely - often going through the entire invention-innovation-obsolescence cycle. I think the biggest contribution AI is currently making, is the significant reduction in time that cycle is taking to complete - which in turn is driving further adoption of AI, but also making the measurable impact more tangible. </p><div><hr></div><h2>Show Floor Splashes</h2><p>Let&#8217;s be clear, if your vendor booth wasn&#8217;t &#8220;securing AI&#8221;, &#8220;discovering agents&#8221;, &#8220;being the AI control plane&#8221; your marketing team wasn&#8217;t on point. The fascinating thing of course, is that many vendors claiming these capabilities were - 12 months ago - likely to be non-competitive with one another. What does that tell us?</p><p>Firstly there is a lot of froth and marketing fluff emerging from many vendors as it pertains to AI security. Secondly, many of the topics that numerous small and emerging technology vendors were trying to solve 12-18 months ago were clearly not attacking the correct problem statements.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!EAIy!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!EAIy!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png 424w, https://substackcdn.com/image/fetch/$s_!EAIy!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png 848w, https://substackcdn.com/image/fetch/$s_!EAIy!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png 1272w, https://substackcdn.com/image/fetch/$s_!EAIy!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!EAIy!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png" width="1456" height="779" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:779,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:9973344,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!EAIy!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png 424w, https://substackcdn.com/image/fetch/$s_!EAIy!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png 848w, https://substackcdn.com/image/fetch/$s_!EAIy!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png 1272w, https://substackcdn.com/image/fetch/$s_!EAIy!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5b9aa0ac-ce35-4f74-b143-4317c655057a_3264x1746.png 1456w" sizes="100vw"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Of course, there are many vendors who <strong>are</strong> developing some series capabilities to secure the AI world. But not all AI is the same. Firstly AI is hugely broad and equally it will take a &#8220;village&#8221; to secure both the end to end usage of AI - including the building blocks such as agents, MCP, models and tools - as well as the most critical aspect of all: the thing which makes AI tick, is of course data.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!3zKJ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!3zKJ!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png 424w, https://substackcdn.com/image/fetch/$s_!3zKJ!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png 848w, https://substackcdn.com/image/fetch/$s_!3zKJ!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png 1272w, https://substackcdn.com/image/fetch/$s_!3zKJ!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!3zKJ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png" width="880" height="716" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/c894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:716,&quot;width&quot;:880,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:68836,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!3zKJ!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png 424w, https://substackcdn.com/image/fetch/$s_!3zKJ!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png 848w, https://substackcdn.com/image/fetch/$s_!3zKJ!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png 1272w, https://substackcdn.com/image/fetch/$s_!3zKJ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fc894b17c-6dd2-4dd1-a2b3-ddeac597769a_880x716.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>So by association it is quite legitimate to see so many vendors from a broad ecosystem of security to be promoting and gravitating to the AI world. No one single vendor or even platform will be able to handle this complexity today. And I suffix &#8220;today&#8221; to that statement as things may well change - as a result of the <em>use </em>of AI to the extent that consolidation, feature innovation and understanding, may well allow multiple aspects of the AI world to be secured from a single source.</p><p>But we need to first understand AI:</p><ul><li><p>has lots of moving parts</p></li><li><p>interacts with humans - remember those?</p></li><li><p>should be designed with higher level objectives in mind</p></li><li><p>will be influenced by external factors such as ethics and compliance</p></li></ul><p>So the show floor was dominated by AI - from the data, identity, endpoint and operations worlds. These are big broad buckets for sure, but these pillars have many existing concepts that can be applied to the AI world. A few interesting questions and use cases though I feel are not necessarily getting the attention they deserve.</p><p>We also need to consider:</p><ul><li><p>How AI links to human actions, ownership and risk</p></li><li><p>Who or what can access an agent - not just what the agent can do</p></li><li><p>How to manage the AI-mesh</p></li></ul><p>This AI-mesh concept is emerging more and more with the B2C identity world. Typically the modus-operandi for B2C identity is for the service provider to try and deliver personalised experiences for an end user - and in turn be a position to engage more and sell more. To do this of course the service provider requires data - which brings in a privacy conflict (see <a href="https://amzn.eu/d/0ci6BTQC">CIAM Design Fundamentals</a> for why this occurs and how it can solved) and a primary need to &#8220;own the user identity&#8221;. </p><p>The introduction of agentic AI can potentially create a barrier between a service provider and a consumer or purchaser of a service. This was discussed in detail on <a href="https://www.youtube.com/watch?v=3YFKMLq_qJs">episode 70 of The Analyst Brief podcast</a> and it will be interesting to see if this does materialise into a real issue.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!6O-F!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!6O-F!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png 424w, https://substackcdn.com/image/fetch/$s_!6O-F!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png 848w, https://substackcdn.com/image/fetch/$s_!6O-F!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png 1272w, https://substackcdn.com/image/fetch/$s_!6O-F!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!6O-F!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png" width="880" height="716" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:716,&quot;width&quot;:880,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:117897,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!6O-F!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png 424w, https://substackcdn.com/image/fetch/$s_!6O-F!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png 848w, https://substackcdn.com/image/fetch/$s_!6O-F!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png 1272w, https://substackcdn.com/image/fetch/$s_!6O-F!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F36f0899d-69a8-409c-ab1f-39ee70803ada_880x716.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>I guess the AI-mesh may ultimately end up to be a &#8220;robot wars&#8221; style evolution - with agent to agent being the standard interaction model, which in turn is a race to the bottom with respect to having only AI being the apparatus that can truly interact with and ultimately secure other AI components.</p><p>From the show floor, the immediate capabilities that have emerged into relatively stable value points:</p><ol><li><p><strong>Discovery</strong> - being able to rapidly find AI components - be that agents running, shadow AI services being used and MCP services deployed</p></li><li><p><strong>JiT</strong> - being able to at least design a just in time access model for agents, so they only have the access they need for a very short period of time</p></li><li><p><strong>Behaviour</strong> - being able to monitor agent behaviour to identify malicious intent, changes in usage or optimization steps that look dangerous or damaging</p></li><li><p><strong>Ownership</strong> - whilst acknowledged as being vitally important, the approach and consistency here for linking agents to carbon life forms is lacking a little</p></li></ol><div><hr></div><h3>The Cyber Hut Recent AI Research</h3><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;c6e13bd4-8924-49fb-a8b1-8088e3e10f13&quot;,&quot;caption&quot;:&quot;As AI agents become more autonomous and deeply embedded in modern systems, they&#8217;re no longer just tools&#8212;they&#8217;re active participants. They access data, trigger workflows, and interact across platforms with minimal human intervention. Yet despite this growing responsibility, most AI agents still rely on outdated authentication methods never designed for n&#8230;&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Do Agents Need A Cryptographic Identity?&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2026-03-17T11:17:41.415Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!9IVe!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd637576-0800-4171-90a4-adb6182b86ec_768x401.avif&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/do-agents-need-a-cryptographic-identity&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:191239024,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:1,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;5a43af60-b45e-44e3-b9a2-cb75dab02436&quot;,&quot;caption&quot;:&quot;AI agents have the potential to drive huge disruption to an array of use cases and benefactors across nearly all sectors of the global economy. From healthcare and public services, to more productive use of employee time and improving eCommerce and online interactions, it seems AI and the use of agents can deliver material impact for&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Industry Webinar: Identity-First Security for AI Agents&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2025-08-06T09:25:06.729Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!QKAH!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fbef9d065-444c-48d7-ac4d-440e33b14e79_960x540.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/industry-webinar-identity-first-security&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:169818426,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:1,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;61e7a561-784e-48c3-b963-53b31db8c0db&quot;,&quot;caption&quot;:&quot;Agent Identity and Access Management&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Cheat Sheet: Agentic-AI Security Architecture Example&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2026-02-17T12:46:12.060Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!eanl!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa711daef-288e-4da5-8ee8-74f1c50c4089_818x731.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/cheat-sheet-agentic-ai-security-architecture&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:188254238,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:1,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div><hr></div><h2>Topical Talks</h2><p>Whilst most of my time was in vendor briefings and show floor hopping I did manage to get some live session action in - and as always I tried to select a broad cross-section of topics.</p><h4>Star Dot Typhoon </h4><p>My first session, was literally the first talk of the week and a Day 1 0830 start to listen to <a href="https://path.rsaconference.com/flow/rsac/us26/FullAgenda/page/catalog/session/1755872064491001pUF2">Inside the Hunt for China&#8217;s Typhoons: Disrupt, Deter, and Defend</a>. The &#8220;typhoon&#8221; campaigns have brought some considerable disruption to numerous private sector entities. These attacks are being attributed to Chinese nation state actions - but with some subtle nuances between Volt Typhoon and Salt Typhoon with respect to attribution, behaviours and more importantly defensive response.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!NfOC!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!NfOC!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png 424w, https://substackcdn.com/image/fetch/$s_!NfOC!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png 848w, https://substackcdn.com/image/fetch/$s_!NfOC!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png 1272w, https://substackcdn.com/image/fetch/$s_!NfOC!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!NfOC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png" width="1456" height="683" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/b47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:683,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:3725314,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!NfOC!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png 424w, https://substackcdn.com/image/fetch/$s_!NfOC!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png 848w, https://substackcdn.com/image/fetch/$s_!NfOC!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png 1272w, https://substackcdn.com/image/fetch/$s_!NfOC!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fb47096c7-1b1b-4763-ade5-c7d31fbe7a22_3264x1531.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>If Salt Typhoon was focused more on espionage and knowledge collection, Volt Typhoon was being classified as &#8220;military pre-positioning&#8221; and unpicking the why with strong attribution in turn helps defensive actions be more focused.</p><p>This defensive response of course relies on threat intelligence sharing - and the link between public agencies and private enterprise and in turn between private enterprises (who may well be competitive in their respect sectors) has been brought up on numerous occasions, with no real solution to strategically improve this. The talk ended with a discussion on the &#8220;hack back&#8221; option - and whilst this may well be  &#8220;off the table&#8221; with respect to recent US cyber strategy, it generated several audience questions around pro-actively defending core assets.</p><p>As an aside, the number one recommendation with respect to lessons learnt was of course <strong>identity-centric defense</strong>. Not only from an attribution point of  (knowing who and what has strongly authenticated) but by analysing account behaviour, permissions usage and the like, can strongly help with intent analysis too.</p><h4>Drones Need Identities Too</h4><p>Another talk that caught my eye was entitled <a href="https://path.rsaconference.com/flow/rsac/us26/FullAgenda/page/catalog/session/1756056173054001UOV6">Beyond the Fence: Securing Our Skies from the Drone Threat</a>. Whilst this may seem like an obvious candidate for both military and physical related security discussion, it was rapidly boiled down into a cyber and more specifically an identity related issue. Whilst the threat vector has moved from being 2D to 3D - the digital and logical side of drone management has become a major issue. </p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!GKMO!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!GKMO!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png 424w, https://substackcdn.com/image/fetch/$s_!GKMO!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png 848w, https://substackcdn.com/image/fetch/$s_!GKMO!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png 1272w, https://substackcdn.com/image/fetch/$s_!GKMO!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!GKMO!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png" width="1456" height="840" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/dd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:840,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:8972970,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!GKMO!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png 424w, https://substackcdn.com/image/fetch/$s_!GKMO!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png 848w, https://substackcdn.com/image/fetch/$s_!GKMO!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png 1272w, https://substackcdn.com/image/fetch/$s_!GKMO!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdd88569e-1c87-4075-8011-2cefbf18afa0_3264x1884.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The rise of anonymous drone activity across many US cities in recent years has sky rocketed - with a lack of both drone identifier information but also lineage of drones to physical people. Sound familiar? It&#8217;s exactly the same conceptual use case for both non-human identity and agentic usage today. First discover all instances, then remove anonymous entities and then apply risk analysis functions. </p><p>There is a basic &#8220;remote ID&#8221; concept but lacks integrity protection, is optional and also doesn&#8217;t necessarily contain information relating to the physical owner. It would seem the most sensible option to bind the drone to an owner on purchase. Likely via a mobile app with strong MFA. There are numerous existing standards here that could help - from FIDO for authn, but also OAuth2 Device Authorization grant perhaps too - allowing the drone to &#8220;act on a user&#8217;s behalf&#8221;. Preventing the drone from powering on until an owner had been authenticated may not fly (pun intended) commercially but seems like the most sensible way of improving lineage and trust.</p><h4>Venture Capital + AI = Market Transformation?</h4><p>One of the first sessions on the final day brought not only coffee requirements but some insight from the VC and investment world on how they are viewing the AI revolution: what might happen next, how they evaluate AI startups and what might happen to the existing incumbents. </p><p><a href="https://path.rsaconference.com/flow/rsac/us26/FullAgenda/page/catalog/session/1756087123178001dhi0">The AI Gold Rush in Cybersecurity: Where Venture Dollars Go</a> was a great panel and the amplification of a &#8220;gold rush&#8221; is so apt.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!XBfX!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!XBfX!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg 424w, https://substackcdn.com/image/fetch/$s_!XBfX!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg 848w, https://substackcdn.com/image/fetch/$s_!XBfX!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!XBfX!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!XBfX!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg" width="1456" height="1092" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1092,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:344111,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!XBfX!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg 424w, https://substackcdn.com/image/fetch/$s_!XBfX!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg 848w, https://substackcdn.com/image/fetch/$s_!XBfX!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!XBfX!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F86396f56-e94b-476b-bc75-6b46297475ef_2016x1512.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The concept of a trillion dollar cyber security company emerged and will AI make this possible? The industry pendulum moves consistently between best of breed and best of suite and will AI accelerate either of these end goals? </p><p>Some interesting points were made about how AI is impacting existing market trends - namely that feature implementation and code generation is increasing innovation. So platform providers can rapidly add new capabilities at the edge of their core competency - namely as building stuff now takes less time. That in turn has had a knock on with respect to merger activity. It will be interesting how long that continues for, but for sure, feature differences between organisations is becoming extremely narrow. </p><div class="poll-embed" data-attrs="{&quot;id&quot;:485370}" data-component-name="PollToDOM"></div><p>But having features alone is no longer enough. The &#8220;Balkanisation&#8221; of markets and the general anti-American global sentiment is what Dave DeWalt says will be one of the key issues in the coming period with respect to how to get to being a trillion dollar business. How can vendors aim to deliver global services to different geographic markets, with different compliance, sovereignty and supply chain constraints? Does AI help or hinder this?</p><p>They also brought up the interesting maturity of companies such as Salesforce, ServiceNow and Mastercard who now have significant cyber security offerings when historically that has not been their core aim. Will this trend continue, with essentially ever organisations providing cyber capabilities at some level?</p><h4>Midnight at the War Room</h4><p>The final talk I caught, was literally one of the final sessions on the final day. A distinguished panel of Chase Cunningham (Dr Zero Trust), Sarah Gosler, former Deputy Director of the NSA Chris Inglis and RSAC exec and cyber luminary Jen Easterley dived into the <a href="https://path.rsaconference.com/flow/rsac/us26/FullAgenda/page/catalog/session/1770858769987001vKR0">world of cyber warfare</a>.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!_5UN!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!_5UN!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png 424w, https://substackcdn.com/image/fetch/$s_!_5UN!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png 848w, https://substackcdn.com/image/fetch/$s_!_5UN!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png 1272w, https://substackcdn.com/image/fetch/$s_!_5UN!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!_5UN!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png" width="1456" height="947" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:947,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:10180729,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!_5UN!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png 424w, https://substackcdn.com/image/fetch/$s_!_5UN!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png 848w, https://substackcdn.com/image/fetch/$s_!_5UN!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png 1272w, https://substackcdn.com/image/fetch/$s_!_5UN!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2a6fb951-41bf-413a-85ef-982f307a1a78_3264x2124.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The panel was supporting and showcasing clips of an up and coming documentary called &#8220;<a href="https://www.semperis.com/midnight-in-the-war-room/">Midnight in the War Room</a>&#8221; being developed by Semperis. The full documentary will be released in August at Blackhat USA but the panel gave some interesting glimpses into what cyber war in 2026 really means, how it&#8217;s evolving and what can be done to respond to it.</p><p>The most headline catching line was likely delivered by Chase, articulating that &#8220;if your dog is wearing an Internet-enabled dog collar, it&#8217;s part of the battle field!&#8221;. Meaning that we are now entering an age where digital and cyber warfare is real - and the private sector has become the 6th domain of war fare after land, air, sea, space and cyber.</p><div><hr></div><h2>Innovation Sandbox</h2><p>The annual <a href="https://path.rsaconference.com/flow/rsac/us26/FullAgenda/page/catalog/session/1765306496145001Wifg">innovation sandbox</a> is a chance for early stage cyber vendors to pitch in front of both an esteemed panel put together by RSAC as well as a few hundred audience members. Each vendor gets exactly 3 minutes to pitch their idea, vision and strategy before being grilled by the panel. An hour or so deliberation results in a winner - with funding and glory - with each of the 10 finalists receiving a healthy $5 Million to boost their growth.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!6mGk!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!6mGk!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png 424w, https://substackcdn.com/image/fetch/$s_!6mGk!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png 848w, https://substackcdn.com/image/fetch/$s_!6mGk!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png 1272w, https://substackcdn.com/image/fetch/$s_!6mGk!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!6mGk!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png" width="1456" height="917" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:917,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:10429662,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!6mGk!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png 424w, https://substackcdn.com/image/fetch/$s_!6mGk!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png 848w, https://substackcdn.com/image/fetch/$s_!6mGk!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png 1272w, https://substackcdn.com/image/fetch/$s_!6mGk!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5149fdfe-42ae-4deb-b094-1e87b429238c_3264x2056.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The winner of the accolade of &#8220;most innovative startup 2026&#8221; went to <a href="https://www.geordie.ai/">Geordie AI</a> with their AI governance platform. An end to end view of usage as well as linkage to human ownership were core mentions. They describe themselves as &#8220;<em>Geordie gives your organization a holistic, real-time understanding of its agentic footprint, whether agents are locally coded, self or SaaS hosted, or built on low or no-code platforms. Geordie combines behavioral observability and posture context to build a living picture of how agents operate.&#8221;. </em></p><p>Numerous startups during the week talked the same talk. Time will tell which wins out.</p><p>Other participants included:</p><ul><li><p>ZeroPath - looking to improve app sec scaling</p></li><li><p>Token Security - improving identity security for NHI and agents</p></li><li><p>Realm Labs - detection and response for AI with a deep neural scanner</p></li><li><p>Humanix - improving social engineering detection and response</p></li><li><p>Glide Identity - reducing login phishing with SIM authentication</p></li><li><p>Fig - security operations optimization</p></li><li><p>Crash Override - becoming the control for software development life cycle</p></li><li><p>Clearly AI - compliance, data and privacy security analyser and assessment</p></li><li><p>Charm Security - scam and fraud prevention platform using agents</p></li></ul><div><hr></div><h2>Early Stage Standouts</h2><p>In addition to both the Innovation Sandbox and the main vendor show floor expo, there is the <a href="https://www.rsaconference.com/usa/expo-and-sponsors/early-stage-expo?_gl=1*fhbikh*_gcl_aw*R0NMLjE3NzM2ODAzNzguQ2p3S0NBancxTjdOQmhBb0Vpd0FjUGNocF9aWFVMOGJBeGlmMU04NjdxVDNFbnVaV3gyYW1NR1JoQ3FDYnRZQURBNEczNk9iaG93aWpSb0NrUlFRQXZEX0J3RQ..*_gcl_au*NDI3ODY5OTU0LjE3Njc2MTAyNDg.*_ga*MjA1MTQ0MzU2Ny4xNzU5Mzk0NzYx*_ga_Q3JZKF3KQM*czE3NzQ3MTQwNjckbzI2JGcxJHQxNzc0NzE3MjM2JGozNyRsMCRoNDg4ODAwMDI2">Early Stage Expo</a> - which is essentially a combination of the two. Around 80 vendors - some entirely new, some with a bit of funding and a year or two in the market - exhibit and engage in prospect discussion. A few that caught my attention from an identity point of view:</p><ul><li><p>12 Port Inc - looking to reinvigorate the privileged access space</p></li><li><p>Identity Rules - a Mexico based ITDR and identity behaviour startup</p></li><li><p>Klyro - IGA focused helping to accelerate application onboarding</p></li><li><p>WideField Security - visibility and behaviour monitoring</p></li><li><p>Hush Security - NHI and machine security platform</p></li></ul><div><hr></div><h2>Vendor Briefing Shout Outs</h2><p>A quick shout out to vendors who I met with more formally to discuss their product, sales and technical go to market updates. It is always exciting to get updates from so many smart and innovative leaders, passionate to help solve some of today&#8217;s most pressing identity and cyber security problems. Over the week I spoke with:</p><ul><li><p><a href="https://www.andromedasecurity.com/">Andromeda Security</a> - &#8220;<em>Intelligently discover, secure, and govern AI agents, humans, and NHIs&#8212;driven by risk and behavioral context.&#8221;</em></p></li><li><p><a href="https://www.appviewx.com/">AppViewX</a> - &#8220;<em>Automate certificate management and PKI. Govern agentic and machine IAM. AppViewX secures enterprises for the AI and quantum era.&#8221;</em></p></li><li><p><a href="https://www.axiad.com/">Axiad</a> - <em>&#8220;Trusted Identity. At the speed of now.&#8221;</em></p></li><li><p><a href="https://cy4datalabs.com/">Cy4Data Labs</a> - <em>&#8220;Unlimited Encryption Keys. Unbreakable Security. Zero Performance Impact.&#8221;</em></p></li><li><p><a href="https://www.britive.com/">Britive</a> - <em>&#8220;We don&#8217;t manage standing privileges. We eliminate them. One control plane, one policy, every identity.&#8221;</em></p></li><li><p><a href="https://www.cisco.com/site/uk/en/products/security/identity-services-engine/index.html">Cisco</a> - <em>&#8220;Leverage intel from across your stack to enforce policy, manage endpoints and deliver trusted access. Multi-cloud NAC with zero trust makes it possible.&#8221;</em></p></li><li><p><a href="https://delinea.com/">Delinea</a> - <em>&#8220;Redefining identity security for the agentic AI era&#8221;</em></p></li><li><p><a href="https://www.descope.com/">Descope</a> - <em>&#8220;Reduce user friction, prevent account takeover, and get a 360<strong>&#176;</strong> view of your customer and agentic identities with the Descope External IAM platform.&#8221;</em></p></li><li><p><a href="https://entro.security/">Entro Security</a> - <em>&#8220;Unified identity security and lifecycle across Non-Humans, AI Agents &amp; Humans&#8221;</em></p></li><li><p><a href="https://www.manageengine.com/identity-access-management.html">ManageEngine</a> - <em>&#8220;Secure and manage enterprise digital identities and<br>privileged access.&#8221;</em></p></li><li><p><a href="https://p0.dev/">P0 Security</a> - <em>&#8220;The P0 AuthZ Control Plane&#8482; makes production access fast, secure and easy to manage. No standing privilege, no manual overhead, no audit surprises.&#8221;</em></p></li><li><p><a href="https://pathlock.com/">Pathlock</a> - <em>&#8220;When traditional IGA isn&#8217;t enough, companies turn to Pathlock for compliant provisioning, fine-grained SoD analysis, user access reviews, privileged access, and continuous controls monitoring.&#8221;</em></p></li><li><p><a href="https://permiso.io/">Permiso</a> - <em>&#8220;Discover.Protect. Defend. Monitor All Identities In All Environments. Redefining identity security for the agentic AI era&#8221;</em></p></li><li><p><a href="https://www.plainid.com/">PlainID</a> - <em>&#8220;Agentic AI changes everything, Run-time Authorization makes it secure.&#8221;</em></p></li><li><p><a href="https://www.pqcee.com/">pQCee</a> - <em>&#8220;Be Quantum Ready. Start your quantum readiness journey early&#8221;</em></p></li><li><p><a href="https://www.unosecur.com/">Unosecur</a> - <em>&#8220;Discover, govern, and enforce least privilege for every AI agent, NHI and human identity across multi-cloud, SaaS, IdPs, and on-prem in run-time.&#8221;</em></p></li><li><p><a href="https://sgnl.ai/">Crowdstrike/SGNL</a> - <em>&#8220;SGNL sits at the center of your IAM architecture. It eliminates standing privilege and instantly adapts access when conditions change.&#8221;</em></p></li><li><p><a href="https://www.silverfort.com/">Silverfort</a> - <em>&#8220;Discover and protect every dimension of identity, everywhere. Human, machine or AI, cloud or on-prem&#8212;including systems that couldn't be protected before.&#8221;</em></p></li><li><p><a href="https://goteleport.com/">Teleport</a> - <em>&#8220;Teleport unifies identities &#8212; humans, machines, and AI &#8212; with strong identity implementation to speed up engineering, improve resiliency against identity-based attacks, and control AI in production infrastructure.&#8221;</em></p></li><li><p><a href="https://www.zluri.com/">Zluri</a> - <em>&#8220;Gain complete visibility into identities and access, automate governance, and continuously manage identity risk across your enterprise.&#8221;</em></p></li></ul><div><hr></div><h2>Pick of the Parties</h2><p>And finally&#8230;RSAC wouldn&#8217;t be RSAC without some legendary parties. Whilst the jeg lag inevitably kicked in, I did manage to float across the evenings to continue the networking, grab a beer and even on one night - shock horror - get away from RSAC entirely and see one of my favourite musicians, the iconic Johnny Marr former guitarist of The Smiths at the fantastic small venue the Great American Music Hall.</p><p>A few specific shout outs should be raised. Wednesday I attended the Security Founders' Oasis at the great Chinese restaurant Fang hosted by Leen, Ross Haleliuk (Venture in Security), Caleb Sima  (White Rabbit VC), Cimento AI and Paul Lanzi (IDenovate). Really packed party with a broad selection of startups and founder leaders.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!sG1d!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!sG1d!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png 424w, https://substackcdn.com/image/fetch/$s_!sG1d!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png 848w, https://substackcdn.com/image/fetch/$s_!sG1d!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png 1272w, https://substackcdn.com/image/fetch/$s_!sG1d!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!sG1d!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png" width="1456" height="1096" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1096,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:9598865,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!sG1d!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png 424w, https://substackcdn.com/image/fetch/$s_!sG1d!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png 848w, https://substackcdn.com/image/fetch/$s_!sG1d!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png 1272w, https://substackcdn.com/image/fetch/$s_!sG1d!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F5ff90417-dfcb-488d-a031-153bfb69d7b7_3264x2456.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>Monday I got to attend someone else&#8217;s podcast (instead of host <a href="https://www.thecyberhut.com/podcast/">The Analyst Brief</a>) for a change and watched a live recording of the <a href="https://www.siliconzombies.com/">Silicon Zombies</a> record an episode called 'The Art of the Possible in Cyber-security' with experts from Acalvio Technologies and accuknox over at the Embacadero Center.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!7phz!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!7phz!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg 424w, https://substackcdn.com/image/fetch/$s_!7phz!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg 848w, https://substackcdn.com/image/fetch/$s_!7phz!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!7phz!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!7phz!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg" width="1456" height="1092" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1092,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:2590584,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!7phz!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg 424w, https://substackcdn.com/image/fetch/$s_!7phz!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg 848w, https://substackcdn.com/image/fetch/$s_!7phz!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!7phz!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F08b3a166-a39a-484c-abc3-d009522c3bb2_4032x3024.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The final night on Wednesday I headed down to Yerba Buena bar for The Hive Reception hosted by Bugcrowd, HPE Networking, Menlo Security, and Unosecur - which should get the marks for the best craft beer during RSAC with a great Drakes Hazy IPA on draught.</p><p>After that was the Insight Partners ScaleUp party on Minna sponsored by Veeam, Teleport, Island and Delinea amongst others.</p><p>One final party shout out should really go to investors Thoma Bravo for hosting a great event at the Museum of Modern Art. A key highlight is yet another musical one, this time with Kings of Leon entertaining the cyber masses.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!CVh3!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!CVh3!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png 424w, https://substackcdn.com/image/fetch/$s_!CVh3!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png 848w, https://substackcdn.com/image/fetch/$s_!CVh3!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png 1272w, https://substackcdn.com/image/fetch/$s_!CVh3!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!CVh3!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png" width="1456" height="806" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/a682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:806,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:8225575,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!CVh3!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png 424w, https://substackcdn.com/image/fetch/$s_!CVh3!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png 848w, https://substackcdn.com/image/fetch/$s_!CVh3!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png 1272w, https://substackcdn.com/image/fetch/$s_!CVh3!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa682f0fc-aa8c-43d7-abaa-958550d6bcbf_3264x1807.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div><hr></div><h2>Final Comment</h2><p>From a technology point of view AI dominated. There&#8217;s no question. From how it can be protected to how it can be used within cyber. There are clearly lots of unknowns and lots of moving parts, but the innovation cycles are collapsing rapidly. Feature implementation has accelerated hugely. But whilst the &#8220;how to build&#8221; may have become easier with vibe coding and faster integrations, the &#8220;what to build&#8221; can still be tough.</p><p>As that needs humans. And I think that was a key underlying theme throughout the entire week. Either being explicitly called out in several of the key notes - specifically about the power of the community within cyber - but also more subtly when trying to understand where AI is taking us. </p><p>We must not forget the human-aspect within AI and technology in general. How we will integrate and use technology, the benefits (and potential damage) it can bring to us and our actions as responsible and accountable people.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!LArl!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!LArl!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png 424w, https://substackcdn.com/image/fetch/$s_!LArl!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png 848w, https://substackcdn.com/image/fetch/$s_!LArl!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png 1272w, https://substackcdn.com/image/fetch/$s_!LArl!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!LArl!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png" width="1456" height="1004" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1004,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:9714884,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/192404691?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!LArl!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png 424w, https://substackcdn.com/image/fetch/$s_!LArl!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png 848w, https://substackcdn.com/image/fetch/$s_!LArl!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png 1272w, https://substackcdn.com/image/fetch/$s_!LArl!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F869db48a-87f7-4c34-9e11-2ff6c4973504_3264x2250.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>I guess this was brought to a funny pinnacle, with the actor Kevin Bacon (and this brother) encouraging a packed key note audience to become only one-degree away from a Bacon with a mass singalong. Let&#8217;s end it there.</p><div><hr></div><div id="youtube2--2LggnLxU-k" class="youtube-wrap" data-attrs="{&quot;videoId&quot;:&quot;-2LggnLxU-k&quot;,&quot;startTime&quot;:null,&quot;endTime&quot;:null}" data-component-name="Youtube2ToDOM"><div class="youtube-inner"><iframe src="https://www.youtube-nocookie.com/embed/-2LggnLxU-k?rel=0&amp;autoplay=0&amp;showinfo=0&amp;enablejsapi=0" frameborder="0" loading="lazy" gesture="media" allow="autoplay; fullscreen" allowautoplay="true" allowfullscreen="true" width="728" height="409"></iframe></div></div><div><hr></div><h2>Further Resources</h2><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;9c916cde-fb25-4095-9b9c-d5004693edad&quot;,&quot;caption&quot;:&quot;Last week saw over 40,000 people descend upon San Francisco for the annual RSAC Conference. Hundreds of sessions, over 600 vendors, plus the ever-growing innovation expo full of cutting edge startups all looking to solve some of today&#8217;s most complex security concerns.&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;Review of RSAC 2025&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2025-05-06T10:54:52.399Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!A_w6!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6071664d-1df4-43c6-9fe6-2f3fa1419064_3698x2197.jpeg&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/iam-at-rsac-2025&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:162957867,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:0,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div class="digest-post-embed" data-attrs="{&quot;nodeId&quot;:&quot;2730abf8-363b-4d47-993e-28d2f2d27a5e&quot;,&quot;caption&quot;:&quot;This week I had the privilege of being an analyst attendee at the RSA Conference 2024 at the Moscone in San Francisco. This was the second year representing The Cyber Hut as the leading independent boutique analyst firm focused on emerging IAM technologies since we founded - and something like my 6th or 7th RSA overall.&quot;,&quot;cta&quot;:&quot;Read full story&quot;,&quot;showBylines&quot;:true,&quot;showDescription&quot;:true,&quot;showImage&quot;:true,&quot;size&quot;:&quot;sm&quot;,&quot;isEditorNode&quot;:true,&quot;title&quot;:&quot;IAM at RSAC 2024: A review of Identity and Access Management at RSA Conference 2024&quot;,&quot;publishedBylines&quot;:[{&quot;id&quot;:34112948,&quot;name&quot;:&quot;The Cyber Hut&quot;,&quot;bio&quot;:&quot;Identity &amp; Cyber Security Emerging Technology Research Specialists&quot;,&quot;photo_url&quot;:&quot;https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/a9c960e4-4e27-4565-89d4-c37e48c4f703_300x300.png&quot;,&quot;is_guest&quot;:false,&quot;bestseller_tier&quot;:null}],&quot;post_date&quot;:&quot;2024-05-13T11:12:05.238Z&quot;,&quot;cover_image&quot;:&quot;https://substackcdn.com/image/fetch/$s_!PT8f!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F6929eea4-6e7b-4aa6-86ba-6cb06df9d1fd_1150x923.png&quot;,&quot;cover_image_alt&quot;:null,&quot;canonical_url&quot;:&quot;https://radar.thecyberhut.com/p/iam-at-rsac-2024-a-review-of-identity&quot;,&quot;section_name&quot;:null,&quot;video_upload_id&quot;:null,&quot;id&quot;:144577452,&quot;type&quot;:&quot;newsletter&quot;,&quot;reaction_count&quot;:2,&quot;comment_count&quot;:0,&quot;publication_id&quot;:1152167,&quot;publication_name&quot;:&quot;The Cyber Hut Radar - Emerging Technology Research&quot;,&quot;publication_logo_url&quot;:&quot;https://substackcdn.com/image/fetch/$s_!Lq6a!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49adcbd9-faf9-4c5d-b67b-0fb859d3d3f5_300x300.png&quot;,&quot;belowTheFold&quot;:true,&quot;youtube_url&quot;:null,&quot;show_links&quot;:null,&quot;feed_url&quot;:null}"></div><div><hr></div><h3>About The Author</h3><p>Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of <a href="https://www.thecyberhut.com/">The Cyber Hut</a> &#8211; a specialist research and advisory firm based out of the UK. He is author of <a href="https://a.co/d/7oO2oOW">CIAM Design Fundamentals</a> and <a href="https://www.thecyberhut.com/iam%20at%202035/">IAM at 2035</a>: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors. </p><p>Book an <a href="https://calendly.com/simonmof/payg-1hr-vendor-discussion?back=1&amp;month=2026-03">inquiry consultation</a> to discuss any of the above vendors.</p><div><hr></div><p></p>]]></content:encoded></item><item><title><![CDATA[The Hidden Risk of Fragmented Identity]]></title><description><![CDATA[And what can be done about it]]></description><link>https://radar.thecyberhut.com/p/the-hidden-risk-of-fragmented-identity</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/the-hidden-risk-of-fragmented-identity</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Thu, 26 Mar 2026 14:18:16 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!K-kJ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>As organisations scale across cloud, SaaS, and AI-driven environments, identity has become the <strong>primary control plane for security and access</strong>. Yet most enterprises still operate with a fragmented identity architecture&#8212;multiple tools, disconnected policies, and incomplete visibility.</p><p>This fragmentation is no longer just inefficient&#8212;it is <strong>a fundamental business and security risk</strong>.</p><div><hr></div><h2>The Problem: Identity Fragmentation at Scale</h2><p>Modern enterprises manage a rapidly expanding set of identities:</p><ul><li><p>employees and contractors</p></li><li><p>service accounts and APIs</p></li><li><p>cloud workloads and automation</p></li><li><p>emerging AI agents</p></li></ul><p>However, these identities are typically governed by <strong>multiple IAM systems operating in silos</strong>, often 6&#8211;16 different tools in a single organisation.</p><p>This creates a fragmented environment where:</p><ul><li><p>visibility is partial</p></li><li><p>policies are inconsistently enforced</p></li><li><p>identity relationships are poorly understood</p></li></ul><p>The result is an <strong>incomplete and unreliable view of access and risk</strong>.</p><div><hr></div><h2>What Can Be Done: Migration to Unified Identity</h2><p>The core need is for a <strong>unified identity model</strong>, often described as an <strong>&#8220;identity mesh.&#8221;</strong></p><p>This approach connects all identity systems&#8212;legacy, cloud, SaaS&#8212;into a single, orchestrated layer.</p><p>Key characteristics include:</p><h3>1. Centralised visibility</h3><ul><li><p>A complete inventory of all identities (human and non-human)</p></li><li><p>Clear mapping of permissions and relationships</p></li></ul><h3>2. Consistent policy enforcement</h3><ul><li><p>Unified access controls across all environments</p></li><li><p>Standardised authentication and governance</p></li></ul><h3>3. Continuous monitoring</h3><ul><li><p>Real-time tracking of identity behaviour</p></li><li><p>Detection of anomalies and misuse</p></li></ul><h3>4. Lifecycle orchestration</h3><ul><li><p>Integrated joiner&#8211;mover&#8211;leaver processes</p></li><li><p>Automated provisioning and deprovisioning</p></li></ul><div><hr></div><p>These concepts are part of an analyst comment series written for <a href="https://www.unosecur.com/">Unosecur</a>. The first <a href="https://www.unosecur.com/blog/the-unified-identity-imperative-breaking-the-cycle-of-fragmentation?utm_source=radar.thecyberhut.com">article</a> is available to read now.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!K-kJ!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!K-kJ!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png 424w, https://substackcdn.com/image/fetch/$s_!K-kJ!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png 848w, https://substackcdn.com/image/fetch/$s_!K-kJ!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png 1272w, https://substackcdn.com/image/fetch/$s_!K-kJ!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!K-kJ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png" width="1243" height="873" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/dff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:873,&quot;width&quot;:1243,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:498444,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/191585404?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!K-kJ!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png 424w, https://substackcdn.com/image/fetch/$s_!K-kJ!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png 848w, https://substackcdn.com/image/fetch/$s_!K-kJ!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png 1272w, https://substackcdn.com/image/fetch/$s_!K-kJ!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fdff0387e-90a3-4224-8bdf-3c205395c520_1243x873.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://www.unosecur.com/blog/the-unified-identity-imperative-breaking-the-cycle-of-fragmentation?utm_source=radar.thecyberhut.com&quot;,&quot;text&quot;:&quot;Read More&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://www.unosecur.com/blog/the-unified-identity-imperative-breaking-the-cycle-of-fragmentation?utm_source=radar.thecyberhut.com"><span>Read More</span></a></p><div><hr></div><h3>About The Author</h3><p>Simon Moffatt has over 25 years of experience in IAM, cyber, and identity security. He is the founder of <a href="https://www.thecyberhut.com/">The Cyber Hut</a>, a specialist research and advisory firm based out of the UK. He is the author of <a href="https://a.co/d/7oO2oOW">CIAM Design Fundamentals</a> and <a href="https://www.thecyberhut.com/iam%20at%202035/">IAM at 2035</a>: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker, and a strategic advisor to entities in the public and private sectors.</p><p></p><p></p>]]></content:encoded></item><item><title><![CDATA[Why Isolated User Authentication Undermines Security]]></title><description><![CDATA[And destroys user productivity and happiness]]></description><link>https://radar.thecyberhut.com/p/why-isolated-user-authentication</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/why-isolated-user-authentication</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Tue, 24 Mar 2026 14:10:55 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!hKjl!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Modern identity systems are often designed with strong authentication technologies - fulti-factor authentication (MFA), biometrics, and passwordless methods in the digital space and possession based in the physical (site and building) domain.</p><p>Yet despite these advances, many organisations still suffer from weak identity assurance. The reason is not a lack of technology, but a failure in <strong>how identity is experienced across the user journey</strong>, that merges the physical and digital realms.</p><div><hr></div><h2>The Problem: Fragmented Access &amp; Authentication</h2><p>Most organisations treat identity as a series of disconnected events:</p><ul><li><p><strong>Enrolment</strong> (initial setup of credentials)</p></li><li><p><strong>Authentication</strong> (logging in)</p></li><li><p><strong>Recovery</strong> (password resets, account unlocks)</p></li></ul><p>In practice, these stages are often handled by <strong>different systems, policies, and processes</strong>. This leads to:</p><ul><li><p>inconsistent user experiences</p></li><li><p>duplicated credentials</p></li><li><p>gaps in assurance between steps</p></li></ul><p>If we then multiple this fragmentation across different systems and different scenarios across the physical and digital realms, we have a cascade of issues.</p><div><hr></div><h2>Why This Matters: Assurance Breaks at the Weakest Point</h2><p>Identity assurance is only as strong as its weakest link. Even if authentication is robust, weaknesses in enrolment or recovery can undermine the entire system.</p><p>For example:</p><ul><li><p>Weak identity proofing during enrolment allows false identities</p></li><li><p>Poor recovery processes enable account takeover</p></li><li><p>Inconsistent policies create exploitable gaps</p></li></ul><p>In a recent analyst comment <a href="https://blog.hidglobal.com/enroll-forget-reset-repeat-how-broken-identity-journeys-undermine-identity-assurance?utm_source=radar.thecyberhut.com">article</a> written for <a href="https://www.hidglobal.com/?utm_source=radar.thecyberhut.com&amp;sourceURL=blog.hidglobal.com/enroll-forget-reset-repeat-how-broken-identity-journeys-undermine-identity-assurance">HID</a> I emphasise that <strong>recovery and reset processes are often the least secure parts of the journey</strong>. If this in turn is amplified by isolated physical and digital integration this problem becomes one of high risk and poor user experience.</p><div><hr></div><h2>What Can Be Done: Shift From Authentication to Journeys</h2><p>The key insight from the article is that identity should not be treated as isolated controls, but as a <strong>continuous, end-to-end journey</strong>.</p><p>This requires a move toward:</p><h2>1. Converged identity</h2><ul><li><p>A unified system across digital and physical access</p></li><li><p>Single identity spanning enrolment, authentication, and recovery</p></li></ul><h2>2. Continuous assurance</h2><ul><li><p>Identity confidence maintained over time, not just at login</p></li><li><p>Contextual signals (device, behaviour, location) informing access</p></li></ul><h2>3. Seamless user experience</h2><ul><li><p>Reduced friction through passwordless or adaptive authentication</p></li><li><p>Consistent processes across all identity interactions</p></li></ul><div><hr></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!hKjl!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!hKjl!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png 424w, https://substackcdn.com/image/fetch/$s_!hKjl!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png 848w, https://substackcdn.com/image/fetch/$s_!hKjl!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png 1272w, https://substackcdn.com/image/fetch/$s_!hKjl!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!hKjl!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png" width="861" height="838" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:838,&quot;width&quot;:861,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:703406,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/191577927?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!hKjl!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png 424w, https://substackcdn.com/image/fetch/$s_!hKjl!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png 848w, https://substackcdn.com/image/fetch/$s_!hKjl!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png 1272w, https://substackcdn.com/image/fetch/$s_!hKjl!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F34a368c1-fcf4-4ccb-8c62-e2e809fc5fb7_861x838.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://blog.hidglobal.com/enroll-forget-reset-repeat-how-broken-identity-journeys-undermine-identity-assurance?utm_source=radar.thecyberhut.com&quot;,&quot;text&quot;:&quot;Read More&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://blog.hidglobal.com/enroll-forget-reset-repeat-how-broken-identity-journeys-undermine-identity-assurance?utm_source=radar.thecyberhut.com"><span>Read More</span></a></p><div><hr></div><h3>About The Author</h3><p>Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of <a href="https://www.thecyberhut.com/">The Cyber Hut</a> &#8212; a specialist research and advisory firm based out of the UK. He is author of <a href="https://a.co/d/7oO2oOW">Consumer Identity &amp; Access Management: Design Fundamentals</a> and &#8220;IAM at 2035: A Future Guide to Identity Security&#8221;. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.</p>]]></content:encoded></item><item><title><![CDATA[Can We Solve The Broken Identity Journey?]]></title><description><![CDATA[Does a converged authentication solution exist?]]></description><link>https://radar.thecyberhut.com/p/can-we-solve-the-broken-identity</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/can-we-solve-the-broken-identity</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Fri, 20 Mar 2026 11:37:42 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!EHhH!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Identity systems are under more pressure than ever. With more users, devices, and  AI-driven identities accessing more systems across a broader array of deployment models. But there&#8217;s a growing problem: the <strong>identity journey is broken</strong>.</p><h4>The Fragmentation Problem</h4><p>In many organisation, authentication is fragmented across multiple systems, tools, and environments. Employees move between physical access (badges, PINs) and digital systems (passwords, MFA, SSO), each with different processes for enrollment, login, and credential reset.</p><p>The result? A disjointed and inconsistent experience that creates what can only be described as <strong>credential chaos</strong>.</p><h4>More Friction, Less Security</h4><p>This fragmentation doesn&#8217;t just frustrate users&#8212;it actively undermines security.</p><p>Users are forced to manage multiple credentials and workflows, leading to frequent resets, workarounds, and mistakes. At the same time, IT teams struggle with rising support costs and operational complexity.</p><p>Critically, organisations lose <strong>end-to-end visibility</strong> of identity. There&#8217;s no reliable way to ensure that the person who entered a building is the same one accessing sensitive systems later.</p><h4>Identity Assurance Breaks Down</h4><p>Identity assurance&#8212;the confidence that someone is truly who they claim to be&#8212;depends on consistency across the entire access journey. But when authentication is siloed and inconsistent, that assurance collapses.</p><p>Security controls become difficult to enforce, measure, and scale. Integration between systems becomes fragile. Costs increase while trust decreases. </p><h4>The Case for Unified Authentication</h4><p>By unifying authentication across physical and digital environments, organizations can create a <strong>single, consistent identity journey</strong>. This results in:</p><ul><li><p>One cohesive authentication experience</p></li><li><p>Centralized visibility and control</p></li><li><p>Stronger, measurable identity assurance</p></li></ul><p>A unified approach not only improves security but also reduces friction and enables future scalability&#8212;especially as non-human identities continue to grow. </p><div><hr></div><p>This is a topic I wrote about in more detail in a recent analyst comment made for <a href="https://www.hidglobal.com/">HID</a>.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!EHhH!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!EHhH!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png 424w, https://substackcdn.com/image/fetch/$s_!EHhH!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png 848w, https://substackcdn.com/image/fetch/$s_!EHhH!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png 1272w, https://substackcdn.com/image/fetch/$s_!EHhH!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!EHhH!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png" width="698" height="684" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/f4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:684,&quot;width&quot;:698,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:82712,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/png&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://radar.thecyberhut.com/i/191240275?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!EHhH!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png 424w, https://substackcdn.com/image/fetch/$s_!EHhH!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png 848w, https://substackcdn.com/image/fetch/$s_!EHhH!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png 1272w, https://substackcdn.com/image/fetch/$s_!EHhH!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff4e8fb86-2b6f-42eb-8309-0a69765ccfdb_698x684.png 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p class="button-wrapper" data-attrs="{&quot;url&quot;:&quot;https://blog.hidglobal.com/enroll-forget-reset-repeat-how-broken-identity-journeys-undermine-identity-assurance?utm_source=radar.thecyberhut.com&quot;,&quot;text&quot;:&quot;Read More&quot;,&quot;action&quot;:null,&quot;class&quot;:null}" data-component-name="ButtonCreateButton"><a class="button primary" href="https://blog.hidglobal.com/enroll-forget-reset-repeat-how-broken-identity-journeys-undermine-identity-assurance?utm_source=radar.thecyberhut.com"><span>Read More</span></a></p><div><hr></div><p><strong>About The Author</strong></p><p>Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of <a href="https://www.thecyberhut.com/">The Cyber Hut</a> &#8212; a specialist research and advisory firm based out of the UK. He is author of <a href="https://a.co/d/7oO2oOW">Consumer Identity &amp; Access Management: Design Fundamentals</a> and &#8220;IAM at 2035: A Future Guide to Identity Security&#8221;. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.</p><p></p>]]></content:encoded></item><item><title><![CDATA[Apono Agent Priv Guard, Bravura IAM Insurance Controls, C1 2026 Future IAM Report, Omada new CEO]]></title><description><![CDATA[Plus a round up of Identity Threat Intelligence updates]]></description><link>https://radar.thecyberhut.com/p/apono-agent-priv-guard-bravura-iam</link><guid isPermaLink="false">https://radar.thecyberhut.com/p/apono-agent-priv-guard-bravura-iam</guid><dc:creator><![CDATA[The Cyber Hut]]></dc:creator><pubDate>Thu, 19 Mar 2026 10:25:32 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!inqK!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Ff9af9792-e3be-453e-834b-8c0b1e352812_1296x600.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<h2 style="text-align: center;">Strategic &amp; Emerging Headlines</h2><h3 style="text-align: center;">Curated Industry Announcements</h3><ul><li><p><strong>Aembit</strong>: <a href="https://aembit.io/blog/spiffe-vs-oauth-access-control-nonhuman-identities/?utm_source=radar.thecyberhut.com">SPIFFE vs. OAuth: Access Control for Nonhuman Identities</a></p></li><li><p><strong>Apono</strong>: <a href="https://www.prnewswire.com/news-releases/apono-launches-agent-privilege-guard-bringing-runtime-privilege-guardrails-to-enterprise-ai-agents-302717422.html">Apono Launches Agent Privilege Guard, Bringing Runtime Privilege Gua&#8230;</a></p></li></ul>
      <p>
          <a href="https://radar.thecyberhut.com/p/apono-agent-priv-guard-bravura-iam">
              Read more
          </a>
      </p>
   ]]></content:encoded></item></channel></rss>