Auth0 Agent Permissions, Saviynt in Japan, Radiant Logic Agentic Updates, Token Security and Enzo
Plus a round up of Identity Threat Intelligence updates
We Need to Build a New Trust Architecture
We are facing a market failure in trust. Period. The past decade organisations have been racing towards adopting a zero-trust approach to network access - yet many are still struggling to get there. Zero-trust however is only a small part of a broader issue associated with the rise of deceptive operators and tactics.
The rise of AI in the form of generated content, automated vulnerability exploitation and crafted artefacts has I believe reduced the cost of deceptive content substantially - giving attackers an even bigger asymmetric advantage (if for only a short window).
This applies to fake news, synthetic identity creation, unattributed hate speech and fraud.
We need to consider a situation where we “assume fake” and approach the verification of identity and data in an entirely different way - based on provenance.
I wrote about the Economics of Deceptions this week as a way to amplify a much broader issue identity and access management is part of - but can ultimately help to improve.
Select Strategic & Emerging Headlines
Industry News
AuthSignal: Push authentication best practices, and why number matching alone is not enough
Delinea: The hidden risk behind “good enough” credentials vaults
Google: Prevent account takeovers with Device Bound Session Credentials (DBSC)
LoginRadius: Secure Login Security Guide: The 2026 Authentication Checklist
Ping Identity: Ping Identity Redefines the Identity Control Plane for the Agentic Enterprise
Saviynt: Saviynt Expands AI-Era Identity Security Presence in Japan Through Joint Venture with Ashisuto
Transmit Security: Face Authentication in Our Mobile SDKs: Passwordless Access, Anywhere
Token Security: Token Security Launches Enzo, the AI-Native Application Builder That Operationalizes Identity Security
Identity Threat Intelligence Updates
Webworm: New burrowing techniques
Zapocalypse: How one Lambda memory leak exposed publish capability over Zapier’s NPM supply chain.
Azure’s Hidden Operators: A Threat Model for Platform-Level Managed Identities
Next Industry Webinar
Up Coming Event Attendance
Identiverse - Las Vegas - June 15-18
Open Source Research Cheat Sheets
A Demo Discussion on JiT for SSH
A demo walk through by P0 Security taking a look at just in time access for SSH services
Latest Podcast Episode
E74 The Analyst Brief: The Risks & Opportunities of Agentic AI
Latest Research Report
A Market Guide to Securing the Production Stack
Latest Insight by The Cyber Hut
Beyond the Login: Why Runtime is the New Battleground
Training Academy Episodes by The Cyber Hut
39: What is Just in Time access and Zero Standing Privileges?
38: How does Identity and Access Management relate to Zero Trust?
37: What is Identity Risk Management?
36: What is Identity Data Management?
35: What are Initial Access Brokers?
Latest Getting Started Guide
Getting Started with Access Consolidation: A Practical Guide to Unified Identity
Latest Vendor Introduction Interviews
IAM at 2035: A Future Guide to Identity Security
CIAM Design Fundamentals
About The Author
Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of The Cyber Hut - a specialist research and advisory firm based out of the UK. He is author of CIAM Design Fundamentals and IAM at 2035: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.