I wrote in April on Claude Mythos and Project Glasswing: The End of Cyber Security As We Know It? and how the vulnerability discovery explosion will have a profound impact on both current attack methodology and future defence.

Mythos was not the first LLM to be used for vulnerability discovery (and exploitation) and both red and blue teamers have done this for the past 3 years using existing and competing models. The bad guys have too of course. I think what Mythos did was both amplify the ability and by using a restricted access process via Glasswing perhaps made the concept seem more alarming. Alarming it is though and introduces numerous pragmatic and strategic issues with respect to how we detect, design and respond to risk.

From an identity point of view, we already have numerous issues to deal with: more identities, more types of identities, more systems and more attacks. Coupled with hybrid deployments organisations face an ever growing number of blind spots to identify and integration pathways to protect.

The litany of existing vulnerabilities across our identity landscape is both increasing and having a greater impact on both risk and productivity.

As the inter-relation between identity types grows (think B2E and agentic, agentic and agentic, agentic to B2C etc) so too does the cascade of risk across operational boundaries. Excess permissions for an employee, married to behaviour visibility issues coupled with long lived creds and intent drift for an agent results in an almost exponential level of concern.

So to that end, we have seen an ever growing focus upon identity security - the overlay model that helps to detect and protect across the often poorly integrated pillars of identity and access management capability. This overlay focuses upon both data and runtime concerns - looking at excess permissions, session misuse, cross-application behaviour and runtime control.

How can this identity security stuff be measured? The Cyber Hut took a holistic approach to this back in 2024 when we launched our Identity Security Scorecard concept. The main idea behind this was conceived from numerous buy-side workshops and architecture analysis sessions where I introduced several exercises to help organisations understand both their strengths and weaknesses with respect to discovering, protecting and detecting security drift across their entire identity worlds.

Ultimately though, we’re trying to “disrupt” the identity attackers flow. Clearly we also want to do this before their attack plans have completed. Can we detect, perform some sort of interceptive control and return the business back to a normal running state but with enhanced security?

We still need to do this. But now of course, we need to also consider how AI-centric attacks are accelerating the exploitation of existing vulnerabilities across the entire end to end life cycle of identities - for people, NHIs and agents.

That will include attacks against:

• Identity verification and on-boarding flows

• Profile directories and databases without integrity protection

• Credentials and MFA bypass

• Session issuance, verification and binding functions

• Reset and recovery flows

• The chaining of vulnerabilities

• Administrative interfaces, APIs and CLIs

In The Cyber Hut’s next industry webinar these topics will be the main focus. I will be sitting down with Roy Akerman and Rob Ainscough from Silverfort for a webinar entitled “Runtime Identity Security: The Winning Move Against Frontier AI Attacks”

We’ll discuss:

1. What AI-powered attacks are and how they break traditional security assumptions

2. The identity gaps attackers will exploit first across your environment

3. Security controls that can help

4. How to enforce Identity Security at runtime

Register for Live or On Demand

About The Author

Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of The Cyber Hut - a specialist research and advisory firm based out of the UK. He is author of CIAM Design Fundamentals and IAM at 2035: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.