Before you govern AI agents, make sure you're governing what they're inheriting. See how identity hygiene becomes the foundation of agent authorization.
AI agents
4 mins
The Composio breach was not only about agentic AI, leaked credentials or sandbox execution. It was about trusted internal systems with enough standing privilege to become an attack path.
5 mins
The future of agentic security will not be determined by model quality alone. It will be determined by how well organizations govern human authority, delegation and operational identity before autonomous systems begin operating at AI scale.
6 mins
Vibe coding changes the relationship between a developer and the code they ship. It does not change the fact that code carries identity and access decisions, and that those decisions have consequences.
AI agents are showing up fast, but most teams lack a clear way to secure them. Learn what they are, where IAM falls short and how to control what they can access and when they can access it.
5 mins
The PocketOS incident is being told as a story about a coding agent that went off the rails, but that is not the true extent of the tale. It is a story about a long-lived API token with no scoping, no expiry, no approval gate, and no separation between production and backup, sitting where any sufficiently curious actor could find it.
4 mins
Snowflake Cortex is a powerful addition to the modern data platform, and the use cases are real. But every Cortex Agent deployment is also an identity governance event. The agent does not audit itself. It queries what it can query, surfaces what it can surface, and connects to what it is given access to.
A new SACR report shows the shift from vault-led PAM to identity-native, just-in-time access. The maturity model will feel familiar. It builds on ideas Shashwat Sehgal has pushed for years.
Based on a large independent SANS survey, this report shows why identity attacks keep succeeding after login and where teams are falling behind on containment, NHIs and AI agents.
Why agents and service accounts need ownership and runtime authorization, and how P0 replaces blanket permissions with just-enough privilege, accountability and control at scale in production.
Greg and Neha discuss why AI agents need identity-bound, time-scoped access to production environments and what security teams can do to keep innovation under control.
No results found.