#IAM
24 stories taggedIAM.
Bash Shell Tricks From the '90s Are Breaking AI Coding Agents Wide Open
Old-school shell injection techniques can bypass safeguards in most open-source AI coding agents — and a poisoned repo is all it takes to start the chain.
Robinhood Rebuilt Its Access-Approval Pipeline — Here's What Actually Changed
The fintech firm's engineering-security team overhauled how developers request and receive system access. The goal: speed without sacrificing control.
Guardian Agents and the Identity Layer That Doesn't Exist Yet
Autonomous agents are inheriting human permissions at machine speed. The IAM stack wasn't built for this, and the governance gap is widening.
White House Sets Hard Clock on Post-Quantum Migration for Federal Systems
An executive order mandates that high-value federal assets shift to post-quantum cryptography by 2030–2031. For identity infrastructure, that deadline is closer than it looks.
Briefing: Apple Fixes Beats Bug, GCP Config Connector Flaw Enables Account Takeover, Velvet Ant's Decade in the Shadows
A Bluetooth eavesdropping patch, a quietly dangerous GCP misconfiguration vulnerability, and a threat actor that spent ten years undetected — here's what you may have missed.
Shadow AI Is an IAM Problem Now, Not a DLP Problem
The risk isn't what employees paste into ChatGPT. It's what tokens, scopes, and service accounts the AI agents they spin up are quietly holding.
Cisco Acquires WideField Security to Wire Identity Intelligence Into Splunk's Agentic SOC
The deal adds credential, session, and blast-radius visibility to Splunk's autonomous detection pipeline — filling a gap that pure log-correlation has always struggled with.
The Agents Nobody Owns: AI Identities Are Quietly Becoming Your Worst Insider Risk
Orphaned AI agents and standing privileges are accumulating across enterprise environments. Most security teams can't tell you who authorized them — or revoke them quickly when they go wrong.
ClickFix Campaign Turns Google Ads, GitLab, and Claude Into a Six-Wave Trust Machine
Attackers chained legitimate infrastructure across seven weeks to push malicious PowerShell commands to developers. Session tokens, SSH keys, and cloud credentials were the prize.
Zero Trust Turns 15 and Still Can't Get Out of Its Own Way
The 'never trust, always verify' model isn't failing because the idea is wrong. It's failing because organizations keep treating a security philosophy like a SKU.
First-Day Passwords Are Still IAM's Soft Underbelly
Temporary onboarding credentials keep showing up in breach forensics. The problem isn't laziness — it's that most IT teams never actually defined what 'temporary' means.
Sovereign Cloud Gives You a Data Center. Identity Governance Gives You Control.
European enterprises spent two years and real money on sovereign cloud deployments. What they found is that data residency is the easy part — and that AI agent identities are the part nobody governed.
ServiceNow's Unauthenticated API Endpoint Left Tenant Data Exposed for Months
An API resource shipped with authentication disabled by default. Now enterprises are asking whether the 'security researcher' explanation fully covers what got accessed.
The 2026 Cybersecurity Stars Awards Land — 95 Categories, One Long Trophy Table
An industry awards program names winners across product, team, and company categories. The interesting question is what — if anything — the list tells us about where defenders are actually winning.
The Alert Queue Is Full. So Is the Graveyard of Missed Threats.
When every event screams critical, nothing is. AI and automation are being drafted to fix a triage problem that human analysts simply can't outrun anymore.