New independent research: Most enterprises aren’t fully ready to secure autonomous AI agents →

TRY AEMBIT
TALK TO AN ENGINEER

Blog

Industry Insights

What Identity Federation Means for Workloads in Cloud-Native Environments

Dan Kaplan Mar 2026 | 6 min read
What Identity Federation Means for Workloads

6 min readInstead of duplicating accounts or sharing credentials, one identity system can validate identities issued by another and grant access based on that trust.

Instead of duplicating accounts or sharing credentials, one identity system can validate identities issued by another and grant access based on that trust.
Dig in
Company & Team News

Announcing the Aembit + Netskope Partnership for Agentic AI Security

Emma Zaballos Mar 2026 | 5 min read
Industry Insights

MCP Servers and the Return of the Service Account Problem

Dan Kaplan Mar 2026 | 3 min read
Resources

Agentic AI Security Starter Kit: Where Autonomous Systems Fail and How to Defend Against It

Dan Kaplan Feb 2026 | 4 min read

Discover More of What Matters to You

Recent Stories

service accounts

The Real Risk Behind Service Accounts (And Why Nobody’s Watching Them) 

While companies pour resources into securing employee accounts with MFA, zero trust and regular access reviews, service accounts still get created with static credentials, granted sweeping permissions and then left unmanaged. This creates a growing population of identities that operate outside traditional IAM controls.
Apurva Davé
Mar 2026
|
6 min read
The What, Where, and Why of Workload Identity and Access Management header image with cloud and network patterns

Workload Identity and Access Management: The Definitive Guide

For every human identity your IAM program governs, there are roughly 82 machine identities operating outside it. Most of them authenticate with static credentials that were provisioned once and never reviewed.
Dan Kaplan
Mar 2026
|
6 min read
Workload IAM vs. Secrets Managers header image with person keeping a secret

Workload IAM vs. Secrets Management: A Practical Decision Guide

Most organizations start their nonhuman identity security program with a secrets manager. It’s a sensible first step. But as workloads multiply across clouds and the credential sprawl grows, the question shifts from “where do we store secrets?” to “do we need secrets at all?”
Dan Kaplan
Mar 2026
|
6 min read
Claude Code external UI.

Anthropic’s AI-Run Attack and What It Means for Agentic Identity

Anthropic’s disclosure of an AI-driven espionage campaign it halted is best understood as a faster, more persistent version of patterns the industry has seen before. What distinguishes this incident is the continuity of activity an autonomous system can sustain once it is given the ability to interpret its surroundings and act on that understanding.
Dan Kaplan
Mar 2026
|
6 min read
Identity and Access Gaps in the Age of Autonomous AI

Introducing the Identity and Access Gaps in the Age of Autonomous AI Survey Report

Based on responses from more than 200 enterprises, the findings show how AI agents are reshaping identity attribution and access control in ways existing models were not designed to handle.
Dan Kaplan
Mar 2026
|
2 min read
Trivy gets breached and the secrets problem.

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access.
Apurva Davé
Mar 2026
|
5 min read
Aembit + Netskope Partnership

Announcing the Aembit + Netskope Partnership for Agentic AI Security

By combining identity-based access control with content inspection, this closes a gap most teams are still trying to manage with separate tools and after-the-fact controls.
Emma Zaballos
Mar 2026
|
5 min read
JWT vs. OAuth

JWT vs. OAuth: Understanding Tokens and Authorization

OAuth is an authorization framework that defines how to grant access. JWT is a token format that defines how to package and transmit claims. They solve different problems, and most production systems use both.
Ashur Kanoon
Mar 2026
|
6 min read
AI Agent Identity Security: Why It Matters and How to Get It Right

AI Agent Identity Security: Why It Matters and How to Get It Right

AI agent identity security is the set of practices and controls that treat AI agents as distinct, governable identities with their own authentication, authorization and audit requirements.
Apurva Davé
Mar 2026
|
5 min read
secret remediation best practices

Secret Remediation Best Practices: A Step-by-Step Guide

Secret remediation is the process of responding to an exposed credential by revoking it, rotating it and removing every trace of it from your environment.
Apurva Davé
Mar 2026
|
6 min read
Zero Trust 2026

Zero-Trust Architecture: How to Move From Network Security to Identity-First Access

Zero-trust architecture is a security framework built on a simple premise: no user, device or workload should be trusted by default, regardless of where it sits on the network.
Dan Kaplan
Mar 2026
|
5 min read
Agentic AI Needs Guardrails

Agentic AI Guardrails: What They Are and How to Implement Them

Agentic AI guardrails are the technical controls, policy frameworks, and oversight mechanisms that define what an AI agent can do, what it can access and when it needs to stop and ask a human.
Dan Kaplan
Mar 2026
|
6 min read
Load More

Ready to Try Workload IAM?

Get started in minutes, with no sales calls required. Our free- forever tier is just a click away.

Request a Demo