SACR Report: How Agentic Identity Access Platforms Are Re-architecting IAM in 2026 →
TRY AEMBIT
TALK TO AN ENGINEER

Blog

Best Practices

SPIFFE vs. OAuth: Access Control for Nonhuman Identities

Ashur Kanoon Mar 2026 | 5 min read
SPIFFE vs. OAuth: Access Control for Nonhuman Identities

5 min readSPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on what a workload is allowed to do. It defines how access is delegated and controlled when one service needs to interact with another or call an external API.

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on what a workload is allowed to do. It defines how access is delegated and controlled when one service needs to interact with another or call an external API.
Dig in
Breach Analysis

How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment

Dan Kaplan Mar 2026 | 3 min read
Industry Insights

MCP Servers and the Return of the Service Account Problem

Dan Kaplan Mar 2026 | 3 min read
Resources

Agentic AI Security Starter Kit: Where Autonomous Systems Fail and How to Defend Against It

Dan Kaplan Feb 2026 | 4 min read
Product Updates

Announcing Aembit IAM for Agentic AI

Apurva Davé Oct 2025 | 7 min read

Discover More of What Matters to You

Recent Stories

MCP Authentication and Authorization Patterns

MCP Authentication and Authorization Patterns

In MCP, every request comes from a nonhuman identity: an agent, server or tool. These identities don’t act under direct human oversight. They generate requests dynamically, chain operations and carry data across trust boundaries.
Ashur Kanoon
Mar 2026
|
6 min read
Secrets figuratively spilling out of LexisNexis.

How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment

Details shared by the attacker suggest the intrusion expanded beyond the initial application through permissions that allowed access to dozens of internal credentials.
Dan Kaplan
Mar 2026
|
3 min read
Humans versus AI identity: Why AI agents are breaking identity

Human vs. AI Identity: Why AI Agents Are Breaking Identity

Traditional IAM was built for predictable workloads. Learn why AI agents demand a new approach to identity, access control, and credential management.
Dan Kaplan
Mar 2026
|
4 min read

Agentic AI in the Wild: Real-World Use Cases You Should Know

Discover verifiable agentic AI deployments in software, security, IT Ops, and logistics. Learn the essential security, identity, and governance patterns for safe production use.
Dan Kaplan
Mar 2026
|
5 min read
MCP Servers being used in corporate SOC.

MCP Servers and the Return of the Service Account Problem

As agents scale and operate continuously, MCP servers are becoming long-lived access intermediaries, concentrating privilege in ways security teams have already struggled to contain.
Dan Kaplan
Mar 2026
|
3 min read
Agentic Security Starter Kit

Agentic AI Security Starter Kit: Where Autonomous Systems Fail and How to Defend Against It

Runnable security patterns that examine how agentic behavior expands, drifts, and exceeds intent during everyday use.
Dan Kaplan
Feb 2026
|
4 min read
SSOvFI

SSO vs. Federated Identity Management: A Guide

Single sign-on (SSO) simplifies access for human users across an organization’s approved applications. Federated identity (FI) management connects users across organizational boundaries.
Ashur Kanoon
Jan 2026
|
5 min read
Service Accounts

What Are Service Accounts and Why Are They a Security Risk?

Service accounts are indispensable, but their security weaknesses make them the most attractive target in enterprise environments.
Ashur Kanoon
Jan 2026
|
6 min read
Man working on laptop with ServiceNow software running.

Agents Aren’t People: What the ServiceNow Vulnerability Reveals About Agentic AI Access Control

A ServiceNow impersonation flaw illustrates how agentic systems turn weak identity assumptions into durable access paths across enterprise environments.
Dan Kaplan
Jan 2026
|
3 min read
Risks of Agentic AI

The Cybersecurity Risks of Agentic AI: What Security Teams Need to Know

Agentic AI introduces new cybersecurity risks, primarily concerning autonomous identity, tool chain exposure, and cascading compromises, requiring security teams to urgently adopt least-privilege identity frameworks and real-time monitoring designed specifically for self-directed, persistent workloads.
Apurva Davé
Jan 2026
|
7 min read
Catching Rogue Workloads and AI Agents

Anomaly Detection for Non-Human Identities: Catching Rogue Workloads and AI Agents

Traditional security models fail to detect compromised service accounts and non-deterministic AI agents, requiring a shift to layered, identity-aware behavioral monitoring.
Dan Kaplan
Jan 2026
|
8 min read
API Keys v OAuth

API Keys vs OAuth: Which API Authentication Method Is More Secure?

API keys offer simplicity, but OAuth provides superior security through automatic expiration and granular scopes.
Dan Kaplan
Jan 2026
|
6 min read
Load More

Ready to Try Workload IAM?

Get started in minutes, with no sales calls required. Our free- forever tier is just a click away.

Request a Demo