The security team said yes: How a $300B investment firm deployed Claude agents across the enterprise →

TRY AEMBIT
TALK TO AN ENGINEER
Blog

Author: Apurva Davé

Image of two robots jousting.

Non-Human Identity Security vs. Service Account Management: What’s the Difference?

The concept of nonhuman identity is gaining traction fast, sparking new debate over how it differs from managing service accounts.
Apurva Davé
Apr 2026
|
5 min read
MCP Threat Modeling: Understanding the Attack Surface

MCP Threat Modeling: Understanding the Attack Surface

AI agents are no longer just chatbots. They’re executing multistep workflows across tools and data sources, and the Model Context Protocol (MCP) standardizes these interactions.
Apurva Davé
Apr 2026
|
6 min read
Hand holding a secure badge

Zero Trust for Nonhuman Workload Access: A Primer

Zero trust has reshaped how organizations secure user access. Multifactor authentication, single sign-on and continuous posture checks are now standard for human identities. But the same rigor rarely extends to the nonhuman side of the house.
Apurva Davé
Apr 2026
|
6 min read
Connectivity of boxes

Secrets Management vs. Access Management: What You Need to Know

When your team stores API keys in a vault and rotates them on a schedule, it feels like the access problem is handled.
Apurva Davé
Apr 2026
|
5 min read
What is Agentic AI

What Exactly Is Agentic AI (and Why It Matters Now)

For years, artificial intelligence has been reactive. You prompted it, and it responded by analyzing data, generating text or predicting outcomes, but only when asked.
Apurva Davé
Apr 2026
|
5 min read
JIT Access for Wordkloads

Just-in-Time Access for Workloads: Eliminating Standing Privileges

Most workload credentials, the API keys, tokens and passwords that connect your services, carry “always on” access that never expires.
Apurva Davé
Apr 2026
|
6 min read
AI Agent Identity: The Multi-Protocol Authentication Gap

AI Agent Identity: The Multi-Protocol Authentication Gap

AI agent identity breaks down when agents authenticate across OAuth, API keys and managed identities simultaneously. Learn why single-protocol solutions fail.
Apurva Davé
Apr 2026
|
6 min read
service accounts

The Real Risk Behind Service Accounts (And Why Nobody’s Watching Them) 

While companies pour resources into securing employee accounts with MFA, zero trust and regular access reviews, service accounts still get created with static credentials, granted sweeping permissions and then left unmanaged. This creates a growing population of identities that operate outside traditional IAM controls.
Apurva Davé
Mar 2026
|
6 min read
Trivy gets breached and the secrets problem.

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access.
Apurva Davé
Mar 2026
|
5 min read
AI Agent Identity Security: Why It Matters and How to Get It Right

AI Agent Identity Security: Why It Matters and How to Get It Right

AI agent identity security is the set of practices and controls that treat AI agents as distinct, governable identities with their own authentication, authorization and audit requirements.
Apurva Davé
Mar 2026
|
5 min read
Load More