The security team said yes: How a $300B investment firm deployed Claude agents across the enterprise →

TRY AEMBIT
TALK TO AN ENGINEER
Blog

Author: Dan Kaplan

Workforce Agents vs Customer Agents: A Complete Guide

Workforce Agents vs. Customer Agents: Identity, Access, and Security Explained

Workforce and customer agents may rely on similar identity infrastructure, but the trust models, access patterns, and security risks behind them differ significantly.
Dan Kaplan
May 2026
|
9 min read
Context-Based Access Control for MCP Servers: Why Static Rules Fail

Context-Based Access Control for MCP Servers: Why Static Rules Fail

Static access rules fail in dynamic MCP environments. Context-based access control evaluates identity, context and resources in real time.
Dan Kaplan
Apr 2026
|
6 min read
5 Secrets Manager Alternatives for Securing Non-Human Identities

5 Secrets Manager Alternatives for Securing Non-Human Identities

Secrets managers store credentials but can’t close the access gaps that multicloud workloads and AI agents create. Five alternatives can.
Dan Kaplan
Apr 2026
|
6 min read
OWASP's Top 10 Security Risks for Non-Human Identities

OWASP’s Top Security Risks for Non-Human Identities and How to Address Them

Non-human identities outnumber human users 144 to 1, yet most security programs overlook them. The OWASP NHI Top 10 maps the risks.
Dan Kaplan
Apr 2026
|
5 min read
Dynamic Authorization vs Static Secrets: Rethinking Cloud Access Controls

Dynamic Authorization vs. Static Secrets: Rethinking Cloud Access Controls

Hardcoded credentials and shared tokens give attackers ongoing access. Dynamic authorization replaces them with real-time decisions.
Dan Kaplan
Apr 2026
|
6 min read
Workload IAM vs. API Security

Workload IAM vs. API Security

Two layers protect cloud-native apps: Workload IAM secures machine identity and API security inspects request traffic. Most teams need both.
Dan Kaplan
Apr 2026
|
5 min read
Dark horizontal diagram showing a “Delete Resource” action enabled by a redacted access token, leading to a production database dissolving and a “resource permanently deleted” warning.

How a Long-Lived API Credential Let an AI Agent Delete Production Data

An agent behaved like a true insider threat. Unmanaged API keys made those mistakes devastatingly consequential. Both can be true at the same time.
Dan Kaplan
Apr 2026
|
4 min read
encryption keys vs access keys

Managing Encryption Keys vs. Access Keys

Modern infrastructure depends on keys: encryption and access. They’re not the same, and treating them the same quietly introduces risk.
Dan Kaplan
Apr 2026
|
6 min read
Credentials insights from Verizon DBIR Report

Credential and Secrets Theft: Insights from the 2025 Verizon Data Breach Report

The 2025 Verizon DBIR confirmed what security teams already suspect: credential theft is outpacing the defenses most organizations have in place.
Dan Kaplan
Apr 2026
|
5 min read
Workload identity vs. workload access management

Workload Identity vs. Workload Access Management: Securing Cloud-Native Workloads in a Dynamic Environment

Workload identity proves who a workload is. Workload access management controls what it can do. Learn why separating them is critical for zero trust.
Dan Kaplan
Apr 2026
|
5 min read
Load More