SACR Report: How Agentic Identity Access Platforms Are Re-architecting IAM in 2026 →
TRY AEMBIT
TALK TO AN ENGINEER

Blog

Breach Analysis

How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment

Dan Kaplan Mar 2026 | 3 min read
Secrets figuratively spilling out of LexisNexis.

3 min readLegal AI solutions provider LexisNexis has confirmed a massive breach of its AWS environment  According to reports, initial access was gained by exploiting the “React2Shell” vulnerability in an unpatched React frontend application – a flaw the company had reportedly left unaddressed for months.  Among the details reportedly posted by the attacker is the claim that, […]

Details shared by the attacker suggest the intrusion expanded beyond the initial application through permissions that allowed access to dozens of internal credentials.
Dig in
Breach Analysis

How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment

Dan Kaplan Mar 2026 | 3 min read
Industry Insights

MCP Servers and the Return of the Service Account Problem

Dan Kaplan Mar 2026 | 3 min read
Resources

Agentic AI Security Starter Kit: Where Autonomous Systems Fail and How to Defend Against It

Dan Kaplan Feb 2026 | 4 min read
Product Updates

Announcing Aembit IAM for Agentic AI

Apurva Davé Oct 2025 | 7 min read

Discover More of What Matters to You

Recent Stories

Humans versus AI identity: Why AI agents are breaking identity

Human vs. AI Identity: Why AI Agents Are Breaking Identity

Traditional IAM was built for predictable workloads. Learn why AI agents demand a new approach to identity, access control, and credential management.
Dan Kaplan
Mar 2026
|
4 min read

Agentic AI in the Wild: Real-World Use Cases You Should Know

Discover verifiable agentic AI deployments in software, security, IT Ops, and logistics. Learn the essential security, identity, and governance patterns for safe production use.
Dan Kaplan
Mar 2026
|
5 min read
MCP Servers being used in corporate SOC.

MCP Servers and the Return of the Service Account Problem

As agents scale and operate continuously, MCP servers are becoming long-lived access intermediaries, concentrating privilege in ways security teams have already struggled to contain.
Dan Kaplan
Mar 2026
|
3 min read
Agentic Security Starter Kit

Agentic AI Security Starter Kit: Where Autonomous Systems Fail and How to Defend Against It

Runnable security patterns that examine how agentic behavior expands, drifts, and exceeds intent during everyday use.
Dan Kaplan
Feb 2026
|
4 min read
SSOvFI

SSO vs. Federated Identity Management: A Guide

Single sign-on (SSO) simplifies access for human users across an organization’s approved applications. Federated identity (FI) management connects users across organizational boundaries.
Ashur Kanoon
Jan 2026
|
5 min read
Service Accounts

What Are Service Accounts and Why Are They a Security Risk?

Service accounts are indispensable, but their security weaknesses make them the most attractive target in enterprise environments.
Ashur Kanoon
Jan 2026
|
6 min read
Man working on laptop with ServiceNow software running.

Agents Aren’t People: What the ServiceNow Vulnerability Reveals About Agentic AI Access Control

A ServiceNow impersonation flaw illustrates how agentic systems turn weak identity assumptions into durable access paths across enterprise environments.
Dan Kaplan
Jan 2026
|
3 min read
Risks of Agentic AI

The Cybersecurity Risks of Agentic AI: What Security Teams Need to Know

Agentic AI introduces new cybersecurity risks, primarily concerning autonomous identity, tool chain exposure, and cascading compromises, requiring security teams to urgently adopt least-privilege identity frameworks and real-time monitoring designed specifically for self-directed, persistent workloads.
Apurva Davé
Jan 2026
|
7 min read
Catching Rogue Workloads and AI Agents

Anomaly Detection for Non-Human Identities: Catching Rogue Workloads and AI Agents

Traditional security models fail to detect compromised service accounts and non-deterministic AI agents, requiring a shift to layered, identity-aware behavioral monitoring.
Dan Kaplan
Jan 2026
|
8 min read
API Keys v OAuth

API Keys vs OAuth: Which API Authentication Method Is More Secure?

API keys offer simplicity, but OAuth provides superior security through automatic expiration and granular scopes.
Dan Kaplan
Jan 2026
|
6 min read
Aembit engineer Sebastian working on computers while looking at camera.

When the Vendor Becomes the Customer: Building Internal Tools on an Agentic IAM Platform

A project to improve test visibility meant using Aembit the same way customers do, in a real deployment environment where software runs unattended and requires trusted access to external services.
Dan Kaplan
Jan 2026
|
4 min read
MCP vs Traditional API Security

MCP vs. Traditional API Security: Key Differences

Securing MCP requires a fundamentally different approach than traditional API security.
Apurva Davé
Dec 2025
|
6 min read
Load More

Ready to Try Workload IAM?

Get started in minutes, with no sales calls required. Our free- forever tier is just a click away.

Request a Demo