The security team said yes: How a $300B deployed Claude agents across the enterprise →

TRY AEMBIT
TALK TO AN ENGINEER
Blog

Tag: Access

SPIFFE vs. OAuth: Access Control for Nonhuman Identities

SPIFFE vs. OAuth: Access Control for Nonhuman Identities

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on what a workload is allowed to do. It defines how access is delegated and controlled when one service needs to interact with another or call an external API.
Ashur Kanoon
Mar 2026
|
5 min read
Man working on laptop with ServiceNow software running.

Agents Aren’t People: What the ServiceNow Vulnerability Reveals About Agentic AI Access Control

A ServiceNow impersonation flaw illustrates how agentic systems turn weak identity assumptions into durable access paths across enterprise environments.
Dan Kaplan
Jan 2026
|
3 min read
Renee Guttmann joins Aembit as adviser.

Veteran CISO and Aembit Adviser Renee Guttmann on Guiding Security into the AI Age

From Coca-Cola to Campbell Soup, Renee Guttmann knows what lasts as security changes.
Dan Kaplan
Nov 2025
|
4 min read
OAuth vs OIDC

OAuth vs. OIDC: What’s the Difference and When Should You Use Each?

OAuth 2.0 and OIDC solve fundamentally different problems.
Ashur Kanoon
Oct 2025
|
5 min read
Securing Workloads with Conditional Access

Securing Workloads with Conditional Access: The Future of Dynamic Access Control

Conditional access enhances security and reduces the attack surface without adding friction.
Ashur Kanoon
Oct 2025
|
4 min read

Configuring an MCP Server with Auth0 as the Authorization Server

A practical walkthrough of the Auth0 settings and tweaks you’ll need to get an MCP server working smoothly with real-world clients like Claude.
Victor Ronin
Sep 2025
|
4 min read
Businessperson interacting with CRM data.

When Salesforce Becomes a De Facto Credential Repository: Lessons from the Drift OAuth Breach

This malicious campaign demonstrates how long-lived token theft can become the first step in a much broader breach.
Dan Kaplan
Aug 2025
|
3 min read
Dynamic Authorization vs. Static Secrets

Dynamic Authorization vs. Static Secrets: Rethinking Cloud Access Controls

Learn why static secrets fail in modern environments and how to implement dynamic authorization.
Dan Kaplan
Aug 2025
|
6 min read
Man typing code.

What the xAI Key Leak Teaches Us About Secrets – And How to Fix Them

One careless push unlocked 52 AI models, but the real story is how to keep this from happening again.
Apurva Davé
Jul 2025
|
3 min read
Inside Snowflake's NHI Security Playbook.

The Story Behind Snowflake’s Push to Rein in Non-Human Identities

After locking down workforce identity, Snowflake’s security team took on the harder problem – controlling non-human access at scale without slowing teams down.
Dan Kaplan
Jul 2025
|
4 min read
Load More