The security team said yes: How a $300B investment firm deployed Claude agents across the enterprise →

TRY AEMBIT
TALK TO AN ENGINEER
Blog

Tag: Authentication

Secrets management vs. secrets elimination

Secrets Management vs. Secrets Elimination: Where Should You Invest?

Most organizations still treat credentials as something that must be protected, stored, and rotated. But a second model is quietly reshaping how machine authentication works: eliminate static secrets altogether and authenticate workloads using identity and just-in-time access.
Dan Kaplan
Mar 2026
|
6 min read
The OWASP Top 10 for LLM Applications 2025

The OWASP Top 10 for LLM Applications (2025): Explained Simply

The OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents, emerging attack techniques and the rapid growth of agentic AI.
Apurva Davé
Mar 2026
|
6 min read
The Ultimate Guide to MCP Security Vulnerabilities

The Ultimate Guide to MCP Security Vulnerabilities

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on what a workload is allowed to do. It defines how access is delegated and controlled when one service needs to interact with another or call an external API.
Ashur Kanoon
Mar 2026
|
7 min read
SPIFFE vs. OAuth: Access Control for Nonhuman Identities

SPIFFE vs. OAuth: Access Control for Nonhuman Identities

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on what a workload is allowed to do. It defines how access is delegated and controlled when one service needs to interact with another or call an external API.
Ashur Kanoon
Mar 2026
|
5 min read
API Keys v OAuth

API Keys vs OAuth: Which API Authentication Method Is More Secure?

API keys offer simplicity, but OAuth provides superior security through automatic expiration and granular scopes.
Dan Kaplan
Jan 2026
|
6 min read
OAuth 2.0 vs 2.1

OAuth 2.0 vs 2.1: What Changed and How to Migrate

OAuth 2.1 eliminates implicit flow, mandates PKCE, and requires exact redirect matching.
Ashur Kanoon
Dec 2025
|
6 min read
2 legged vs 3 legged OAuth

2-Legged vs 3-Legged OAuth: Which Flow Fits Your Use Case?

Choosing the right flow is only the beginning. The real challenge is implementing either flow without creating persistent credential vulnerabilities that undermine your security.
Ashur Kanoon
Oct 2025
|
6 min read
OAuth vs OIDC

OAuth vs. OIDC: What’s the Difference and When Should You Use Each?

OAuth 2.0 and OIDC solve fundamentally different problems.
Ashur Kanoon
Oct 2025
|
5 min read

Configuring an MCP Server with Auth0 as the Authorization Server

A practical walkthrough of the Auth0 settings and tweaks you’ll need to get an MCP server working smoothly with real-world clients like Claude.
Victor Ronin
Sep 2025
|
4 min read
Why Hybrid Windows Security Fails

Why Hybrid Windows Environments are Still a Security Blind Spot

Most enterprises struggle with hybrid Windows security gaps. Discover workload identity federation and conditional access to eliminate blind spots.
Ashur Kanoon
Sep 2025
|
5 min read
Load More