The security team said yes: How a $300B investment firm deployed Claude agents across the enterprise →

TRY AEMBIT
TALK TO AN ENGINEER
Blog

Tag: Workload Identity

Why Human IAM Fails for Machines

Why Human IAM Strategies Fail for Machines

The core problem is that human IAM was never built for workload scale or behavior.
Apurva Davé
Sep 2025
|
5 min read
Announcing Aembit's integration with Splunk.

Enhancing Splunk Support for Workloads

This integration brings workload identity and access data into Splunk, giving security teams clearer visibility, faster response, and stronger zero trust controls.
Ashur Kanoon
Sep 2025
|
2 min read
Businessperson interacting with CRM data.

When Salesforce Becomes a De Facto Credential Repository: Lessons from the Drift OAuth Breach

This malicious campaign demonstrates how long-lived token theft can become the first step in a much broader breach.
Dan Kaplan
Aug 2025
|
3 min read
Vault with a warning sign superimposed.

Vault Fault: Secrets Managers and the Limits of Centralized Trust

Recent flaws in Conjur and Vault highlight the risks of concentrating trust in a single repository – and why workload IAM may offer a more resilient path forward.
Dan Kaplan
Aug 2025
|
3 min read
A person vibe codes

When Identifiers Aren’t Identities: Security Lessons from the Base44 AI Vibe Coding Flaw

The vulnerability shows how modern application development is accelerating without bringing access controls along for the ride.
Dan Kaplan
Aug 2025
|
3 min read
Developer interfacing with ChatGPT LLM.

I Spent One Day Building AI Agents. Here’s What Actually Happened

In a single day, a developer sets out to build working AI agents – and uncovers the friction, fragility, and surprising overhead behind the automation dream.
Victor Ronin
Jul 2025
|
12 min read
machine iam and workload iam

Why Fragmented Machine IAM Is Failing (and What Workload IAM Gets Right)

If your workloads could talk, they’d probably ask for better IAM.
Ashur Kanoon
Jul 2025
|
6 min read
biometric scanner

Workload IAM vs. API Security

You can monitor traffic all day, but if you don’t control what’s allowed to send it, you’re already behind.
Dan Kaplan
Jul 2025
|
5 min read
Man typing code.

What the xAI Key Leak Teaches Us About Secrets – And How to Fix Them

One careless push unlocked 52 AI models, but the real story is how to keep this from happening again.
Apurva Davé
Jul 2025
|
3 min read
Services connecting virtually.

The Definitive Catch-Up Guide to Agentic AI Authentication

A down-to-earth primer to help engineers make sense of agentic AI architecture and where things stand today.
Victor Ronin
Jul 2025
|
11 min read
Load More