SACR Report: How Agentic Identity Access Platforms Are Re-architecting IAM in 2026 →
TRY AEMBIT
TALK TO AN ENGINEER

<  BACK TO FULL GLOSSARY

Glossary Terms: C

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Credential Provider

AI/MCP Concepts
A credential provider is a system that securely issues, manages, and delivers credentials, such as API keys, access tokens or certificates, to software workloads that need to access protected data. Unlike traditional secrets storage, credential providers generate or deliver these credentials dynamically based on a workload identity that has already been verified by a trust provider and evaluated against policy. They often issue short-lived credentials that expire automatically, reducing exposure if they are compromised.
Read More

Cloud-Native Application Protection Platform (CNAPP)

AI/MCP Concepts
A Cloud-Native Application Protection Platform (CNAPP) is a unified framework that combines many security tools into one single platform.It combines vulnerability management, misconfiguration detection, runtime threat protection, and workload security into a single platform that understands the dynamic, distributed nature of modern cloud infrastructure.
Read More

Cloud Identity

AI/MCP Concepts
Cloud identity systems handle authentication for workloads, services, and users running in cloud platforms like AWS, Azure, and GCP using API-first approaches with standardized protocols like OAuth 2.0, OpenID Connect, and SAML 2.0. They issue short-lived, cryptographically verifiable tokens that replace the long-lived credentials found in older authentication systems.
Read More

Conditional Access

Security concepts
Conditional access is a security framework that evaluates real-time signals such as the program’s ID, its security health, location, and time, before granting or denying access. Instead of relying only on static passwords or keys, conditional access enforces dynamic, context-aware decisions that adapt instantly to changing risk conditions. For organizations building zero trust architectures, conditional access is no longer optional; it’s a critical security control. This is especially true if you are managing AI agents, microservices, and hybrid cloud workloads that operate across AWS, Azure, GCP, and SaaS platforms.
Read More

Client Credentials

Identity types
Client credentials are authentication tokens used by non-human entities (like applications, services, APIs, and automated scripts) to prove their identity and obtain access to protected resources. Unlike user credentials that require interactive sign in, client credentials enable crucial machine-to-machine communication without any human involvement. In OAuth 2.0, the client credentials grant type is a specific flow where a client application proves its identity directly to a server using its own credentials (usually a client ID and client secret) to receive a temporary access token.
Read More

CFIUS

IT concepts
The Committee on Foreign Investment in the United States (CFIUS) is a government committee that reviews foreign investments in U.S. businesses. Its job is to assess any potential national security risks. CFIUS has the power to recommend blocking a transaction, imposing strict security conditions, or even forcing completed deals to be reversed if they threaten critical infrastructure, sensitive technology, or U.S. citizens’ personal data.
Read More

Credential Harvesting

NHI security threats
A technique used by attackers to collect or steal credentials such as passwords, API keys, or access tokens. This can be done through phishing, malware, exposed secrets, or other attack vectors. In workload IAM, credential harvesting poses a major risk, as compromised non-human identities can be used for unauthorized access and lateral movement.

CORS (Cross-Origin Resource Sharing)

NHI security threats
A security mechanism that allows web browsers to request resources from a different origin domain. CORS policies, defined by HTTP headers, control which cross-origin requests are allowed and prevent unauthorized access to sensitive data.