-
Ask Me Anything: Building Secure Logins - A glimpse under the hood of a modern security engineering team our CTO, Jason Rasmussen
Coming up on Reddit, May 26th, 2026… You've logged in to something today. Probably several times. It took less than a second and the moment it was over, you'd already forgotten it happened. That's either the greatest achievement in modern security engineering — or the thing that makes it fragile. Usually, it's both.…
-
Agentic AI identity access management Vs. traditional IAM
While traditional IAM relies on passwords and MFA, AI IAM must navigate: Volumes of ephemeral agents and their token lifecycles Cross-agent communications Cross-app permissions Unlike human users or service accounts, AI agents aren’t tied to roles or even a specific application. Instead, they make decisions, take actions,…
-
Why does traditional IAM fall short for AI agents?
Traditional IAM falls short because pre-defined identity governance controls like RBAC are too broad for autonomous AI agents, whose behavior can be manipulated in real-time. In the 2025 CoPhish attack, threat actors created fake AI chatbots on Microsoft’s trusted Copilot Studio site and then sent phishing links…
-
What are the limitations of OAuth 2.0 for AI agents?
OAuth 2.0 access tokens expire quickly but refresh tokens are functionally long-lived. That’s why the CoPhish attack was so dangerous. The AI agent didn’t just get temporary access; it got persistent access through refresh tokens that let it create access tokens at will. And although OAuth 2.1 isn’t finalized, it tries…
-
The five critical gaps of OAuth 2.0 that put your business at risk
#1 AI agents don’t have their own identity This was one of the most debated issues. Attendees asked, “Should agents be treated as a service principal, workload identity, or new entity?” Some organizations are treating agents like human users, complete with licenses and permissions. Meanwhile, others are using hybrid models…
-
What should a granular Agentic AI IAM framework include?
The Cloud Security Alliance (CSA) recommends an agentic AI IAM framework architecture that rests on these pillars: Decentralized identifiers (DID), which gives each agent a verifiable identity Verifiable credentials (VC) that can be cryptographically verified, so each agent can prove what they’re authorized to do Zero…
-
How do you keep track of AI agents?
Solutions from Microsoft, Okta, Permit.io, and LastPass can give you the visibility you need. Microsoft’s new offerings for tracking and monitoring AI agents In response to concerns raised at Identiverse 2025, Microsoft has introduced three distinct but interconnected offerings to track AI agents: Microsoft Entra Agent ID,…
-
Why your agentic AI IAM needs LastPass too
Here’s what Microsoft, Okta, and Permit.io can’t see on their own: Every SaaS app or Shadow AI tool your employees are actually using (approved or not). While Agent 365, Permit.io, and Okta for AI agents can see and track agents registered in their systems, they can’t see: SaaS apps your employees sign up for with…
-
What are the types of AI agents?
According to IBM, there are currently five (5) main types of AI agents: Simple reflex agents Model-based reflex agents Goal-based agents Utility-based agents Learning agents 1.Simple reflex agents These agents are basic but reliable, like a thermostat that turns heat on when it’s cold. They follow simple, “If this, then…
-
Why should you care about AI security?
If your team uses Copilot, ChatGPT, or other AI tools to get work done, each is an “agent” or digital worker. If those agents multiply without active monitoring, you get agent sprawl, where no one knows how many agents are running, who authorized them, and what sensitive data they’re accessing.…