-
Ask Me Anything: Building Secure Logins - A glimpse under the hood of a modern security engineering team our CTO, Jason Rasmussen
Coming up on Reddit, May 26th, 2026… You've logged in to something today. Probably several times. It took less than a second and the moment it was over, you'd already forgotten it happened. That's either the greatest achievement in modern security engineering — or the thing that makes it fragile. Usually, it's both.…
-
How do I download LastPass for Safari in the USA?
I have a new M5 MacBook Air, and Genius Bar had to wipe my laptop & reinstall the OS. I wish to re-install LastPass for Safari, but it is NOT available in the App Store for Apple! How do I obtain the download in Arizona, USA?
-
Human identities vs bot identities vs AI agents: What’s the difference?
Here's the short: Human identities are non-deterministic (behavior changes based on context) and often authorized through RBAC, ABAC, or other identity governance controls. Bot identities are machine accounts that exhibit deterministic behavior. They operate under pre-defined permissions, which means specific inputs result…
-
Agentic AI identity access management Vs. traditional IAM
While traditional IAM relies on passwords and MFA, AI IAM must navigate: Volumes of ephemeral agents and their token lifecycles Cross-agent communications Cross-app permissions Unlike human users or service accounts, AI agents aren’t tied to roles or even a specific application. Instead, they make decisions, take actions,…
-
Why does traditional IAM fall short for AI agents?
Traditional IAM falls short because pre-defined identity governance controls like RBAC are too broad for autonomous AI agents, whose behavior can be manipulated in real-time. In the 2025 CoPhish attack, threat actors created fake AI chatbots on Microsoft’s trusted Copilot Studio site and then sent phishing links…
-
What are the limitations of OAuth 2.0 for AI agents?
OAuth 2.0 access tokens expire quickly but refresh tokens are functionally long-lived. That’s why the CoPhish attack was so dangerous. The AI agent didn’t just get temporary access; it got persistent access through refresh tokens that let it create access tokens at will. And although OAuth 2.1 isn’t finalized, it tries…
-
The five critical gaps of OAuth 2.0 that put your business at risk
#1 AI agents don’t have their own identity This was one of the most debated issues. Attendees asked, “Should agents be treated as a service principal, workload identity, or new entity?” Some organizations are treating agents like human users, complete with licenses and permissions. Meanwhile, others are using hybrid models…
-
What should a granular Agentic AI IAM framework include?
The Cloud Security Alliance (CSA) recommends an agentic AI IAM framework architecture that rests on these pillars: Decentralized identifiers (DID), which gives each agent a verifiable identity Verifiable credentials (VC) that can be cryptographically verified, so each agent can prove what they’re authorized to do Zero…
-
How do you keep track of AI agents?
Solutions from Microsoft, Okta, Permit.io, and LastPass can give you the visibility you need. Microsoft’s new offerings for tracking and monitoring AI agents In response to concerns raised at Identiverse 2025, Microsoft has introduced three distinct but interconnected offerings to track AI agents: Microsoft Entra Agent ID,…
-
Why your agentic AI IAM needs LastPass too
Here’s what Microsoft, Okta, and Permit.io can’t see on their own: Every SaaS app or Shadow AI tool your employees are actually using (approved or not). While Agent 365, Permit.io, and Okta for AI agents can see and track agents registered in their systems, they can’t see: SaaS apps your employees sign up for with…