Identity governance stories

Identity failures are now the main way cyber attackers breach firms, with experts warning that non-human credentials are widening the risk.

Cloud security specialists say organisations must rethink defences as control plane exposure, swelling telemetry and fragmented tools create fresh risks.

US banks and regulators are urged to adopt passkeys, mobile driving licences and tougher verification as generative AI fuels deepfake fraud.

OpenID Foundation appoints Kantara Initiative to oversee testing service applicants as it expands independent assurance for digital identity standards.

Radiant Logic adds Badge's zero-knowledge authentication to RadiantOne, aiming to simplify cross-domain access for enterprises, public sector and AI agents.

Most organisations cannot distinguish AI agents from human staff, exposing widening identity and access risks as autonomous tools spread.

BeyondTrust warns a surge of unsupervised AI agents is creating a hidden “shadow workforce” with admin-level access inside enterprises.

Saviynt unveils an AI identity security platform to govern autonomous agents across major enterprise AI stacks and close emerging access gaps.

Ping unveils Identity for AI, a runtime identity framework to govern autonomous software agents' access, actions and accountability.

Rubrik links Microsoft Defender with new AI governance engine SAGE to speed identity attack recovery and tighten control of autonomous agents.

Yubico and Delinea unite hardware keys with identity checks to ensure each high‑risk AI agent action is explicitly approved by a human.

Netwrix enhances its 1Secure platform to map AI access, tightening data governance and Copilot monitoring across hybrid environments.

Delinea warns that rapid AI rollout is eroding identity controls, leaving machine accounts exposed and widening security blind spots.

SpecterOps broadens BloodHound Enterprise to map identity attack paths across Okta, GitHub and Jamf-managed Macs in hybrid environments.

Entro launches AGA to map, monitor and control AI agents in enterprises, tackling shadow AI and non-human identity risks at scale.

Token Security launches intent-based controls to govern AI agents' access by purpose, aiming to curb over-privileged, autonomous system behaviour.

Rushing to embrace AI, most firms are easing identity controls despite visibility gaps around powerful non-human and AI-linked accounts.

Island launches Enterprise Platform to extend its governed workspace from a secure browser to consumer browsers, desktops and networks.

AI-fuelled coding drives record 29 million hardcoded secrets on GitHub in 2025, with leaks from AI tools and services surging sharply.

Saviynt appoints Alex Lei to spearhead Asia Pacific and Japan identity security sales as cloud, AI and access governance demand surges.