All news with #identity security tag

🔒 Microsoft presents an end-to-end strategy to secure agentic AI with the new Agent 365 control plane and updates across Microsoft Defender, Entra, Purview, and Sentinel. Announced for RSAC 2026, these measures focus on visibility, continuous identity protection, data loss prevention for Copilot prompts, and prompt-injection defenses to help organizations observe, govern, and defend agent ecosystems at scale.

🛡️ AI-enabled cyber attacks increasingly mimic legitimate users, rendering signature- and rule-based defenses insufficient. Modern identity security must adopt continuous, context-aware risk modeling that evaluates identity, device and session context in real time to detect subtle deviations. Organizations should extend monitoring across cloud, endpoints and privileged accounts, enforce Just-in-Time (JIT) access and consolidate behavioral analytics with session monitoring and granular controls to limit credential abuse and insider misuse.

🧛 Cisco Talos highlights a growing trend in 2025: attackers increasingly seek to be authorised as legitimate users rather than relying solely on loud exploits. Telemetry shows nearly a third of MFA spray attacks targeted IAM applications and fraudulent device registrations surged 178%, indicating adversaries focus on the mechanisms that grant access. Talos urges organisations to harden authentication, prioritise patching, manage EOS/EOL devices, and adopt phishing-resistant controls as part of a broader defensive posture.

🔒 Many organizations invest heavily in login protections but leave password reset paths less scrutinized, creating an easy escalation route once attackers gain a foothold. The article explains common abuse scenarios — from helpdesk social engineering and intercepted reset tokens to misuse by over-permissioned admins — and recommends seven practical mitigations, including MFA, device posture checks, strict password policies, and avoiding knowledge-based authentication. It also highlights Specops tools to harden reset workflows and block breached passwords.

🔍 Mesh CSMA operationalizes Gartner's Cybersecurity Mesh Architecture to unify disparate security tools into a single, contextual risk model that reveals multi‑hop attack paths to crown jewels. The agentless platform automatically discovers critical assets, builds an identity‑centric Mesh Context Graph™, correlates misconfigurations, entitlements, and vulnerabilities, and ranks complete attack chains by live threat intelligence. It prescribes and orchestrates precise cross‑domain remediations mapped to existing tooling and continuously validates detection coverage so teams can close exploitable paths before they are used.

🔐 By 2026, the central competition in identity-related work will be the ability to prove that the person behind a high-impact action is a real, accountable human. Generative AI and deepfakes create synthetic identities that can pass routine checks, contaminate risk models and hijack estate workflows. Defenses must focus on provenance, cross-channel consistency and continuous, risk-based verification tied to audit-grade trails.

🔐 Treat AI agents as first-class identities and enforce identity-based access across systems and APIs. The author argues CISOs must move beyond prompt guardrails to explicit authentication, scoped permissions, continuous logging, and monitoring of tokens, service accounts, OAuth grants, and keys. Organizations should discover shadow AI, map agent access, and enforce intent-aware controls. Full lifecycle governance — ownership, rotation, reviews, and decommissioning — is required to prevent privilege creep and data loss while enabling safe autonomy.

🔒 Iranian-aligned threat actors are shifting from bespoke destructive wipers to weaponizing privileged identities and native management features. Rather than deploying novel binaries, attackers compromise high-privilege accounts and use legitimate MDM/RMM or cloud consoles to push remote-wipe and factory-reset commands at scale. This living-off-the-land approach bypasses traditional endpoint telemetry and enables rapid, high-impact disruption across managed tenants. Defenders must prioritize identity resilience, Zero Trust, and immutable backups to maintain survivability.

🔒 CSO and CISO roles have shifted from technical gatekeepers to board-level leaders accountable for resilience, compliance, and business enablement. Recruiters and incumbent executives emphasize a T-shaped background — deep domain expertise plus broad business fluency — including identity and access management, cloud operations, AI risk, and security automation. Candidates must translate security investments into enterprise value and demonstrate continuous assurance; negotiation, delegation, and measurable outcomes now define success.

🔒 Cloud Run now supports direct Identity-Aware Proxy (IAP) integration and a new option to allow public access compatible with Domain Restricted Sharing. Enable IAP with a single click or via the --iap flag without provisioning load balancers, bringing context-aware, enterprise-grade authentication to serverless apps at no added load balancer cost. The 'Allow Public access' toggle disables the IAM invoker check to support public websites or private microservices that rely on network-level or organizational controls, and IAP’s CORS handling permits unauthenticated OPTIONS for preflight while authenticating other requests.

🔒 Visit AWS at booth S-0466 in South Expo to experience interactive demos, partner integrations, and an AI-powered Humanoid Security Guardian that generates customized well-architected guides via QR code. AWS security specialists will present sessions on privacy-by-design, trusted identity for autonomous agents, container supply-chain protection, and preparing for AI-native incidents. Join hands-on workshops and CTF challenges in Cloud Village, March 23–26, and use a Partner Passport to collect booth stamps, earn swag, and enter daily raffles.

🔐 AWS Builder ID now supports Sign in with GitHub and Amazon, expanding social login options beyond Google and Apple. The change enables developers to access AWS Builder Center, AWS Training and Certification, and Kiro using existing GitHub or Amazon credentials. This reduces password management overhead, lowers forgotten-password incidents, and streamlines both new user registration and returning sign-ins for builders and students.

🔐 A global survey by Quest Software of 650 IT and security practitioners found that only 24% of organisations test identity disaster recovery every six months, while 24% never test recovery plans. The report warns many firms focus on preventative controls and detection rather than response and recovery, increasing risk when identity protections fail. Respondents identified gaps in non-human and third-party identities, legacy on-premises systems and privileged accounts. Adoption of ITDR programmes is rising (57%), and 79% believe AI can improve recovery by reducing alert fatigue and correlating signals.

🔐 2026 will bring faster, cheaper, and more credible cyberattacks as AI and automation lower the skill barrier for attackers. Industry leaders from Banco Santander, Vodafone, NordVPN, Sophos, and Cisco emphasize a shift from perimeter defenses to identity-centric, automated, resilience-focused models. Priority actions include continuous identity verification, integrated AI-driven security, XDR consolidation, supply-chain risk management, and stronger detection, response, and data-protection controls implemented with minimal customer friction.

🔐 AWS Identity and Access Management (IAM) now lets you create and configure IAM roles directly within many service console workflows, so you no longer need to switch to the IAM console. A new in-context permissions panel appears during relevant tasks and supports default policies or a simplified statement builder for custom permissions, while retaining full IAM role-management capabilities. Initially available in the US East (N. Virginia) Region, the feature will roll out to additional services and regions. This streamlines role setup for services such as EC2, Lambda, EKS and more.

🔐 AWS now includes the ARN of the policy that caused an AccessDenied error for same-account and same-organization requests. This enhancement adds only the policy ARN (not policy content) for SCPs, RCPs, permissions boundaries, session policies, and identity-based policies, and does not change authorization logic. The rollout begins early 2026 across all Regions, improving troubleshooting and cross-team communication.

🛡️ Cloudflare announces integration with Nametag to add workforce identity verification to Cloudflare Access, confronting the emerging 'remote IT worker' fraud where organized actors use stolen or deepfaked identities to infiltrate companies. The OIDC-based flow requires a selfie and government ID scan, and Nametag's Deepfake Defense uses cryptography and AI to attest liveness and identity. Verification completes in under 30 seconds and no biometrics are stored. This layer enables identity-based policies before access is granted.

🔐 Cloudflare's new Gateway Authorization Proxy shifts identity from devices to the network, enabling per-user enforcement for unmanaged endpoints and virtual desktops. By using a Cloudflare Access–style login and signed JWT domain cookies, the proxy logs individual users, supports multiple identity providers, and allows instant revocation without installing a client. PAC File Hosting further simplifies deployment with templates and an AI assistant.

🌐 AWS IAM Identity Center now supports IPv6 through dual‑stack endpoints in the AWS Asia Pacific (Taipei) and AWS GovCloud (US) Regions, completing global availability wherever IAM Identity Center is offered. Clients and browsers will resolve either IPv4 or IPv6 addresses based on network and client protocol. Administrators can find the dual-stack portal URL in the IAM Identity Center console under Settings and share it with their workforce; GovCloud deployments should consult region-specific documentation.

🔐 RSA 2026 will spotlight how AI agents, CTEM, cyber resilience, identity, and AI security are reshaping CISO agendas. Expect demonstrations of AI-SOC capabilities, expanded CTEM platforms, and renewed emphasis on identity as the perimeter, alongside warnings about hallucinations, data quality, and vendor overreach. Arrive prepared with prioritized requirements, cleaned data, and a plan to upskill teams for effective human–agent teaming.