Blog Posts

Most organizations have gotten very good at protecting the front door. We invest heavily in single sign-on (SSO), mandate multi-factor authentication (MFA), and lock down who can log in, from...

When a production line stops, the clock starts ticking. In manufacturing environments I’ve worked in, every minute of downtime can translate into missed delivery commitments and revenue you’ll...

In my experience working inside banks, identity security can be like plumbing: when it’s working, no one wants to talk about it. When there’s an incident, an audit, or a regulator—suddenly...

For years, identity has been treated as a supporting function, authenticating users, gating access, and satisfying audit requirements. Important, but rarely foundational. That era is over. In...

As AI systems are used in our day-to-day operations, a central reality becomes unavoidable: AI doesn’t configure itself and must be set up with human approval and oversight. It requires engineers...

Cryptographic failures have a knack for turning a quiet weekend into a chaotic, all-hands-on-deck emergency. Consider the SHA-1 to SHA-2 deprecation, sometimes referred to as “Shapocalypse,” which...

The viral surge of OpenClaw (formerly Clawdbot and Moltbot) has captured the tech world’s imagination, amassing over 160,000 GitHub stars and driving a hardware rush for Mac Minis to host these...

Over the past week, multiple research teams have documented a renewed wave of voice-led social engineering (vishing) targeting identity providers and federated access. The entry point is not...

Most organizations never planned for AI to start making real decisions. They started with simple helpers. An agent answered basic questions or generated small automations so teams could avoid...

Introduction Passkeys now protects billions of accounts, redefining how the world signs in through stronger, more secure authentication without a password. Yet this global movement runs deeper...

In Pac-Man, ghosts seem pretty easy to dodge. You’re clearing the maze, racking up points, three more pellets away from leveling up. Then, out of nowhere, they close in and cut off all hope of...

This research is published following the public release of a fix and CVE, in accordance with coordinated vulnerability disclosure best practices. CVE‑2025‑60021, a critical command injection issue...

ServiceNow’s External Credential Storage and Management Application is designed to help organizations securely retrieve and manage credentials from external vaults during IT operations, like...

For years, businesses have treated public key infrastructure (PKI) as background plumbing, quietly securing access across enterprise systems and devices, and rarely drawing executive attention...

If privilege has changed, compliance can’t stay static. As organizations accelerate digital transformation, the compliance landscape is shifting beneath their feet—especially when it comes to how...

KuppingerCole has recognized CyberArk identity threat detection and response (ITDR) as a leader across all categories: overall, product, innovation, and market in its 2025 KuppingerCole Leadership...

For the past two years, AI agents have dominated boardroom conversations, product roadmaps, and investor decks. Companies made bold promises, tested early prototypes, and poured resources into...

Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. In the case of StealC, the thin line between attacker and victim turned out to be...