Resources
Reference material on AI, identity, and accountability. No hype β primary sources, standards, and substantive analysis only.
NHI & Identity
-
2026 NHI Reality Report: 5 Critical Identity Risks
Why non-human identities now outnumber humans in enterprise systems, and what that means for governance.
-
Agentic AI Needs Stronger Digital Certificates
Why certificate lifespans are shrinking to 47 days as a governance mechanism for workload identities.
-
AI Agent Identity: The Foundation of Trust for Autonomous Agents
Why autonomous agents need distinct, verifiable digital identities and how delegation chains work.
-
Authorize an AI Agent to Perform Tasks on Your Behalf β Identity for AI
Ping Identity's tutorial series on agent authorization patterns including CIBA-style human approval flows.
-
Decentralized Identifiers Based Interoperability Architecture
How DID, VC, and VP concepts enable lightweight, scalable interoperability between organizations.
-
How to Distinguish Between Human and Non-Human Identities
Human and non-human identities require structurally different authentication and governance approaches.
-
Keyfactor Validates PKI-Based Identity for Securing Agentic AI
Applying PKI and certificate lifecycle automation to agentic AI workloads.
-
Universal Resolver β Resolve Practically Any DID
A single utility for resolving Decentralized Identifiers across 45+ DID method drivers.
-
What Is FIDO2? β Microsoft Security
Passkeys and FIDO2 sign-in credentials created using public key cryptography with hardware-bound private keys.
-
What Is Liveness Detection?
Multi-signal approaches to confirming human presence in an era of synthetic identity.
-
Zero Trust for AI Agents: Ephemeral Credentialing Blueprint
Reducing the AI agent credential exposure window by over 99% with short-lived, just-in-time credentials.
Zero Trust & Architecture
-
Adding Identity and Access to Multi-Agent Workflows
Zero-trust approach to autonomous AI agents by integrating identity and access into multi-agent workflows.
-
Agentgateway: The AI-Native Gateway
Rust-based, AI-native gateway with MCP proxy, A2A proxy, and LLM proxy under a single control plane.
-
Caging the Agents: A Zero Trust Security Architecture
Autonomous AI agents in production with network egress policies and kernel-level workload isolation.
-
LLM Proxy: One Front Door to Multiple LLM Providers
Centralized LLM access layer that controls model usage, cost, security, and reliability.
-
MCP and Zero Trust: Securing AI Agents with Identity and Policy
How to secure AI agents with identity, policy, and fine-grained authorization using MCP and Zero Trust.
-
Redefining Zero Trust in the Age of AI Agents and Agentic Workflows
Cisco's Semantic Inspection Proxy redefines zero trust with intent-based security for AI-powered threats.
-
Why AI Agents Need Zero Trust Identity (and How to Build It)
OAuth was designed for humans delegating access to apps; mTLS verifies connections, not agent identity.
-
Zero Trust for AI Agents Starts at the Proxy Layer
Zero trust says never trust, always verify, least privilege. Most AI agent deployments violate all three.
-
Zero-Trust Agent Architecture: How to Actually Secure Your Agents
Microsoft's Entra Agent ID and AI Gateway implement Prompt Shield at the network layer.
Standards & Specs
-
Aries RFC 0104: Chained Credentials
Cryptographically signed delegation chains enable offline verification and powerful privilege delegation.
-
Cloud Native Agentic Standards β CNCF
Permissions tied to agent identity should enforce least privilege using mTLS, identity-aware routing, and network segmentation.
-
Decentralized Identifiers (DIDs) v1.1 β W3C
The W3C specification for Decentralized Identifiers, DID Documents, and DID resolution.
-
OAuth 2.0 Extension for AI Agents Acting on Behalf of Users (IETF Draft)
Draft protocol extension adding actor_token parameters to document delegation chains inside OAuth tokens.
-
OWASP Top 10 for Agentic Applications
ASI01 Agent Goal Hijack, ASI02 Tool Misuse, and ASI03 Identity and Privilege Abuse identified as top threats.
-
OWASP Top 10 for LLM Applications 2025
Introduces System Prompt Leakage, Vector and Embedding Weaknesses, and substantially expands Excessive Agency.
Threat Intelligence
-
AI Agent Security 2026: Google's Forecast and How to Fix the Gaps
Google expects a significant rise in targeted prompt injection attacks against enterprise AI systems throughout 2026.
-
How to Deal with the 2026 Agent Wave
Prompt injection is now an RCE-equivalent β when agents have tool access, injected instructions execute with the agent's full permissions.
-
Prompt Injection: Types, Real-World CVEs, and Enterprise Defenses
Critical CVEs assigned in 2025-2026 including EchoLeak, GitHub Copilot RCE, and Cursor IDE vulnerabilities exploiting AI agents with ambient trust.
-
The 2025 AI Agent Security Landscape: Players, Trends, and Risks
Review of top AI agent security trends, vendors, and threats shaping the landscape of autonomous AI.
Access Control & Policy
-
Allowlists vs. Denylists in Multi-Tenant Access Control
Allowlists implement default-deny behavior; denylists implement default-allow β and the difference is foundational for agent policy.
-
Denylist vs Allowlist for AI Agent Guardrails
Every unexpected behavior becomes another new policy to block; allowlisting outperforms denylist approaches at scale.
-
The OWASP Top 10 for LLM Applications (2025): Explained Simply
Authorization must happen in external systems, not delegated to the LLM.
-
What Developers Building with AI Agents Need to Know
The OWASP GenAI Security Project's Top 10 for Agentic Applications, explained for developers building production agent systems.
Stay current
We publish short pieces for boards and security leaders on AI, identity, and governance. No hype, no spam. Each piece is designed to be read in two minutes and reused in your own internal conversations.
Get in touch