Anthropic Workload Identity Federation: What It Gets Right – and What It Still Doesn’t Solve
8 min readWhat it takes to implement it, and why real-world environments make it hard to finish. The post Anthropic Workload Identity Federation: What It Gets Right – and What It Still Doesn’t Solve appeared first on Aembit ... Read More
5 Capabilities of Workload Access Managers – And Why WAM Isn’t WIM
10 min readLegacy IAM can't govern autonomous AI agents that spin up, execute and terminate in seconds. New identity patterns are now emerging. The post 5 Capabilities of Workload Access Managers – And Why WAM Isn’t WIM appeared first on Aembit ... Read More
Why Traditional IAM Is No Match for Agentic AI
6 min readLegacy IAM can't govern autonomous AI agents that spin up, execute and terminate in seconds. New identity patterns are now emerging. The post Why Traditional IAM Is No Match for Agentic AI appeared first on Aembit ... Read More
MCP Permission Models: Designing Secure Interactions
6 min readMCP standardizes how AI agents connect to tools, but every agent needs delegated authority and precise permission controls to match. The post MCP Permission Models: Designing Secure Interactions appeared first on Aembit ... Read More
MCP Security Testing: Tools and Methodologies
6 min readTest your MCP systems for confused deputy attacks, token passthrough risks and the authorization patterns the specification requires. The post MCP Security Testing: Tools and Methodologies appeared first on Aembit ... Read More
MCP Threat Modeling: Understanding the Attack Surface
6 min readAI agents are no longer just chatbots. They're executing multistep workflows across tools and data sources, and the Model Context Protocol (MCP) standardizes these interactions. The post MCP Threat Modeling: Understanding the Attack Surface appeared first on Aembit ... Read More
Zero Trust for Nonhuman Workload Access: A Primer
6 min readZero trust has reshaped how organizations secure user access. Multifactor authentication, single sign-on and continuous posture checks are now standard for human identities. But the same rigor rarely extends to the nonhuman side of the house. The post Zero Trust for Nonhuman Workload Access: A Primer appeared first ... Read More
The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity
6 min readThe Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access. The post The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity appeared first on Aembit ... Read More
The OWASP Top 10 for LLM Applications (2025): Explained Simply
6 min readThe OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents, emerging attack techniques and the rapid growth of agentic AI. The post The OWASP Top 10 ... Read More
The Cybersecurity Risks of Agentic AI: What Security Teams Need to Know
7 min readAutonomous AI agents create unique cybersecurity risks beyond traditional LLMs. Learn about identity blind spots, tool chain vulnerabilities, cascading compromises, and how to secure agent deployments. The post The Cybersecurity Risks of Agentic AI: What Security Teams Need to Know appeared first on Aembit ... Read More
