Microsoft patched a critical Entra ID flaw where the Agent ID Administrator role—scoped for AI agents—could silently take ownership of any service principal in your tenant. Here's the attack chain, the root cause, and what IAM engineers need to audit right now.
Read more →Blog
Thoughts on identity governance, IAM engineering, and enterprise security.
On March 31, 2026, a compromised maintainer account turned the most popular JavaScript HTTP client into a cross-platform Remote Access Trojan delivery mechanism. North Korea's Sapphire Sleet deployed Windows, macOS, and Linux implants to an unknown number of systems in just 174 minutes. Here's the technical breakdown and what IAM engineers need to know about supply chain security.
Read more →As organizations scale their hybrid cloud environments and face increasing regulatory scrutiny, identity governance has become the cornerstone of enterprise security. Here's why IAM engineering is evolving from a back-office function to a strategic imperative.
Read more →