惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
Spread Privacy
Spread Privacy
T
Threatpost
C
Cisco Blogs
P
Palo Alto Networks Blog
AI
AI
Cyberwarzone
Cyberwarzone
NISL@THU
NISL@THU
P
Privacy & Cybersecurity Law Blog
G
GRAHAM CLULEY
Simon Willison's Weblog
Simon Willison's Weblog
T
Tor Project blog
Latest news
Latest news
AWS News Blog
AWS News Blog
D
Docker
S
SegmentFault 最新的问题
博客园 - 聂微东
WordPress大学
WordPress大学
Vercel News
Vercel News
S
Securelist
爱范儿
爱范儿
J
Java Code Geeks
Know Your Adversary
Know Your Adversary
S
Schneier on Security
Hugging Face - Blog
Hugging Face - Blog
F
Fortinet All Blogs
Last Week in AI
Last Week in AI
D
DataBreaches.Net
宝玉的分享
宝玉的分享
D
Darknet – Hacking Tools, Hacker News & Cyber Security
MongoDB | Blog
MongoDB | Blog
Engineering at Meta
Engineering at Meta
K
Kaspersky official blog
美团技术团队
博客园 - 叶小钗
阮一峰的网络日志
阮一峰的网络日志
量子位
博客园_首页
Attack and Defense Labs
Attack and Defense Labs
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
腾讯CDC
T
Threat Research - Cisco Blogs
雷峰网
雷峰网
有赞技术团队
有赞技术团队
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Privacy International News Feed
S
Security Affairs

SECURITY.COM

The Detection Gap: MITRE ATT&CK T1140 and T1105 🎙️SECURITY.COM The Podcast: The Parasite in the Machine: Unmasking the Speagle Infostealer 🎙️SECURITY.COM The Podcast: The Death of SIEM Threats Rise on a Tide of Global Unrest When Nation-States Stop Caring About Size 🎙️SECURITY.COM The Podcast: The Evolution of Cybersecurity PR with W2 Communications The Maximalism Trap: When More Becomes Too Much The Future of the Partnership: AI, Automation, and Ecosystems 🎙️SECURITY.COM The Podcast: Iran’s Cyber Warfare Playbook: What Defenders Need to Know Right Now Doing More with Less: How Government Agencies are Rethinking Cybersecurity Navigating Compliance and Insurance as a Competitive Edge The New Partner-Vendor Relationship The EU Digital Wallet: Why Waiting is Not an Option How AI Increases the Load on Security Teams Technical Enablement vs. Marketing Noise Architecting for Margin Beyond the Initial Sale 🎙️SECURITY.COM The Podcast: A Brief History of Data Loss Prevention Symantec CBX Through the Paparazzi Lens The Modern Threat Landscape and The Partner’s New Burden Symantec CBX Rocked RSAC 2026 Conference Cyber Legends: Behind the Scenes of CBX Beyond the Perimeter: Authorization That Moves With Your APIs 🎙️SECURITY.COM The Podcast: AI-Hacking: Red Team vs. Blue Team 5 Inconvenient Truths: How Agentic AI Breaks Your Security Playbook
The Next Identity Shift
2026-03-26 · via SECURITY.COM

Twenty-five years ago, the industry faced a fundamental shift when enterprise applications moved to the web. At the time, many organizations assumed each application would simply handle its own authentication and authorization. It didn’t take long to realize that model would not scale. 

Applications multiplied, identity stores became fragmented, and embedded security logic created operational complexity. Not to mention all-too-familiar user friction with redundant sign-ins. The architectural breakthrough was recognizing that identity and access policy had to move out of individual applications and into a shared infrastructure layer. 

This realization led to the development of web access management platforms like Netegrity SiteMinder, where user authentication and authorization were externalized and enforced through a unified policy architecture.

That shift became the foundation of enterprise web security. As a witness to the early days of web-scale application security, the architectural signals we’re seeing around AI systems today feel remarkably similar.

Large language models as a new runtime tier

Today’s conversation around AI often focuses on models, copilots, and developer productivity. But the deeper change is architectural. Large language models (LLMs) aren’t replacing enterprise applications—they’re becoming a new runtime tier within the application stack. 

For decades, enterprise applications behaved deterministically. Developers defined execution logic in advance, such as how the application should behave in different scenarios. Security teams could then review those code paths and enforce controls around largely predictable behavior. 

That model no longer holds. As LLMs become runtime decision engines inside applications, logic that determines what happens next moves from code into reasoning. Which systems to access, which APIs to call, and what data to retrieve can now be determined dynamically at execution time by a model, or by an agent using that model.

This break from deterministic systems shows enterprises are moving toward AI-orchestrated systems. And from there, toward multi-agent ecosystems where software entities reason, delegate, and act across systems

Agents authenticate to services, retrieve data, call APIs, spawn sub-agents, and interact with other agents across organizational boundaries. Increasingly, software will operate other software on behalf of users and business processes. 

When governance becomes the control point

As this shift unfolds, the security model that governed the previous generation of enterprise applications begins to break. The central problem is not simply authentication—it’s governance at runtime. 

Traditional access control is insufficient for autonomous actors that reason about what to do with the resources they can access.

When an autonomous system decides what systems to access, what data to retrieve, what tools to invoke, and what actions to take, the security question changes. It’s no longer enough to ask whether an identity can access a resource. The question becomes whether the agent’s objectives and behavior remain within its authorized boundaries.

As I explore in the accompanying white paper, Broadcom Agentic Identity Fabric: Securing the Agentic AI Enterprise, every major transition in enterprise computing moves the security perimeter. The web moved it to the session. The federation moved it to the assertion. APIs moved it to the token. Agentic AI moves it again—this time from human users with deterministic applications to autonomous entities making runtime decisions at machine speed.

That shift requires a new governance layer capable of managing identity, authorization, delegation, and observability across the full execution path of an AI system.

Identity middleware is the only layer that can handle this complexity at scale.

This governance layer emerges from the same architectural principles that secured previous generations of computing: identity as the control plane, policy as the decision engine, and distributed enforcement points across the infrastructure where actions occur. Together, these components form what I describe as an Agentic Identity Fabric: a unified trust layer governing how autonomous systems interact with enterprise capabilities. 

The next evolution in authorization

Traditional policy systems were designed for applications accessing resources in predictable ways. Autonomous agents behave differently—they pursue goals, interpret context, and dynamically decide how to accomplish tasks. One of the most important implications of today’s agentic architectures is that authorization itself must evolve. 

And we’ve only just scratched the surface here. To dive deeper into the architecture and design patterns behind the Agentic Identity Fabric, read the full whitepaper.

In a follow-up whitepaper, I’lll explore why policy management in the agentic enterprise must move beyond resource authorization and begin governing intent—and why it may become the most important revolution in enterprise authorization. 

The Next Identity Shift

Vadim Lander

Vadim Lander

Identity Security CTO & Distinguished Engineer