惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog
V
Vulnerabilities – Threatpost
Apple Machine Learning Research
Apple Machine Learning Research
V
V2EX
博客园 - 叶小钗
阮一峰的网络日志
阮一峰的网络日志
人人都是产品经理
人人都是产品经理
Latest news
Latest news
博客园 - 三生石上(FineUI控件)
美团技术团队
aimingoo的专栏
aimingoo的专栏
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threatpost
Y
Y Combinator Blog
T
Tailwind CSS Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
A
Arctic Wolf
C
Cyber Attacks, Cyber Crime and Cyber Security
小众软件
小众软件
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
Tenable Blog
W
WeLiveSecurity
L
LINUX DO - 热门话题
D
Docker
Cyberwarzone
Cyberwarzone
量子位
A
About on SuperTechFans
The Last Watchdog
The Last Watchdog
雷峰网
雷峰网
C
CERT Recently Published Vulnerability Notes
P
Palo Alto Networks Blog
The Hacker News
The Hacker News
Blog — PlanetScale
Blog — PlanetScale
P
Proofpoint News Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
F
Full Disclosure
The Cloudflare Blog
T
The Blog of Author Tim Ferriss
T
The Exploit Database - CXSecurity.com
Engineering at Meta
Engineering at Meta
O
OpenAI News
Hacker News - Newest:
Hacker News - Newest: "LLM"
Scott Helme
Scott Helme
IT之家
IT之家
S
Secure Thoughts
MongoDB | Blog
MongoDB | Blog
L
Lohrmann on Cybersecurity
博客园 - 司徒正美
Google DeepMind News
Google DeepMind News

Cloud Security Alliance

SearchLeak: Copilot Data Exfiltration Exploited | CSA Zero-Trust AI Governance for Multi-Agent Systems | CSA Dangling CNAMEs: Hidden Cloud Risk | CSA Agentic Payments in Financial Services | CSA Mythos and the Future of Cybersecurity | CSA AI-Driven Cloud Risk: Defenders Lose Ground | CSA Financial Services Industry Shifts from AI Adoption to | CSA CSAI Foundation Announces RiskRubric V2 as the Next Key | CSA RiskRubric Updates: AI Risk Assessment | CSA Over 80% of Organizations that Miss 24-Hour Patch Window Report | CSA ORCHIDEAS & MAESTRO: Secure AI Design | CSA Top 6 Claude Security Risks to Watch | CSA Cloud Cost Optimization in 2026 | CSA HIPAA Rule Overhaul in 2026 | CSA AI-Driven Exploits Outsmart Detection | CSA MCP Risks CISOs Should Prepare For | CSA AI Governance for Trust and Compliance | CSA MTTP: Patch Cycles Too Slow | CSA Cloud Security Evolution: Security Teams Lead | CSA Misconfigurations Break Customer Trust in Apps | CSA Taming Shadow AI: C-Suite Strategies | CSA Agentic AI Threats: Five Powers | CSA AIUC-1: Agentic AI Governance | CSA 2026 Threat Report for CISOs | CSA Securing AI in AWS: Runtime Detection & Response | CSA SLMs, LLMs, and the DSPM Difference | CSA OT Security Timeline: Mythos and Patch Pace | CSA Blast Radius and Cloud Threat Detection | CSA State of AI Cybersecurity 2026: 92% Concerned | CSA AI in MDR for Franchise & Multi-Location Ops | CSA AI Regulation: Identity and Authorization Gap | CSA MITRE ATT&CK for Cloud: Detection Coverage Guide | CSA Shadow AI Agents: The Insider Threat | CSA Medical Device Breaches Reveal Cloud Security Gaps | CSA AISMM: AI Security Maturity Model for Cloud | CSA Globee® Awards for Artificial Intelligence (AI) Honors Cloud | CSA Patching Smarter for Mythos Security | CSA SDP v3: Identity-First Zero Trust for AI | CSA AI-Ready Security Documents Beyond STIX, OSCAL, and SARIF | CSA Penetration Testing for ISO 42001 & Trust | CSA AI Agent Posture: Data-First Security Guardrails | CSA AI Agents Go Beyond Output: Enterprise Security | CSA AI Agent Security Starts with Scope Control | CSA Identity Spoofing vs. Identity Abuse | CSA AARM: Securing the Agentic Runtime | CSA Securing the Agentic Control Plane | CSA CSAI Foundation Announces Key Milestones to Secure the Agentic | CSA Catastrophic AI Risk Controls | CSA Cloud to AI: Building Secure Programs | CSA SDLC Visibility: Securing Multi-Cloud Development Lifecycles | CSA Cloud Risk: Top 3 Threats & AI Tools | CSA AI Agent Identity Is Solved Backwards | CSA 8 Truths About Cloud Privilege Risk | CSA AI Governance: Mature Programs | CSA Agent Access Management: Data-First Security | CSA Glasswing: AI-Driven Security for Safer Software | CSA Runtime Security: Detection & Real-Time Cloud | CSA Identity as the OS for AI Security | CSA Cloud Misconfigurations Drive Attacks at Scale | CSA Sensing AI Behavior with the WBSC Probe Library | CSA An Actionable Guide to GDPR Compliance for Startups | CSA Cloud Security LIVE 2026: AI Risk & Trust | CSA Shadow AI Agents: Enterprise Governance | CSA Rethinking Non-Human Identity Security | CSA New Cloud Security Alliance Survey Reveals 82% of Enterprises Have Unknown AI Agents in Their Environments More Than Half of Organizations Experience AI Agent Scope | CSA SANS Institute, Cloud Security Alliance, [un]prompted, and OWASP | CSA AI Agents Are Talking: Are You Listening? | CSA Software Supply Chain Security Needs an Upgrade Choosing the Right AI Standard: 7-Point Guide | CSA Audience-Driven Authorization for AI Agents | CSA A CISO's Guide to Cloud Security Architecture | CSA Who’s Behind That Action? The AI Agent Identity Crisis SSCF Adoption for SaaS Security | CSA Mythos and the Vulnpocalypse: Cloud Defenses | CSA AI Security Risks and Data Visibility | CSA From Compliance to Credibility with CAIQ/CCM | CSA The State of Cybersecurity in the Finance Sector: Six Trends to Watch EU AI Act Compliance with prEN 18286 & ISO 42001 | CSA AI Security in the Cloud: Exposure Management | CSA Rethinking Incident Response as Engineering System | CSA Defense Depends on the Creator: AI Security | CSA ATF: Zero Trust for AI Agents | CSA Cybersecurity Needs a New Data Architecture | CSA CSA STAR v4.1 Updates for Cloud Security | CSA Unstructured Data Surges as Enterprises Struggle to Maintain | CSA SC Media Names Cloud Security Alliance’s Trusted AI Safety | CSA Exposed AWS Key Leads to Full Account Takeover | CSA Post-Quantum Cloud Migration for CSA Members | CSA AI Identity Security Compliance Checklist | CSA The Agentic Trust Deficit: MCP's Authentication Vacuum | CSA More Than Two-Thirds of Organizations Cannot Clearly Distinguish | CSA AI Cybersecurity 2026: Insights from 1,500 Leaders | CSA Three-Body Security: Data, AI & Identity | CSA IAM as Safety for AI-Controlled Systems | CSA Kubernetes Cost Savings and Security Debt | CSA Code to Cloud Security: Unified Exposure Management | CSA Retail Misconfigurations Attackers Exploit | CSA Rethinking Authorization for the Age of Agentic AI | CSA Enterprise AI: Guardrails to Governance | CSA
Identity in AI Era: Zero Trust's First Pillar | CSA
2026-04-23 · via Cloud Security Alliance

Written by Chandra Rajagopalan, Principal Engineer, Netskope.

Part 2 of 7 in the CSA Series: AI and the Zero Trust Transformation. Read Part 1 here.

Picture a Monday morning in early 2026. A regional finance team joins what looks like a routine video call. The CFO appears on screen with familiar mannerisms, the slight rasp of a weekend cold, and an urgent directive: wire $25 million to close a confidential acquisition before Asian markets close. The team executes. By afternoon, the truth surfaces. The CFO had been on a flight to London. The face on screen was a generative model. The voice had been cloned from a podcast appearance the previous quarter.

Variants of this scenario are no longer thought experiments. The 2024 attack on engineering firm Arup’s Hong Kong office, in which deepfaked executives convinced a finance worker to transfer roughly $25 million across fifteen wire transactions, was the canary in the coal mine. Two years later, those tactics have been industrialized. What once required a sophisticated nation-state operator can now be assembled from open-source models and a few minutes of public audio.

For decades, identity served as the front door of the enterprise. It was the gate you passed through to reach everything else. Generative AI has not just picked the lock. It has convinced us the door was never there.

This is the inversion at the heart of Zero Trust in 2026. Identity is no longer a credential to be checked. It is a continuous signal to be interrogated.

How AI Weaponized Identity

AI changed the economics of impersonation, and the security industry is still catching up to the implications. Three converging trends now define the threat landscape.

The Deepfake Surge

By the first quarter of 2025, deepfake-related fraud incidents had already surpassed the total recorded for all of 2024. Detection rates remain stubbornly low. Research published in 2025 found that humans correctly identify AI-generated audio only about 60% of the time, and a widely cited iProov study reported that fewer than one in a thousand participants could perfectly distinguish synthetic from authentic media across all formats. Under pressure, on a video call, with a familiar face speaking with familiar cadence, those numbers tend to collapse further.

The Synthetic Identity Factory

Adversaries are no longer creating individual fake accounts. They are using large language models to generate identity clusters, sets of interconnected synthetic personas with credit histories, social graphs, professional backstories, and matching biometric profiles. These clusters defeat identity proofing systems by overwhelming them with plausible signals. A reviewer flagging one anomaly might pass it. A reviewer facing twelve consistent reinforcing data points usually does not.

The Erosion of Visual Trust

Gartner’s 2024 prediction that 30% of enterprises would no longer treat standalone facial biometrics as a primary trust factor by 2026 has, by most credible accounts, materialized. Diffusion-based injection attacks now defeat naive liveness checks by inserting synthetic frames directly into the video stream rather than presenting them to a camera. Real-time avatars handle the rest.

The implication is uncomfortable but unavoidable. If an adversary can convincingly become anyone, the security question stops being “who are you?” and becomes “is what you are doing consistent with who you claim to be, in this context, right now?”

From Static Gates to Continuous Telemetry

Zero Trust has always assumed that any single signal can be wrong. What has changed is how quickly we have to make that assumption.

The legacy authentication model checked credentials once at login and trusted the resulting session for hours, sometimes days. In 2026, that window is operationally indefensible. NIST Special Publication 800-207 reframes identity as the primary control plane, but the practical mechanics live in NIST SP 800-63-4, finalized in August 2025. Three updates matter most for security leaders.

Liveness Detection Becomes Table Stakes

The standard formalizes ISO/IEC 30107-3 presentation attack detection requirements, recognizing that any biometric without anti-spoofing has a finite shelf life. Passive liveness, which works in the background without user prompts, has become the practical default for high-value transactions.

Syncable Passkeys Reach AAL2

This is the standard’s quiet acknowledgement that phishing-resistant authentication has to be usable, or it will not be used. By treating FIDO2 passkeys synced across a user’s devices as eligible for Authenticator Assurance Level 2 under specified conditions, NIST removed one of the largest barriers to enterprise rollout.

Continuous Evaluation Replaces Point-in-Time Decisions

The model assumes risk context can change mid-session, and the architecture must respond. A user who authenticated cleanly at 9:00 AM and whose device begins exhibiting anomalous behavior at 9:47 AM should not retain the trust granted at 9:00 AM.

The technical pattern that ties this together is sometimes called Continuous Adaptive Risk and Trust Assessment, or CARTA. In practice, it means feeding behavioral telemetry into the policy decision point on a near-constant basis. Modern Identity Threat Detection and Response (ITDR) platforms ingest signals like keystroke cadence, mouse micro-movements, navigation paths through ERP systems, and API call sequences. The result is closer to a behavioral fingerprint, and it is harder for a deepfake to replicate than a face or a voice because it emerges from the cumulative texture of how someone actually works rather than how they look or sound.

A concrete illustration: a finance analyst typically opens the ledger system, pulls reports in a specific order, and exports CSVs at predictable intervals. The same authenticated session, behaving differently (jumping straight to bulk wire approval, navigating menus the analyst never touches, running queries at 3 AM local), should not retain the trust granted at login. The CARTA model treats that drift as the signal it is.

The architectural pattern that operationalizes all of this is the identity fabric: a centralized, AI-aware control plane that decouples identity from specific applications and ingests signals from the network, the device, and the user simultaneously. If the CFO is on a video call from a Chicago IP address while their phone’s GPS places them at Heathrow, the fabric does not need to wait for a human reviewer. The session terminates, and a step-up challenge follows.

Several SSE and SASE platforms now offer overlapping identity fabric capabilities, including Netskope, Microsoft, Cisco, Palo Alto Networks, and Zscaler. The right starting point depends as much on existing telemetry investments as on feature comparisons.

The Silent Majority of the Enterprise

The most consequential shift in the identity pillar is not about humans at all.

In a typical 2026 enterprise, machine identities outnumber human users by orders of magnitude. Estimates vary widely depending on architecture: surveys cite ratios in the range of 50 to 1 for traditional environments, climbing toward 500 to 1 in microservice-heavy stacks. The trend line is clear regardless of which estimate you favor. The population of API keys, service accounts, certificates, and OAuth tokens is the dominant population in your environment.

Inside that population, agentic AI has emerged as a distinct category that breaks several legacy assumptions. These are not static service accounts running fixed scripts. They are autonomous entities, often built on large language models, that move between systems, reason about tasks, and take actions on behalf of users or other systems. The Cloud Security Alliance’s Agentic Trust Framework, published in February 2026, treats these agents as first-class identities requiring their own lifecycle, their own assurance levels, and their own threat models.

Three risks deserve direct attention.

  • Over-permissioning. Industry surveys consistently estimate that the vast majority of non-human identities, often cited at roughly 99%, hold permissions far beyond what their actual workloads require. The figure is approximate and varies by methodology, but the directional message is consistent. In a deepfake-driven attack, an over-permissioned agent is the equivalent of a master key left in a public lobby.
  • Indirect prompt injection. An agent that processes external content (emails, documents, web pages, calendar invites) can be manipulated into executing instructions hidden in that content. Imagine an inbox-summarization agent that reads a vendor email containing the line, in white-on-white text, instructing it to forward all messages from the CFO to an external address and then delete the trace. If the agent has broad privileges, the resulting kill chain runs at machine speed and crosses systems faster than any human responder can react. OWASP’s Top 10 for LLM Applications lists this as the highest-impact category for a reason.
  • Credential sprawl. API keys, OAuth tokens, and service principals tend to accumulate, rarely rotate, and often live in places they should not (source repositories, configuration files, screenshot pastes in chat tools).

The mitigation pattern is converging on ephemeral, just-in-time credentials. Frameworks like SPIFFE issue task-specific identities that exist for the duration of a single transaction and disappear when the work completes. The blast radius of a compromise shrinks from “everything this agent can ever do” to “this one transaction, for these few seconds.” That is the difference between a contained anomaly and an enterprise-wide incident.

The 2026 Identity Blueprint

The CISA Zero Trust Maturity Model describes the journey across the identity pillar in four stages: Traditional, Initial, Advanced, and Optimal. Most enterprises in 2026 sit between Initial and Advanced, with passwords still in production and continuous evaluation still aspirational. Closing the gap to Optimal is what the rest of this section is about.

For security leaders translating this landscape into a roadmap, the strategic shift looks like this:

Traditional Identity (Legacy)

AI-Resilient Identity (Zero Trust)

Point-in-time: authenticate once at login.

Continuous: re-verify session integrity through behavior.

Biometric-heavy: trusting Face ID alone.

Multimodal: pairing biometrics with device health, location, and behavior.

Human-centric: focused on employee logins.

Entity-centric: governing humans, bots, APIs, and AI agents under one model.

Password and SMS MFA: vulnerable to interception.

Phishing-resistant: passkeys and FIDO2 hardware.

In execution terms, four investments rise above the rest.

  1. Phishing-resistant MFA. Roll out FIDO2 and WebAuthn passkeys across every IAL2 and IAL3 application. This single change removes the value of harvested credentials and intercepted SMS codes, which remain the dominant initial access vector in most breach reports.
  2. Liveness verification at high-value transaction boundaries. Integrate ISO/IEC 30107-3 certified passive liveness checks anywhere a deepfake would yield material consequence: wire approvals, executive impersonation, vendor onboarding, password resets for privileged accounts.
  3. Non-human identity inventory. Automate discovery of API keys, service accounts, and AI agents across cloud and on-premises environments. You cannot govern what you cannot see, and the discovery exercise alone tends to surface the most over-privileged identities in the environment.
  4. Operationalized ITDR. Integrate identity telemetry directly into the SIEM and SOAR pipeline. The goal is to move identity from an audit artifact reviewed weekly to a live control surface that can terminate a session on its own when behavioral signals diverge from baseline.

The Path Forward

Identity is the first pillar of Zero Trust because it is the foundation of every subsequent decision. Network segmentation, encryption, and endpoint detection all depend on the assumption that the entity asking for access is who they claim to be. When that assumption breaks, the rest of the architecture inherits the failure.

By treating identity as a continuous stream of behavioral telemetry rather than a static credential, by extending the same governance to AI agents that we apply to executives, and by making liveness, phishing resistance, and ephemeral credentials the default rather than the upgrade, organizations can reclaim the identity pillar from the adversaries who have spent the last two years industrializing deception.

The digital ghost in the boardroom only wins if we keep relying on the assumptions of 2020. In a Zero Trust world, we do not trust our eyes. We trust telemetry.

Coming next in Part 3: the device pillar, where AI is rewriting both the threat model and the defensive playbook for endpoints in a hybrid, agent-driven world.