Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For many security teams, the 2023 MGM Resorts cyberattack was a wake-up call. A single vishing attack exploited weak identity assurance in help desk workflows and disrupted casino and hotel operations for days, causing hundreds of millions in losses and reputational damage. The breach revealed a disconcerting new reality: Just one compromised employee account can enable attackers to bypass the entire security perimeter, regardless of an organization’s size or security budget.

Addressing these potentially competing priorities is difficult with today’s technology, and it's an active area of work for government agencies and private organizations alike. But we think there’s a potential path forward if regulations and organizations limit what you have to share, who you have to share data with, and how your data can be used.

During identity verification, organizations typically have to decide between increasing security controls and improving user conversion. Tighter checks mean more abandonment, and smoother flows mean more risk. Most verification flow design is an exercise in finding the right tradeoff. Mobile driver's licenses (mDLs) are different. Because an mDL is cryptographically signed by the issuing DMV and presented directly from a user's device, it's both faster to verify and harder to fake.

AI agents have developed advanced capabilities faster than most would have imagined. In enterprise contexts, workforces are delegating more and more tasks to them. While the promise of increased productivity is enticing, the shift from deterministic automated tools to agentic autonomous systems introduces security risks that most enterprises haven’t prepared for.

Imagine spending weeks moving a strong job candidate through a rigorous interview process. The hiring manager is excited for their new hire and collaborates with multiple teams to prepare for a smooth onboarding. But on day one, a completely different person shows up for the job. For too many companies, scenarios like this have become disturbingly common. Besides introducing serious security risks, fake job candidates waste valuable talent team resources.

As a fraud analyst at Persona, I have to balance working on fraud escalations for specific customers and keeping an eye on cross-customer (and cross-industry and cross-region) fraud trends. The work naturally overlaps, as one escalation can turn into a trend as fraud rings move on to new targets. And, getting ahead of large trends helps us stop escalations. I have a lot of tools at my disposal, but I want to discuss Graph, Persona’s real-time link analysis product.

On 1 July 2026, Australia's Tranche 2 reforms take effect. If you're a lawyer, accountant, real estate agent, conveyancer, precious metals dealer, or trust and company service provider, this deadline likely applies to you. Tranche 2 extends Australia's AML/CTF obligations to approximately 100,000 businesses that were previously unregulated.

Persona’s FedRAMP Moderate Authorization status gives federal agencies a secure and highly configurable option for verifying users, preventing fraud, and securing digital services. The US Government Accountability Office (GAO) estimates the federal government loses $233 billion to $521 billion to fraudsters annually. And many agencies are facing a significant challenge as they modernize their digital operations.

In 1996, the US signed the Health Insurance Portability and Accountability Act (HIPAA) into law. One of the government’s chief goals was to safeguard sensitive patient data and protected health information (PHI) from unauthorized disclosure. While these protections were critical, HIPAA compliance requirements (alongside an already-fragmented electronic health record systems) have led to ongoing data silos across healthcare.

Every day, your review team makes hundreds of decisions that determine who gets access to your platform. These decisions carry a lot of weight. Get them right, and you protect your business while delivering a seamless user experience. Get them wrong, and you either block legitimate users or open the door to fraud. As your business scales, these decisions get harder to manage. Case volume climbs, fraud tactics shift, and regulatory expectations evolve.

On December 31, 2025, the DEA issued its fourth temporary extension of the COVID-era telemedicine flexibilities, keeping the current rules in place through December 31, 2026. For telehealth companies prescribing controlled substances, the extension was welcome news.

Every day, financial institutions move trillions of dollars on-chain. From tokenizing money market funds to settling trades on private blockchains, financial institutions are swiftly bringing capital on-chain. But the infrastructure for compliance hasn't kept up. It’s not uncommon for investors to verify for KYC multiple times just to trade across chains.