Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As organizations expand across cloud platforms, SaaS applications, remote teams, and AI-driven systems, managing access becomes more challenging. Security teams must ensure users, applications, and automated workflows can access the resources they need without exposing sensitive data or critical systems. This is where the RBAC vs ABAC discussion becomes important.

On May 22, Brazil’s National Data Protection Agency (ANPD or Agência Nacional de Proteção de Dados) published new draft guidance on age assurance (aferição de idade) mechanisms. The guidance provides companies with their clearest picture yet of how to comply under the Digital ECA. Part of a broader rollout of Brazil’s Digital ECA framework, the guide emphasizes risk-based proportionality and privacy by design (privacidade desde a concepção).

If you’ve deployed your first AI agent, then you must have given it access to your CRMs, ticketing systems, and your cloud storage. This AI agent is programmed to run 24/7, make decisions, call external APIs, and trigger actions (without a human in the loop). Now, answer these questions: If you cannot answer these questions, then you have an agentic AI identity issue. Traditional Identity and Access Management (IAM) was built for service accounts with static API keys and users with usernames.

AI agents today are becoming a part and parcel of everyday enterprise operations. They can access databases, trigger workflows, send emails, approve requests, and interact with business systems with very little human involvement. What started as AI assistants is now evolving into autonomous operators capable of making decisions and executing actions at machine speed.

In many organizations, the gap between HR and IT is a "black hole" of productivity and security. When a new hire starts, they often spend their first day staring at a login screen because their access wasn't provisioned. Worse, when an employee leaves, their access to Jira, Slack, or Entra ID might remain active for days or even weeks. This isn’t just an administrative headache; it’s a major security and compliance risk.

Non-human identities (NHIs) authenticate pipelines, connect microservices, pull from secret managers, and provision cloud resources around the clock. They are also, for most security teams, almost completely invisible. Because there has never been a single place to see all of them at once.

CrowdStrike has joined the OpenID Foundation as a Sustaining Corporate Member, its highest level of membership, and is also now a member of IDPro. Together, these commitments reflect a focused effort to help shape the future of identity-first security through both standards leadership and real-world deployment and a shift beyond static authentication toward more dynamic, interoperable, and effective identity security.