Lumos

One thing we’re intentional about as a fully remote team is when we get together. With a lot of us in town for RSA this week, we took an afternoon to do a tufting class 🧶 It was simple, a little chaotic, and a lot of fun. Mostly, it was just good to spend time together outside of the usual work. These moments go a long way in making a distributed team actually feel connected. Shoutout to Anna Silberstein for always finding the most creative activities!

Your identity team can't hire their way out of an exponential problem. A 5,000-person company with 400 apps isn't managing 400 access decisions. They're managing hundreds of thousands of fine-grained permission combinations, and that number grows every week. 📈 That's why we launched Identity Security Agents yesterday. Not AI features that add more to your plate. Agents that actually take work off it: role mining, entitlement classification, access reviews, dormant account cleanup. These agents run continuously, learning from your environment. Andrej Safundzic wrote about the thinking behind this: why the shift to agentic identity management is happening right now, and what separates an AI feature from a true agent. Worth a read 👉 https://lnkd.in/gtS4xA6d

Identity security has an action problem. Even when security teams can see the risk - the list of stale entitlements, orphaned accounts, over provisioned access - they can’t act on all of it manually. That’s why we’re launching Identity Security Agents. Now, you can continuously monitor your identity environment, surface risks, and take action with agents, at scale. Mitigating identity risk can't stay in the backlog. Now, it doesn’t have to. Join the waitlist ➡️ https://lnkd.in/g72_YY_A

Day one of BSidesSF is a wrap — excited for day two! Yesterday was full of great conversations, real perspectives, and an infosec community that genuinely shows up. We’re back for the final day. If you’re around, come find us and say hi 👋 👋

Lumos AI Hackathon Day is officially underway 🚀 We canceled all meetings today and gave the entire company one job: 👉 improve how you work with AI No team projects or performative demos. Just focused time to build something that actually makes your day-to-day better. Right now: 🎧 A Zoom co-working space is open all day for our remote team, complete with shared playlist of course 🧡 The office is buzzing with people (and Disco 🐕 ) building in real time (and 🍕 ) 💡 Ideas, prototypes, and skills are flying around internally Across every team — engineering, product, sales, ops, people, marketing, CS — we’re building everything from agents to content engines, workflows to internal tooling, and assistants to shared skills. It’s easy to talk about AI transformation, it's harder to actually build the habits. We’re putting “AI hands, human brain” into practice.

When a global company suddenly shuts down systems across dozens of countries, it’s rarely just “a cyber incident.” The recent Stryker attack reportedly wiped thousands of devices and disrupted operations across its global environment, highlighting how modern cyberattacks increasingly target operational continuity, not just data theft. Attackers don’t always break in through sophisticated malware. Sometimes they simply turn a company’s own tools against it. Check out our latest blog post where Andrej Safundzic breaks down the Stryker incident, shares three leading hypotheses for how the attackers got in, why MFA didn't help, and a checklist on what to do about it. Read the post 👉 https://lnkd.in/gf_5-nAV

Many identity breaches don’t start with a sophisticated exploit, they start with access that shouldn’t exist. We’re curious what teams are actually seeing in the wild. 📊 Which identity-related threat impacted your organization in the past year? Vote below 👇 And if identity risk is something you’re actively thinking about, we’re digging deeper into these patterns in our upcoming webinar. We'll unpack how these attacks actually happen and how teams are stopping them in our upcoming webinar: AI, Automation, and Risk in 2026 🔗 Link to register in the comments

Clear your calendars! Join us this Thursday, March 12 at 9am PT as Lumos CEO and Co-Founder Andrej Safundzic hosts a conversation on: "AI, Automation, and Risk in 2026: Identity at a Breaking Point" If identity is anywhere in your stack, this is worth 45 minutes of your time. We’ll cover: • How AI is changing identity operations • Where teams are getting started + where they’re getting stuck • Why early movers are gaining an advantage right now 🔗 Register now, link in the comments

Nearly 90% of security leaders know AI and automation are a necessity for managing identity risk over the next two years, but right now only 4.5% trust AI to make even limited autonomous decisions. It's not that security teams don't want to use AI or don't see the value. The hesitation comes down to three things that showed up in our research again and again: - More than half of teams feel unprepared to fully implement AI - 47% worry a bad decision breaking production - 46% feel they need to clean up technical debt before handing anything over to automation Sure, these are legitimate concerns but they also assume AI adoption has to be one big leap but it doesn't. The move toward autonomous identity is more gradual than that. Teams can start with high-impact, low-risk use cases like AI-assisted access reviews or flagging dormant high-risk accounts. That gives them a chance to test the reasoning, build confidence, and expand over time. The threats aren't waiting for your environment to be perfect. Worth a read this weekend 👉 https://lnkd.in/gaWreihC

Most orgs feel ready for an identity-based attack, but the data says otherwise. 92% of leaders say they’re prepared, but only ~4% made it through last year with zero identity-related incidents. That gap is where risk lives: stale access, excessive privilege, MFA fatigue, and attackers using valid credentials. On March 12, we’re going live to break down what the report means in practice: 🔍 The most common identity-driven attack paths we’re seeing ⚙️ Where AI + automation reduce (and introduce) risk 🔐 What modern governance actually looks like in 2026 👉 Register now to your spot: https://lnkd.in/d2EFX_H7