Martin Kuppinger on 7 IAM trends for EIC 2025

Introducing STELA - Self-Tuning Evidence-Led Access We’re moving beyond Zero Trust Architecture toward a model where trust is dynamic, measurable, and self-adjusting. Why STELA beyond ZTA? ZTA says: “Never trust, always verify.” STELA adds: “Measure, verify, and adapt — continuously.” What STELA brings: - AI-Driven Trust: Real-time Trust Score for every request, based on identity, device posture, behavior, and context. - Policy-as-Code + AI: Policies are generated, validated, and versioned automatically via GitOps workflows. - Autonomous Enforcement: Automatic step-up (MFA/attestation), limited scope/TTL, micro-segmentation, or session isolation. - Digital Twin: “What-if” simulations and policy validation before global rollout. - Data & Workload-Centric: Protection for apps, APIs, and data with mTLS, KMS/HSM, Confidential Computing (TEE), PQ-crypto readiness. What security and business teams gain: - Reduced MTTD/MTTR and fewer false positives. - Evidence-driven decisions (observability → risk → policy → enforcement). - Better user experience: adaptive access instead of blanket denial. - Auditability and compliance (ISO 27001 / NIST / NIS2 / DORA). Attached is the STELA architecture diagram — clearly showing the flows and components: Policy Brain (PDP), Enforcement Fabric (PEP), AI Trust Engine, Digital Twin, and more. Curious to hear your thoughts — where do you see the strongest use cases for STELA? Hybrid environments, SaaS, critical infrastructure? #STELA #ZeroTrust #ZTA #CyberSecurity #InfoSec #SecurityArchitecture #AI #AIOps #PolicyAsCode #SIEM #SOAR #IAM #DevSecOps #ConfidentialComputing #DataSecurity

Identity used to mean people. Now it means everything that acts, like scripts, schedulers, agents, and AI. Each automation platform, workflow runner, and model adds its own layer of service accounts and temporary credentials. They request access, perform actions, and often keep their permissions long after the task is complete. The result is orchestration-driven identity sprawl, with thousands of invisible, short-lived identities operating faster than your policies can react. Traditional IAM can’t keep up. It was built for users, not for autonomous systems making real-time decisions and calling APIs at scale. hoop.dev sits where these identities actually act, in the execution layer. With hoop.dev, you can - Block every dangerous command from executing - Require command-level approvals for sensitive commands - Mask sensitive data at the protocol level - Record every action and approval for review and playback. It’s how we turn AI and automation from governance risks into fully controlled systems. Because in the age of AI orchestration, control may start with identity, but the heart of control is in execution. Website: https://hoop.dev/ hoopAI: https://hoop.dev/hoopai Docs: https://lnkd.in/eyGbyDvd GitHub: https://github.com/hoophq

We’ve reached a point where traditional 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲𝗱 𝗔𝗰𝗰𝗲𝘀𝘀 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 (PAM) can’t keep up with how fast infrastructure evolves. Long-lived credentials, static passwords, and separate vault systems add friction, slow down engineers, and expand attack surfaces. ❌ That’s why I found Teleport Vault-Free PAM to be a major shift in how we think about access and identity. Here’s what makes it stand out: > No passwords or vaults: access is based on short-lived certificates, not credentials that live forever. > Just-in-time permissions: access is granted only when needed, reducing exposure risk. > Unified identity: one consistent lens to govern access for AI, users, bots, service accounts, and more. > Centralized auditing: visibility across all activity, without juggling multiple tools. > Developer-first design: built to reduce engineering toil, not create new silos. Vault-based PAM solved yesterday’s security problems. Today, we need speed, scale, and simplicity, without compromising trust or control. Teleport’s Vault-Free PAM is exactly that: identity-based, zero trust, and made for cloud-native teams. If you’re still relying on vaults and static credentials, it’s worth exploring how modern Infrastructure Identity can reshape your access workflows. Thanks to Teleport for partnering with me on this post to highlight the shift toward modern Infrastructure Identity. Learn more here: https://fandf.co/46YpxBd #security

AI agents are automating coding, business workflows, customer and internal support, HR, security, and analytics. These advanced agents are ready for high-impact deployment across critical business functions, from accelerating software development to fortifying cybersecurity and enhancing customer support. This article dives into six strategic use cases where executives can champion AI agents to drive unprecedented efficiency, cut costs, and gain a significant competitive edge. http://ms.spr.ly/6045s0bS9

As enterprises accelerate AI adoption, identity security is becoming a critical layer of defense—not just for people, but for machines. Okta recently announced new platform capabilities to help organizations securely manage AI agents, enforce trust through tamper-proof credentials, and shift access control to the identity layer itself. The introduction of Okta for AI Agents reflects a growing recognition that nonhuman identities must be governed with the same discipline as any other user. Combined with a new open standard called Cross App Access, and forthcoming support for verifiable digital credentials, these updates aim to simplify integration, reduce risk, and lay the groundwork for secure, AI-powered ecosystems. In a rapidly evolving environment, identity is no longer a backend concern—it’s infrastructure for trust. Read more here: https://bit.ly/3VLQm6v

AI agents are automating coding, business workflows, customer and internal support, HR, security, and analytics. These advanced agents are ready for high-impact deployment across critical business functions, from accelerating software development to fortifying cybersecurity and enhancing customer support. This article dives into six strategic use cases where executives can champion AI agents to drive unprecedented efficiency, cut costs, and gain a significant competitive edge. http://ms.spr.ly/6043svi33

Top 10 #Strategic #Technology Trends for 2026- Key trends by Gartner ✅ 80% of organizations will evolve large software engineering teams into smaller, #AI-augmented teams by 2030. ✅ 40% of enterprise application portfolios will include custom applications built using AI-native platforms by 2030 (up from 2% in 2025). ✅ 40%of enterprises will adopt hybrid #computing architectures by 2028 (up from 8%). ✅ +60% of enterprise #GenAI models will be domain- specific by 2028 ✅ 80% of warehouses will use #robotics or # automation by 2028 #Bigdata #ArtificialIntelligence #Supercomputing #Multiagent #AgenticAI #Fintech #Finserv #Cybersecurity #Regulation #Regtech Mike Flache Francesco Burelli Tony Moroney Panagiotis Kriaris Dr. Martha Boeckenfeld Prof. Dr. Ingrid Vasiliu-Feltes ®© Spiros Margaris Alex Jimenez Nicolas Babin Nicolas Pinto Amitav Bhattacharjee Sam Boboev Enrico Molinari Dr. Khulood Almani🇸🇦 د.خلود المانع Efi Pylarinou Martin Moeller Imtiaz Adam Eveline Ruehlin Sharad Agarwal Victor Yaromin https://lnkd.in/gDUmD8ph

🛡️ Designing Trust Into Agentic AI at intelliSPEC™ As agents gain autonomy, the blast radius of a single misstep grows. At intelliSPEC™, I decided to shift left on safety and codify red lines before any agent ships. 🔧 What I changed I added a short Red-Lines section to AGENTS.md that requires explicit human approval before any agent can touch: 🔐 Authentication or billing settings 🏗️ Infrastructure manifests / IaC (Terraform, Helm, Kubernetes) 🔑 CI/CD secrets and credential stores Agents may propose changes and generate diffs. They cannot apply them without a human-issued approval token or MFA confirmation. Every request is logged, versioned, and alertable. 🎯 Why this matters at intelliSPEC™ Our platform orchestrates complex industrial workflows, so protecting identity, infrastructure, and secrets is non-negotiable. Red-lines reduce excessive agency risk, enforce least privilege, and keep sensitive data behind policy-enforced guardrails. 🗺️ How I suggest others start (today) 📑 Add a Red-Lines table to AGENTS.md 🧩 Gate high-impact actions behind an approval token 🏦 Vault secrets behind policy checks and auditable APIs 🚨 Alert on any denied or unexpected elevation 📘 What is AGENTS.md? AGENTS.md is the source-of-truth playbook that defines each agent’s permissions, guardrails, and human-approval flow—and agents consult it at runtime before executing actions. If this resonates, follow the intelliSPEC™ page on LinkedIn for more in-depth insights and open snippets from our engineering playbooks. #AgenticAI #SecurityByDesign #DevSecOps #LLMSafety #IndustrialSoftware #intelliSPEC PS: I’ll also share my detailed AGENTS.md, a practical guide to a low-code/no-code agent framework with security guardrails baked in. Follow the intelliSPEC™ page to stay updated as it goes live.

How ZenBusiness scaled enterprise security without adding headcount: With just 5 people running IT for 550+ remote users, ZenBusiness needed enterprise-grade data protection that wouldn’t overwhelm their lean team. They turned to Nightfall AI. The results speak for themselves: - 6+ enterprise apps secured - Majority of issues remediated automatically by end users - <1% false positive rate - Zero additional headcount required "Any type of system that requires constant babysitting or manual intervention is an automatic no for us. We needed a solution that we don’t need to constantly check on. Nightfall is perfect in that regard. If we didn't have it, we would need a full-time security person just to do DLP. That's headcount we just don’t have.”  – Chris Chipman, Enterprise IT Architect, ZenBusiness Read how Nightfall helps ZenBusiness protect customer PII, secure code in GitHub, and scale SecOps in Slack. All while keeping their IT team lean: https://lnkd.in/g7Y9PDHs #CaseStudy #AI #NightfallAI #DLP #DataSecurity

⚠️ Speed without security isn’t innovation, it’s exposure. That’s the tension highlighted in Vocal Media’s recent piece, diving into a real shift: business teams can now build apps faster than ever, no deep coding required. It’s democratizing development, but also expanding the attack surface in ways most organizations aren’t ready for. When anyone can create, unseen risks multiply: misconfigurations, data leaks, and shadow apps hiding in plain sight. At Nokod, we help enterprises embrace low-code safely: delivering visibility, governance, and security that keep pace with innovation. Because moving fast only works if you move safely. 💡 https://lnkd.in/e_T4f97U