Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When a production line stops, the clock starts ticking. In manufacturing environments I’ve worked in, every minute of downtime can translate into missed delivery commitments and revenue you’ll never see again. How long that outage lasts will be decided in the first few minutes, when identity ownership and decision authority are still being sorted out. That authority gap is easy to underestimate. Manufacturing leaders already plan extensively for physical disruption.

In my experience working inside banks, identity security can be like plumbing: when it’s working, no one wants to talk about it. When there’s an incident, an audit, or a regulator—suddenly everyone wants to understand how it works. Artificial intelligence (AI) brings the same “no one cares until everyone does” energy, but with face-melting velocity. Today, AI is embedded across large parts of the financial services industry, and it has been around for more than 25 years.

For years, identity has been treated as a supporting function, authenticating users, gating access, and satisfying audit requirements. Important, but rarely foundational. That era is over. In modern enterprises, identity has become the infrastructure on which critical systems depend. Every workload, certificate, API, automated process, and AI-driven action must rely on identity to operate safely and predictably. When identity fails, those systems become exposed—and often stop behaving as expected.

CyberArk founder and executive chairman Udi Mokady returns to Security Matters at a transformational moment—now as part of Palo Alto Networks, following the acquisition’s close on February 11. In this far‑reaching conversation, Udi and host David Puner explore why identity has become the attack vector for modern enterprises, driven by an unprecedented surge in human, machine and AI‑powered identities that attackers increasingly exploit.

As AI systems are used in our day-to-day operations, a central reality becomes unavoidable: AI doesn’t configure itself and must be set up with human approval and oversight. It requires engineers and developers to configure it. Developers need privileges to access and implement components, agents, tools, and features of the platforms. But developers don’t just have these privileges unconstrained… right? Where trust and privileges exist, someone will try to abuse them.

Cryptographic failures have a knack for turning a quiet weekend into a chaotic, all-hands-on-deck emergency. Consider the SHA-1 to SHA-2 deprecation, sometimes referred to as “Shapocalypse,” which sent teams scrambling to reissue thousands of certificates and exposed how many legacy systems weren’t ready for stronger hash algorithms. The major Certificate Authority (CA) distrust events involving DigiNotar in 2011, Symantec in 2017-18, and Entrust in 2024-25 created similar disruption.

The viral surge of OpenClaw (formerly Clawdbot and Moltbot) has captured the tech world’s imagination, amassing over 160,000 GitHub stars and driving a hardware rush for Mac Minis to host these 24/7 assistants.

Over the past week, multiple research teams have documented a renewed wave of voice-led social engineering (vishing) targeting identity providers and federated access. The entry point is not through malware or a zero-day exploit. The goal is simple. Persuade a user to help complete authentication in real time, then use that trusted session to move through SaaS applications and exfiltrate data. Security leaders already know the fundamentals. Multi-factor authentication (MFA) can be socially engineered.

Most organizations never planned for AI to start making real decisions. They started with simple helpers. An agent answered basic questions or generated small automations so teams could avoid opening another IT ticket. It felt harmless. But as these agents become more capable and more autonomous, they begin operating across systems at machine speed. They connect tools, provision access, and trigger chained actions long after the original request.

Passkeys now protects billions of accounts, redefining how the world signs in through stronger, more secure authentication without a password. Yet this global movement runs deeper than most realize. While passkeys implements thoroughly scrutinized standards developed by the FIDO Alliance in collaboration with the W3C, global adoption, however, is driven by a central layer that extends beyond the open standards, one that remains little-researched, varies by implementation, and it is often misunderstood.