Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Non-human identities are the fastest-growing and least-governed identity population in most environments. Service accounts, API keys, and AI agents run without MFA, without owners, and without expiration. Traditional identity and access management (IAM) wasn't built to manage them. Without governance for discovery, ownership, and lifecycle management, stale machine credentials become attacker footholds that persist for months.

In my experience working inside banks, identity security can be like plumbing: when it’s working, no one wants to talk about it. When there’s an incident, an audit, or a regulator—suddenly everyone wants to understand how it works. Artificial intelligence (AI) brings the same “no one cares until everyone does” energy, but with face-melting velocity. Today, AI is embedded across large parts of the financial services industry, and it has been around for more than 25 years.

Update (February 24, 2026): @vmfunc has published part two of their series about Persona. You can read it here. We will update this post with part three when it is released. On February 16, 2026, security researchers @vmfunc, @MDLcsgo, and @DziurwaF published a blog post identifying exposed frontend source maps on a non-production subdomain under withpersona-gov.com.

When it comes to protecting business-sensitive data, understanding the difference and the scope of Network DLP, Endpoint DLP, and Cloud DLP is essential. Each of these Data Loss Prevention solutions (DLP) plays a unique role in securing data across various environments, whether it is on the Network, on individual devices, or in the Cloud. Knowing how each solution works can help you determine the best approach to safeguard your organization's sensitive information.

Data Loss Prevention (DLP), also called data leakage protection, is a cybersecurity approach designed to detect, prevent, and manage unauthorized access, sharing, or transfer of sensitive information. In simple terms, DLP helps organizations keep control of critical data such as personally identifiable information (PII), financial records, credentials, and intellectual property (IP).

Supplemental document checks are often required for businesses that conduct Know Your Customer (KYC) or Know Your Business (KYB) checks. Even when compliance isn’t required, organizations often collect supplemental documents for their own business purposes, such as risk assessments. In business contexts, a supplemental document is a non-government-issued document that you collect to support a risk assessment.

Audiences around the world may be captivated by dramatic stories of con men like the Tinder Swindler. But this type of fraud is the exception rather than the rule. Most criminals go to great lengths to stay hidden and minimize the risk of getting caught. Sometimes, though, a criminal needs to show their face — or at least, a face — to pass identity checks.

For years, identity has been treated as a supporting function, authenticating users, gating access, and satisfying audit requirements. Important, but rarely foundational. That era is over. In modern enterprises, identity has become the infrastructure on which critical systems depend. Every workload, certificate, API, automated process, and AI-driven action must rely on identity to operate safely and predictably. When identity fails, those systems become exposed—and often stop behaving as expected.