Identity Decoded

Practitioner intelligence on identity, AI agents, and enterprise trust.

AppSec

The Apps on Your Phone Are Installing Themselves Now. They're Also Stealing From Each Other

May 5, 2026

•

3 min read

The Apps on Your Phone Are Installing Themselves Now. They're Also Stealing From Each Other

A self-spreading worm just ran through the tools developers use to build every app you touch. Here's what that means for you — and what to do about it.

Dennis Andrade

Oauth Security

Your Token Budget Just Became Your Attack Surface

Apr 28, 2026

•

3 min read

Your Token Budget Just Became Your Attack Surface

The Vercel breach wasn't a credential failure. It was a token problem — and your IAM program probably can't see it.

Dennis Andrade

Least Privilege

Your AI Agent Has More Access Than Your Domain Admin

Apr 21, 2026

•

3 min read

Your AI Agent Has More Access Than Your Domain Admin

Five vendors. Six weeks. The same architectural failure. Here's why agents keep shipping with godmode permissions — and what good actually looks like.

Dennis Andrade

Your Autonomous Agents Are Running With God Mode Permissions

Apr 14, 2026

•

6 min read

Your Autonomous Agents Are Running With God Mode Permissions

The Agent Permission Paradox

Dennis Andrade

identity-governance

The Debt Your Security Team Isn't Tracking

Apr 7, 2026

•

7 min read

The Debt Your Security Team Isn't Tracking

Most enterprises are carrying identity debt they can't see. Here's what it looks like — and where to start paying it down.

Dennis Andrade