IAM

identity-security

Jun 2, 2026

•

4 min read

Ransomware Doesn't Break In. It Logs In

The forensics always leads back to the same place — an account that shouldn't have existed, with access it shouldn't have had. Here's what to fix before the 2 AM alert.

Dennis Andrade

AppSec

The Apps on Your Phone Are Installing Themselves Now. They're Also Stealing From Each Other

May 5, 2026

•

3 min read

The Apps on Your Phone Are Installing Themselves Now. They're Also Stealing From Each Other

A self-spreading worm just ran through the tools developers use to build every app you touch. Here's what that means for you — and what to do about it.

Dennis Andrade

Oauth Security

Your Token Budget Just Became Your Attack Surface

Apr 28, 2026

•

3 min read

Your Token Budget Just Became Your Attack Surface

The Vercel breach wasn't a credential failure. It was a token problem — and your IAM program probably can't see it.

Dennis Andrade

Least Privilege

Your AI Agent Has More Access Than Your Domain Admin

Apr 21, 2026

•

3 min read

Your AI Agent Has More Access Than Your Domain Admin

Five vendors. Six weeks. The same architectural failure. Here's why agents keep shipping with godmode permissions — and what good actually looks like.

Dennis Andrade

IAM

Ransomware Doesn't Break In. It Logs In

The Apps on Your Phone Are Installing Themselves Now. They're Also Stealing From Each Other

Your Token Budget Just Became Your Attack Surface

Your AI Agent Has More Access Than Your Domain Admin

Identity Decoded