AI Gateways Offer Attackers the Keys to the Kingdom
A cryptomining incident highlights how AI gateways can provide access to AI models, cloud infrastructure, and identity and access management (IAM) data.
Identity and access management limits unauthorized access by controlling accounts and permissions; least privilege and MFA reduce breach impact.
Search across headline titles and summaries.
Background for this topic.
Identity and Access Management (IAM) is the set of processes and systems that create and manage digital identities, verify who or what is requesting access, and decide which resources it may use. It covers people, services, applications, and devices across their lifecycle, including account creation, role changes, and removal. Authentication establishes identity; authorization applies permissions.
IAM is a primary control against unauthorized access: stolen credentials, compromised service accounts, or excessive and abandoned permissions can expose systems and data or enable an attacker to move between them. Effective practice combines phishing-resistant multifactor authentication for sensitive access, least privilege through roles or attributes, prompt joiner–mover–leaver changes, and periodic access reviews. Centralized logs and alerts for unusual authentication or privilege changes support investigation, while carefully governed federation and machine identities prevent one compromised trust relationship from granting broad access.
Weekly headline count for the current query.
A cryptomining incident highlights how AI gateways can provide access to AI models, cloud infrastructure, and identity and access management (IAM) data.
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.
Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.
The same APT hammered critical bugs in Citrix NetScaler (CVE-2025-5777) and the Cisco Identity Service Engine (CVE-2025-20337) in a sign of growing adversary interest in identity and access management systems.
While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks.
A software developer discovered a way to abuse an undocumented protocol in Amazon's Elastic Container Service to escalate privileges, cross boundaries and gain access to other cloud resources.
The deal shakes up the identity and access management landscape and expands Palo Alto Networks' footprint in the cybersecurity market.
DigitalOcean executives describe how they automated and streamlined many of the identity and access management functions which had been previously handled manually.
The $215 million acquisition will allow Jamf offer dynamic identity capabilities and device access in a single platform.
Amazon Web Services made updates to its identity and access management platform to help developers implement secure, scalable, and customizable authentication solutions for their applications.
Instead of building a list of users and identifying what systems each use can access, Token Security starts with a list of machines and determining who can access each system.
The new startup’s identity and access management platform uncovers poorly monitored service accounts and secures them from abuse.
Amazon Web Services announced enhancements to several of its security tools, including GuardDuty, Inspector, Detective, IAM Access Analyzer, and Secrets Manager, to name a few during its re:Invent event.
After 1Password, MGM, and Caesars, yet more cybersecurity woes mount for the identity and access management company.
Okta's IAM platform finds itself in cyberattackers' sights once again, as threat actors mount a supply chain attack targeting Okta customer support engagements.
Sophisticated attacks on MGM and Caesars underscore the reality that even robust identity and access management may not be enough to protect you.
The private equity from has invested billions of dollars in identity and access management (IAM) but now it’s on Ping founder and CEO Andre Durand and his team to rationalize overlapping product lines.
Threat actors convince employees to reset MFA for Super Admin accounts in the IAM service to leverage compromised accounts, impersonating users and moving laterally within an organization.
In this Dark Reading News Desk segment, Mike Wyatt and John Ayers of Cyderes discuss how artificial intelligence has already been weaponized against businesses and consumers.