In partnership with
The identity surface continues to shift away from logins and toward the invisible trust paths that connect systems. Over the past two weeks, new research, real world attack techniques, and vendor signals all point in the same direction. Identity risk now lives in tokens, integrations, non human identities, and permissions that look legitimate until they are abused.
One of the most important developments this month is the rise in OAuth device code phishing used to compromise Microsoft 365 environments. Security researchers have documented active campaigns abusing Microsoft’s legitimate device authorization flow to gain full account access without stealing passwords or triggering traditional MFA alerts. Victims are redirected to real Microsoft pages and unknowingly approve access. From a logging perspective, the authentication is valid. From a security perspective, the account is lost. This technique has been covered in detail by IT Pro and other security outlets and represents a clear shift toward identity attacks that operate entirely inside approved workflows.
This attack pattern aligns closely with recent identity and cloud security research. Palo Alto Networks released findings showing a sharp increase in cloud security incidents tied to identity misconfigurations rather than malware or exploits. According to their research, the rapid adoption of AI driven cloud services is expanding the number of non human identities faster than most organizations can govern them. Excessive privileges, weak lifecycle management, and limited visibility are now responsible for the majority of cloud exposure.
Supporting this view, additional industry research reports that nearly all surveyed security teams experienced attacks targeting cloud or AI services in the past year. Identity sprawl and fragmented tooling were cited as major contributors to slow detection and response. This reinforces a growing consensus that identity is no longer a supporting control but the primary attack surface in modern environments.
IAM maturity data continues to expose a structural gap between awareness and readiness. The latest Ponemon Institute IAM Maturity Report shows that most organizations remain in early or mid stage identity maturity despite years of investment. Programs that treat identity as a compliance obligation rather than an operational discipline consistently report higher risk exposure and slower incident response. The findings confirm what many CISOs already suspect. Identity tooling alone does not equal identity control.
Customer identity is also accelerating as a strategic concern. Market research now projects the CIAM category to grow rapidly over the next decade, driven by fraud pressure, regulatory demands, and digital customer experiences. This growth is pulling identity risk closer to revenue generating systems and increasing executive visibility when failures occur.
Beyond immediate threats and market growth, published research is beginning to challenge foundational identity assumptions. Recent academic work proposes new identity frameworks designed for AI agents and decentralized systems using verifiable credentials and policy driven authorization. While not production ready for most enterprises, this research highlights a growing recognition that static directories and long lived entitlements are poorly suited for modern, automated environments.
Taken together, these developments tell a consistent story. Attackers are no longer trying to break identity systems. They are using them exactly as designed. OAuth flows, AI service accounts, SaaS integrations, and inherited permissions now form the quiet paths of compromise. Many organizations still lack a clear view of who or what has access, why it exists, and whether it should.
For CISOs, this moment demands a shift in focus. Strong authentication is table stakes. The next phase of identity security will be defined by visibility into effective access, control over non human identities, and the ability to reason about permissions across systems in real time.
IdentityGazette will continue to track the signals that matter across vendors, research, incidents, and architecture. Identity is no longer a static layer. It is the system everything else depends on.
Share IdentityGazette with your network
Payroll errors cost more than you think
While many businesses are solving problems at lightspeed, their payroll systems seem to stay stuck in the past. Deel's free Payroll Toolkit shows you what's actually changing in payroll this year, which problems hit first, and how to fix them before they cost you. Because new compliance rules, AI automation, and multi-country remote teams are all colliding at once.
Check out the free Deel Payroll Toolkit today and get a step-by-step roadmap to modernize operations, reduce manual work, and build a payroll strategy that scales with confidence.