Security in the Age of AI
Three talks today all pointed at the same thing from different angles: the security industry is quietly pivoting from perimeter thinking to identity thinking, and most organizations haven't noticed yet.
The vendors are ahead of the practitioners. The practitioners are ahead of the compliance frameworks. And the compliance frameworks are still mostly describing a world that doesn't exist anymore.
The shift isn't technical — it's organizational. Identity security is no longer a subset of IAM; it's becoming the substrate that everything else runs on. The teams that understand this are reorganizing around it. The ones that don't are buying zero trust products and wondering why nothing improves.
Pay attention to the credential abuse numbers. Every speaker who showed breach data had the same root cause distribution at the top: compromised credentials, not CVEs. The product industry is finally catching up to that reality, but slowly.