From Neal Mueller, Product at Apple, on the Ceros launch: "agent security as an operational problem, not just a compliance checkbox."
That framing is the entire argument. AI agent governance lives in runtime now, owned by the SOC, not by whoever ran the year-end audit. Discovery and inventory, runtime governance, provenance and incident response, runtime orchestration. The four pillars of operating AI agents safely at enterprise scale.
Ceros launched today as the first platform that addresses all four. Five-dimension identity per agent session. Hardware-bound. Continuous evaluation. Provenance you can hand to an auditor or a forensics team.
If you're at Identiverse this week, we're at booth 545 with a demo of what each of those four looks like in your own environment.
https://t.co/0w7HiJN7yY
Ceros is live! The first trust layer built for the agents your IAM stack never planned for.
Your AI agents act with your credentials, on devices your IdP did not issue, calling tools your security team did not sanction. Today that gap closes.
Ceros launches today as a control plane purpose-built for autonomous agents. Five-dimension identity on every agent session: who is running it, how they were authenticated, whether the device is compliant, what tools the agent can touch, what configuration it launched with. Continuous policy enforcement across every action.
If you're at Identiverse, we're at booth 545 with two demos: AI discovery (the inventory you did not run) and live policy enforcement (the agents that stopped before they did the wrong thing).
https://t.co/0w7HiJMzJq
@jassoncasey said we can't post too much about https://t.co/QDJ83VfLvz during the next three days while the team is at Identiverse (Booth 545), so this is me doing my best impression of the @Wendys social media manager.
We're at Identiverse this week. Booth 545. Tomorrow we ship something the team has been heads down on for a year.
A category of identity that did not need to exist five years ago is now the most important control plane in your stack: the agents.
The MCP servers running on your developers' laptops. The Claude session that calls your CRM API. The internal automation that just got a key with read-and-write to your data warehouse.
Identity was not built for any of them. We rebuilt it for all of them.
If you're at Identiverse, come find us at booth 545. Tomorrow you'll see the rest.
https://t.co/0w7HiJMzJq
Our Head of Product Marketing @KasiaatBI moved into the engineering Gitlab repo. Not to learn Git but to compress distance between product context and marketing distribution ๐งต
Pushing it one step further, she built a sign up > HubSpot > enrichment > dashboard automation pipeline.
No engineering ticket. No backlog. A marketer, working in a repo, shipping ops infrastructure. ๐คฏ
It turns out a lot of marketing is repetitive tasks fitted to different contexts. So she built Skills in Claude Code that enforce brand voice, kill AI slop, and pull directly from product specs.
Output: nurture sequences, sales outreach, one pagers, ad copy. All grounded in facts of what actually shipped.
Your AI agent will do whatever it's told.
Not just by you.
Every tool result is a potential prompt injection and it doesn't have to happen all at once.
Jasson Casey from @beyondidentity calls it the Ron Burgundy problem.
Who's checking yours?
#cloudsecurity#AIsecurity
Step 1: build an agent to manage the deluge of security alerts
Step 2: give said agent credentials and access to do its tasks
Step 3: HOLY SH*T FIGURE OUT HOW TO GOVERN SAID AGENT
Or our security engineerโs adventures building with @claudeai and securing the autonomous agent
Sanctioning an AI tool โ governing it.
A developer runs the Claude Code you approved, but logged in with a personal account. This means your managed config doesn't apply and your audit trail sees nothing.
The agent is sanctioned. The session is not.
Three gaps most security teams miss, and how to close them: https://t.co/JD4mPkuWo7
Every new AI agent your team ships = another API key living somewhere you don't fully control.
Nobody's doing anything wrong. That's just how credential checkout works at scale.
The problem compounds quietly until it doesn't. We wrote about what the architecture looks like when you stop distributing secrets to endpoints entirely, check it out:
https://t.co/z68mi3ihJf