Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI agents are being deployed in the real world at pace. In the enterprise realm, they’re accessing APIs, shipping code, and running decisioning workflows on behalf of the organizations and individuals who deploy them. Entirely new businesses have sprung up, leveraging AI agents to streamline customer support and sales processes.

Non-human identities (NHIs) such as service accounts, API keys, tokens, and workload identities now outnumber human users by 10x or more in most organizations. Unlike human identities that follow HR-driven lifecycles, NHIs are often created ad hoc, granted excessive permissions, and rarely decommissioned. Effective NHI lifecycle management spans five stages: discovery and inventory, secure provisioning, ongoing monitoring, credential risk management (including rotation), and decommissioning.

In Australia, the introduction of the Social Media Minimum Age Act increased the importance of gauging a user’s age without compromising their privacy. To help organizations navigate these requirements, Persona now supports an integration with ConnectID, an Australian digital identity network.

Employees are adopting Artificial Intelligence (AI) tools to enhance their productivity, but they rarely consider the security implications of doing so. When an employee pastes sensitive customer data into an unapproved AI tool, that data is processed by a third-party model outside the organization’s control, often leaving no audit trail for security teams to review.

Each year, Identity Management Day (IMD) serves as a global reminder that managing digital identities is more than a technical requirement; it is a cornerstone of modern trust. Now in its sixth year, IMD continues to emphasize how identity itself is evolving, stretching beyond human users to encompass machines, automated agents, and even AI-generated personas.

VPNs have long been considered the backbone of secure remote access, especially as organizations shifted to distributed work environments. By encrypting data in transit, they create a secure tunnel between users and corporate systems. On the surface, this appears sufficient to protect sensitive business operations and internal resources. However, encryption alone does not guarantee security. VPNs do not verify who is accessing the network, only that the connection is valid.

In Shopify, “locking” your store doesn’t refer to a single built-in function. It can mean different things depending on your objective. For some merchants, it’s as simple as password-protecting the entire storefront during maintenance or pre-launch phases. For others, it involves restricting access to specific products, collections, or pages, especially in B2B or wholesale scenarios where pricing and inventory should only be visible to approved customers.

Data leaks are no longer rare incidents. They have become a constant concern for organizations of all sizes. A single exposed file can lead to compliance violations, financial penalties, and long-term damage to brand reputation. In many cases, the impact builds over time as sensitive data spreads beyond control. At the same time, the nature of data has changed. Important information is no longer limited to structured formats like databases or spreadsheets.

Privileged accounts are the most powerful and most vulnerable identities in any organization. System administrators, DevOps engineers, and IT teams have access to core systems, sensitive data, and critical infrastructure. This level of access is essential for daily operations, but it also makes these accounts highly attractive targets for attackers. The real challenge is not just tracking activity, but understanding whether that activity is normal or not.