Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Hims & Hers, one of the biggest telehealth platforms in the U.S., just disclosed that millions of customer records were exposed. Not because of some sophisticated exploit, but because a single compromised login had standing access to a connected platform. One identity was all it took. This breach is worth paying attention to not because it’s unusual, but because it’s so ordinary.

Today, we’re introducing Approval Escalation, a new capability in Apono that automatically moves access requests forward when the original approver doesn’t respond in time. Because no one should be stuck waiting seven hours just to do their job.

Today, we’re introducing Justification Coach, a new AI-powered capability that helps users write better access request justifications in real time, so admins get the context they need for audits and investigations without having to chase people down after the fact.

An intern gets admin access to production for a temporary task, but nobody remembers to revoke it. Imagine that intern works at machine speed, never sleeps, and can chain dozens of actions before you’ve read the Slack ping—and has no instinct for when they’re about to do something irreversible.

For many enterprise security teams, audit season feels less like validation and more like reconstruction. Not because they lack logs, and not because their teams are careless, but because their privilege model was never designed to produce a clean, unified story. In Microsoft Entra ID environments, Privileged Identity Management (PIM), works well as long as your world is entirely Microsoft. But no enterprise operates in a single-vendor bubble.

Microsoft Entra ID Privileged Identity Management is designed to bring structure to privileged access inside Microsoft environments. It allows organizations to make roles eligible, require activation, and enforce approval workflows. Within Azure, it performs that role predictably. The challenge begins when engineering workflows extend beyond Azure. Modern infrastructure rarely lives in a single ecosystem.

Anthropic’s new Claude Code Auto Mode Auto Mode is generating well-deserved attention. It introduces a classifier that sits between the developer and every tool call, reviewing each action for potentially destructive behavior before it executes. It’s a real improvement over the only previous alternative to manual approval: the –dangerously-skip-permissions flag. But the announcement is also useful for a broader reason.

In the current AI boom, we race to use copilots, orchestration scripts, CI workflows, retrieval pipelines, and background jobs. Sometimes, we take for granted that every one of these things needs an identity. Service accounts. OAuth apps. API keys. Short-lived tokens. As AI velocity increases, so does the number of these non-human identities (NHIs). Instead of obsessing over model quality, latency, hallucinations, and GPU costs, we also need to consider how these identities impact security.

NEW YORK – March 18, 2026 – Apono, the agentic-forward cloud-native Privileged Access Management platform, today announced the launch of Agent Privilege Guard, a new product that gives enterprises the ability to deploy AI agents at full velocity without creating security risks they cannot control.

In most organizations, identity governance and administration (IGA) solutions are supposed to answer one simple question: who has access to what, when, and why? But in cloud-native teams shipping daily, that question gets messy fast. Permissions sprawl and temporary access quietly become permanent. The blast radius is colossal. Third-party involvement in breaches doubled to 30% over the last year, which is exactly what happens when access decisions are scattered across vendors, apps, and infrastructure.