IAM expertise, case studies, and AI governance thinking

Abstract Agentic AI systems introduce an identity problem that traditional infrastructure was not designed to fully solve. When a software agent acts autonomously, querying APIs, invoking tools, calling services, or coordinating with other agents — the identity question is not only: “What workload is making this request?” The more important question becomes: “Which human authorised this action, through which agent, for what purpose, with what scope, and can that be proven at

Abstract In regulated environments, identity systems must meet strict audit, compliance, and governance requirements. Default operational models are often insufficient, particularly when configuration changes are not traceable or reproducible. In Keycloak deployments, achieving compliance requires shifting from manual administration to an API-driven, pipeline-controlled model. This article explores how configuration management, audit pipelines, and access controls can be desi

Primary Audience: Platform Engineers building identity infrastructure, Security architects designing authentication systems, Teams operating large-scale SaaS or financial systems. CNCF Alignment: Kubernetes, HA, Multi-RegionAbstract At scale, identity systems are defined by how sessions are managed, tokens are designed, and validation is performed. In large Keycloak deployments, these decisions directly impact performance, availability, and security. This article explores pra

The EU AI Act is not the only regulation your enterprise needs to think about. But it is the clearest signal that the governance gap most organisations have quietly tolerated is about to become a measurable compliance liability. This is not a policy problem. It is an architectural one. The Governance Gap Nobody Talks About Most enterprises deploying AI agents rely on the same access control infrastructure they have used for a decade. RBAC. ABAC. API gateways. Firewall rules.

Earlier this month, a security firm called CodeWall pointed an autonomous AI agent at McKinsey's internal AI platform, Lilli. No credentials. No insider knowledge. Just a domain name. Two hours later, the agent had full read and write access to the entire production database. 46.5 million chat messages. 728,000 confidential files. 57,000 user accounts. And — most critically — 95 system prompts that controlled how Lilli thought, responded, and behaved. All writable. Silently.

Understanding Ping Product Support Status Ping Identity has formalised its product lifecycle — and for many organisations, the deadlines are approaching faster than expected. The new Support Status model finally gives clarity, but it also exposes a hidden risk: many enterprises are already running versions that are nearing End of Maintenance or End of Support. The shift to STS (Short-Term Support) and LTS (Long-Term Support) finally brings predictability to upgrade planning