Examines how authorization frameworks must evolve for autonomous AI agents, covering dynamic policy enforcement, delegation chains, and the shift from static IAM to context-aware authorization.
Venture capital perspective on why 48% of cybersecurity professionals identify agentic AI as the top attack vector, and how authorization and identity controls must adapt.
Deep dive into Uber's attribute-based access control system Charter, which separates authorization logic from application code across thousands of microservices.
NIST concept paper exploring how identity standards like OAuth 2.0 can be applied to AI agents, covering authorization delegation and audit logging for non-human entities.
Survey of 900+ practitioners finding that 88% of organizations reported AI agent security incidents, yet only 22% treat agents as independent identity-bearing entities.
System design walkthrough of Google Zanzibar's architecture, explaining how it stores trillions of permission records and serves millions of requests per second.
How AI agents operating with broad shared credentials create unintended privilege escalation paths, since authorization is evaluated against the agent's identity rather than the requesting user's.
The OpenID Foundation approved AuthZEN Authorization API 1.0 as a Final Specification, standardizing PEP-PDP communication the way OpenID Connect standardized authentication.
NIST formally seeks public input on securing AI agent systems, including authorization controls, identity management, and prompt injection defenses.
Identifies seven limitations of legacy IAM frameworks for AI agents and proposes two new architectures for agent-native authorization.
Covers the OWASP Top 10 2025 release where broken access control maintains the number one position, with 100% of tested applications exhibiting some form of access control failure.
Forrester research shows IAM spending will nearly double to $27.5B by 2029, with dynamic authorization replacing static entitlements.
The official OWASP Top 10 2025 entry documenting how broken access control affects 100% of tested applications, with 40 mapped CWEs.
Comprehensive guide to AI agent security threats including prompt injection and token compromise, advocating for dynamic authorization policies.
IBM's 2025 Cost of a Data Breach Report reveals organizations with shadow AI face $670K in additional breach costs, and 97% of AI-related breaches lacked proper access controls.
Developer handbook comparing RBAC, ABAC, and ReBAC access control models with practical implementation guidance.
NIST's practice guide demonstrating 19 zero trust implementations, emphasizing authentication and authorization as discrete functions before resource access.
Developer tutorial explaining ReBAC fundamentals including graph-based permission models, ownership, and hierarchical relationships with practical examples.
Uber's Charter authorization system uses Google CEL for policy conditions, now adopted by 70 services for fine-grained access control across APIs, databases, and infrastructure.
Guidance on zero trust access control for distributed microservices, shifting focus from network perimeters to identity-based authentication and authorization.
Netflix staff security engineer presents lessons from implementing ubiquitous authentication and authorization in a microservice zero-trust ecosystem.
How ABAC eliminates role explosion in microservice architectures by dynamically evaluating user attributes against policies.
Netflix senior engineer describes how Netflix handles 3 million authorization requests per second, evolving from distributed rules to a centralized Product Access Service.
Airbnb's Zanzibar-inspired authorization system stores tens of billions of relations and serves nearly a million authorizations per second with 12ms p99 latency.
Netflix's Access and Identity Management team describes moving authentication to the edge and creating cryptographically-verifiable identity propagation across microservices.
The foundational paper describing Google's global authorization system handling trillions of access control lists across Calendar, Cloud, Drive, Maps, Photos, and YouTube.