Notifications
Clear all
Topic starter
22/06/2026 10:02 am
TL;DR: Hybrid identity protection will be the focus of HIP Conf 2026, with sessions on human decision-making, AI-era identity risk, and governance for non-human and agentic identities, according to Semperis. The practical message is that cyber resilience now depends on identity controls that can withstand pressure on both people and machine identities.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams govern human, machine, and agent identities together?
A: They should use one governance model that distinguishes ownership, privilege scope, lifecycle, and revocation triggers for each actor type.
Q: Why do hybrid identity environments increase cyber resilience risk?
A: Because the identity layer becomes both a control point and a failure domain.
Practitioner guidance
- Map crisis paths through the identity layer Identify which business-critical recovery steps depend on Active Directory, Entra ID, privileged access workflows, or break-glass identities, then test those paths under partial identity outage.
- Separate human-pressure controls from routine IAM flows Review escalation, approval, and emergency access processes for situations where stress, fatigue, or urgency could change decisions faster than policy enforcement can respond.
- Inventory non-human and agentic identities together Build one inventory for service accounts, API keys, tokens, certificates, workload identities, and AI agents, then assign owners, lifecycle states, and revocation triggers to each.
What to expect at the briefing
Semperis's full announcement covers the conference programme detail this post intentionally leaves for the source:
- Named keynote and session lineup across hybrid identity, crisis response, and AI-era identity risk.
- Speaker context for Sarah Gosler, including her cyber resiliency and human defence leadership background.
- Conference positioning around identity threat detection and response talent and practitioner education.
- Session topics on Entra ID governance, non-human identities, access packages, and cyber psychology.
👉 Read Semperis's announcement of HIP Conf 2026 and hybrid identity sessions →
Hybrid identity resilience in the AI age: what should teams do?
Explore further
22/06/2026 10:45 am
Human decision-making is now part of the attack surface, not a side issue. The article’s core claim is that attackers increasingly win by exploiting trust, fatigue, and pressure conditions, which means identity security cannot be measured only in terms of authentication strength or directory hygiene. This is a governance problem as much as a technical one because people are being targeted where policy meets behaviour. Practitioners should treat human defence as a control surface inside identity security, not outside it.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
- 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
A question worth separating out:
Q: When should organisations re-evaluate identity controls for AI agents and non-human identities?
A: They should re-evaluate them as soon as delegated access, autonomous decision-making, or machine-to-machine trust enters production. At that point, human-centred review cycles are no longer enough, because access can be used in ways that are not tied to a predictable person or session.
👉 Read our full editorial: Human judgment is now central to hybrid identity resilience
