Notifications
Clear all
Topic starter
09/06/2026 11:52 pm
TL;DR: Identity observability is becoming a broader governance category, not just a point capability, as AuthMind appointed Silvio Pappalardo as chief revenue officer, citing more than 30 years of experience scaling cybersecurity businesses across identity security, AI, and SOAR, as it pushes further into agentic AI, NHI, and human identity coverage.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
Q: How should security teams govern identity observability across humans, workloads, and AI agents?
A: Security teams should define separate evidence requirements for each actor type, then unify the results at the governance layer.
Q: Why does identity observability matter for NHI governance?
A: Identity observability matters because many NHI failures are hidden in runtime behaviour, not in the initial grant.
Q: What signals show that identity controls are not keeping up with agentic AI?
A: Look for tool calls that are hard to attribute, access that expands across multiple services in one session, and approvals that do not explain the eventual action chain.
Practitioner guidance
- Map identity observability to actor type Separate what you need to see for human users, service accounts, and agentic systems.
- Tie runtime telemetry to governance decisions Use behavioural data to validate whether access reviews, recertification, and privileged access decisions match actual use.
- Prioritise visibility into long-lived non-human access Focus first on service accounts, tokens, and embedded secrets that persist in code, pipelines, and shared infrastructure.
What's in the full announcement
AuthMind's full article covers the operational detail this post intentionally leaves for the source:
- Silvio Pappalardo's full background across identity security, AI, and SOAR leadership roles.
- The company framing for identity observability as a growth and go-to-market priority.
- AuthMind's own description of how behavioural visibility is positioned across agentic AI, NHI, and human identities.
- The original press release wording around the CRO appointment and company direction.
👉 Read AuthMind’s press release on its CRO appointment and identity observability focus →
Identity observability and agentic AI security: what changes now?
Explore further
10/06/2026 2:24 am
Identity observability is becoming the missing control plane for mixed identity estates. The market is moving beyond simple authentication and access approval toward understanding what identities do after access is granted. That shift matters because human users, service accounts, and agentic systems create different risk patterns, but they are increasingly governed inside the same enterprise stack. Practitioners should expect identity observability to sit alongside governance, not underneath it.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
A: Measure whether the telemetry changes decisions. If observability does not reduce blind spots, shorten investigation time, or identify over-privileged identities that were previously invisible, it is only producing noise. Good identity observability creates a clearer accountability trail and supports actual entitlement remediation.
👉 Read our full editorial: AuthMind’s CRO hire signals tighter focus on identity observability
