Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Silverfort and Fabrix: what runtime identity security changes


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Identity security must move from predefined access and periodic review to real-time decisioning and inline enforcement as AI agents, non-human identities, and millisecond-scale risk outgrow static IAM models, according to Fabrix Security. The acquisition underscores how access governance now hinges on runtime context, not admin-time policy alone.

NHIMG editorial — what this means for NHI practitioners

Questions worth separating out

Q: How should security teams handle access that changes faster than review cycles can see it?

A: They should move high-risk access decisions into the request path and treat periodic review as a secondary control.

Q: Why do AI agents and NHIs force IAM teams to rethink preapproved permissions?

A: Because their behaviour is not always stable enough for static role design to remain accurate.

Q: How can organisations tell whether runtime identity controls are actually working?

A: Look for evidence that unsafe access attempts are being blocked, stepped up, or constrained at the point of use.

Practitioner guidance

  • Map where access decisions are still admin-time only Inventory the paths where policy is evaluated at provisioning or review time but not at request time.
  • Test whether policy output can actually stop access inline Validate that a risk decision can block, step up, or constrain the transaction before the identity reaches the target system.
  • Unify context signals across human, machine, and agent identities Correlate identity history, permissions, activity, and asset sensitivity in a single decision flow so that access is judged against current business context rather than role alone.

What's in the full announcement

Fabrix Security's full post covers the operational detail this post intentionally leaves for the source:

  • The architecture of the identity-centric AI decisioning engine and living identity knowledge graph
  • How inline runtime enforcement is described across human, non-human, and AI agent access flows
  • The vendor's own explanation of the Fabrix and Silverfort combination and why the teams say it matters
  • The product direction behind real-time access decisions, JIT-by-default enforcement, and execution-path control

👉 Read Fabrix Security's explanation of autonomous identity security with Silverfort →

Silverfort and Fabrix: what runtime identity security changes?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Predefined access policy is no longer a sufficient governance assumption. The article is right that static permissions and periodic reviews were designed for stable roles and predictable behavior. That assumption fails when identities, especially AI agents and NHIs, can act and re-act at runtime with different context each time. The implication is not that governance becomes harder only, but that the old certainty model has collapsed.

A few things that frame the scale:

  • 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
  • Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared with nearly 1 in 4 for securing human identities.

A question worth separating out:

Q: Who is accountable when access is decided in real time across multiple identity types?

A: Accountability still sits with the organisation that defines the policy, enforces the control, and owns the identity lifecycle. The harder question is not who owns the log, but who can prove that the policy was applied inline for that specific request. Lifecycle governance and runtime enforcement have to be linked.

👉 Read our full editorial: Silverfort acquires Fabrix: identity security shifts to runtime



   
ReplyQuote
Share: