Notifications
Clear all
Topic starter
25/06/2026 10:27 pm
TL;DR: May’s identity incidents show attackers increasingly inherit trust through signed packages, SaaS guest access, third-party paths, and federated identity, according to Delinea Labs. The deeper lesson is that controls built for credential theft and direct compromise miss attackers who operate inside systems that are working as designed, but on broken trust assumptions.
NHIMG editorial — based on content published by Delinea: The trust playbook is getting weaponized
By the numbers:
- May recorded 6,308 total CVEs.
- Of those, 523 were identity-related and 78 directly impacted identity products.
- 92% of organizations believe AI will amplify identity-related threats in the coming years.
Questions worth separating out
Q: How should security teams reduce risk from inherited trust in packages and SaaS access?
A: Start by treating trusted paths as identities that must be reviewed, bounded, and expired.
Q: Why do federated identity systems still fail when authentication is working?
A: Federation can fail when issuance is correct but runtime acceptance is too broad.
Q: What do security teams get wrong about signed software packages?
A: They often treat provenance as a final trust decision instead of one control in a longer chain.
Practitioner guidance
- Revalidate trust edges in package and CI/CD flows Require security review for package trust paths, provenance gates, and downstream execution triggers before remediation actions can be weaponized.
- Audit guest-user permissions as external identities Inventory guest-user API permissions, default endpoint exposure, and any access paths that are enabled by configuration rather than explicit approval.
- Apply third-party access expiry and session monitoring Treat vendor paths like privileged identities with explicit expiration, session visibility, and reauthorization requirements.
What's in the full article
Delinea's full research covers the operational detail this post intentionally leaves for the source:
- Month-by-month incident breakdowns showing how trust inheritance showed up across package ecosystems, SaaS access, and federated identity.
- Specific examples of the guest-user permission and runtime validation failures discussed in the June outlook.
- The identity infrastructure vulnerability list, including the CVEs and their downstream exposure paths.
- Delinea Labs’ prioritised actions for June, including what to change in incident response and access governance.
👉 Read Delinea's June 2026 outlook on weaponized trust in identity systems →
Trust failures in identity systems: what are teams missing?
Explore further
25/06/2026 10:59 pm
Trust inheritance is now the attack surface, not a side effect. The article shows attackers moving through signed packages, SaaS guest access, third-party paths, and federated identity without defeating the underlying mechanisms. That means the security problem is no longer just compromise, but acceptance of identity assertions that were never meant to carry that much downstream authority. Practitioners should treat inherited trust as a governance domain in its own right.
A few things that frame the scale:
- 92% of organizations believe AI will amplify identity-related threats in the coming years, according to Ultimate Guide to NHIs.
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys.
A question worth separating out:
Q: Who is accountable when third-party access persists beyond its intended purpose?
A: The organisation that owns the access model remains accountable, even when a vendor path is involved. Third-party identities need the same recertification, expiry, and monitoring discipline as internal privileged accounts. If the relationship changes and access remains active, lifecycle governance has failed, not just vendor oversight.
👉 Read our full editorial: The trust playbook is being weaponized across identity systems
