Non-Human Identity Management Blog

Our Fortune 500 customers data shows AI-agent adoption up 840× YoY (from July 2024 to July 2025). Copilot agent creation grew 1,767%.

November 6, 2025

The Agentic Access Management Framework: A Standard for Governing Agentic Access

In every conversation Oasis has with CISOs, IAM leaders, and security practitioners, the same theme comes up: how to adopt AI without making security an afterthought.

November 4, 2025

Prepping for Agentic AI: Why We Created the NHI Management Fundamentals Certification

September 17, 2025

We do newsletters, too

Discover tips, technical guides and best practices in our biweekly newsletter.

By submitting the form you are agreeing to our privacy policy

Service Principal vs. Managed Identity in Azure

“We want to use managed identities everywhere we can, but I’m still not sure where that leaves service principals.” - IAM principal, F500 customer.

Sharon Stone

October 21, 2025

Cyber Beyond Humans: From Shadow AI to Trusted AI

Oasis October 2025 Newsletter explores the evolution from Shadow AI to Trusted AI , from rising AI risks in the S&P 500 and ChatGPT data leaks to cutting-edge strategies for managing NHIs

October 17, 2025

Taming the Machine Mayhem: 5 Steps to Kickstart Your ISPM Program

Organizations are standardizing on agentic AI to move faster. Under the hood, every agent runs on non-human identities (NHIs): service accounts, tokens, and API keys that request access and execute wo

Chris Gruel

October 8, 2025

Lessons from the MCP Breach: Shadow AI

In September 2025, security researchers at Koi disclosed a malicious backdoor in an npm package called postmark-mcp.

Tal Hason

September 30, 2025

Cursor may execute malicious code when you open a folder

Open Repo, Get Pwned (Cursor RCE)

Oasis Security’s research team uncovered a vulnerability in Cursor, the popular AI Code Editor, that allows a maliciously crafted code repository to execute code as soon as it's opened using Cursor

September 10, 2025

The Salesloft OAuth compromise: what it changed, and what to do next

In early August 2025, a threat cluster tracked as UNC6395 abused stolen OAuth tokens from Salesloft’s Drift integrations to authenticate as the app into customer environments

Joe Gonzalez

September 2, 2025

Govern the Mix: Static and Federated Non-Human Identities

Static credentials constructs are increasingly misaligned with the needs of today's cloud-first.

August 22, 2025

Cyber Beyond Humans: Agentic AI Security Brief

Explore the latest in AI security: OWASP’s new guide, agentic AI risks, AI fraud warnings, major breaches, and how to secure non-human identities across the lifecycle.

August 14, 2025

Illustration of malicious Salesforce Data Loader app exploiting OAuth trust

Maliciously impersonating a Salesforce App

In early June 2025, Google Cloud's Threat Intelligence team (GTIG) published a detailed report outlining a voice phishing (vishing) campaign targeting Salesforce administrators.

August 6, 2025

Building an AI Native Engineering Organization: Lessons in Speed, Culture, and Security

Not long ago, I led the transformation of a fast moving technology company’s engineering organization. Our goal was to move from a traditional, high functioning team to one built entirely around AI na

Daniel Koch

July 31, 2025

Cyber beyond humans: AI-Driven Phishing, Critical AI Flaws, and Identity Risks Uncovered

Stay ahead of threats: AI phishing, Anthropic RCE flaw, North Korean IT crackdowns, and securing non-human identities in M&A.

July 17, 2025

McDonald’s AI Hiring Tool Breach A Wake-Up Call for Non‑Human Identity Security

In June 2025, researchers Ian Carroll and Sam Curry uncovered a vulnerability in McDonald’s AI-powered hiring platform, McHire, exposing sensitive data from an estimated 64 million job applicants.

Tal Hason

July 17, 2025

Non Human Identity Management

Non Human Identity Management (NHIM) is the process of governing and automating the entire lifecycle of non-human identities.

July 4, 2025

Oasis Security - Deleting GIT commits isn't enough

Git, History, and Hidden Mistakes: Why Deleting a Commit Isn't Enough

Git is one of the most widely used version control systems in the world. It's powerful, fast, and highly flexible, making it the backbone of software development for millions of engineers and orgs.

July 2, 2025

How to manage Non-Human Identities during M&A

Mergers and acquisitions (M&A) extend far beyond financial and operational considerations. Once a deal is signed, one of the most complex and mission-critical efforts begins: integrating IT systems.

Chris Gruel

June 25, 2025

Three frontiers, one challenge

Walking the floors at Identiverse 2025, one theme echoed through every panel, booth, and hallway conversation: AI is here, and it’s everywhere.

June 6, 2025

OneDrive File Picker Flaw Provides ChatGPT and Other Web Apps Full Read Access to Users’ Entire OneDrive

A new discovery by the Oasis Security Research Team reveals security concerns affecting users of popular apps such as ChatGPT, Slack, Trello, and ClickUp.

May 28, 2025

Fertile soil for both innovator and attacker

A real security challenge behind this artificial intelligence

So much has already been said about how large language models (LLMs) such as ChatGPT, Claude, and Lamma transformed the way organizations grow their business.

Barak Shelef

May 22, 2025

Cyber beyond humans: The Lifecycle Mandate: Secure by Design, Resilient by Default

Explore top cybersecurity insights in Oasis Security’s May newsletter: J.P. Morgan’s supply chain warning, Active Directory threats, TLS changes, major breaches, and innovations in NHI.

May 15, 2025

NHI Security Metrics: 15 KPIs Your Board Needs in 2025

Non-Human Identities (NHIs) are at the core of modern enterprise operations, facilitating automation and access across hybrid and multi-cloud environments.

May 15, 2025

RSA 2025: 5 Takeaways on AI, Third‑Party Risk & the Future of Identity

The RSA Conference returned to San Francisco April 28 - May 1 under the banner: “Many Voices. One Community.”

May 7, 2025

Introducing Oasis NHI Provisioning: Transforming NHI Security from day 1

Today, we’re thrilled to announce a major step forward in our vision for NHI management with the launch of Oasis NHI Provisioning.

Shahar Zaguri

April 28, 2025

What is Non Human Identity provisioning and why is it broken?

Non Human Identity Provisioning refers to the process of creating system and application accounts (the identities that enable system-to-system interactions).

April 22, 2025

OAuth 2.0 with Microsoft: Start Here

A complete guide to understanding and securing Microsoft OAuth 2.0. Learn key terminology, proper implementation practices, and foundational insights for security researchers—all in one place.

Elad Luz

April 10, 2025

Beyond RPA: Implementing Secure AI Agent Access

Explore the evolution of RPA into AI agents, their advanced capabilities, and the security measures needed to safeguard operations.

Alberto Farronato

April 3, 2025

Thumbnail blog for Cloudflare Rotation Blog

Don’t Look Back In Anger: How Cloudflare’s Outage Highlights the Need for Safer Rotations

Service availability is the lifeblood of today’s enterprises. Yet Cloudflare’s March 21, 2025 outage proved that even top-tier providers can stumble on a seemingly simple task: rotating credentials

March 27, 2025

tj-actions/changed-files GitHub Actions 3rd party vulnerability

Oasis platform enables a quick and complete response, while minimizing operational risk.

March 17, 2025

CISO’s New Reality: Leadership, Risk, and Compliance

The role of the CISO has fundamentally changed.

March 13, 2025

NHI Discovery: Going Beyond Inventory

Non-Human Identities (NHIs) are everywhere and many security and identity teams are struggling to keep up.

March 6, 2025

Why do I need NHIM if I already have a great IGA tool?

If you are reading this blog, you probably already recognize this shift, but here's a short recap: Non-human identities (NHIs) now outnumber human users by at least 20:1; some estimates put it at 50:1

Adam Fisher

February 25, 2025

Breaking Down Non Human Identity Security: 5 Critical Challenges in 2025

Non-Human Identities (NHIs) are now one of the biggest security blind spots in modern enterprises. Yet, most organizations still lack visibility, governance, and control over them.

February 20, 2025

Celebrating the first year of Oasis NHI Security Cloud

When we came out of stealth in January 2024, we had a bold mission: manage and secure non-human identities (NHIs) at scale.

February 14, 2025

AI Agents: Human or Non-Human?

AI agents are becoming an integral part of enterprise IT. But should they be managed like human employees or treated as workloads with decentralized identities?

February 6, 2025

Introducing Oasis Scout: Revolutionizing ITDR for Non-Human Identities

We're thrilled to announce Oasis Scout, the first ITDR solution tailored for Non-Human Identities (NHIs), now available with our pioneering AuthPrint™ technology.

Alberto Farronato

January 29, 2025

Introducing the Non Human Identity Threat Center, a new resource for the cloud security community

We are very excited to launch the NHI Threat Center, a new resource designed to provide education and awareness of the ever-evolving cloud threat landscape.

January 29, 2025

Illustraion of NHIs to respond the most asked questions

Why should Active Directory hygiene be part of your NHI security program?

Active Directory (AD) has been around forever—and for good reason. If you’ve got a big on-prem setup, it’s the go-to for managing users, permissions, and access.

Roey Rozi

January 9, 2025

Reflecting on our journey at Oasis and looking ahead

As we reach the end of 2024, I can’t help but reflect on what an incredible year it’s been. This was the year Oasis emerged from stealth with a clear mission

Danny Brickman

December 31, 2024

New Oasis Integration for Databricks Secures access to data and AI

Databricks empowers organizations to process and analyze data at scale, turning raw data into actionable insights and powering machine learning workflows.

Vini Merlin

December 18, 2024

Cyber beyond human: Compliance Trends & Security Risks

Oasis Security December Updates

December 18, 2024

Oasis Security Research Team Discovers Microsoft Azure MFA Bypass

Critical vulnerability could have allowed malicious actors to gain unauthorized access to users’ Microsoft accounts.

Tal Hason

December 11, 2024

Oasis Security Integration with Microsoft Active Directory

We are excited to announce the general availability of the latest enhancements to our platform integration capabilities with Microsoft Active Directory (AD).

Adi Marinovsky

December 3, 2024

The feast of security: what Thanksgiving can teach us about protecting Non-Human Identities

Growing up outside the U.S., Thanksgiving was a bit of a mystery to me. Funny enough, I’ve realized that Thanksgiving has a lot in common with securing Non-Human Identities.

November 27, 2024

How a Healthcare provider gained comprehensive NHI visibility with Oasis

Managing a hybrid cloud environment with thousands of non-human identities (NHIs) is no small task.

November 20, 2024

Cyber beyond human: Own It. Prove It. Secure It.

Oasis Security November Updates

November 19, 2024

Top 10 Security Architect to follow on Linkedin

With our growing dependence on the cloud, securing it becomes non-negotiable. That’s where Security Architects step in—the unsung heroes safeguarding our data and systems.

November 13, 2024

Solving Non Human Identity Ownership with Oasis. Part 2: Ownership attestation

In last week’s blog, we took a close look at our new ownership discovery capabilities. Today, we want to complete the picture by digging deeper in the second part of the product release

November 6, 2024

Solving Non Human Identity Ownership with Oasis Part 1

Oasis streamlines the process by automatically gathering data from cloud platforms, SaaS tools, CMDB, and on-premise environments into a unified, single-pane-of-glass

Alberto Farronato

October 31, 2024

Cisco Breach: Non Human Identities (NHI) Compromise and Implications for DevOps Security

In a recent security incident, Cisco confirmed that a threat actor accessed and downloaded “Cisco data and data of our customers”.

October 29, 2024

5 Ways Non Human Identity Ownership Impacts Your Security Program

As we meet with customers to discuss non-human identity security strategy, the topic of ownership comes up more frequently as one of the key component for any comprehensive NHIM program.

October 23, 2024

Non Human Identity Management Program: Guide step-by-step

This guide will walk you through the key steps to transform your objectives into a strategic, actionable roadmap, ensuring that your organization can efficiently manage and secure its NHIs.

October 16, 2024

How a Financial Service Institution Secures Azure NHIs with Oasis Security

Learn how a financial services firm uses Oasis Security to secure and manage its Azure environment, gaining visibility, automated risk management, and streamlined identity controls.

October 14, 2024

Storm-0501: The Rising Threat to Non Human Identities in Hybrid Clouds

The Storm-0501 cybercriminal group has illuminated a critical, often overlooked risk in the realm of cybersecurity: the security of non-human identities (NHIs).

October 2, 2024

Navigating the Complexity of Decentralized Secrets Management

The modern IT infrastructure landscape has become ever more complex, with the rapid growth of distributed environments across multiple clouds and environments.

October 2, 2024

Understanding PCI DSS 4.0: NHIM Essential Guide

PCI DSS 4.0 places significant emphasis on non-human identities—system and application accounts that perform automated tasks and often require elevated privileges.

Vini Merlin

September 25, 2024

Image illustrating the role of non-human identities (NHIs) in reshaping identity security responsibilities.

How NHIs Are Reshaping The Responsibilities of Identity Security Professionals

We analyzed over 100 job descriptions for open positions such as IAM Security Architect, Manager of Identity and Access Management, Senior IAM Engineer, Director of IAM Systems, and more.

September 18, 2024

Securing Non Human Identities for Financial Services

As financial services embrace digital transformation, securing Non-Human Identities—like service accounts, APIs, bots, and machine-learning processes—has become a significant cybersecurity priority.

Vini Merlin and Vitalii Trofymenko

September 10, 2024

Enhancing Github Security with Oasis

GitHub is the central hub for many development teams, enabling seamless code collaboration and integration.

September 4, 2024

Navigating Mandatory MFA for Azure

As Microsoft prepares to enforce multi-factor authentication (MFA) for Azure sign-ins, organizations are gearing up for a significant shift in how they manage access to their Azure resources.

August 28, 2024

The Risks of Exposed AWS Configuration Files: How to implement comprehensive protection with Oasis

On August 15th, Palo Alto Networks’ Unit 42 uncovered a cloud extortion campaign that successfully compromised and extorted multiple organizations by exploiting configuration files hosted in AWS

August 20, 2024

Image of why Non Human Identity Security is critical today

Non Human Identity Security – Why Now?

For a long time, identity practitioners have mastered the delicate balancing act of maintaining operational efficiency while enabling businesses to grow securely.

Steve Schmidt

August 6, 2024

Image of 15 experts in Identity and Access Management

Top 15+1 Identity Pros to Follow on LinkedIn

Our curated list of experts features prominent professionals and leaders who provide a comprehensive perspective on the cybersecurity industry, with a particular focus on Identity Security and Access

July 30, 2024

Illustration highlighting NHIs exposed during employee offboarding processes.

How to manage the NHIs exposed to an offboarded employee?

When an employee leaves a company or changes their role (due to events such as a reorganization or M&A), the impact extends far beyond just clearing their desk.

July 18, 2024

Illustration of secure secret rotation process

Stop worrying. Start rotating.

As a cybersecurity practitioner, few things have caused me more headaches than rotating a critical secret.

Amir Shaked

July 11, 2024

The Importance of Secret Rotation in Ensuring Security and Compliance

Secret rotation might not be the first thing that comes to mind when thinking about cybersecurity, but it is a critical practice for any organization.

Yonit Glozshtein

July 2, 2024

Illustration depicting the impact of compromised non-human identity credentials.

The Future of Identity Security: Lessons from the Change Health Breach

UnitedHealth Group confirmed that in February, the BlackCat/ALPHV ransomware group breached Change Healthcare by exploiting compromised credentials for a Citrix remote access portal

Roey Rozi

June 17, 2024

Illustration symbolizing thought leadership in non-human identity security.

TOP 15 Identity Security Accounts to follow on X (formerly Twitter)

For any cybersecurity pro, staying ahead with the latest industry buzz is crucial, and X is a goldmine. But with 556 million active users, sifting through can be daunting.

June 13, 2024

Illustration representing secure data access for non-human identities in Snowflake.

Best Practices to Secure Non Human Identity Data Access in Snowflake

In the last few days, there has been a lot of noise about an alleged Snowflake breach that impacted several companies' supply chains.

June 5, 2024

Illustration explaining the concept of service accounts in IT environments.

What are Service Accounts and How Should You Secure Them?

Service accounts are non-human identities created by IT administrators for executing tasks on machines or specific processes, like software installations.

Yonit Glozshtein

May 15, 2024

Non Human Identity Risks: Lessons from Dropbox's Security Incident

On April 24th, Dropbox became aware of unauthorized access to the Dropbox Sign (formerly HelloSign) production environment.

Misha Brickman

May 2, 2024

How does Non Human Identity Complement Privileged Access Management for 360-degree security?

"I use my Privileged Access Management (PAM) solution to manage administrator cloud accounts; why can't I use it for service accounts, too?". The short answer is that PAM solutions weren't originally

April 25, 2024

Illustration highlighting differences between Non-Human Identity Management and CSPM.

CSPM vs. NHIM (Non Human Identity Management)

CSPM and NHI Management serve distinct purposes and address different threat vectors, complementing each other to provide comprehensive security coverage.

Ido Geffen

April 17, 2024

Illustration showing how Azure Storage accounts store and manage data.

What Are Storage Accounts And How To Secure Them?

Azure Storage accounts, the backbone of Microsoft Azure's cloud platform, play a pivotal role in storing and managing vast amounts of unstructured data.

April 15, 2024

Illustration depicting the role of non-human identity security in addressing modern cyber threats.

Automation is Key: DHS Report Unveils Lessons from the Microsoft Exchange Incident

The DHS Cyber Safety Review Board, established by President Biden, released a scathing report exposing critical oversights by Microsoft that enabled the targeted cyberattack

Amit Zimerman

April 7, 2024

Illustration highlighting the role of Non-Human Identity Management in securing Generative AI environments

‍Securing Generative AI with Non Human Identity Management and Governance

There are many inevitabilities in technology, among them is that rapid innovation will introduce unique risks and 3 letter acronyms will abide.

Joel McKown

April 4, 2024

Illustration representing the decommissioning of orphaned non-human identities.

Decommissioning orphaned and stale Non Human Identities

Unmanaged non-human identities (NHIs) pose a significant security risk in today's digital landscape. NHIs often operate outside traditional IT security reviews, making them vulnerable to exploitation

Yonit Glozshtein

March 28, 2024

What are Non Human Identities?

A Non-Human Identity (NHI) is a digital construct used for machine-to-machine access and authentication.

Amit Zimerman

February 13, 2024

Illustration highlighting the Cloudflare breach and its impact on non-human identity security.

Securing Non Human Identities: Lessons from the Cloudflare Breach

On February 2nd, Cloudflare disclosed that it had fallen victim to a breach orchestrated by a suspected nation-state attacker. This breach, which exploited a series of unrotated and exposed credential

Roey Rozi

February 2, 2024

Illustration depicting challenges in modern identity management.

What's Broken with Identity Management?

In the digital era, speed and efficiency drive business value. To tap into this value, businesses have shifted towards programmable cloud infrastructure and adopted agile...

Danny Brickman

January 23, 2024

Illustration symbolizing Oasis Security’s emergence from stealth.

Oasis Security Emerges from Stealth

As I sit down to write this, I can't help but reflect on our short but incredible journey at Oasis Security. Today, we step into the limelight, ready to share our vision with the world – a vision...

Danny Brickman

January 23, 2024

Illustration highlighting Oasis’s Non-Human Identity Management platform.

Introducing Oasis: the Non Human Identity Management Platform

Today, we are excited to announce the general availability of Oasis, the first enterprise platform built for managing and securing the lifecycle of Non-Human Identities!

Amit Zimerman