#ivip — Public Fediverse posts

Some are misreading the 2026 DBIR, skimming the headlines, but missing the bigger picture.

4 Takeaways:

1) Credentials appear in 39% of breaches across the full attack chain

2) Detection stacks often fire on auth events, but attackers have moved post-auth.

3) 3rd-party identity risk up 60% YoY

4) AI agents flagged as the next target. Vulns get them in. Identity is how they move.

We can help.

#ITDR #IVIP #DBIR

The 95-day window between infostealer & ransomware is well-known now, but many programs still lose ground inside it.

3 failure modes:

1) Treating infostealer exposure as an account problem. Password resets don't invalidate cookies, tokens, or device fingerprints.

2) Not watching what the credential does in the window. Reconnaissance is detectable as a graph, not as log lines.

3) Running response on a ticket clock when identity degrades in real time.
#ITDR #IVIP #Ransomware

"If AI runs the investigation, what's left for the analyst?"

Fair concern. Here's our line:
AI does the mechanical work like pulling logs, correlating events, validating with users via Slack. The 10–15 min per alert no one signed up for.

The decision stays human. High-impact actions need approval. Every AI step is auditable.

Augment, don't replace.

gethumming.io/responsible-ai
#ITDR #IVIP #ResponsibleAI

Een nieuw buzzword - Identity Dark Matter
https://www.bckn.be/posts/identitydarkmatter/

#IdentityDarkMatter #IAM #IVIP

In January 2026, a malicious actor accessed France's national bank account registry using a stolen civil servant credential.
1.2 million accounts. 3 weeks of undetected access ^ no vulnerability exploited.
Everything was permitted. Every control saw what it expected.
The anomaly was the behavior - query volume and scope inconsistent with any normal workflow.
Authentication monitoring couldn't catch it. Only behavioral monitoring could.
gethumming.io
#ITDR #IVIP #IdentitySecurity #SecurityOps

The AI agent security conversation focuses on individual agents.
The more interesting threat is one layer up at the communication layer between agents.

Inject into the message-passing layer, and a sub-agent executes instructions the orchestrator never issued. Valid credentials. Authorized calls. No obvious anomaly.

The agent that appears responsible may be entirely innocent - used as a relay.

That's the detection frontier. We can help.

gethumming.io
#ITDR #IVIP #IdentitySecurity #AIAgents

Enterprise Strategy Group says the average enterprise spends 11 person-hours investigating a single critical identity alert.

Not 11 minutes. 11 hours.

Attackers move laterally in minutes. and the gap between those two speeds is where system damage accumulates.

Auth Sentry's AI Analysis performs every investigation automatically & delivers real, actionable results.
Average time: under 2 minutes.

Try it free for 7 days:

gethumming.io/how-it-works
#ITDR #IVIP #IdentitySecurity #SecurityOps

Identity investment and breach costs are up.

Most investment is concentrated on one moment: authentication. Real progress was made & it raised the cost of initial access.

Attackers moved past that moment into session theft, OAuth abuse, & prompt injection. None required beating authentication. Attackers operate in the space that opens after it succeeds.

Earlier detection with IVIP tools means attackers have less time to reach the most valuable assets & saving the company money.

#IVIP

How many identities does your organization actually have?
Not your IdP headcount - identities across every provider, OAuth grants, every account that can authenticate somewhere.

3 problem layers:

Multi-provider sprawl: no single IdP shows the full picture
OAuth grant accumulation: persistent, often forgotten, often broad
Unconnected apps: legacy systems with no IdP connection at all

Auth Sentry Monitor covers layers 1 & 2 free.

gethumming.io/monitor
#ITDR #IdentitySecurity #IVIP #SecurityOps

SaaS-to-SaaS lateral movement doesn't look like lateral movement.
App A is OAuth-connected to App B, which connects to App C.

Compromise a session in App A, and those trust relationships come with it.

No new login. No failed auth. No privilege escalation. Just authorized API calls because the OAuth grants already exist.

Most monitoring sees the IdP layer. This movement happens after it.

See the movement you're missing: gethumming.io
#ITDR #IdentitySecurity #SecurityOps #CyberSecurity #IVIP

Why did Gartner introduce IVIP?

3 things shifted at once: non-human identities exploded past what existing governance can track.

Zero Trust moved from strategy to operational requirement, boards & auditors started requiring real-time answers about identity posture that spreadsheets can't provide.

The visibility gap existed before. Now the cost of leaving it open is much higher.

The window is open. Get started now for free at:
gethumming.io

#IdentitySecurity #IVIP #ZeroTrust #CyberSecurity

Why did Gartner introduce IVIP?

3 things shifted at once: non-human identities exploded past what existing governance can track.

Zero Trust moved from strategy to operational requirement, boards & auditors started requiring real-time answers about identity posture that spreadsheets can't provide.

The visibility gap existed before. Now the cost of leaving it open is much higher.

The window is open. Get started now for free at:
gethumming.io

#IdentitySecurity #IVIP #ZeroTrust #CyberSecurity

Gartner named a new category last year: IVIP — Identity Visibility and Intelligence Platforms.

IGA, PAM, authentication, secrets management - each solves something real. Each creates its own silo.

IVIP is the intelligence layer that makes the rest legible. Not a replacement. The missing piece.
Less than 5% of companies have adopted this so far, but it's worth understanding what it can do for your company.

Find out how we can help:
gethumming.io
#IdentitySecurity #IVIP #IAM #CyberSecurity