#389 - Sponsor Spotlight - Aembit

Dec 3, 2025

David Goldschlag, CEO and co-founder of Aembit, discusses securing non-human access amidst the rise of AI agents. With a rich history that includes contributions to Tor, he highlights the critical flaws in using human credentials for AI, such as increasing theft risks and undermining security. David emphasizes the need for a shift to managing access policies and outlines real-world use cases in finance and retail. He also explores hybrid versus autonomous agents, the importance of audit measures, and offers practical advice for identity practitioners navigating this rapidly evolving landscape.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Identity Is The Core Perimeter

Non-human access (software-to-software) is the emerging perimeter distinct from human IAM.
David Goldschlag argues identity is the core problem for cross-boundary access, not network plumbing.

INSIGHT

Cross-Boundary Access Is Underserved

Ambit focuses on cross-boundary authentication where services live outside cloud provider confines.
That niche isn't well solved by cloud providers, creating space for specialized IAM solutions.

ADVICE

Manage Access, Not Secrets

Avoid sharing personal credentials with agents and shut off MFA for them.
Manage access via policies and short-lived credentials instead of long-lived secrets.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

This episode is sponsored by Aembit. Visit aembit.io/idac to learn more.

Jeff and Jim welcome David Goldschlag, CEO and Co-founder of Aembit, to discuss the rapidly evolving world of non-human access and workload identity. With the rise of AI agents in the enterprise, organizations face a critical challenge: how to secure software-to-software connections without relying on static, shared credentials.

David shares his unique background, ranging from working on The Onion Router (Tor) at the Naval Research Lab to the DIVX rental system, and explains how those experiences inform his approach to identity today. The conversation covers the distinction between human and non-human access, the risks of using user credentials for AI agents, and why we must shift from managing secrets to managing access policies.

This episode explores real-world use cases for AI agents in financial services and retail, the concept of hybrid versus autonomous agents, and practical advice for identity practitioners looking to get ahead of the agentic AI wave.

Visit Aembit: https://aembit.io/idac

Connect with David: https://www.linkedin.com/in/davidgoldschlag

Connect with us on LinkedIn:

Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/

Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/

Visit the show on the web at idacpodcast.com

Timestamps

00:00 - Intro00:51 - Pronunciation of Aembit and the extra 'E'01:56 - David's background: From NSA to Enterprise Security04:58 - The meaning behind the name Aembit06:00 - David's history with The Onion Router (Tor)10:00 - Differentiating Non-Human Access from Workforce IAM11:39 - The security risks of AI Agents using human credentials14:15 - Manage Access, Not Secrets16:00 - Use Cases: Financial Analysts and Retail24:00 - Hybrid Agents vs. Autonomous Agents30:38 - Will we have agentic versions of ourselves?36:45 - How Identity Practitioners can handle the AI wave38:33 - Measuring success and ROI for workload identity43:20 - A blast from the past: DIVX and Circuit City52:15 - Closing

Keywords

IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Aembit, David Goldschlag, Non-human access, Workload Identity, AI Agents, Machine Identity, Cybersecurity, IAM, InfoSec, Tor, DIVX, Zero Trust, Secrets Management, Authentication, Authorization