Identity at the Center

Tobin South, co-chair of the OpenID Foundation's AI Identity Management Community Group, dives into the future of identity management for agentic AI. He discusses the evolution of AI perceptions, particularly after ChatGPT, and explains the vital distinctions between users and AI agents. Tobin provides insights on the Model Context Protocol (MCP), emphasizing its role in safe automation and identity governance. He also tackles the challenges of impersonation versus delegation risks, while sharing practical advice for developers navigating the AI landscape.

David Goldschlag, CEO and co-founder of Aembit, discusses securing non-human access amidst the rise of AI agents. With a rich history that includes contributions to Tor, he highlights the critical flaws in using human credentials for AI, such as increasing theft risks and undermining security. David emphasizes the need for a shift to managing access policies and outlines real-world use cases in finance and retail. He also explores hybrid versus autonomous agents, the importance of audit measures, and offers practical advice for identity practitioners navigating this rapidly evolving landscape.

In this episode of The Identity at the Center Podcast, hosts Jim McDonald and Jeff Steadman catch up with John Tolbert, Director of Cybersecurity Research at KuppingerCole Analysts, to talk about the rapidly evolving world of Fraud Reduction Intelligence Platforms (FRIP).They explore:The six capabilities of modern fraud reduction systemsHow AI and machine learning are both helping and hurting fraud preventionWhy shared signals and orchestration are critical for financial and e-commerce use casesHow identity verification, device intelligence, and behavioral biometrics work togetherThe role of usability and integration in FRI adoptionPlus, stick around for a fun discussion about concerts, classic rock, and which legendary bands they wish they’d seen live.Listen now to learn how identity, fraud, and AI are colliding — and what’s next for fraud intelligence.Connect with John: https://www.linkedin.com/in/john-tolbert/Fraud Reduction Intelligence Platforms - Finance (KuppingerCole Report): https://www.kuppingercole.com/research/lc80841/fraud-reduction-intelligence-platforms-financeFraud Reduction Intelligence Platforms - eCommerce (KuppingerCole Report): https://www.kuppingercole.com/research/bc81030/fraud-reduction-intelligence-platforms-ecommerceConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comChapter Timestamps:00:00 – Jim’s passwordless rant and setup woes05:00 – Introducing guest John Tolbert06:30 – Catching up: four years since John’s last appearance07:30 – What is CIAM and how has it evolved?09:30 – Understanding Fraud Reduction Intelligence Platforms (FRIP)10:00 – The six core capabilities of FRI solutions13:00 – Are most vendors point solutions or full platforms?14:00 – How identity verification is improving16:00 – SaaS and API-driven fraud detection models18:00 – What kinds of fraud can (and can’t) FRI prevent?21:00 – The growing problem of bots and automation22:00 – Fraud trends in finance: scams, account takeovers, and synthetic identities25:00 – Information sharing and the role of shared signals28:00 – Collaboration vs. competition in fraud prevention31:00 – Fraud in e-commerce: bots, loyalty points, and returns abuse34:00 – Streaming and citizen fraud use cases36:00 – Where do FRI capabilities fit within IAM platforms?43:00 – The importance of orchestration and integration44:30 – The role of AI and ML in fraud prevention47:30 – Smart questions for evaluating FRI vendors50:30 – Concert talk: Pink Floyd, Metallica, and the ones that got away58:00 – Wrap-up and where to find John Tolbert’s reportsKeywords:Fraud Reduction Intelligence, FRI Platforms, John Tolbert, KuppingerCole, Identity at the Center, IDAC, IAM, CIAM, Cybersecurity Research, Fraud Prevention, Machine Learning, Artificial Intelligence, Behavioral Biometrics, Device Intelligence, Identity Verification, Risk Orchestration, API Security, Financial Fraud, E-Commerce Fraud, Shared Signals, Jim McDonald, Jeff Steadman, IDAC Podcast

In this engaging discussion, Mike Reiring, a Principal at RSM with a focus on managed services, dives into how MSPs are evolving in the tech landscape. He highlights the critical differences between MSPs and MSSPs, stressing the importance of choosing a partner that values transparency and cultural fit. The conversation also explores the impact of AI on help desks and problem management, as well as the challenges of vendor gaps and identity risk. Mike shares his passion for photography, linking creativity to tech and continuous learning.

Join Ross Young, a seasoned cybersecurity leader and co-host of the CISO Tradecraft podcast, alongside G Mark Hardy, a veteran cybersecurity expert and instructor. They dive into pressing CISO concerns, including AI security, identity management, and the challenges of deep fakes. The duo discusses identity as the new perimeter in security and offers practical strategies for securing funding for identity initiatives. They also speculate on AI's impact on cybersecurity careers and share insights about non-human identities and the importance of governance.

In a fascinating discussion, Dr. Heiko Klarl reveals how Nexis enhances authorization governance for modern enterprises. He underscores the significance of visibility in identity systems and introduces the innovative Identity Visibility and Intelligence Platform. The conversation delves into Nexis's health check service, which identifies risks and minimizes unnecessary access, potentially saving on licensing costs. Listeners will learn how automation and integration streamline application onboarding and amplify the impact of identity programs.

Andrew Shikiar, Executive Director of the FIDO Alliance, shares insights from Authenticate 2025. With over 3 billion passkeys now securing accounts, he discusses their importance in the fight against phishing and the AI arms race. Andrew introduces the Passkey Index, aiming to streamline deployment benchmarks, and reveals FIDO's strategy to tackle challenges in digital credentials and wallet usability. He highlights global trends in passkey adoption and announces the exciting launch of Authenticate APAC in Singapore.

Dr. Tina Srivastava, PhD, a board member of IDPro and co-founder of Badge Inc., dives into the world of identity and AI. She explores the shift from physical hacks to AI-driven threats like supercharged phishing, emphasizing the urgent need for security evolution. Tina discusses the challenges of synced passkeys and vulnerabilities in account recovery. Additionally, she highlights the supportive IDPro community's role in combating these threats and announces new member-driven committees aimed at enhancing engagement and governance.

Bojan Simic, Co-founder and CEO of HYPR, is a former software engineer turned cybersecurity leader focused on passwordless authentication. He shares insights about the rise of passkey adoption and the complexities of authenticating AI agents. Bojan discusses the importance of continuous employee verification in remote work environments, highlighting the shortcomings of traditional methods amid evolving social engineering tactics. He advocates for a flexible identity strategy that accommodates 'identity sprawl' while ensuring secure, consistent authentication across various platforms.

Steve Rennick, Senior Leader for IAM Architecture at Ciena, dives into the fascinating world of Non-Human Identities (NHIs). He shares why traditional identity approaches often fall short for NHIs and highlights the urgent need for visibility and standardized processes. The conversation touches on the shift in threat actors' focus from human accounts to non-human ones, the complexities of managing service accounts, and the emerging challenges posed by AI. With practical advice for organizations tackling legacy issues, this discussion is a must-listen for identity practitioners.