Identity Security Conference 2026: Quantum-Resistant and AI-Powered

Post Views: 116

Emerging Trends in Identity Security

As attacks escalate in frequency and sophistication, the need for rapid response to identity compromise and securing non-human identities has become increasingly pressing.

Continuous Validation

Continuous validation refers to the process of dynamically monitoring context, such as time, location, device, and behavior, to detect anomalies in real-time and revoke access before attackers can exploit it.

Speakers emphasized the need to minimize persistent “birthright” permissions for accounts and only grant access when necessary, as exemplified by services like AWS and Salesforce.

Ian Glazer, Head of Continuous Identity and Product Strategy at CrowdStrike, presented on the concept of continuous validation, highlighting its application in frameworks such as the OpenID Foundation’s Shared Signals Framework (SSF).

He emphasized that continuous validation is not a project, but rather a program requiring transformation across different parts of an organization.

Securing Non-Human Identities

The emergence of AI and agent-based threats necessitates the extension of zero-trust principles to include AI.

Microsoft’s Corporate Vice President, Vasu Jakkal, emphasized the need for continuous verification, least-privilege access, and assuming breach across identity, data, and runtime behavior.

Cisco’s President and Chief Product Officer, Jeetu Patel, discussed the concept of reimagining security for the agentic workforce.

He suggested that AI agents should be viewed as digital coworkers, rather than mere tools, and that this requires a shift from access control to action control.

OpenID Connect (OIDC) was identified as a potential solution for tracing the delegation path between humans and agents, allowing for the creation of an auditable log trail of agentic actions while restricting an agent’s access to human user permissions.

Preparing for Quantum Computing

Speakers also addressed the impending threat of quantum computing, which will enable attackers to crack the cryptographic algorithms underlying most authentication systems.

IBM’s Quantum Safe Fellow, Ray Harishankar, estimated that a cryptographically relevant quantum computer capable of breaking RSA-2048 will arrive by 2033.

Organizations are urged to begin building a comprehensive inventory of their cryptographic assets, prioritize the highest-risk areas, and leverage automation to continuously monitor cryptographic posture and risk scores.

The implementation of post-quantum cryptography (PQC) is deemed extremely urgent, with a severe “readiness gap” identified among organizations.

Continuous validation is essential for detecting anomalies in real-time and revoking access before attackers can exploit it.
Securing non-human identities, particularly AI agents, requires extending zero-trust principles to include AI.
OpenID Connect (OIDC) can be used to trace the delegation path between humans and agents, creating an auditable log trail of agentic actions.
Post-quantum cryptography (PQC) is urgently needed due to the impending threat of quantum computing, which will enable attackers to crack existing cryptographic algorithms.

Mitigating Risks

By acknowledging these emerging trends and implementing proactive measures, organizations can mitigate the risks associated with continuous validation, non-human identities, and quantum computing.