GitHub Changelog signals a new baseline: rulesets plus OIDC as the default software delivery control plane
How platform teams can convert GitHub policy and identity updates into a practical, low-friction operating model.
#identity
47 articles
Enterprise browser agents and identity control planes: execution blueprint
Practical governance and operating patterns based on current public tech signals.
Browser Agents in the Enterprise, Identity, Session Boundaries, and Safe Delegation
A concrete architecture for introducing browser agents with auditable delegation and least-privilege defaults.
GitHub Actions Provenance Rollout, How to Enforce Artifact Trust Without Breaking Delivery
A practical playbook for adopting artifact attestations, OIDC, and staged policy enforcement in CI/CD pipelines.
Browser-native enterprise AI agents: governance patterns that survive audits
Actionable operating model and implementation guide based on current industry signals.
Chrome as an AI Coworker: What Enterprise IT Must Redesign First
Chrome as an AI Coworker: What Enterprise IT Must Redesign First
GitHub OIDC Beyond Cloud Login: Enterprise Registry Federation Playbook
A practical approach to replacing static credentials in CI with OIDC claims, custom properties, and policy-driven trust.
GitHub Actions in 2026: ABAC, Runtime Isolation, and Private Network Resilience
How to redesign CI trust boundaries using OIDC custom property claims, ephemeral runtime controls, and private network failover patterns.
GitHub Actions OIDC Custom Properties: A Practical Enterprise Trust Model
How to convert new OIDC claims and runner failover options into auditable CI/CD trust boundaries.
GitHub Actions OIDC Custom Properties: A Practical ABAC Playbook for 2026
How to use repository custom properties in OIDC claims to replace brittle per-repo IAM sprawl with policy-driven CI trust.
Beyond Bots vs Humans: Designing Intent-Centric Traffic Governance for AI-Era Web Apps
A practical architecture for replacing brittle bot labels with intent, accountability, and privacy-preserving controls.
GitHub Actions OIDC in 2026: Custom Claims, ABAC, and Safer Multi-Cloud Deployments
How platform teams can use the latest GitHub Actions OIDC capabilities to implement attribute-based access control and reduce CI credential risk.
GitHub Actions as a Security Domain: A 2026 Roadmap for OIDC Claims, Egress Control, and Forensic Visibility
How to treat CI as a first-class security domain by combining GitHub Actions data stream telemetry, network controls, and identity-bound workload policies.
From CAPTCHA to Agent Trust: Verification Architecture for Machine Users
As automated agents become normal web users, teams need new verification layers beyond legacy CAPTCHA workflows.
Personalized AI at Work: Data Boundary Playbook for Gmail, Docs, and Internal Knowledge
How to deliver personalized assistant experiences without violating privacy and enterprise governance boundaries.
Copilot Cloud Agent + Custom Properties: Policy-Routed AI Delivery for Enterprises
How to use custom properties and repository policy to safely enable Copilot cloud agents across heterogeneous teams.
GitHub Actions in April 2026: OIDC Custom Properties and the Next CI Governance Baseline
How to redesign cloud trust policies, runner strategy, and rerun governance after the latest GitHub Actions changes.
GitHub Actions 2026: OIDC Claims, Runner Strategy, and Workflow Governance
How recent GitHub Actions updates change secure CI design, from OIDC custom properties to rerun limits and runner fleet planning.
GitHub OIDC for Dependabot and Code Scanning: Ending Long-Lived Registry Secrets in CI
A practical migration guide to OIDC-based authentication for private registries used by Dependabot and code scanning, with policy and incident-response patterns.
GitHub OIDC for Dependabot and Code Scanning: Building a Zero-Secret Security Pipeline
How to redesign CI security architecture now that Dependabot and code scanning can use OIDC with private registries at org scale.
Agent Identity over CAPTCHA: Designing Zero-Trust Access in the MCP Era
A security architecture for moving from human-verification assumptions to policy-based agent identity and scoped authorization.
Passkey-Only Login at Scale: Enterprise Migration Patterns from Consumer Identity Shifts
A practical migration playbook for enterprises moving from passwords and SMS OTP toward passkey-first, phishing-resistant identity.
Unstoppable File Share Spam Is a Governance Signal: Rebuilding Collaboration Security with Zero-Trust Defaults
A practical response playbook for collaboration platform abuse, from identity controls to automated triage and user-safe defaults.
Agentic DevTools in Production: Governance Patterns from Cursor 3, Copilot CLI, and Enterprise SCIM Rollouts
A practical governance blueprint for organizations scaling AI coding agents without losing security and review quality.
Cloudflare Organizations (Public Beta): Enterprise IAM and Account-Scale Governance Playbook
A practical operating model for introducing Cloudflare Organizations across multi-account enterprise estates.
Cloudflare Organizations Beta: Building an IAM Operating Model Across Accounts, Teams, and Automation
A practical operating model for adopting Cloudflare Organizations beta with federated identity, least privilege, and migration guardrails.
Cloudflare Organizations Beta: Designing Multi-Account IAM Without Control-Plane Drift
How platform teams can adopt Cloudflare Organizations in enterprise environments with clear identity boundaries, delegated admin, and auditability.
Cloudflare Organizations Beta: A Practical Governance Model for Multi-Account Enterprises
How Cloudflare Organizations changes identity, policy, and operations for enterprises managing many Cloudflare accounts.
GitHub Actions OIDC Custom Properties and Azure VNET Failover: Identity and Resilience by Design
A practical operating model for using repository custom property claims in OIDC tokens and Azure private networking failover in GitHub Actions.
GitHub Copilot Cloud Agent Governance Playbook: Runner Controls, Commit Signing, and Firewall Policy
A practical operating model for enterprises adopting Copilot cloud agent features announced in 2026, with guardrails for security, productivity, and auditability.
GitHub Actions Security in 2026: Turning Roadmap Features into Practical Guardrails
A practical implementation guide for GitHub Actions hardening using OIDC customization, runner controls, and workflow governance.
Passkeys at Scale: Device-Bound Sessions and Identity Hardening for High-Risk Apps
A phased rollout strategy to move from password+OTP toward phishing-resistant authentication and measurable account safety.
Passkeys in 2026: Device-Bound Session Security for High-Risk Applications
Designing passkey-first authentication with session binding, recovery controls, and fraud response for enterprise products.
When Bots Become the Majority: Designing for Agentic Web Traffic, Identity, and Fair Access
A practical architecture for handling the shift from human-dominant traffic to agent-dominant traffic without sacrificing trust or performance.
Cloudflare Threat Report 2026 and MOE: Rewriting Enterprise Defense for Throughput-Driven Adversaries
How to redesign detection, identity controls, and response operations when attackers optimize for effort-to-outcome efficiency instead of technical elegance.
Credential Revocation API Expansion: Incident-Grade Token Response for GitHub OAuth and Apps
An operations playbook for using expanded credential revocation capabilities to contain leaks faster and reduce lateral movement risk.
Post-Quantum by 2029: Enterprise Migration Blueprint for Android and Identity-Heavy Systems
How security and platform teams should prepare for accelerated PQC timelines across mobile, identity, and API infrastructures.
GitHub Credential Revocation at Scale: Enterprise Incident Playbook for CI/CD Identity
A practical response model for leaked tokens, compromised automation credentials, and fast containment using revocation-first workflows.
GitHub OIDC Custom Properties + Copilot Agent Controls: Enterprise Governance Pattern for 2026
How to combine new OIDC claims and Copilot repository-access controls to harden CI/CD identity and agent operations without slowing teams down.
Bluesky Funding and AT Protocol Momentum: Federation Lessons for Product Teams
Operational guidance for bluesky funding and at protocol momentum: federation lessons for product teams in enterprise engineering organizations.
Mobile Desktop Mode Is Back: Enterprise Readiness Checklist Beyond the Demo
Desktop-mode phones are improving, but production workplace adoption depends on identity, endpoint policy, and support operations—not UI polish alone.
GitHub Actions OIDC + Repository Custom Properties: ABAC Blueprint
Designing attribute-based access control for cloud deployments with GitHub OIDC tokens and repository custom properties.
Account Abuse Protection in 2026: From Fraud Signals to Product-Safe Operations
A practical operating model for using Cloudflare Account Abuse Protection, trust tiers, and risk-based friction without breaking growth.
AI Impersonation and Fake Tool Sites: Building a Defense Program for 2026
A cross-functional program to detect and contain fake AI tool phishing campaigns targeting employees, developers, and customers.
Defending Against AI Tool Clone Sites: Enterprise Playbook After the Claude Fake-Site Wave
A practical control stack for protecting employees from fake AI service portals and credential theft campaigns.
Cloudflare Account Abuse Protection: A Practical Fraud-Defense Architecture for 2026
How to combine behavioral signals, identity tiers, and response policies to reduce signup and login abuse without hurting conversion.
Browser-Native AI Expansion: Governance Patterns for Regional Rollouts at Enterprise Scale
What teams should prepare when browser-embedded assistants expand into new regions and employee populations.