Identiverse is not so much a conference as the gathering of a community. Identity practitioners from around the world come together at Identiverse to share their experiences, learn from one another and debate the latest trends in identity.
As always, the sessions were insightful and informative, but as with all conferences, the random hallway conversations is where the real magic happens. Non-Human Identity (NHI), workload identity and machine identity came up frequently in talks and in conversations.
Here are the take-aways from spending a couple of days with fellow identity enthusiasts when it comes to these topics:
- No Security Without Identity: Identity technology is foundational, and therefore the first point bad actors attack. Impacts can be financial, reputational, and sometimes even a threat to life and limb. But, business leaders have a lot of different items on their priority list. Any identity-related project has to be justified by the real-world customer or business problems it solves. Risks can be defined clearly and thoroughly, and savings are real. This was something Joe Sullivan discussed at length in his session.
- Organizational Friction: A recurring topic this year was the ways in which organizational complexity slows down, or even stops, deployment of promising new identity technologies. As experts it's easy to focus on the technological solutions, but organizations are made up of people and departments. Different stakeholders have different perspectives. Identity projects are consumed with issues of communication, internal alignment, and the nuts and bolts of project management. New identity technologies will only succeed if they require minimal changes – or even better, zero effort – for the organizations where they are being deployed.
- Invisible NHI: NHI is a bit like an iceberg (a metaphor used explicitly by Thijn Bukkems in his presentation, “A Deep Dive into Grammarly’s NHI Security Strategy”). Practitioners often have limited visibility into their NHIs, what they are used for, and who in the organization is responsible for them. As a result, it is hard to assess the risks associated with an NHI. Just having a list of NHIs is not enough; It is important to know which ones pose the highest risks, and which risks can be remediated quickly. Tools purpose-built for discovering and managing non-human identities—like those emerging in the NHI space—are becoming essential for reducing this risk.
- Agentic AI: Agentic AI was an (unsurprisingly) hot topic, with the narrative swinging from optimism about all the ways AI can make life better, to the complexity, risks, and unforeseen consequences of deploying Agentic AI. Many of the concerns are rooted in the reality that existing systems are undergoverned and overpermissioned. Agentic AI will simply exploit the coarse-grained authorization that exists. A common consensus was that if we want to make Agentic AI safe to deploy, we must start with the basics - credential every workload, deploy fine-grained authorization and put governance in place.
- Secretless CI/CD: Any discussion about NHI quickly touches on CI/CD. CI/CD pipelines are the gateways to production. They are also a hotbed for secret sprawl. Practitioners repeatedly stressed that removing secrets from CI/CD pipelines and replacing them with identities and short-lived credentials is a top priority with an immediate ROI. Newer platforms that eliminate static credentials entirely are gaining traction, especially those that bake in identity-based approaches from the start. If you want to secure your production systems, you must secure your CI/CD pipelines. The fastest way to do this is to get rid of the secrets and adopt identities. “Secrets are not identities" was a phrase heard more than once.
One more thing, perhaps the most important thing, that was really driven home at Identiverse is that if you are an identity practitioner, you are not alone. There is an entire community of identity enthusiasts that is more than willing to share their insights, perspectives and lessons learnt. We get to learn from one another, support each other and ultimately, make the world a safer place -- together. Thanks to each and every person that took the time to share their thoughts, debate the issues and make the entire experience superb.
Identiverse 2025 was a blast. Lessons learned, insights gained, friendships renewed. What a privilege. Can’t wait to do it again in 2026!
.png)
.png)
.png)
