Martin Kuppinger, Founder and Distinguished Analyst at KuppingerCole Analysts will explore the evolution from SAP-centric access control to unified governance across heterogeneous environments. He will highlight key findings from Leadership Compass reports, SAP Access Control & Security and Business Application Risk Management, discuss emerging trends, outline essential solution capabilities, and provide practical guidance on selecting technologies for effective risk management.

This webinar is designed for IT security leaders, IAM professionals, and enterprise architects seeking to modernize governance strategies across SAP and non-SAP environments.

What I notice year over year is simple. The conversations are getting more substantive, more cross-functional, and increasingly focused on the hardest aspects of IAM. And when you run into someone you worked with twelve years ago and spend ten minutes catching up on where those IAM programs stand today, that conversation alone tells you more about the state of the industry than most analyst reports.

Here is my take on EIC 2026 from where I sat. The short version: AI is setting the agenda, but the baseline work is setting the pace.

Agentic AI Was Everywhere. And Rightly so.

Agentic AI dominated the agenda this year, and rightly so. The implications for identity, authorization, and governance are profound. Martin Kuppinger's keynote extended the Fabric concept beyond identity, introducing the Cybersecurity Fabric and the AI Fabric as related but distinct architectures that share capabilities while serving different purposes. The same structured thinking that makes the Identity Fabric a useful tool for IAM architects now applies across a broader security and AI governance landscape.

That framing matters. Because what we see in Advisory conversations is exactly that challenge: organizations trying to make sense of overlapping capabilities, overlapping tools, and overlapping responsibilities across identity, security, and AI. The Fabric model gives them a way to think about that without starting from scratch.

There is a deeper tension here though. IAM has always been a slow-moving discipline by nature. But for roughly the last three to five years, the pace of change has fundamentally shifted. AI, non-human identities, agentic systems: these are not incremental developments. They are structural shifts arriving faster than most IAM teams can absorb. The technology is already in production. The governance frameworks, the best practices, the full lifecycle solutions: they are still catching up. That gap is real, and it was present in almost every serious conversation at the EIC. And it hits hardest where it was already difficult: IAM teams that were understaffed before AI arrived are now at serious risk of falling so far behind that catching up becomes structurally impossible.

But here is the Advisory observation: the organizations we talked to are not yet at the point of governing AI agents. Most of them are still working through foundational IAM challenges. CIAM strategy, IGA tool choices, target operating models, organizational alignment. Which raises the question that nobody has fully answered yet: how do we bring together where organizations actually are in their IAM maturity with what governing AI agents will require? That gap is the defining challenge the industry is now walking into.

The Identity Fabric Is Not Yet Common Knowledge

We opened our Tuesday workshop with a simple question: how many of you are familiar with the Identity Fabric concept?

More than half of the room had not encountered it before.

This is not a failure. It is a signal. The EIC community is growing. New people are entering the field, facing identity challenges for the first time, looking for frameworks that help them make sense of complexity. What landed was not a sales pitch but a structured way of thinking: the Identity Fabric, and our Reference Architecture combined with our Maturity Assessment as a practical starting point that gives organizations a clear path from where they are to where they need to be.

The workshop was full. And when Fressnapf's Lisa Zimmermann took the stage to walk through how we applied the Identity Fabric and the Maturity Assessment in a real project, the room got very quiet. That is what a real reference customer does. It turns a methodology into proof.   

When Practice Meets Theory

One of the highlights of the week was Patrick Teichmann together with Oliver Schluga from Erste Digital on stage. What they presented was not a polished success story. It was an unfiltered account of what a large-scale IAM transformation actually looks like in practice, inside one of the biggest banking groups in Central and Eastern Europe.

The message they brought to the stage was one that resonates with almost every organization we work with: IAM has to fit the organization, accounting for its specific context and constraints, without becoming a collection of isolated solutions. That sounds obvious. In practice, it is one of the hardest things to get right. Erste Digital had started where almost every organization starts, with a clean top-down concept, business roles neatly aligned to processes, everything mapped out on paper. But when that concept met the actual environment, with eighty thousand users spread across different authorization systems ranging from SAP and Office 365 to AWS, GCP, and proprietary layers that had grown organically over years, the gap between theory and reality became impossible to ignore. The only viable path forward was the combined approach: understand what actually exists, identify what works, and build from there rather than trying to impose a structure the environment could not support.

What made this land was seeing a real project, with real complexity, presented without a filter. That kind of practitioner transparency is rare and exactly what a room full of people dealing with the same challenges needs to hear.

This connects to one of the sharpest recurring questions from the week: RBAC is dead, yes, but how does an organization actually move toward dynamic authorization in a way that fits its reality? What does that transformation look like in practice, not in a whitepaper? Erste Digital's journey is one of the most concrete answers to that question available right now.

For Advisory, this is exactly the conversation we have with clients every week. The technology is rarely the bottleneck. The organizational alignment, the business involvement, the ownership model: that is where projects succeed or fail. Seeing it confirmed live by a practitioner, in front of a room full of people dealing with the same challenges, is the kind of moment that makes the EIC worth attending.

What Organizations Are Actually Asking For

The Luncheon this year ran as an open dialogue around questions that turned out to be more loaded than they sound: what does the IAM professional look like in the future, given AI? And how do you actually operationalize all of these topics in practice? Both triggered long conversations. Because the straightforward answer to both is: nobody really knows yet, and most organizations are figuring it out as they go.

Nowhere was this more visible than in the governance debates around AI. The spectrum of positions in the room ran from "humans must have the final word on everything and must understand every decision" all the way to "agents need to run fully autonomously, with independent models validating each other's actions." Both positions have logic behind them. The reality will be somewhere in the middle. But the open question, the one that nobody could answer clearly, is whether that middle ground will satisfy auditors and regulators. That question is not rhetorical. It is one of the most consequential open problems in the field right now. On AIdentity specifically, intent security emerged repeatedly as the topic generating the most uncertainty. Not because people lacked opinions, but because the existing frameworks and best practices only partially apply. The field is still crystallizing what good looks like.

CIAM is a major topic. Multiple organizations, across banking, retail, and manufacturing, are in the middle of tool selections, implementation projects, or strategic realignments. The questions being asked are very concrete and operational. Organizations want to know whether a tool will actually cover their authorization requirements, what the target operating model looks like once it is live, and who owns and runs it three years down the line.

IGA governance is the other recurring thread. Some are carrying self-built solutions that have outgrown their original design and need a strategic path forward. Others are mid-implementation and realizing that the governance model was never properly defined to begin with. And in more cases than one might expect, the tooling is actually working fine, but the organizational alignment around it is not.

A third pattern was AI and Identity. Organizations across industries came in asking about AI and identity, and what quickly became clear was how much uncertainty still exists. Not about whether AI matters for IAM, but about how to actually approach it. How do you manage machine identities in practice? How do you think about access for AI systems? How does any of this integrate into an IAM program that is already in flight? The questions were real. The answers, in most cases, are still being worked out.

The Value of Being Present

What stood out this year was where the best conversations actually happened. Rarely at the booth, more often at the side events, over dinner, or in the corridors between sessions. The informal setting changes the dynamic completely.

The EIC creates a concentration of the right people in the right place that simply does not exist anywhere else in Europe for this domain. CISOs, IAM leads, architects, and decision makers, all in one building for four days, all focused on the same set of challenges.

For Advisory, that density translates directly into meaningful engagement across financial services, retail, manufacturing, energy, and the public sector, with organizations working through the same core questions from very different starting points.

The Bottom Line

EIC 2026 confirmed what we see in project work every week. The identity market is maturing, but unevenly. Agentic AI is the headline topic, and the underlying research and thinking from KuppingerCole is strong. But for most organizations, the path to governing AI agents runs straight through the IAM fundamentals they have not yet fully solved.

That is exactly what Advisory is for. Helping organizations understand where they actually stand, where they need to go, and what a realistic path between the two looks like.

See you at EIC 2027.

As a scuba diver, I quickly learned that admiring the reef can never be my top priority. The unglamorous gear, the regulator and valves and gauges checked before the descent, is what decides whether a dive stays controlled. MCP is becoming that gear for enterprise AI: essential, increasingly invisible, and too often trusted before anyone has inspected it.

The MCP servers now spreading through enterprises are not just connectors. They are an unchecked dependency graph with access to tools, data, credentials, and business workflows. Many organizations adopting them cannot reliably say where a given server came from, who wrote it, what version is running, which permissions it holds, or what it does after the connection succeeds.

Recent MCP incidents have mostly been treated as normal software defects. A flaw appears, an advisory follows, the vendor ships a fix, and everyone applies it. Consider CVE-2026-32173 in which a missing authentication check let an unauthenticated caller access data it should never have seen. A patch fixed it, but it is the reflex behind it that is the real problem. Each patch fixes one defect and leaves untouched the thing that keeps producing them.

The larger pattern is that MCP is turning agentic AI into a supply chain and runtime governance challenge. In our research library, two recent KuppingerCole Analysts Leadership Briefs explain why MCP is the API security problem nobody is ready for, and without API security there is no AI security. Both hold because MCP routes requests, mediates access to enterprise systems, and inherits the API governance failures organizations already had. But API security is necessary here, not sufficient. The supply chain dimension is the part the industry keeps importing without inspecting.

The access-control layer is finally maturing. The MCP authorization specification defines authorization for HTTP-based transports, OWASP has published an MCP Top 10, and secure transport is getting real attention. These steps help answer who is allowed to connect and what scope they hold. They do not answer the harder question: what local commands, file paths, secrets, APIs, and downstream tools an MCP server can actually reach, and whether those capabilities are fixed, reviewed, and monitored.

The Recurrence Is the Signal

Consider the STDIO transport issue documented by OX Security in April 2026. It affects environments that automatically load or invoke MCP tools from configuration files, IDE extensions, marketplaces, or agent workflows. This is not a bug. It is a systemic weakness in implementations where untrusted MCP server configurations can lead to arbitrary command execution through official SDK behavior and common client integrations.

The problem is not only that one implementation got it wrong. It is that the same risky pattern keeps moving through the MCP ecosystem, while every downstream developer is left to catch and fix it locally. Many organizations were exposed to Log4Shell in 2021 through code they did not write and systems they had not fully inventoried. MCP can create the same blind spot, with tool behavior and server code inherited before anyone has reviewed them.

Then came the Claude Code source exposure through a packaging error. Within days, fake “unlocked” Claude Code repositories were distributing the Vidar infostealer. The lesson was painfully familiar: developer trust, package distribution, local configuration, and agentic tooling collapse into one attack surface very quickly. KuppingerCole Analysts has tracked this same run of malicious and compromised MCP servers across 2025 and into 2026.

The remediation advice from experts was obvious. It was also pure software supply chain language, and the industry reached for it by instinct even while continuing to file these incidents under API security. That instinct is correct. After all, there is no patch for a server doing exactly what its definition told it to do. 

What Organizations Need to Do Now

The real question is no longer whether an MCP server is authenticated. Authentication still matters. The question that matters more is whether anyone has audited what each MCP server is, where it came from, and what it is allowed to do. Treat tool definitions as software supply chain assets.

1. Start with inventory. You cannot govern a dependency graph you have never enumerated. Scan for MCP and SSE endpoints, identify the servers nobody registered, and bring the shadow AI surface under control.
2. Treat MCP manifests, server packages, skills, and agent configuration as production software, not convenience. Approved registries, pinned versions, validated provenance, and human review are the minimum bar before any tool definition reaches enterprise use. In practice, that means handling them like raw npm dependencies.
3. Stop treating a valid token as evidence of safety. A token tells you who connected but says nothing about the code behind the connection, which is exactly the gap non-human identity governance has to close as agents multiply.
4. Put CLAUDE.md files, skills, prompts, and agent configurations under the same review as an external pull request. In many environments, that is precisely what they are: instructions arriving from outside the security boundary, consumed by software that can act on them.
5. Monitor what servers do after they connect. Provenance and review govern the code you accept. Runtime monitoring governs the behavior you did not predict. Treating agents as trusted digital workers means watching their tool calls and revoking access when behavior drifts, not just vetting them at onboarding.

None of this is new security work. Inventory, provenance, least privilege, change control, and runtime monitoring have existed for decades. What changed is the speed and the scale. MCP infrastructure is being assembled at vibe-coding velocity, often from unchecked open-source tools and components.

Regulation will make this harder to ignore. EU AI Act obligations around logging, transparency, human oversight, and cybersecurity increasingly reach the layers where agents invoke tools and act on enterprise data. An auditor will not be impressed by “we trusted the registry.”

Organizations that keep treating every MCP vulnerability as a one-off patch will keep patching. Those that build provenance, review, and runtime control into MCP adoption will know what they are running. One group handles incidents. The other manages risk.

Many vendors (both established players and AI-native startups) claim to provide “AI security” or “AI governance”. Most of these vendors are directionally right, but the problem space is too broad and dynamic for any one control category or solution provider to address comprehensively.

Securing AI will thus not become one giant market category. It requires a fabric that combines multiple control categories. Much like the need for holistic identity and access management implementations that combine multiple controls led KuppingerCole Analysts to define the identity fabric. Existing security and governance categories must extend and provide coverage for generative AI and AI agents. At the same time, new AI-native controls will emerge for risks that traditional controls are not designed to handle. Enterprises should plan to use both types as part of the emerging AI security fabric.

This matters because AI is moving faster than current controls, both identity and broader cybersecurity can support. AI is being embedded into productivity suites, business applications, development platforms, analytics tools, security systems, and many other types of SaaS applications. Organizations are also building internal copilots and are rolling out specialized AI agents in support of their businesses. Security teams are being asked to secure systems they are currently not even able to comprehensively discover.

Why AI Is Not Just Another Application

Treating AI as just another application is wrong. Traditional controls still apply, but AI dramatically changes what needs to be protected. With conventional applications security teams can focus on users, access control, the code, data, and logs. AI systems behave differently: they combine foundational model behavior with prompts, enterprise context, data retrieval, tools, and delegated action, and their non-deterministic results may change with each run.

This changes the attack surface. Beyond exploiting vulnerabilities or stealing credentials, attackers can now manipulate prompts, poison retrieval, exploit context, induce unsafe output, or trick an agent into taking malicious actions. The resulting risks span application security, identity, data security, and business process control. This shift is why traditional cybersecurity frameworks struggle to fully model AI systems, especially in agentic and generative AI environments.

Existing Security Controls Will Evolve, Not Disappear

Some AI risks can (or will) be handled by current security and governance controls. IAM systems can understand AI users, services, and agents. IGA and PAM systems can govern delegated authority and privileged actions. Data security controls can know which AI systems can access sensitive information and how that information can appear in outputs.

GRC systems can manage AI assets, ownership, policy, risk decisions, and the associated evidence. SOC tools can detect misuse involving AI systems. SaaS security tools can discover AI services, risky grants, and shadow AI adoption inside enterprises.

Existing security categories will not disappear, but vendors must evolve their control models to treat AI systems and AI agents as first-class actors. 

AI-native Controls are Required for Security Architectures

Extending existing security categories for AI will not be enough.

Some AI risks need controls built close to the AI interaction layer. Prompt injection is not SQL injection, jailbreaking is not access abuse, and agent runtime control is not service-account monitoring.

Enterprises also need controls that inspect prompts, evaluate outputs, detect manipulation, protect data retrieval, and enforce policy during AI interactions. They need runtime monitoring for agents that can use tools, act across systems, and with and through other agents. They will need evidence that shows what the AI system was asked to do and what happened.

AI introduces failure modes that traditional security controls were not originally designed to manage.

AI Governance and AI Security Are Related, Not Identical

AI governance and AI security are often discussed together, but they are not the same.

AI governance refers to defining policies, ownership, accountability, and evidence requirements for AI systems. AI security refers to enforcing and monitoring those policies across runtime systems, data access, and AI agents.

AI GRC should answer questions such as:

• What AI systems exist?
• Who owns them?
• What are they used for?
• What policies apply?
• What evidence is required?

AI security answers a different set of questions:

• Can this AI system access that data?
• Can it call that API?
• Is a prompt attempting to override policy?
• Did the system expose sensitive information?
• Did an AI action cause an incident?

The two domains must work together, but governance systems and enforcement controls should remain operationally distinct.

Agentic AI Changes the Risk Model

The emergence of agentic AI significantly raises the stakes.

A chatbot that drafts text creates some risk. An autonomous agent that can call APIs, modify records, trigger workflows, communicate with other systems, or delegate to other agents creates a fundamentally different risk model.

That puts agentic AI at the intersection of identity, data access, workflow control, and runtime security. Agents may act with delegated authority, using workload or human identities, and they will make decisions faster than human-in-the-loop review processes can keep up.

This is why enterprises need an AI Security Fabric: a need for integrated control architectures that connect identity, policy, runtime protection, telemetry, incident response, and audit evidence across AI systems and agents.

Start with Controls, Not Category Labels 

The best buyer strategy is straightforward: map AI use cases to control requirements before evaluating product categories.

Organizations should begin by identifying:

• Which AI systems are in scope
• What data they can access
• Who or what can act through them
• Which business processes they affect

AI Security requires a Fabric

AI security requires both evolution and invention. Existing security and governance categories will become AI-aware. At the same time, new AI-native controls are also emerging where prompts, models, context, data retrieval, and agents create new risks.

Securing AI will not be one market category. It will be a discipline, an architecture, a fabric, or a mesh, and requires a multi-year shift in how enterprises govern and protect this new class of IT system. The challenge is no longer whether AI introduces new risk. It is whether organizations can design controls fast enough to match adoption.

Organizations should begin now by:

1. Mapping AI systems and agents
2. Identifying control coverage gaps
3. Separating governance from enforcement
4. Evaluating where existing controls apply
5. Identifying where AI-native protections are required

Organizations evaluating AI security and governance strategies will increasingly need cross-domain expertise spanning these domains.

To dive deeper into this topic, check out this analyst chat on the AI Security Fabric.

Key Topics:

✅ What Attack Surface Management is and its four subcategories (CAASM, EASM, TPRM, DRP)
✅ How Digital Risk Protection monitors dark web, social media, and hacker forums
✅ What Brand Protection adds on top of DRP — from takedown services to counterfeit detection
✅ DRP vs. Brand Protection: lightweight vs. full-spectrum — and when you need which
✅ Why brand reach matters more than company size when assessing risk
✅ What KuppingerCole research is available now — and what's coming in August

Someone may be selling counterfeit versions of your product right now — or impersonating your brand online. DRP and Brand Protection tools exist to catch exactly that.

Check out KuppingerCole's Brand Protection Buyer's Compass here.

This webinar examines what is driving the surge of investment, which solution patterns are emerging across the market, and how security leaders should evaluate AI-assisted operations. The session will focus on measurable outcomes, analyst augmentation, governance, explainability, and the tradeoffs between traditional workflow automation and newer agentic approaches so attendees can separate real value from market noise and make more confident strategic security investment decisions.

FIVE KEY TAKEAWAYS

• Understand what is driving the surge of investment in AI-assisted security operations
• Explore why both traditional rule-based automation, along with AI-driven approaches are needed in modern SOCs 
• Examine how AI is influencing the decision between building an internal SOC and leveraging MDR services
• Learn the current state of AI agents within security operations and where they deliver practical value 
• Understand why the future SOC remains AI-assisted rather than fully autonomous

300 episodes already? Time flies when you're having fun! In this 300th Episode of the KuppingerCole Analyst Chat, Matthias sits down with Distinguished Analyst Martin Kuppinger to unpack one of the most urgent, and underestimated, security challenges facing organizations right now: employees building and deploying their own AI agents, with no governance, no oversight, and no accountability.

Key topics:

✅ What "shadow agents" are and why they're fundamentally different from shadow IT or shadow AI
✅ Why vibe coding means anyone, not just developers, can now deploy autonomous agents inside your systems
✅ How AI agents massively expand the attack surface through prompt injection, data exfiltration, and uncontrolled access
✅ Why discovery and resource-side controls must happen in parallel and why neither alone is enough
✅ What organizations can actually do to gain control without just shutting everything down

The bottom line: there's a thin line between agents that help your business and agents that harm it. Right now, most organizations can't tell the difference.

This panel explores how organizations can detect and respond to identity threats earlier by moving beyond traditional IAM controls toward a true ITDR capability. The discussion will examine how identity signals from authentication systems, endpoints, cloud platforms, and security monitoring tools can be combined to reveal subtle indicators of compromise that often go unnoticed.

Panelists will discuss practical approaches to identifying suspicious identity behavior, integrating identity telemetry into SOC workflows, and building detection capabilities across hybrid environments. The conversation will also explore real-world attack techniques and how organizations can move from identity visibility toward proactive identity defense.

Attendees will gain insight into how ITDR complements IAM, Zero Trust, and security operations and how organizations can start operationalizing identity-based threat detection today.

In this session,  two members of the board of directors, Allan Foster and Ian Glazer, will give an update on the Foundation’s activities and introduce the recipients of DIAF’s awards and grants who will share their perspectives on this vital industry.

As machine identities, automated workflows, and just‑in‑time access models become more common, the old habit of regularly reviewing static access starts to fade. Instead of constantly re‑checking standing privileges, organizations are finding ways to avoid granting them at all.

This discussion looks at how enterprises can take practical steps toward automated, event‑driven access controls and near‑zero standing privileges. We’ll talk about the growing role of bots and non‑human identities, how automation is changing governance, and what a realistic transition looks like - balancing innovation with compliance and everyday needs.

In this session, Reiner Mertens, Lead Advisor at KuppingerCole Analysts, argues that this is not primarily a technology problem. The tools exist - policy engines, token exchange standards, workload identity frameworks. The problem is organizational: IAM programs are not designed for a world where no single team owns the full API graph, where services are built before authorization is designed, and where policy ownership has no clear home.

Participants will leave with a clear understanding of the challenge, a strong advisory perspective on what must change in IAM programs, and an initial reference model for approaching dynamic entitlements in modern service architectures.

This session takes a critical look at the evolution of authorization, from classical models like DAC, MAC, and RBAC to today’s more dynamic approaches such as ABAC, PBAC, ReBAC, and TBAC. You’ll learn how each model aims to address key challenges. It'll also be discussed, which three fundamental dimensions every access control model must handle and evaluate which approaches truly meet those requirements.

By the end of this talk, you’ll understand where modern authorization adds real value, where traditional models still suffice, and how to navigate the hybrid future most organizations will face. The shift in authorization isn’t a revolution - it’s an evolution, and success depends on knowing when to adopt what.

Instead of looking at tools, we are looking at the organization: This talk introduces a holistic IAM Target Operating Model that treats the Identity Fabric as one coherent system of capabilities, responsibilities, and operational services. It adds a third lens that is usually missing: the people & organization lens. Beyond “who owns what,” we make visible which skill profiles are required, how they translate into roles, and how that becomes a pragmatic view on candidates, sourcing options, and headcount planning.

You will learn how to build a multi view TOM of the Identity Fabric:

1. task view across different dimensions,
2. shared responsibility view across internal and external parties, and
3. role and skill view that allows staffing the model with real people. 

The result is an operating model that is actionable for leadership, usable for audit and provider management, and concrete enough to guide hiring and team design - no matter which size the company has.

Building on this foundation, the presentation looks beyond authentication to the next stages of BASF’s Risk based IAM roadmap. It explores how passwordless authentication, identity assurance, and emerging concepts such as decentralized identities and verifiable credentials can further reduce implicit trust, simplify access decisions, and enable new trust relationships across enterprise and ecosystem boundaries.

Attendees will gain insight into how a global industrial enterprise turns Zero Trust from theory into an evolving, scalable identity platform, connecting delivered results with a clear vision for what comes next.

This session provides a high-level overview of the ongoing standardization work at ETSI, where key technical specifications for the EUDI Wallet ecosystem are being developed. It presents the latest developments, key milestones, and timelines, and offers insights into the concrete work within ETSI EUDIW standards project.

Now organizations and users can authenticate to existing IT services using their own digital identity via verifiable Legal Entity Identifier (vLE)I role credentials.

Using an authenticator software, a vLEI presentation is translated into traditional IAM protocols such as SAML or OAuth, enabling seamless integration into legacy systems through a plug-in solution. As a result, no changes to the existing IT infrastructure are required to identify, authenticate, and authorize users from other organizations based on their own identity credentials.

This approach allows consuming organizations to manage and revoke access rights themselves, while reducing the service provider’s administrative burden - such as creating or updating user accounts, resetting lost passwords, or removing access.

This keynote explores 25 years of recurring IAM pitfalls, from early directory services and compliance‑driven provisioning to today’s Zero Trust ambitions and explosion of non‑human identities. Through a chronological and thematic lens, it reveals why the same failure patterns repeat regardless of technology generation or vendor.

Rather than focusing on tools, the presentation examines the organizational, data, and governance assumptions that have quietly undermined IAM initiatives: treating IAM as an IT project instead of a business capability, underestimating identity data quality, over‑engineering roles, ignoring user experience, fragmenting identity platforms, and prioritizing audit checkboxes over real risk reduction.

Attendees will leave with a clear mental model for evaluating IAM initiatives and a critical insight: IAM success depends less on better technology and more on better assumptions.

Four days, hundreds of sessions, and thousands of conversations about the future of identity, security, cloud, and AI governance — all from the heart of Berlin.

Thank you to every speaker, sponsor, and attendee who made this year's European Identity & Cloud Conference one for the books.

With SAP IdM reaching end-of-life in December 2030, a transformation window of 24–36+ months, and the reality that over 80% of security incidents are identity-related, the urgency is undeniable. Add growing regulatory pressure from NIS2, DORA, and the EU AI Act, and the message becomes clear: the time to act is now.

In this session, a major Central European retailer shares its ongoing journey to modernize identity governance by migrating from a legacy on-premise IGA platform to a cloud-based solution. The transformation began in 2022 with a strategic decision to move to a modern IGA architecture, followed by the selection of Saviynt in 2023 and the launch of the implementation programme in 2024.

The session will walk through the practical realities of this transition: addressing fragmented identity data across multiple SAP HCM systems, introducing a consolidated identity model based on individuals rather than employment contracts, improving master data quality, and progressively migrating access request processes and target systems. It will also cover the implementation of key governance capabilities such as mover processes, access recertification, and preparation for compliance requirements including NIS2.

Attendees will gain insights into the architectural, organizational, and data challenges involved in modernizing enterprise IGA, along with lessons learned and practical guidance for organizations facing similar legacy-to-cloud identity transformations. The session will conclude with an outlook on future developments, including the role AI may play in the next generation of access governance.

For instance, while MCP offers a promising interoperability standard, its authorization model based on OAuth2.1 leaves gap. NHI lifecycle and governance capabilities are essential, but it remains unclear how to govern hundreds of thousands of agents, especially when MCP/OAuth2.1 proposes Dynamic Client Registration as the agent registration solution. These are just two examples of potential solution gaps. 
In this presentation, we will explore the latest advancements in Agentic AI technologies and delve into the risks and security challenges organizations will encounter when deploying Agentic AI at scale. We will also discuss the required Cyber and Identity capabilities that organizations must have in place before embarking on the Agentic AI journey.

To operationalize this model, three complementary governance pathways are proposed, spanning declaration, detection, and validation:
•    Interaction transparency attributes (ex-ante declaration) – extend eIDAS 2.0 attestations to include purpose and intent metadata
•    Continuous epistemic monitoring (real-time detection) – identify deviations in verified agent interactions that alter user trust formation
•    Epistemic trust certification (ex-post validation) – third-party auditing of AI systems that preserve cognitive integrity over time

For identity providers, this creates a new assurance layer beyond compliance. For policymakers, it extends eIDAS from static credentials to dynamic trust governance. For citizens, it turns verification into an ongoing safeguard of cognitive autonomy.
Embedding epistemic integrity into Europe's digital identity frameworks would not only strengthen resilience against behavioural steering, but also articulate a distinctly European vision of trustworthy AI, one that protects not just identity, but the commons of trust on which democratic knowledge and civic deliberation depend.

Yet too often, organisations feel trapped, pressed by regulations on one side and overwhelmed by evolving threats on the other. It doesn’t have to be this way.

In this session, we’ll cut through the noise and bring you back to what truly matters: building a mature, identity‑driven security posture that naturally meets regulatory expectations. Instead of treating DORA, NIS2, or ISO/IEC 27001 as checklists or fire drills, you’ll learn how to turn them into catalysts for clarity, resilience, and purposeful action.

We’ll show you how to use the IAM and PAM capabilities you already have to strengthen your defences, simplify compliance, and elevate your organisation’s security maturity, without adding tools, complexity, or unnecessary cost.

Attendees will leave with practical insights for building a more accountable, risk-aware governance model that improves audit readiness while reducing operational friction.

Digital onboarding has evolved over the years; each step forward brought new safeguards to ensure you really know your customers. But deepfakes are changing the game; they are becoming better every day, to the point where people can no longer tell that they are fake, and machines struggle with the same.

What are the real consequences of fake identities entering your system, and what can you do about it?

But this shift has created an exploitable entry point for attackers. With minimal cost, skill, or effort, bad actors can now produce high-fidelity deepfake personas beyond human detection and use them to spoof remote meetings. KuppingerCole’s Osman Celik highlights the ease of producing deepfakes: “a few photographs or short video clips are enough to train face-swap or lip-sync models that produce convincing enough outputs to fool many observers.”
This vulnerability was exposed in the attack on the multinational engineering firm Arup, wherein a finance professional transferred $25.5 million after attending a video call populated entirely by deepfaked executives.

Now that video conferencing is pervasive across sectors, deepfake-enabled exploits can lead to the diversion of public or corporate funds, infiltration of systems and information, and even the compromise of national security.

In this session, Peter James discusses:

• Today’s deepfake attacks: The tools, the trends, and why they're working
• Why video conferencing remains the unguarded entry point, regardless of your perimeter defenses
• What governments and businesses can do to close the gap and restore trust in remote interactions           

Who Should Attend: This session will present a real use-case, focus on the use of standards, interoperability and user experience. It will showcase the required balance between commercial, legal and technical in building out cross-border ecosystems with relevant content for policy makers, technologists and business audiences. 

Digital sovereignty is one of the most frequently used - and at the same time most hollowed-out - buzzwords of recent years. Hardly a keynote, strategy paper, or product pitch today goes without the term. In practice, however, digital sovereignty is often reduced to location arguments, certifications, or regulatory checkboxes. “Hosted in Europe,” “GDPR compliant,” or “Trusted Cloud” are sold as proof - while the real technical and organizational dependencies remain unchanged. In Identity & Access Management (IAM) in particular, this oversimplification is not only misleading, but dangerous.

This talk puts forward an uncomfortable thesis: digital sovereignty does not begin with data centers, but with identities. And anyone who does not control their identities is not sovereign - no matter how many certificates, compliance seals, or “Trusted Cloud” labels appear on the slides.

From Sovereignty to Autonomy – A Necessary Shift in Perspective

Digital sovereignty is often understood as a state: data resides in the “right” country, contracts are properly worded, regulatory requirements are met. But this perspective ignores a decisive factor: the ability to act. That is why it is more accurate to speak of digital autonomy - the ability of an organization to control, adapt, and, if necessary, decouple its core digital functions in a self-determined way.

Autonomy does not mean autarky. No enterprise will realistically forgo hyperscalers, SaaS platforms, or external identity providers anytime soon. But autonomy does mean understanding dependencies, entering them consciously, and being able to control them. This is precisely where Identity & Access Management (IAM) becomes a strategic key technology.

IAM as the Power Center of the Digital Organization

In many organizations, IAM is still viewed as necessary infrastructure: user management, single sign-on, a few policies, compliance reports for auditors. This view is not only outdated - it is dangerous. Modern IAM systems effectively define:

• who is allowed to access what,
• under which conditions,
• via which platforms,
• with which identities (human and non-human),
• and based on which external dependencies.

IAM is therefore no longer a downstream IT topic, but the power center of the digital organization. Those who lose control over identities - through external identity providers, proprietary access models, or deeply embedded platform dependencies - lose real steering capability.

Why Digital Sovereignty Without IAM Is an Illusion

Many current “sovereignty initiatives” fail due to a fundamental conceptual error: they focus on data, not on access. But data is worthless if access to it cannot be controlled autonomously. In practice, this means:

• Cloud workloads may be operated “in Europe” while identities are entirely dependent on U.S. platforms.
• Critical business processes are technically usable only as long as an external IAM service is available.
• Switching providers becomes practically impossible because identity models, roles, and policies are locked into proprietary implementations.

Digital sovereignty that ignores such dependencies is pure wishful thinking.

Put provocatively: many contemporary IAM strategies optimize for convenience and cost - and sell the resulting loss of control as “modernization.” Digital sovereignty then becomes a marketing phrase that glosses over missing exit strategies, implicit vendor lock-ins, and non-delegable core functions. For large enterprises with critical infrastructures, global value chains, and long-term liability risks, this is a dangerous trade-off - quite apart from personal (executive) liability under laws and regulations such as NIS2.

Who This Talk Is For - and Who It Is Not

This talk is deliberately not aimed at marketing departments or buzzword evangelists. It is aimed at:

• CIOs, CISOs, and enterprise architects,
• technical leaders,
• managers who bear responsibility for digital core processes.

It will not provide easy answers or “recommend tools.” Instead, it explains why IAM is the neuralgic point of digital autonomy, which misconceptions dominate today, and which strategic guardrails organizations must establish if they take digital sovereignty seriously.

The talk explicitly addresses the management perspective. Digital sovereignty is neither an end in itself nor an ideological project. It is a risk-management issue, a business-continuity issue, and increasingly a competitive factor. Organizations that can autonomously control their IAM capabilities respond faster to market changes, regulatory requirements, and technological disruption. They retain bargaining power vis-à-vis vendors and avoid strategic dead ends. Organizations without this autonomy, by contrast, implicitly shift central steering functions outward - often without ever making that decision explicitly.

In closing, the talk makes one thing clear: digital sovereignty in IAM is not a state that can be “achieved” and then checked off. It is a continuous design process that requires technical excellence, organizational clarity, and strategic courage. Those who reduce it to marketing will lose it. Those who take it seriously must be willing to ask uncomfortable questions - about architecture, governance, and the distribution of power in the digital space.

Precisely for this reason, now is the right time to remove digital sovereignty from the buzzword corner and anchor it where it belongs: at the core of modern IAM architectures.

This session introduces Pre-Execution Governance, a new architectural standard that bridges the gap between Just-in-Time (JIT) Access and real-time execution. We will demonstrate how to fundamentally decouple the user from the application by terminating their session in a remote, isolated browser. The user interacts only with a visual stream - effectively preventing any malware or exploit from physically reaching the target infrastructure.

We will then show how this isolation layer enables deep, real-time oversight:
- Contextual Matching: Using deterministic AI to compare live user actions (clicks, queries) against the specific "Reason for Access" declared in their JIT request - blocking valid credentials from performing invalid tasks (e.g., a "Restart Service" ticket cannot execute a database dump).
- Dynamic Peer Verification: Moving beyond static rules, the system automatically triggers the 4-Eyes Principle (via mobile push) only when the live action contradicts the approved JIT context.
- Exploit Immunity: How separating the user interface from code execution renders application vulnerabilities irrelevant.

The conversation will include the recurring challenges customers have faced along the way, such as IAM modernization, fragmented telemetry across cloud and on-premises estates, legacy applications that resist modern policy enforcement, segmentation strategies that stall at the network layer, and the organizational change required to align security, identity, and infrastructure teams around a shared model. Panelists will also discuss the practical solutions that have proven durable, such as identity-centric policy engines, phishing-resistant authentication, microsegmentation grounded in workload identity, continuous access evaluation, and the growing role of unified policy frameworks that bridge human, machine, and increasingly agentic identities. The session is intended as a retrospective rather than a forward-looking roadmap, offering a clearer picture of what a mature Zero Trust program looks like in practice and what still remains unresolved.

This session walks through how we got there, the architecture behind it, and why this pattern might apply far beyond logistics.

Takeaways:

• Automate access and protection of data using least privilege principle and classification to dynamically protect sensitive data regardless of where it is used or stored.
• Simplify management of data protection policies to prevent unauthorized access of restricted data.
• Simplified policy administration and management through a unified policy platform to respond to new cybersecurity requirements in real-time.

The audience will learn how to assess inefficiencies in their applications and processes, decouple authorization and application logic, and consume authorization as a shared service without compromising their unique security and business needs.

Allan and Guy will share their experience and learnings from multiple B2B projects, highlighting the questions that need to be addressed before begining, the problems that come up, and the processes that need to be in place in order to be successful.

This session examines what it means to establish trust at the operational edge, and why identity must move from implicit, assumption-based models toward explicit and continuously verified trust in environments defined by unpredictability.

This session highlights how organizations can bring clarity to these gaps by establishing a unified, governance‑driven approach to cloud sovereignty. We explore how identity, access governance, and policy‑driven controls form the strategic foundation for securing data, enabling compliant cloud operations, and fostering trusted collaboration across ecosystems.

Participants will gain practical guidance on aligning cloud architecture with regulatory requirements, strengthening identity as a core pillar of digital sovereignty, and enabling innovation with confidence - without compromising on control, compliance, or trust.

Traditional IAM, built for human users and static non-human identities (NHI, cannot handle autonomous non-human identities (A-NHI) that operate with unprecedented independence, scale, and contextual adaptability.

This presentation examines how IAM must evolve into agent-aware frameworks, covering architectural design, technical capabilities, and governance models including ownership, provenance, and lifecycle management. We introduce purpose and intent as distinct governance attributes for agentic AI, and show how containment constraints and permission compatibility together provide a two-layer governance architecture for agent-aware IAM.

Securing AI ecosystems demands cross-organizational collaboration to align IAM with business goals while addressing the expanding threat landscape of agentic AI.

RSA’s Field CTO Ingo Schubert will cut through the noise and provide a grounded perspective on what truly matters for identity security in the coming years. This session will help you distinguish hype from reality, understand where Quantum and AI risks genuinely intersect with IAM, and ultimately make smarter decisions about priorities, architecture - and where to invest your limited security budget

In this session, Hed Kovetz, CEO and Co-Founder of Silverfort, will share what he learned so far from real testing against Mythos, which defenses work and which break, and how Identity Security is evolving to leverage AI against AI without losing control. This includes new and important concepts like Autonomous Runtime Identity Security. Attendees will leave this session with the most updated knowledge about AI threats (with a focus on IAM), effective defense frameworks that they can bring to their companies, and facts that will help them drive urgency and action.

This keynote traces the identity and accountability crisis at the heart of the AI agent revolution through three fault lines:

1. The Binding Problem

An agent acting on your behalf needs a cryptographic identity, not your password. Yet in practice, most agent deployments still use credential delegation, the same model as a shared service account. We will examine the technical challenge of binding an agent's actions to a human mandate, and why current IAM infrastructure was never built for this.

2. The Accountability Gap

Anthropic's legal challenge over AI use in military applications without human oversight is not a US defence story. It is a preview of the accountability questions every enterprise will face. When an agent makes a decision with real consequences, who is liable? The vendor? The deployer? The human who authorised the agent? The agent itself? Current regulatory frameworks diverge sharply, and China's ban on synthetic AI relationships for minors shows how quickly the geopolitical landscape can shift.

3. The Four-Question Framework

You will leave with a practical assessment framework: is your organisation ready, legally, technically, and ethically, to say yes to the bot?

In this keynote, the argument is made that existing IAM/PAM frameworks were not designed for this reality. The consequence is not just complexity, but blind spots, shared secrets, and silent failures.

The session illustrates why authentication is not authorisation and why privileged access management as we knew it is obsolete. We’ll introduce the concept of a dedicated authorisation control plane, one that enforces real-time, contextual decisions at the moment of action, treats all identities, human and non-human, the same, and ensures full auditability and accountability.

Finally, the keynote explains how this approach is not a new buzzword or category label, but the only realistic path forward if companies need to manage identity risk and compliance reliably in a world of automation, microservices, and machine speed.

Attendees will walk away with a clear understanding of the structural challenges in traditional access models and a practical vision for how to rebuild identity control for modern environments.

In this session, we will examine how AI can expedite substantial parts of the connector development lifecycle: processing API specifications, generating provisioning and reconciliation logic, handling authentication flows, and encoding business rules expressed in natural language.

The session takes a balanced view, exploring where AI-assisted connector development is already practical, where it is still maturing, and what validation and oversight practices organizations should maintain around AI-generated integration code.

OpenClaw made that blind spot visible overnight. Over 42,000 unprotected gateways. Plaintext credentials. No audit trail. But the real lesson of OpenClaw isn't that ungoverned agents are dangerous - we knew that. It's that governance at registration time can't help you at execution time. Even an agent that passed every onboarding check can chain tools in an unplanned sequence, act on stale delegated authority, or follow a prompt injection into a privilege escalation - all within policy, all within a single turn.

The missing layer isn't a new proprietary control plane. It's something the identity community already knows how to build: runtime authorization. Per-action policy evaluation at the moment an operation is attempted, and per-query control over what an agent can even discover. OpenID AuthZEN gives us the right primitives - evaluation APIs for real-time access decisions, search APIs for scoped discovery - applied to software actors that improvise. The patterns are familiar: PEP, PDP, obligations, evidence. The actor is new.

In this keynote, I'll demonstrate what runtime agent authorization looks like in practice: an agent stopped mid-action by policy and held until a human decides, a signed execution envelope that separates request from control, and an evidence chain that gives auditors cryptographic proof rather than reconstructed logs.

I'll also cover the tradeoffs honestly - where runtime evaluation adds latency, where it constrains autonomy, and why the answer isn't to authorize everything equally but to know which actions demand hard control and which can remain fluid.

If you're building with agents, securing them, or trying to move from guardrails to standards-based runtime control - this is the twenty minutes that reframes the question identity teams should be solving now.

Again it is time to re-think how we approach our profession going forward.

Ivo will share his observations from his experience working with public and private organisations on this topic, with the aim to give you some things to think about on your way home on what you can do differently to become better equipped with helping your organization success in this era of resilience.

But identity proliferation doesn’t just introduce complexity. When applications directly rely on external identity providers - whether from SaaS platforms, multi‑cloud setups, partner ecosystems, or post‑merger domains - trust begins to spread far beyond its intended boundary. This increases blast radius whenever a credential is compromised or a provider is misconfigured.

In this session, I demonstrate how OAuth Token Exchange offers a standards‑based pattern to decouple identity origin from trust enforcement. By issuing context‑aware, boundary‑scoped tokens, organisations can enforce identity consistently and reduce risk across internal domains - regardless of where the identity was created.

Key Message

The architectural approach applies equally to on‑prem systems, multi‑cloud deployments, and federated organisations.

Call to Action

We cannot control where identities are created — but we can control how, where, and under what conditions trust is applied.

If identity enforcement still lives inside your applications, you are scaling complexity and risk. Let’s talk about how to centralise trust - not vulnerabilities.

This session offers a comprehensive view on integrating autonomous agents into a modern Identity Fabric. We move beyond static authorizations and over-privileged service accounts toward a model of Continuous Adaptive Trust, where every identity, human or machine, earns access through context, intent, and policy.

Participants will explore a blueprint for:

• Identity Attribution: Establishing a framework that ties every agentic action back to a human principal and a specific intent, ensuring full traceability across the identity graph.
• Policy-Based Access: Transitioning from static roles to dynamic, policy-based access for autonomous workloads, aligned with least privilege and Zero Standing Privileges.
• IAM and GRC Convergence: Treating the fusion of identity governance and compliance as the accelerator for a truly governed and audit-ready enterprise identity ecosystem.

At the same time, non-human identities, from certificates, keys, workloads, APIs, devices to autonomous agents, are multiplying fast and quietly expanding the attack surface.

Join this presentation to get a clear set of patterns you can apply to reduce outages and risk while staying ready for audits and the next wave of regulation.

Key Topics:

• A practical definition of terms
• Actors and Usecases in NHI environments
• Agentic AI-Hype and practical effects
• NHI as cyber security threats and agentic AI as fire accelerant
• Useful building blocks and missing parts for modern NHI

We will begin by tackling the foundational challenge of device trust. We will argue that authenticating a user is no longer sufficient; true zero trust requires binding identity to a verifiably secure device before the first access request is ever made. We will explore a strategy for extending phishing-resistant, passwordless authentication directly to the desktop login, and discuss the architectural principles for continuously assessing device trust by integrating rich context and signals from the endpoint security ecosystem.

With this foundation of physical device trust established, we will pivot to the next frontier: the autonomous workforce. We'll outline a strategy for securing AI-powered workflows by moving beyond static secrets and service accounts. The discussion will focus on the principles of discovering and governing non-human and AI identities, and the critical need for an identity fabric that can orchestrate ephemeral, just-in-time access for these autonomous agents.

Attendees will leave with a cohesive, strategic framework for building a security posture that is prepared for the challenges of today and the identity-centric realities of an AI-driven tomorrow.

The core of this growing problem is purpose or "intent"; objects deemed beneficial should be allowed, and harmful ones eliminated. But the calculation of intent is not always so straightforward. Who launched the object? What was its original stated purpose? Who currently controls or owns the object? And how do we validate these claims?

The adoption of agentic AI presents a similar problem for identity. Access controls and real-time governance of automated actors depend on an analogous understanding of intent. Purpose, creation, ownership, operation—these are all factors in the calculation of the purpose of an agent's activity and actions. While calculation of intent is (at times) relatively straightforward, it's more often a rapidly evolving, challenging operation.

We'll learn lessons from what space exploration has gotten right (and horribly wrong) as it seeks to evaluate intent and seek to apply that insight to the current frontiers of identity.

Key Takeaways:

• Understand the fundamentals of AI Security and why it matters.
• Learn about the Security AI Framework and AI Security models.
• Identify common threats and risks in AI systems.
• Discover mitigation strategies and security capabilities to safeguard AI.
• Explore the impact of AI Security on IAM and how to adapt your identity strategy.

This session explores how to modernise legacy IAM environments into resilient, future-ready identity ecosystems. We will discuss architectural decisions, governance models, and measurable outcomes that matter to both business and technical stakeholders — from reducing risk and improving compliance to enabling agility and innovation.

Attendees will gain practical insights into building identity resilience that supports security, regulatory requirements, and long-term digital strategy.

But now we're 20 years past those early days and the has changed drastically along with every part of life that's now connected to it. Today, machine identities and AI agents are questioning the fundamental model of OAuth in ways we've never seen. OAuth has proven to be incredibly flexible in the past, and new extensions are being proposed to bring it into this new world. At the same time, alternatives have been proposed that have started to take root in some spaces. Are we on the verge of a new world?

Come to this talk to learn about how OAuth is changing, and how our views of security are forcing re-evaluation of contexts and assumptions that have served the internet well for decades.

Praerit Garg has been building identity and access systems since before most enterprises knew they needed them, starting at Microsoft in the early days of directory services and spending decades since at the intersection of cloud scale and enterprise security. He has a point of view on where this is going, and it isn't flattering to the status quo.

This session maps the maturity journey from fragmented point solutions to autonomous, self-healing access governance, and makes the case that getting there is a strategic decision, not a procurement one.

When personal data can be accessed from multiple countries, systems, or service providers, the ability to control who has access, to what, and under which conditions becomes critical. GDPR requires that access to personal data is limited, auditable, and proportional - and IAM is how we make that real.

Some of the discussion points

• From regulation to construction: what European AI agency actually requires
• Building sovereign AI without sacrificing openness, innovation, or global cooperation
• Beyond consumer-scale models: Why Europe’s comparative advantage in AI is likely to emerge in physical AI and industrial-grade systems rooted in manufacturing, robotics, and embedded intelligence.

In this session, Bare.ID and congstar share how they modernized their CIAM landscape to support more than 7 million customer identities across multiple brands. Instead of treating security and user experience as trade-offs, they established both as key guiding principles to create a reliable, user-centric login experience. A key part of this journey was the shift to passwordless login using Passkeys – turning secure login into an almost invisible experience while significantly strengthening protection behind the scenes.

The session highlights the real-world challenges behind this transformation: balancing consistent identity management with independent brand experiences, reducing operational complexity, and meeting regulatory requirements such as GDPR and NIS2.

Attendees will gain practical insights into how large organizations can simplify authentication, drive passwordless adoption, and build a scalable identity platform that earns customer trust throughout the entire authentication process.

Attendees will learn what it takes to operationalize trust frameworks in real-world environments, how to align standards with national and sector needs, and how organizations can prepare for a future where digital identity must function reliably across borders.

This talk looks at how the World Bank is working to build on the EUDI model to export trust to other regions, helping countries align with the EU model while also facilitating its adaptation to other contexts with different capacities, priorities, and starting points.

In this session, John Peart, representing the UK Government’s Department for Science, Innovation and Technology, will explore the technology, standards and assurance mechanisms that now underpin trust in the UK market (including a certification system that meets ISO 17065 standards and a new corresponding trust mark) and makes digital verification work at scale. He’ll also share some of the (hard) lessons learned along the way and the UK’s roadmap for the future.

Attendees will leave able to:

1. Read IAM telemetry signals from existing IGA and PAM data that predict insider incidents earlier than detection tooling.
2. Apply a four-node decision tree to test identity-based monitoring against EU proportionality requirements before deployment.
3. Translate one identity maturity gap into a defensible annual loss range, anchored in published industry data.

This session will examine how to protect these identities in a modern environment, make attacks visible, and respond to attacks that are already underway. This demo-packed session will show how simple attacks against service accounts in Active Directory and app registrations in Entra ID can be.

It will also show how attackers can live persistently in your environment, steal data, and act like a normal business application.

• Understand what Identity Threat Detection and Response (ITDR) is and how it complements IAM, IGA, and Zero Trust programs.
• Learn the critical telemetry sources and detection logic required to identify identity abuse across cloud and hybrid environments.
• Explore a reference architecture for integrating ITDR into existing SOC workflows and incident response playbooks.
• See real-world attack paths and detections, including MFA fatigue, token replay, and conditional access bypass attempts.
• Gain a practical maturity roadmap for moving from identity visibility to proactive identity defense.

Topics covered:

1. Rollout strategy to build trust within the target group through a user experience-driven adoption approach
2. Challenges in the adoption of passwordless technologies and limitations encountered
3. The steps required to decommission static passwords

In this session, we cut through the noise. Together with our customer Matthias from GLS we‘ll have an open dialogue about what IAM really looks like in day-to-day operations. We'll walk through real scenarios: Are NHIs really new for companies and do require special treatment? What do you do when fancy AI features recommend access based on historically wrong assignments? Or when the gap between vendor promises and actual capabilities slows down your IAM rollout?

Our goal: Don't panic when Joiner, Mover, Leaver processes cause sleepless nights. Most of the time a simple, straightforward solution with reduced complexity is exactly the right approach. Join us to get the bare truth about real life issues and solutions, focusing on real cases and implementations, independent of which tool your company has chosen.

This 20-minute session explains why SaaS security and AI governance must be treated as pillars of a modern cybersecurity strategy. It will examine identity and access governance, weak authentication, over-permissioned users, orphaned accounts, shadow SaaS and AI, misconfigured services, and emerging agentic AI risks. The session will also preview the in-flight KuppingerCole Leadership Compass on SaaS Security and AI Governance.

Key Takeaways

• Understand why SaaS and AI governance risks are growing
• Identify common visibility, access, configuration, and lifecycle gaps that expose SaaS applications.
• Explore how AI agents change governance, accountability, and permission-management
• Get an early view of the forthcoming Leadership Compass on SaaS Security and AI Governance

In this session, Devesh explores how organizations are evolving from static third-party access governance toward dynamic, trust-based B2B identity models using automation, group management, policy-based authorization, and identity orchestration to improve both security and business agility.

This session explains why factories now need four identity planes: workforce, third-party, machine, and product. It shows how that shift changes the way organizations handle machine and gateway identity, product lifecycle trust, and the evidence needed for governance and incident response. Rather than treating NIS2 and the CRA as compliance checklists, the session turns them into a practical identity architecture problem for operations, suppliers, machines, and connected products.

Attendees will leave with:

• a clear model for separating workforce, third-party, machine, and product identities in a factory environment
• a practical view of how CRA changes product lifecycle identity, from secure defaults to updates and support periods
• a concrete understanding of how NIS2 shifts identity from access alone to evidence, review, and accountability after incidents or supplier activity

The changing global order has elevated innovation, agility, and resilience from sources of competitive advantage for companies to matters of European national security. Our compliance framework is being challenged to prove its value as an enabler of necessary transformation.

This session focuses on the tension between digitization, safety, and compliance faced by organizations whose value creation is based on physical production processes. We will examine the role of cybersecurity in brownfield and greenfield production systems, and in particular the value of modern privileged access management for both human and non-human identities in improving uptime, productivity, and the end-user experience.

This session will explore how leading PAM vendors are responding to this shift through automation, just-in-time access, cloud entitlement controls, and deeper integration with machine and workload access models. Attendees will gain practical insight into which capabilities remain foundational, which innovations are shaping the future of PAM, and how to future-proof PAM investments in complex hybrid and cloud-native environments.

Key Takeaways:

• Understand the non-human identity explosion in cloud-native and AI-augmented development
• Learn the 5-step framework for SSCS credential governance
• See real breach patterns where non-human identity failures enabled supply chain attacks
• Discover tools and standards (SPIFFE, Workload Identity, AuthZEN) that scale identity control

This talk dives deeper into real-world challenges such as birth registration and obtaining birth certificates as a foundation for getting physical ID and, possibly, an online-verifiable ID such as Aadhaar, but more secure.

Attendees will gain clarity on sustainable economic incentives, understand where different participants fit, and learn what it will take to build viable, scalable business models in a world where issuers, holders, and verifiers operate with limited visibility into each other's activities.

To unlock the full potential of this ecosystem, we need to bring this all together in a pragmatic manner. We need interoperability to be prioritized and incentivized, clear guidance on how to implement these technologies with security and privacy in mind, and frameworks that respect the individual’s rights while ensuring global accessibility.

Join Nishant Kaushik, CTO, FIDO Alliance, as he explores how these pieces can come together to create an ecosystem where every participant can operate with confidence. We’re so close to a future where digital identity isn’t just convenient, but trusted by all.

AI agents are no longer limited to executing isolated requests. They act autonomously, delegate identities, and interact across multiple systems, and even with other agents.

This raises fundamental questions:

• Who is acting the user, the agent, or both?
• How do we control delegated access?
• How can systems establish trust in machine-to-machine interactions at scale?

In this keynote, Sadrick Widmann will share how we are building AI-driven capabilities within a SaaS platform and how this is transforming authentication, authorization, and security architecture. The session will focus on balancing innovation with control while redefining identity in an increasingly autonomous world.

As a result, enforcing guardrails across the entire AI flow and centrally managing access for all identities, both human and machine, has become a critical business priority.

This session reviews common failure patterns in agentic AI environments and examines how dynamic controls can be applied across prompts, data access, tool usage, and outputs. It shows how these controls can be enforced in a distributed manner across the enterprise technology stack, enabling organizations to deploy agentic AI at scale while protecting sensitive information and maintaining operational control.

This creates urgent challenges that traditional IAM, security, and governance frameworks were never built to handle sprawling, under governed attack surfaces; chronically over-privileged access; blurred accountability; and controls that simply don't map to identities that can replicate, reason, and act independently. The workshop brings together CISOs, IAM and security leaders, AI governance teams, architects, and cloud and DevOps professionals to explore emerging standards, modern identity architectures, and practical frameworks for establishing trust and enforcing control across autonomous, machine-scale identity ecosystems.

90-Minute Workshop

Certification to standards is no longer merely a compliance checkbox for system integrators. It is rapidly becoming the proxy signal that procurement officers, CISOs, and enterprise architects use to shortlist vendors before a conversation even begins.

This presentation makes the commercial and technical case for why certification benefits you - the solution provider. We will examine how alignment to various standards reduces your sales cycle friction by pre-answering the security due diligence questions that kill deals in procurement. We will demonstrate how certified solutions command price premiums, unlock government and regulated-industry verticals that are structurally closed to uncertified competitors, and reduce your liability exposure in the event of an incident. We will also address the practical pathway: how to scope your solution against the appropriate assurance levels, where third-party assessment bodies add credibility versus internal attestation, and how to leverage certification as a living differentiator in your go-to-market narrative - not a one-time audit artifact.

The identity market is consolidating around trust signals. Organizations that certify early will define the category. Those that wait will explain why they didn't.

Takeaways for attendees:

• The business case for NIST 800-63 or UK DIATF certification beyond government procurement
• How assurance level alignment maps to specific commercial verticals and use cases
• The competitive moat that certification creates against undifferentiated challengers

Practical first steps for scoping and initiating a certification pathway

Participants will gain a clear, structured perspective on how AI is reshaping identity architectures and why traditional approaches are no longer sufficient. The session will connect these shifts to the concept of AIdentity and outline practical considerations for securing AI-driven systems. Attendees will leave with a deeper understanding of current gaps, emerging standards, and what organizations need to do now to stay ahead in an increasingly autonomous digital landscape.

Participants will gain a clear understanding of the Identity Fabric fundamentals, what the frameworks are, how they relate across strategic, tactical, and operational layers, and how capabilities are structured, combined into services such as IGA, and implemented through concrete solutions.

Building on this, the session demonstrates how the Identity Fabric can be used as a starting point for IAM initiatives. It shows how the frameworks provide structure, completeness, and flexibility, enabling organizations to derive key activities such as maturity assessments, tool selection, architecture design, target operating models, and project planning.

The session also provides an overview of current IAM market developments and their impact on the evolution of the Identity Fabric and Reference Architecture. Key trends such as decentralized identity, wallets, Zero Trust, and Non-Human Identities are discussed, along with their implications for the Identity Fabric and Reference Architecture across different identity types.

Through this session, participants will learn:

• How the Identity Fabric and Reference Architecture are structured and connected
• How capabilities, services, and solutions relate within the frameworks
• How to use the Identity Fabric as a foundation for IAM initiatives and decision-making
• How current IAM trends influence the evolution of the frameworks

By the end of this session, attendees will have a solid understanding of how to apply the Identity Fabric in practice and how it supports the transition into the interactive maturity assessment in the second part of the workshop.

We review the transition to Post-Quantum Cryptography (PQC), providing a roadmap for both the public and private sectors to modernize their identity frameworks before the chain of trust collapses. Attendees will gain a strategic understanding of the cryptographic risk, suggested response, and migration timelines.  We also discuss the critical role that Artificial Intelligence plays in this area, as both a catalyst and a shield in this transition. We will also review the organization dynamics as a result of this transformation. 

Finally, we review the legal liability for organizations in the EU and the US based on exposure to the Quantum Identity Crisis.

Learning Outcomes:

• Evaluate Quantum Risks: Analyze the mathematical vulnerabilities of current encryption and the immediate threat posed by "Harvest-Now, Decrypt-Later" (HNDL) attacks.
• Formulate a PQC Roadmap: Design a phased strategic plan to migrate identity frameworks to Post-Quantum Cryptography (PQC) standards.
• Synthesize AI's Role: Critique how Artificial Intelligence acts as both a catalyst for new threats and a shield for automating cryptographic defense.
• Assess Legal and Liability Risks: Evaluate the impact of quantum threats on data protection regulations, fiduciary duties, and the long-term validity of digital contracts.
• Drive Organizational Readiness: Orchestrate the change management and workforce upskilling necessary to maintain operational continuity during the quantum transition.

The Bottom Line: Organizations have two choices:

• Act now and treat PQC as a proactive security modernization, or
• Face chaotic emergency migration, business interruption, loss of data integrity, and significant regulatory and civil liability.

• Digital ID
• Enterprise IAM

looking forward to taking home this year's award. Don't miss the big decision on this exciting evening and look forward to the winners' presentations on Thursday.

If you are interested in applying for an award, you can do so here: https://www.kuppingercole.com/events/eic2026/awards

The result is a growing gap between the state of the art in IAM and what organizations can realistically implement. Strategic IAM programs often give way to tactical, short-term solutions—creating fragmentation, technical debt, and uncertainty about long-term direction.

In this panel discussion, two advisors and two analysts explore how organizations can remain agile without losing strategic coherence. The session focuses on practical approaches to:

• Rapidly assess and prioritize innovations by distinguishing between major paradigm shifts (e.g., NHI Management) and incremental capability extensions (e.g., IVIP).

• Establish clear decision-making guardrails that allow fast responses to new business requirements and emerging technologies—while staying aligned with a defined target architecture.

• Manage tactical deviations consciously, with transparent communication and a plan to reintegrate them into the broader strategy, for example through orchestration.

• Define and continuously refine the target state for IAM, centered on the Identity Fabric.

Grounded in real enterprise challenges, this discussion connects IAM strategy, advisory methodology, and market analysis—without chasing every new buzzword. It sets the stage for follow-up sessions that dive deeper into pragmatic IAM transformation methods and into evaluating the real value of emerging IAM technologies, helping organizations move faster, smarter, and with confidence under constant change.

This keynote examines what federated governance models offer as complementary to mandate-driven approaches: resilience through distributed authority, adoption driven by proven business cases rather than compliance deadlines, and the agility to respond to AI threats and geopolitical disruption at the speed of industry informing the speed of legislation.

The problem is less the wording of the GDPR than its enforcement and cross-border procedures.

In June 2025, EU legislators reached a deal on the GDPR Procedural Regulation to speed up and harmonize cross-border cases, a critical step toward reducing forum shopping and uneven remedies.

In parallel, the Data Act has applied since 12 September 2025, opening access to connected-product and related-service data and supporting interoperability through Common European Data Spaces.

Can this create an “enforce-and-share” path that avoids rewriting the GDPR?

This keynote argues that agentic AI is fundamentally a delegated authority problem. It examines remote agent identification, downstream trust, non-deterministic supply chain risk, principal-side oversight, and the need for evidence about intent, action, and result. It concludes that the actuarial basis for agentic AI risk is still immature, so the urgent task is to build the evidence infrastructure now to make accountability, liability, and insurance possible.

Not surprisingly, many new tools have emerged, from authorization control for MCP servers to CIEM (Cloud Infrastructure Entitlement Management), NHI management in all its facets, and IVIP (Identity Visibility and Intelligence Platforms). But is there truly comprehensive control over identity security and a coherent governance approach?

Martin Kuppinger, Co-Founder and Principal Analyst at KuppingerCole Analysts, will examine the future of Identity Security & Governance and how organizations can regain control of access and authorizations by building a comprehensive governance framework across all types of identities and access.

Why convergence makes sense

The basic logic behind convergence is strong. AI agents and SaaS applications share many of the same risk patterns: human and non-human identities, OAuth tokens and delegated access, inconsistent privilege management, integrations, configuration drift, shadow SaaS, and now shadow AI. Putting a focus on shadow AI, the Cloud Security Alliance reports that 82% of organizations have discovered shadow AI agents in the past year. If an AI copilot can read, write, summarize, or act inside a SaaS application, then its governance depends on understanding what that application can access, what data it contains, what permissions exist, and which identities are involved.

Given this, it means AI governance cannot ultimately be effective if it is detached from SaaS governance. The enterprise AI security conversation often focuses on models, prompts, data leakage, and autonomous behavior. Those are certainly important. But in many organizations, AI tools and agents will act with and within the SaaS layer. If that layer is poorly understood, AI governance will inherit the same blind spots.

The customer’s current SaaS centric reality

However, the current customer reality is less futuristic. Organizations have been deploying SaaS applications for far longer than they have been deploying AI applications and AI agents. Many still struggle with foundational SaaS security questions: Which sanctioned and unsanctioned apps are in use? Who has access to what? Which OAuth grants are risky? Where has configuration drift created exposure? Which data is shared too broadly? Which human identities are overprivileged and under authenticated? Which exposures should be remediated first?

This is where the vendor narrative can get ahead of the buyer's reality. Autonomous AI agents are coming, and in some environments, they have already arrived. But SaaS deployments are already here at most organizations, and their risks are already being exploited. For many security teams, the immediate problem is not how to govern fleets of autonomous agents. It is how to gain control over a SaaS estate that has grown faster than their security processes, identity governance, and data protection practices currently support.

Where vendors may be ahead of the market

Vendors in the SaaS security space are moving quickly to also position around AI security, agent governance, and SaaS-AI convergence. That is directionally reasonable. The emerging AI governance related risks are real, similar in many respects, and increasingly interdependent. A system that observes SaaS identities, permissions, integrations, configurations, and exposures is well placed to extend into AI application and agent governance.

Why this joint category will become sustainable

Over the longer term (only 1 to 2 years in today’s accelerated world), the category logic becomes stronger. As AI agents become operational actors inside environments dominated by SaaS applications, SaaS security tools will need to govern not only users and applications, but also AI agents, their permissions, integrations, and actions. The distinction between “SaaS activity” and “AI-driven SaaS activity” will become less meaningful when the action, permission, and data path all converge inside the same enterprise applications.

In this future, buyers will need a more complete control plane across human users, non-human identities, SaaS applications, and AI agents. The market may not be fully here yet, but it is coming.

What buyers should look for now

Buyers should separate current necessities from future needs. Near-term evaluation criteria for most should remain grounded in immediate SaaS security needs: discovery and inventory, identity and access visibility, OAuth and integration risk management, data exposure monitoring, configuration and posture management, and threat detection and response. AI governance criteria should be added, but with appropriate future leaning expectations. Buyers should ask how products discover AI agents, identify agent activity, inventory agent permissions, detect shadow AI, analyze delegated access, and monitor AI-driven SaaS behavior at runtime. Just as importantly, they should ask whether these capabilities are operational today or are part of a roadmap.

Category or capability?

SaaS security and AI governance are not yet fully one category, but they are not independent problems either. The near-term market remains anchored in SaaS security, because that is where the clearest operational pain already exists. The intermediate opportunity is to connect today’s SaaS security problems to tomorrow’s AI governance requirements in a way that matches each customer’s security maturity, AI deployment speed, and risk tolerance.

Keep an eye out for the publication of our research in this area later this year that will further refine our view of this emerging market. For a related current perspective, see the recent KuppingerCole blog, “From Shadow SaaS to Shadow AI: The Growing Security Gap No One Owns” and join us in Berlin at EIC 2026, where this topic will be discussed.