Identity is getting weird again, and in a good way.
This blog is where I post hot takes, field notes, and analysis on identity, security, and agentic systems. Some posts will be tactical. Some will be opinionated. Some will be me zooming out and asking, “are we solving the right problem at all?”
Lately I keep coming back to one thing: most of our stack is great at deciding who can get in, and still pretty weak at governing what autonomous systems should keep doing over time.
So expect writing on:
- Identity and access patterns that hold up in real environments
- Where agent security models break under real runtime conditions
- Delegation, authority, and accountability across multi-hop systems
- Standards progress, standards gaps, and implementation reality
- The occasional spicy take when the industry starts hand-waving
If you build or run identity and security systems, you’re in the right place.