Permiso Security

Most ITDR evaluations start with features. The gaps show up six months later. The criteria that actually matter: Can it track a single identity across authentication boundaries — from IdP through cloud to SaaS to CI/CD? Can it see non-human and AI identities alongside human accounts, or does it require a separate tool? Does it produce correlated identity sessions or just raw log volume? Even if you're not in an active buying cycle: these questions should define the criteria that expose the blind spots in whatever you're running today. 📖 https://hubs.la/Q04hjz2t0

Our P0 Labs team identified LLMjacking before most security vendors knew it was a category. That same research informs what we just announced last week. SC Media covered our AI agent runtime security launch — with Autodesk as our launch customer. Continuous visibility into agent runs, tool calls, data access, and behavioral anomalies across cloud and on-prem. AI agents are a new identity type, and they need to be treated like one. Read their coverage here: https://hubs.la/Q04gZ7yw0

We're grateful for the coverage from Michael Vizard at Security Boulevard on what we announced last week. AI agents are both the fastest-growing identity type in most cloud environments and they're the least visible. They spawn sub-agents, call external tools and MCP servers, inherit credentials, and operate at machine speed with little oversight. We extended the Permiso platform to discover every managed and unmanaged AI agent, track runtime activity across the full agent lifecycle, and assist you in enforcing least privilege policies. Read Mike's full piece here: https://hubs.la/Q04g-hlY0

🔗Read more: http://spr.ly/6048BBNF7C Jason Martin highlights a persistent failure pattern in enterprise security. Boards approve another tool. The gap shifts. The cycle repeats. Most organizations are not under-tooled. They are under-informed. Security teams can list their platforms, but few can map what is actually covered, what is missed, and where risk lives in real time. That visibility gap is where attackers operate. The organizations reducing risk are not buying more controls. They are building a complete picture of their environment and acting on it. That is the new baseline for security leadership. #FoundryExpert #RiskManagement Permiso Security

Most teams don't know how many AI agents are running in their environment, what they can access, or what they're doing. This is what visibility looks like with Permiso.

Most boards ask their CISO: "Are we protected?" The better question is: "What can we see?" Organizations that are actually reducing risk (not just responding to it) have figured out that the most valuable security capability is visibility. Our co-founder & co-CEO, Jason Martin, makes the case in CSO Online that before you approve the next tool purchase, you first need to know what actually exists in your environment. Read the full piece here: https://hubs.la/Q04g-P4T0

Supply chain attacks keep finding the weakest link. Ian Ahl identified the attack vector behind yesterday’s node-ipc supply chain compromise: a dormant maintainer account tied to an expired email domain, giving an attacker publish rights to a package with 822K+ weekly downloads. Shoutout to the Socket team for flagging the malicious versions within minutes of publication. Full breakdown via Cyber Security News ®: https://lnkd.in/eDXC5kkQ

Today we're announcing AI agent runtime security across the Permiso platform. Permiso delivers identity runtime attribution for AI agents. Every run, every tool call, every MCP invocation tied to a specific human, non-human, or AI identity, with anomaly detection and least-privilege recommendations built on the same Universal Identity Graph and P0 Labs threat intelligence customers already use Sebastian Goodwin, Chief Trust Officer at Autodesk: "Permiso was already our security platform for identities. The natural next step was to partner with them for agentic AI identities." Discover, Protect, and Defend, now extended to the fastest-growing and least-governed identity class in the enterprise. Founder Jason Martin's Blog: https://hubs.la/Q04gyP-20

Cross-cloud incident investigation is mostly schema translation. When a P0 alert hits, lean teams burn the first hour just normalizing log formats across AWS, GCP, Azure, and SaaS sources. Different field names, different timestamps, different schemas. By the time the team can actually look at the timeline, the room has lost an hour. P0LR Espresso is open source and built to skip that step. It normalizes diverse log formats into a unified structure so investigation focuses on attack timelines, not log schemas. If you're running incident response with a small team: → Pull P0LR Espresso into your IR runbook before the next P0 → Use it for tabletop exercises against multi-cloud scenarios → Test it against your actual log sources to validate normalization coverage Lean teams need the first hour of incident response back. This closes part of that gap. Check it out here → https://hubs.la/Q04gj3g50 #OpenSource #IncidentResponse #CloudSecurity #P0Labs

The diligence ends. The deal closes. The integration begins. Six months later, your small security team is sitting on top of inherited identity debt no one inventoried during the merger. Service accounts whose owners left with the acquired company. API keys minted for an integration that never went live. AI tools someone in marketing connected to the old Salesforce instance. Federated trust paths between two IdPs that never got reconciled. Most PE sponsors don't ask about identity sprawl until something happens. An audit finding, a portfolio company breach, or a board question they can't answer. By that point, the inheritance has been compounding for a year. The honest version of the post-deal identity problem: you can't reduce risk on what you can't see, and most NHI tools weren't built to discover the kind of cross-environment identity debt M&A creates. They handle one slice well, but they miss the connections. If you're three months from an audit or a portfolio review, ask whether your NHI coverage extends to the environments the acquisition added. Then, check out our evaluation guide to compare unified identity coverage against single-purpose NHI tools, including what each catches and what each misses. https://hubs.la/Q04g7P090