Posts

Access Reviews Are Broken: How to Fix Them

Access reviews weren’t meant to be painful, tedious, or something people dread seeing in their inbox. The idea was simple: periodically check who has access to what, and confirm whether they still need it. Remove what’s no longer necessary. Reduce risk. Keep auditors happy. But somewhere along the way, a good security practice became an overloaded checkbox. The result? Compliance checkbox, not governance. Reviews get bulk-approved. Entitlements pile up. And nobody really trusts the system. ...

October 11, 2025 · 6 min · 1122 words · Prithvi Poreddy

UTCP, MCP, and the Missing Identity Layer

Tool calling is easy. Trust isn’t. Every new wave of infrastructure brings its own version of the “simpler protocol.” With AI agents, that moment arrived fast — the Universal Tool Calling Protocol (UTCP) has started making noise as the next big thing. Its promise sounds familiar: no wrapper servers, no middleware, no proxy hops. Agents can “just call” APIs, CLIs, or services directly using a JSON manual. Elegant. Minimal. Free of the heavy machinery that came with the Model Context Protocol (MCP). ...

October 10, 2025 · 6 min · 1270 words · Prithvi Poreddy

Making Sense of Identity’s Alphabet Soup: ISPM, IVIP, and ITDR

The identity security landscape is evolving fast. For years, we focused on finding and fixing vulnerabilities like leaked credentials, misconfigurations, and exposures. But the next phase of identity maturity is not just about fixing what is broken, it is about seeing clearly. Visibility has become the new foundation for control. Today, three layers are redefining how modern enterprises secure identity: ISPM, IVIP, and ITDR. Together, they provide posture, visibility, and response — the three pillars of a complete identity defense strategy. ...

October 8, 2025 · 8 min · 1588 words · Prithvi Poreddy

Beyond IAM: Architecting Identity for Workloads and AI Agents

If you missed my last post on what makes something an identity, start there — it sets the groundwork. This piece goes deeper: how to architect identity as the control plane for enterprises running cloud workloads and autonomous agents. This isn’t theory. It’s about production identity architectures that handle millions of authentications, thousands of microservices, and the new security challenges of AI agents. Whether you’re securing traditional enterprise apps, cloud-native services, or agent-driven workflows, the patterns here offer a roadmap — from where most organizations are today to where identity is heading. ...

September 16, 2025 · 7 min · 1487 words · Prithvi Poreddy

Identity Security for AI (MCP) Agents: A Four-Layer Continuous Authorization Model

A detailed look at how AI agents built on MCP need continuous, layered authorization to achieve true identity trust.

September 6, 2025 · 7 min · 1404 words · Prithvi Poreddy
Zoomed image