API Security | Breaking Cybersecurity News | The Hacker News

Most identity verification failures do not originate from flawless synthetic IDs or visually undetectable deepfakes. Instead, they stem from structural exposures and information loss between the point of data capture and the final automated decision. As remote identity systems evolve, trust becomes an architectural property. If a backend cannot verify the hardware provenance of an image or video, the rest of the security pipeline operates on degraded input. By the time a synthetic face reaches a visual liveness model, the most critical context may already be gone. This post examines why fragmented identity APIs drop vital signals, how identity supply chains dilute accountability, and why these gaps allow digital injection attacks to succeed. The Hidden Risk in Identity Supply Chains Modern identity verification often relies on a complex supply chain that distributes camera capture, document parsing, liveness checks, and risk scoring across multiple vendors. Rather than opera...

Identity sprawl, agentic AI risk, and the path to NHI governance maturity When security leaders talk about identity risk, the conversation almost always centers on humans: Privileged users, compromised accounts, insider threats. But for most enterprises, the greater risk has already shifted. And it has nothing to do with your employees. Non-human identities (NHIs) — service accounts, API keys, OAuth tokens, SSH keys, RPA bots, cloud workload credentials and AI agents — are the fastest-growing, least-governed attack surface in the modern enterprise. And the industry is beginning to reckon with what that means. $4.88M Global average cost of a data breach — IBM Cost of a Data Breach 2024 The scope of the problem The numbers are striking. Research from Rubrik Zero Labs puts the NHI-to-human identity ratio at 45:1 in the modern enterprise. For cloud-native and DevOps environments, Entro Labs H1 2025 research puts that figure at 144:1.  These identities are not passive: They au...

As SaaS ecosystems expand, not every user is human anymore. AI assistants, automation bots, integration services, and API tokens now perform countless actions across business cloud applications, often with the same or greater access privileges as employees. These non-human identities (NHIs) are silently driving productivity while introducing a new class of risk: unmonitored, long-lived, and often misunderstood access. These machine credentials (service accounts, API keys, OAuth tokens, etc.) are essential for automation and integrations, but their growth far outpaces the oversight and security controls applied to them. The result is a widening visibility gap. A lot of NHI types enjoy broad permissions within SaaS apps, sometimes more privileges than a human user, yet they rarely get the same scrutiny as employee accounts. Over-privilege is common: about one-third of SaaS app integrations have access to sensitive data that exceeds their needs. Let's examine a few notable data brea...