Identity-First Security
for the Agentic AI Era

Zero trust architecture, workload identity, continuous authorization, and delegated access — written from the trenches of enterprise IAM.

Articles
Agentic AI Token Exchange IBM Verify RAR
Can You Secure Agentic AI Without Buying Another Product?
A Deputy CISO asked the question every identity team should be asking: can we secure our AI agents with what we already have? The answer depends on your identity ecosystem — and most aren't ready.
2025 Read →
Agentic AI Identity Zero Trust
The Weakest Link: Agentic AI Agents
The weakest link used to be humans. Now it's agents. We spent decades building identity governance around people — then handed autonomous systems the exact same anti-patterns and walked away.
2025 Read →
AWS EC2 HashiCorp Vault IBM Verify SPIFFE
Secretless by Design: Zero-Trust Agentic AI on AWS EC2
How I deployed a LangChain-powered agentic AI with no secrets in the code, no Vault tokens on disk, cryptographic identity via SPIFFE, continuous session evaluation with CAEP, and delegated authorization through Token Exchange and RAR.
2025 Read →
The Author
Robert Graham
Global Product Architect
IBM Verify · IBM Security
Robert is a Global Product Architect at IBM Verify with over a decade at IBM spanning cloud security consulting, identity architecture, and technical sales engineering. He specializes in zero-trust architecture, workload identity, and enterprise IAM — with deep hands-on expertise across the protocols that underpin modern identity: OAuth 2.0, OIDC, SAML, FIDO2, SCIM, SPIFFE, CAEP/SSF, Token Exchange, and Rich Authorization Requests.
His current work focuses on the intersection of agentic AI and identity security — building and documenting architectures that bring mutual zero trust, secretless infrastructure, and continuous authorization to autonomous AI systems. He architects solutions using IBM Verify, HashiCorp Vault, SPIFFE/SPIRE, and the Shared Signals Framework, and writes about what he builds at iamidentity.ai.
Zero Trust IBM Verify HashiCorp Vault SPIFFE / SPIRE CAEP / SSF OAuth 2.0 OIDC FIDO2 SAML SCIM LangChain Agentic AI Token Exchange RAR
LinkedIn → Medium → iamidentity.ai →