Machine Identity Debt: Why Human Identity Is No Longer Cloud Security’s Primary Boundary

Cloud-native systems now create far more machine identities than human ones. Security strategies built around workforce identity are no longer sufficient. Here’s what engineering leaders should build instead.

The Breach That Didn’t Need a Password

On August 8, 2025, a threat actor now tracked by Google’s Threat Intelligence Group as UNC6395 began quietly moving through the Salesforce instances of hundreds of companies. No phishing email landed in an inbox that day. No password was cracked. No multi-factor prompt was bypassed with a fatigue attack. The attacker simply had something better than a password: a valid OAuth token, stolen months earlier from Salesloft’s GitHub account, that let it impersonate the Drift chatbot integration and act with all the trust that integration had been granted.

This article has been indexed from DZone Security Zone

Read the original article: