Key Takeaways from Identiverse 2025

(photo by Identiverse)

This past June, I had the chance to attend Identiverse, one of the leading conferences in identity and access management (IAM), with over 3000 professionals in attendance. Over the span of four fully packed days, I dove into hands-on workshops, explored emerging trends, and conversed with a wide range of IAM solution providers.

Here are three key takeaways that stood out to me from the conference:

• Non-Human Identity (NHI): Many sessions at the conference spotlighted the growing risks around NHIs (i.e., accounts not tied to individuals, but to service accounts, APIs, bots and devices). These identities vastly outnumber human users, in some cases 100 to 1, and yet often operate unchecked and with elevated permissions. NHIs are frequently created, overprovisioned and forgotten, making them a hidden threat across environments. A 2024 survey by the Cloud Security Alliance found that 69% of security professionals are concerned about NHI-related attacks, but only 15% of those surveyed feel confident to thwart them. Identiverse focused heavily on NHI-related challenges, with many speakers and vendors sharing strategies to improve visibility and lifecycle management.
• Customer Identity and Access Management (CIAM): Customer identity was another major theme at the conference, with many vendors showcasing new and innovative CIEM solutions. CIEM refers to the tools and processes used to manage authentication and access controls of external identities. From my conversations, it was also clear that a lot of attendees were actively seeking ways to address ongoing CIAM-related challenges in their own environments such as a need for more flexible authentication options. This interest in CIEM tools aligns with broader market trends; the CIEM market is projected to grow from $1 billion to $14 billion by 2031.
• Agentic AI: Unsurprisingly, agentic AI stole the spotlight at the conference. These systems act autonomously, pursuing goals and making decisions without human interaction. While agentic AI technically falls under the umbrella of non-human identities, it also breaks the mold, introducing new risks. Instead of following predefined scripts, AI agents chart their own paths, deciding what to access, and how and when to act. Several workshops focused on developing IAM strategies to manage these autonomous entities more effectively. Key recommendations included using IAM tools to flag over-permissive agents, enforcing just-in-time (JIT) access and ensuring agent action can be traced back to the human who initiated it.

At the conference NHIs, CIAM and agentic AI came up again and again as IAM professionals wrestled with how to adapt their strategies to associated challenges. As security teams evaluate and mature their own IAM strategies, it’s worth considering whether the risks and concerns highlighted here apply to your environment. For guidance on building a secure IAM program, please contact one of our experts: info@klogixsecurity.com.