Transforming Identity Protection: Innovating with AI and Attack Paths
Filipi Pires
Cloud Village @ DEF CON 33 · Day 1 · Cloud Village
In this insightful talk from Cloud Village, Filipi Pires, Head of Identity Advocate at Segura, delves into the critical and often overlooked realm of identity protection in cloud environments, particularly focusing on **machine identities**. The presentation, titled "Transforming Identity Protection: Innovating with AI and Attack Paths," highlights how misconfigurations and insufficient privilege management, especially concerning non-human identities, create significant vulnerabilities that attackers readily exploit. Pires not only dissects the theoretical underpinnings of attack paths and high-value targets but also demonstrates a potent attack vector against AWS Identity and Access Management (IAM) to underscore the urgency of robust identity governance.
AI review
A vendor demo dressed up as research. The IAM CreatePolicyVersion privilege escalation vector is well-documented, Rhino Security Labs wrote this up years ago, and the 'AI-powered remediation' angle is pure product marketing. Nothing here advances the field.