Identity, AI/ML, Zero trust, Cloud Security

A New Identity: When tech benchmarks became security’s blind spots

Image: Adobe Stock

Image: Adobe Stock

Once, tech revolved around a few guiding stars: Moore’s Law, the Turing Test, and a belief that the future would arrive if we just waited long enough. Moore’s Law said we’d get faster chips forever. The Turing Test teased us with the idea that one day a machine would fool us into thinking it was human. Cute.

Fast-forward to now. Moore’s Law is less a law and more a footnote in the corner of a PowerPoint. The Turing Test? It got passed, then hacked, then ghosted by AI.

When ChatGPT can write poetry, argue politics, and help you debug code, passing the Turing Test conjures the same nostalgia a faded RadioShack sign in a forgotten strip mall does.

[Never Miss SC Media's A New Identity column: Subscribe to the SC Identity Newsletter Now]

Moore’s Law didn’t break. It just became irrelevant. The bottleneck wasn’t transistor density but in energy efficiency, software complexity, and systems design. Computing moved from endpoints to cloud datacenters halfway around the globe.

Security blind spots

What happened? We got distracted. TikTok fed our dopamine, cloud platforms fed our apps, and AI fed itself. Meanwhile, cybercriminals slipped in through the backdoor, ordered bottle service, and rewrote the rules of engagement while the rest of us were still staring at our zero trust diagrams.

Viewed through the lens of identity security, the benchmarks we used to worship tech now feel quaint, like VHS tapes in an Apple TV+ world. But don’t mistake nostalgia for safety. Those same benchmarks we stopped watching? The bad actors didn’t. They got there first.

AI is no longer focused on passing the Turing Test, it's now focused on passing as you. It's not about artificial intelligence pretending to be human in a lab, it's about AI impersonating you in a login form.

For CISOs, that’s a whole new nightmare.

Our identity scaffolding wasn’t built for the scale and automation of today’s threat environment. If Moore and Turing are off the table, what are the new benchmarks for identity?

The road ahead: Identity gets weird before it gets better

The next benchmark in identity security isn’t about AI breaking in, it’s about security systems understanding what a legitimate user should typically do, recognizing when they stray from that behavior, and blocking suspicious activity before it becomes a breach.

The future benchmark in identity security is about measuring success not by how easy it is to log in, but by how difficult it is to exploit the system once inside.

Modern identity platforms like Microsoft Entra, Okta, and PingOne already apply AI and heuristics to track user behavior, flag anomalies, and assign risk scores in real time. IBM Security Verify and CrowdStrike Falcon Identity Protection go even further, detecting subtle deviations and privilege misuse after authentication. These systems aren't trying to verify just who you are. They're evaluating whether what you're doing makes sense for you.

Static, binary authentication is dead. Identity isn’t a moment, it’s a process. It’s not about building zero trust networks, it’s how to rebuild trust in a zero-assumption world.

Moving beyond benchmarks to pragmatic

At RSAC 2025 and Identiverse 2025, a new identity race began to take shape. This pivot is one not driven by speed or sentience, but by resilience, adaptability, and real-time intelligence. These aren't abstract thoughts. They are fast becoming table stakes for forward-looking IAM programs.

  • Continuous Access Evaluation: A foundational concept, pushing security beyond the login moment and into real-time behavior tracking.
  • Identity Security Posture Management (ISPM): This tech has appeared on more roadmaps, offering dashboards that assess and enforce identity risk across dynamic cloud and hybrid environments.
  • Machine Identity Management: The growing number of non-human identities, such as those used by IoT devices and APIs, necessitates new approaches to identity governance and management.
  • Agentic Identity Governance: This is particularly important when managing autonomous AI systems and granting them bounded, auditable access in enterprise environments.
  • Quantum-Resistant Cryptography: Vendors are anticipating a future where today’s identity protocols could be rendered useless. As quantum computing edges closer to viability, IAM leaders are reinforcing their cryptographic foundations — swapping out vulnerable public-key algorithms for quantum-safe standards to preserve authentication, federation and trust long before quantum attackers arrive.

    • Changing expectations

    We dreamed of flying cars and got Uber and Waymo instead. We imagined helpful personal robots and ended up with Alexa and Roomba. The paperless office? Still waiting. But now we don’t care. Our sci-fi utopia veered sideways. We didn’t get the future we were promised — rather the one that showed up.

    Maybe Moore’s Law didn’t really die, it defected. That same exponential computing power now trains models that automate attacks faster than your SOC team can say, “Is this a false positive?” And the Turing Test? It’s now an offensive litmus test to defend against phishing campaigns. If an adversarial LLM can fool a human or our perimeter defenses, it’s back to the AI Turing Test drawing board to shore up defenses.

    Until we learn to treat identity as a living, breathing system rather than a box to check, a milestone to pass, or a slogan, we’ll keep wandering the dead strip malls of innovation, wondering how our smartest dreams got hijacked by smarter threats.

    [Never Miss SC Media's A New Identity column: Subscribe to the SC Identity Newsletter Now]

    An In-Depth Guide to Identity

    Get essential knowledge and practical strategies to fortify your identity security.
    Tom Spring, Editorial Director

    Tom Spring is Editorial Director for SC Media and is based in Boston, MA. For two decades he has worked at national publications in the leadership roles of publisher at Threatpost, executive news editor PCWorld/Macworld and technical editor at CRN. He is a seasoned cybersecurity reporter, editor and storyteller that aims always for truth and clarity.

    Related

    El Salvadoran journalists’ lawsuit against NSO Group revived

    CyberScoop reports that the U.S. Court of Appeals for the Ninth Circuit has reversed the dismissal of a case filed by journalists from El Salvador-based independent news outlet El Faro against major spyware firm NSO Group, ruling that previous California court action involved discretionary abuse.

    Related Events

    Get daily email updates

    SC Media's daily must-read of the most current and pressing daily news

    By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

    Related Terms

    Asymmetric WarfareBasic AuthenticationBiometricsCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)Cloud ComputingDigest AuthenticationDigital CertificateDiscretionary Access Control (DAC)Greynet

    You can skip this ad in 5 seconds