microsegment.io

segment all the things

Non-Human Identities Need Containment, Not Just Rotation

Service accounts, API keys, OAuth apps, and agents are now lateral movement infrastructure

Non-human identities are becoming one of the most important trust paths in modern environments. This article explains why service accounts, API keys, OAuth apps, and AI agents need microsegmentation and blast-radius control, not just secrets hygiene.

Microsegmentation in 2026: The Control That Turns Breach Assumption Into Architecture

Why lateral movement, cloud sprawl, identity drift, and AI agents are making containment a board-level priority

A 2026 trend view on microsegmentation: vulnerability exploitation, ransomware, identity drift, cloud complexity, and AI agents all point to the same need - smaller blast radius by design.

NIST publishes a zerotrust architecture recommendation

The US NIST published a great guide on a zero trust architecture that definitely is worth reading and details the elements, deployment and deployment scenarios and reference to other material to help people get started with zero trust.

ACT IAC on Zero Trust trends

The American Council for Technology-Industry Advisory Council (ACT-IAC), a non commercial organisation for creating a more innovative government published a paper on Zero Trust I would recommend this paper for anybody remotely thinking about Zero Trust, be it because you start thinking about introducing it or because it is just one of those trends that you want to catch up on. There is a huge amount of truth and knowledge in this document and it is not having any marketing in it. I read it and thought this is sound advice for anyone that looks to improve their security posture with the ultimate, long term Zero Trust goal in mind.

A collection of zero trust resources

Work in progress This list is work in progress, if you have suggestions on what to add, please add a comment below or drop me a mail or note. The origins Zero Trust is not exactly a new idea, but a name for a architecture that takes least privilege as the first design principle and assumes nothing can be trusted. I am not sure who established the category at this moment, but it seems Google and Forrester Research have both been working on this. John Kindervag (@kindervag) originally published the model in 2010. That paper is still valid 9 years after the first publication and it shows great foresight and vision. Kudos to that.