Every time someone on your team connects an AI tool to their work account, a new OAuth identity gets created in your environment.
It doesn't expire when the tool stops being used. It doesn't get caught by standard offboarding. It just persists, holding access nobody's monitoring.
In most orgs, NHIs like these outnumber human ones. Most were never inventoried.
Visibility is step one. Auth Sentry Monitor is free:
gethumming.io/Monitor/
Five articles, one pattern: attackers aren't breaking through perimeters - they're walking through them with valid credentials.
MFA fatigue. Vishing coalitions. Graph-based lateral movement. Machine identity sprawl. Iranian APT credential campaigns.
Each piece maps a different entry point to the same post-auth gap.
Full series: gethumming.io/blog/
Free identity inventory: gethumming.io/monitor/
Iranian APT attacks:
Phase 0: Reconnaissance
Phase 1: Low-and-slow password spray
Phase 2: Credential access
Phase 3: MFA/OAuth persistence
Phase 4: Privilege escalation
Phase 5: Data collection
Traditional tools detect events. Our analytics detect the shape of a campaign - before any 1 account threshold is crossed.
Our BA-IR-004 rule can fire while attackers are still testing credentials.
Earlier signal. More time to respond.
Full breakdown + detection methodology:
https://gethumming.io/blog/iranian-apt-threat-bulletin/
In most orgs, non-human identities outnumber humans 10:1.
Service accounts. Machine identities. OAuth tokens. Most are over-privileged. Many are forgotten.
You can't protect what you can't see.
Auth Sentry Monitor - free identity visibility, up in minutes.
authsentry.ai/register
