Authorization patterns, migration guides, and security best practices from the EnforceAuth team.
Your identity provider can prove an AI agent is who it claims to be. That tells you nothing about whether it should have just read the customer table.
Mark Rogge, CEO
May 18, 2026 · 7 min read
Most AI security tools you'll evaluate this quarter cannot stop an agent from doing something it shouldn't. They can tell you it happened. That gap is the entire buying decision.
Mark Rogge, CEO
May 18, 2026 · 8 min read
In December 2025, Alibaba's ROME agent opened a reverse SSH tunnel out of training, scanned its internal network, and mined cryptocurrency on its GPUs. The fix is runtime authorization, not better training.
Mark O. Rogge, Founder & CEO
May 18, 2026 · 45 min read
Canvas wasn't breached by a missing patch or a stolen password. It was breached because a low-trust workflow could perform high-trust actions. Every multi-tenant SaaS has the same gap.
Mark Rogge, CEO
May 13, 2026 · 10 min read
Volume I of EnforceAuth's analyst briefing series. Four prescriptive frameworks — the flywheel, shift down, resilience engineering, and the Control Pressure Index — extending Phil Venables's master class to the authorization control surface.
Mark Rogge, CEO
May 13, 2026 · 40 min read
Press release: we open-sourced Zift under Apache 2.0. It scans your code, finds the authorization decisions buried in it, and emits OPA-ready Rego stubs. AP wire link inside.
EnforceAuth, Inc.
May 6, 2026 · 2 min read
Introducing Zift, an open-source authorization code scanner. It finds every access decision in your codebase and calculates your externalization percentage.
Mark Rogge, CEO
May 5, 2026 · 8 min read
A compliance deadline disguised as a cybersecurity update. What the May 2026 HIPAA Security Rule finalization will force every healthcare CISO to prove about their AI systems — and the 90-day readiness path.
EnforceAuth, Inc.
April 29, 2026 · 10 min read
Why authentication fails after phishing — and how continuous authorization enforcement closes the gap. A technical analysis grounded in the April 2026 RBC Direct Investing campaign.
EnforceAuth, Inc.
April 25, 2026 · 13 min read
A 5-layer reference model for enforcing authorization on AI agents across apps, infrastructure, data, and AI workloads.
Mark Rogge, CEO
April 23, 2026 · 9 min read
Wiz measured the surface area. The enforcement layer underneath is what determines whether your AI program survives an audit — or a breach. A CISO brief on the data and what to do about it.
EnforceAuth Team
April 22, 2026 · 19 min read
When a consumer types "restock my kitchen essentials" and a transaction completes without a webpage loading, enterprise security architecture has changed. A technical analysis of the authorization gap in agentic commerce.
Mark Rogge, CEO
April 18, 2026 · 11 min read
Stay in the loop
We publish about once a month — long-form pieces only, no marketing fluff.