FusionAuth

Burner accounts are quietly bleeding AI platforms dry. They are burning through expensive tokens on the free tier before anyone notices. Liveness + 1:N biometrics is how you stop it. Cameron D'Ambrosi sits down with our own Dan Moore for a fireside chat on liveness, deepfakes, and the root of trust. Tuesday, May 12 · 12 PM ET · 45 min · Register for On-Demand fusionauth.link/48SCOwZ

See the original coverage from DarkReading at darkreading.com/cyberattacks-d…

ShinyHunters didn't hack 9,000 schools. They hacked one API. The Instructure/Canvas breach (3.65TB stolen) proves that when your LMS is also your identity hub, one leaked token compromises 275M users. Most schools are too locked into their vendors to leave, even when security lags. As Brian Bell, CEO of FusionAuth, puts it: "Vendor trust cannot be a one-time procurement decision. In edtech, it has to be continuously earned." High switching costs shouldn't be a substitute for a robust security posture. We believe identity should be portable and self-hostable. If you can't move your data and rotate your keys on your own terms, you don't have security—you have a lease.

Today is World Password Day, which raises a question: how many more of these will we celebrate? Passkeys are now supported across every major platform. Passwordless login via magic links, SMS OTP, and biometrics is mainstream. The tools to move beyond passwords have never been more accessible. And yet passwords aren't going anywhere soon. They're baked into legacy systems, user habits, and fallback flows that will take years to unwind. So while we're in this transition period, the basics still matter more than most teams realize: • Are you checking credentials against breach databases in real time? • Are you following current NIST guidance? (Hint: mandatory complexity rules and 90-day rotations are out. Length and breach-checking are in.) • Are you offering passwordless as a genuine option and not just a roadmap item? At FusionAuth, we think about this every day. Not because passwords are the future, but because the way you handle them now determines how secure your users are during the transition to what comes next. Happy World Password Day. May there be only a few more of them. 🔐 #WorldPasswordDay #CIAM #Authentication #Passkeys #Cybersecurity #Identity

"The nice thing about authorization is that no matter how complex it gets, it's a deterministic system." FusionAuth’s Dan Moore joined @ministryoftest to talk about the "scary" side of infrastructure and why AI agents need better guardrails. 🧵 Final word: "Caring, to some extent, is the most important finite resource." Whether you're a dev or a tester, focus on the user's needs, not just shipping code faster. Full episode: fusionauth.link/3PnSnWU

When Firat Dogan founded Permify, he set out to solve the most painful part of the stack: fine-grained authorization (FGA) at scale. 🛠️ Permify crossed 1.2M+ downloads, 5,800+ GitHub stars (surpassing OpenFGA), and 60+ contributors. It reached #1 on GitHub Trending, landed on the Hacker News front page twice, and was ranked #14 on Fast Company’s Top 100 Startups in 2024. Since joining FusionAuth in Nov 2025, that vision has become the engine powering our #FGA. Learn the history of Permify at fusionauth.link/4uDpCEN

AI agents + MCP = a security nightmare without an auth layer. Join @mooreds at #BSW2026 to learn how to secure the Model Context Protocol. Build an MCP server, connect to Claude, and implement a full auth flow with user consent. Hybrid event—join us in Boulder or online. 📍 Boulder Public Library + Google Meet 🕐 Time: Monday, May 4 · 1:00 PM CST 🔗 fusionauth.link/4n51B6Y Hardware ready: Docker, Node, Python, and Claude Desktop required.

Feature flags without identity = spraying features into the dark. @azimman (co-author of Progressive Delivery) and @FusionAuth’s Dan Moore are going live 4/29 to show how JWT attributes power precise, cohort-based rollouts. The first 20 registrants get a free copy of the book. 📖 Register: fusionauth.link/4sUceKZ

Coverage & quote from Dan at scworld.com/news/namastex-…

CanisterWorm is a masterclass in supply chain persistence. 🪱 It hijacks npm packages to steal developer tokens, then uses those tokens to republish the malware in the victim’s own software. It’s a self-propagating loop that turns your own identity against you. FusionAuth’s Dan Moore on the risk: "Long-lived, over-permissioned CI/CD tokens are as risky as passwords written on a sticky note. Organizations need to have more than credentials for software systems." Hardening steps: • Check for /tmp/pglog—a known marker of this attack. • Audit for unexpected systemd user services. • Scope, rotate, and monitor all publishing credentials immediately.

Brad's latest blog breaks down why we need a neutral identity plane: fusionauth.io/blog/agent-ide…

Google Cloud Next was a masterclass in AI agent scaling. But there’s a catch: Walled Gardens. Google’s new agent IDs are great for Google. But what happens when your agent needs to call an API in AWS or a private data lake? 🧵 The "Handshake Problem" is the next big auth hurdle. When agents move between ecosystems, identity usually breaks down into risky service accounts or hardcoded keys. Identity is the connective tissue. We spent GCN talking to teams (shoutout to Ford and Domo) about how FusionAuth bridges that gap—providing portable, auditable identity for agents that don't live in a single cloud. Also, we officially peaked. Shannon Elizabeth spent the afternoon in "Mom's Basement" handing out signed Raspberry Pis and talking shop with the community. GCN: Come for the AI agents, stay for the 90s nostalgia. 🥧 ✌️

If you hear someone say, “Shannon Elizabeth is in Mom’s Basement with signed Raspberry Pis,” They are not confused. They are giving directions. TODAY, April 23, 3:30–5:30 PM Activation Alley. Google Next.

Some brands hand out tote bags. We invited Shannon Elizabeth to Mom’s Basement to hand out signed Raspberry Pis. TODAY, April 23, 3:30–5:30 PM Activation Alley at Google Cloud Next. That’s it. That’s the post.

Book your demo on-site with the team before it gets crowded at fusionauth.io/event/google-c…

A truly unhinged sentence from a very real event plan: Thursday, April 23, 3:30–5:30 PM Shannon Elizabeth will be in Mom’s Basement at Google Cloud Next giving out signed Raspberry Pis. Activation Alley. No further questions.

Schedule an on-site demo and get more information about FusionAuth at ahttps://fusionauth.io/event/google-cloud-next

Sundar Pichai at #GoogleNext: The question isn't "can we build an agent," it's "how do we manage thousands of them?" Wiz’s red team already found the first gap: auth bypass on exposed agents. Security catches it late; Identity prevents it early. Every agent needs a real identity, not just a service account. We're in Activation Alley #SAA2 showing how FusionAuth handles NHI and agentic identity with the same rigor as human auth. Plus, Shannon Elizabeth is in our "Mom's Basement" space from 3:30–5:30 PM tomorrow with signed Raspberry Pis. #GoogleNext #FusionAuth #AI

Connect with the team & book a meeting to meet Shannon at fusionauth.io/event/google-c…

Shannon Elizabeth is coming to Google Next. I know, bold choice. On Thursday, April 23rd from 3:30-5:30pm, Shannon Elizabeth will be at FusionAuths Mom’s Basement Activation Alley Space, #SAA2 2nd floor outside the expo, for a meet-and-greet, photo opp, and–becasue we fully committed to the bit–handing out signed Raspberry Pis. Yes, really. We are turning our activation space into a full-on 90s basement throwback, complete with awkward family photos, Tamagotchis on the spin-to-win, retro games, and the kind of nostalgia that feels deeply family to anyone who has ever built something in a room with bad lighting and excellent ideas. If you’re heading to Next, come for Shannon Elizabeth and stay to meet the FusionAuth team and see what flexible, developer-friendly CIAM actually looks like. #googlenext #ciam #customeridentity #fusionauth