Identity Unification Secures Ephemeral Workloads
bankinfosecurityTailscale's Sam Linville on Just-in-Time Access and AI Pipeline Security Michael Novinson (MichaelNovinson) • December 22, 2025
Multi-cloud environments and ephemeral workloads have made traditional security models that rely on API keys and virtual private cloud peering increasingly fragile, said Sam Linville, head of product at Tailscale.
See Also: Going Beyond the Copilot Pilot - A CISO's Perspective
Workload Identity Federation addresses this by using OpenID Connect tokens generated by infrastructure providers to assert identity and ownership. These short-lived tokens carry minimal blast radius even if breached. Linville said least-privilege models should extend beyond employee access to include CI/CD jobs and artificial intelligence agents that need temporary network access.
"Your employees don't work 24 hours a day, and so when they're not working, they really don't need that access, and it's a vulnerability for their machine to still have it," he said.
In this video ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE