In this episode of the KuppingerCole Analyst Chat, Martin Kuppinger joins Matthias Reinwarth to dive deep into one of the most overlooked but critical areas in identity and security: non-human identities (NHI) and workload secrets. As cloud-native development and AI-driven workloads grow, so does the complexity of managing machine identities. With AWS now supporting long-lived API keys for generative AI, this episode explores why that's a risky move — and what a modern, secure, and developer-friendly alternative looks like.

In this episode, you'll learn:

• Why workload identities must be treated as privileged
• How long-lived secrets expand your attack surface
• Why “balancing convenience vs. security” is a false choice
• How to apply ephemeral secrets and ITDR signals
• The role of SPIFFE/SPIRE, policy-as-code (OPA), and automation
• Why developers shouldn’t own security — and what IAM must do instead
• How attackers use AI to hunt your leaked secrets
• What organizations must do to secure NHI at scale

Key takeaway: Security must be built around short-lived secrets, automation, and clear separation between identity, secrets, and entitlements — especially for workloads and AI agents.