Home / Companies / Ory / Blog / July 2026

July 2026 Summaries

6 posts from Ory

Filter
Month: Year:
Post Summaries Back to Blog
AI agents are autonomous software systems designed to perceive their environment, reason about it, and take independent actions to achieve specific goals, differentiating them from traditional automation that follows fixed scripts. The choice of agent type, which ranges from simple reflex agents to complex multi-agent systems, is crucial as it influences decision-making capabilities, data requirements, and identity and authorization complexities. The guide outlines a framework for selecting the appropriate agent architecture based on task requirements, environment characteristics, and operational constraints, emphasizing the importance of identity and access management for agents. It also explores the role of machine identities in ensuring secure and efficient agent operations, particularly in environments where agents spawn dynamically and operate across system boundaries. Additionally, the text highlights how large language models (LLMs) like GPT and Claude can become AI agents when equipped with tool use, memory, and autonomous action capabilities, showcasing their potential to exhibit characteristics of multiple agent types simultaneously.
Jul 08, 2026 2,371 words in the original blog post.
AI agents have become integral yet often overlooked components within modern engineering organizations, frequently operating beyond traditional security gateways and posing potential security risks. Ory Agent Security addresses these concerns by providing comprehensive security solutions for AI coding agents across various harnesses and frameworks. Initially supporting five harnesses, Ory has expanded its coverage to include six additional harness integrations, such as Continue, Goose, and Google Antigravity, and introduced thirteen new Agent SDK integrations for frameworks like LangChain and AWS Strands. This expansion allows Ory to secure agents by implementing a unified identity, authorization, and audit model, ensuring that actions taken by agents are authenticated and recorded in real-time. Ory's approach emphasizes enforcing security at the point of action, rather than relying on network-based security measures, thus providing a robust solution for organizations with diverse coding environments. This ensures consistent security policies across different tools and frameworks, offering audit and compliance readiness by recording all agent actions for transparency and accountability.
Jul 07, 2026 1,399 words in the original blog post.
Agentic AI workflows represent a significant evolution in artificial intelligence, where AI systems operate autonomously to achieve specific goals by breaking down complex tasks, using external tools, evaluating their progress, and adapting in real-time without constant human oversight. Unlike traditional AI, which relies on human prompts for each action, agentic AI workflows handle objectives from start to finish, allowing AI to execute tasks independently and necessitating new security considerations. These workflows operate through a continuous loop of perceiving, planning, acting, reflecting, and repeating, with each phase presenting unique challenges and identity implications. The adoption of agentic AI workflows can streamline operations in various industries, such as customer support, software engineering, financial services, healthcare, and IT, by reducing manual intervention, increasing task completion speed, improving accuracy, and enhancing scalability and adaptability. However, the autonomy in agentic AI introduces potential risks, including unauthorized access, privilege escalation, lack of auditability, and prompt injection, requiring organizations to treat AI agents as first-class identities and implement robust identity and access management frameworks. As businesses increasingly integrate agentic AI, preparing for its security challenges from the outset is crucial to avoid potential breaches and ensure smooth and secure operations.
Jul 06, 2026 2,241 words in the original blog post.
Passkeys represent a significant shift in digital authentication by replacing traditional passwords with a public-private key pair, offering enhanced security and user convenience. Unlike passwords, passkeys eliminate shared secrets, storing only the public key on servers, making them resistant to phishing and credential stuffing attacks. The authentication process involves biometrics or device PINs, with the private key securely stored on user devices, ensuring it never leaves the hardware. Supported by open standards like WebAuthn, FIDO2, and CTAP, passkeys work seamlessly across major browsers and operating systems, providing a unified login method that integrates multi-factor authentication into a single step. While device-bound passkeys offer strong security guarantees, synced passkeys enhance usability by allowing access across multiple devices through encrypted cloud storage. Despite some challenges, such as account recovery and ecosystem fragmentation, passkeys offer a robust alternative to passwords, reducing the risk of breaches and improving user experience.
Jul 02, 2026 2,361 words in the original blog post.
Global companies are increasingly challenged by the need to comply with regulations that dictate user data must remain within specific geographic boundaries, a problem exacerbated by user mobility and rigid identity architectures. Ory Network addresses this issue with its per-identity data homing feature, allowing individual user data to be relocated to different regions without the need to delete and recreate accounts. Unlike traditional CIAM systems that usually rely on separate deployments for different regions, leading to data duplication and operational overhead, Ory's architecture is designed for multi-region capabilities from the outset. This approach treats data homing as an attribute of the individual identity rather than a static project-level setting, enabling seamless re-homing of data when regulatory or user circumstances change. Ory supports data regions in the European Union, Japan, and both the East and West of the United States, allowing enterprises to manage data residency flexibly via the Ory Console or programmatically through the Ory REST API. This capability is particularly beneficial for global deployments, where compliance with varying jurisdictional data laws, such as GDPR, becomes a dynamic operational activity rather than a one-time configuration.
Jul 02, 2026 1,310 words in the original blog post.
AI agents and agentic AI, though often used interchangeably, represent distinct concepts with different functionalities. An AI agent is a single autonomous unit designed to handle one specific task, operating independently to achieve a specific goal. In contrast, agentic AI serves as the orchestration layer that coordinates multiple AI agents into complex workflows to accomplish broader objectives that require multi-step processes. This distinction is crucial for building systems, managing permissions, and understanding unexpected behaviors in AI infrastructure. Agentic AI involves higher-order decision-making, adaptive planning, and multi-agent orchestration, integrating various tools and maintaining context across sessions. Security and identity management pose significant challenges at scale, with each agent requiring unique credentials and governance to prevent potential security risks. Standards-based authentication, like OAuth 2.0 and OpenID Connect, is essential for managing machine identities and ensuring interoperability. Ultimately, AI agents and agentic AI are complementary, with agentic AI deploying and managing AI agents to achieve goals that neither could handle alone.
Jul 01, 2026 2,150 words in the original blog post.