Looking ahead to 2026

Identity management has evolved from being a background administrative function to a central element in enterprise risk, operational trust, and AI governance. The traditional approaches to identity security and governance are inadequate for modern needs, as the focus shifts from users and groups to permissions and entitlements, necessitating a new emphasis on securing and governing authorization at scale. Identity now serves as the enterprise control plane, with micro-certifications transforming trust units from users to permissions and promoting continuous justification over periodic reviews. As AI governance becomes more prevalent, it highlights existing issues like over-permissioning and fragmented visibility, prompting a need for systems that offer clear, real-time insights into access and exposure without requiring specialized expertise. This shift requires embracing graph architectures and relational contexts to define risk more accurately, with a focus on building trust incrementally through real products that deliver value.