SHARED INTEL Q&A: From Code Red to the ‘new control plane’ — Marc Maiffret on identity – Source: www.lastwatchdog.com

By Byron V. Acohido

The identity security market got its moment of validation.

Related: Inside Palo Alto Networks acquisition of CyberArk

Palo Alto Networks’ blockbuster $25 billion acquisition of CyberArk — its largest to date — underscores a strategic inflection point: identity has become the new control plane of modern cybersecurity. The move marks Palo Alto’s aggressive entry into identity security and reflects growing enterprise recognition that securing credentials, entitlements, and privilege pathways must be foundational — not treated as an afterthought.

That’s music to the ears of BeyondTrust. For years, the Atlanta-based company has invested in building out a unified identity security platform grounded in privileged access management, cloud entitlement insights, and now, attacker-centric detection of hidden privilege escalation paths.

This identity-first approach has helped BeyondTrust carve out a leadership position in an increasingly crowded field. It has also set the stage for the company’s latest move: the launch of Phantom Labs, a new research arm formalizing its red-team-inspired threat modeling — and signaling that BeyondTrust aims to help define what effective identity security looks like in the age of AI.

At Black Hat 2025, Last Watchdog caught up with Marc Maiffret, CTO of BeyondTrust — and one of the early white-hat hackers who famously discovered the Code Red worm in 2001. The discovery, fueled by long nights and an overabundance of Mountain Dew, remains a defining moment in cybersecurity lore. We discussed how the company is responding to the market’s consolidation — and why securing machine identities, service accounts, and AI agents may prove even more urgent than protecting users themselves.

LW: What does Palo Alto’s acquisition of CyberArk signal to the identity security market — and to BeyondTrust specifically?

Maiffret: This deal validates what we’ve long believed: identity security isn’t a feature — it’s foundational to modern cybersecurity. The $25 billion acquisition of CyberArk by Palo Alto marks a watershed moment where identity is finally recognized as an essential security control plane. At BeyondTrust, we view this as powerful market validation of our strategy.

While others are entering identity from adjacent markets, BeyondTrust was built for this. Identity isn’t something we’re bolting on, it’s our core DNA. This moment further solidifies our role as an independent, pure-play identity security leader, delivering focused innovation and stability when others are entering periods of integration uncertainty.

LW: How does BeyondTrust’s platform approach differ from firewall-first vendors moving laterally into identity?

Maiffret:  As the perimeter has shifted from the network to the endpoint and now to identity we have seen many vendors approach identity as an add-on and something to integrate after the fact. In contrast, BeyondTrust’s long history as a leader in PAM has allowed us to build a unified identity security platform from the ground up using our deep knowledge of identities, privilege and access.

Maiffret

Our solutions are purpose-built to provide holistic visibility, control and protection of the entire identity attack surface, not plug holes in one area. Our Pathfinder platform and solutions including Identity Security Insights deliver unique value by uncovering often hidden Paths to Privilege and providing a unique view of the True Privilege of identities.

While many security vendors are adding on more reactive identity based detections, BeyondTrust takes a more proactive approach using attacker-informed privilege graphs that enable customers to surface and mitigate risks before they are exploited alongside context rich detections. This provides real-time privilege risk modelling in a seamless platform experience.

LW: Can you explain how “Paths to Privilege” reframes how organizations should model identity risk?

Maiffret:  Paths to Privilege reframes identity risk by shifting focus from static entitlements to dynamic privilege escalation pathways. Traditional access models ask, “What permissions exist?” Our approach asks, “How could an attacker exploit those permissions to escalate access?” It’s a red team-inspired mindset designed to illuminate hidden lateral movement and post-exploit pathways across hybrid environments.

We’ve operationalized this with Pathfinder and True Privilege, helping customers understand not what access exists, but what could exist in the hands of an adversary. It’s a unique and powerful way to visualize, detect, and defend against identity-based attacks.

LW: What’s the role of Phantom Labs, and why was now the right time to launch a formal research team?

Maiffret:  Anyone who knows me, knows that security research has been a lifelong passion for me and we have been growing the research team here at BeyondTrust for many years now. Phantom Labs is the formalization of those years of attacker-focused research at BeyondTrust. It exists to uncover emerging identity threats, share actionable intelligence with defenders, and accelerate innovation across our platform. The timing is intentional, the formal launch of Phantom Labs is a signal to the market that BeyondTrust is setting the pace for identity security.

With identity as the new perimeter and AI driving rapid change, defenders need deeper, forward-looking insights. They need products that provide them with expert analysis and context to help them keep pace with the threat landscape.

This is why Phantom Labs is led by Red Team experts like Fletcher Davis working hand in hand with data scientists to bring new capabilities to our customers. As a CTO with a passion for security research I work closely with the team because research is the engine behind our innovation.

LW: In what ways are machine identities and non-human accounts creating new blind spots?

Maiffret:  Machine identities from service accounts to AI agents now outnumber human users by orders of magnitude. These non-human identities often carry high privilege and operate 24/7, yet they’re poorly governed and rarely monitored. This creates a vast, dynamic attack surface that traditional PAM and IGA solutions weren’t designed to manage.

BeyondTrust addresses this through intelligent discovery, entitlement insights, and detection models that map privilege risk across both human and machine identities. It’s not about managing accounts, it’s about securing the invisible identities and infrastructure powering today’s digital enterprises.

LW: How are customers using tools like Identity Security Insights and True Privilege in practice?

Maiffret:  Customers use Identity Security Insights to gain continuous, real-time visibility into identity risk across their hybrid environments. This allows them to proactively mitigate identity risks and continuously reduce their identity attack surface. With Identity Security Insights, customers can get a view of the True Privilege of all the identities in their environment.

This goes far beyond traditional solutions that look at what permissions are directly assigned and instead analyzes all the potential Paths to Privilege that could be exploited. This includes policy misconfigurations, stale privileges, and roles that enable elevation of privilege. T

his view of True Privilege and Paths to Privilege helps security teams model actual privilege escalation paths, not theoretical permissions, and prioritize remediation based on risk. Together, these tools empower customers to shift from reactive to proactive identity defence, uncovering hidden pathways and remediating in even the most complex and dynamic environments.

LW: Looking ahead, what does identity-first innovation need to look like to keep pace with adversaries — and AI?

Maiffret:  AI is only as safe as the identities behind it. With agentic AI (AI systems that act autonomously) those identities now include autonomous agents, service accounts, and the secrets they use to act. Identity?first innovation means treating identity as the control plane for AI: unifying visibility across human and non?human identities, understanding their True Privilege and hidden Paths to Privilege, and enforcing zero?standing, just?in?time access with continuous detection and response.

That’s exactly why we built the Pathfinder platform and Identity Security Insights—to model privilege relationships across cloud, SaaS, and on?prem, surface the real blast radius of any identity (human or agent), and shut down risky privilege paths before adversaries exploit them.

Many vendors are approaching “AI security” narrowly. We’re solving it in context of the whole identity attack surface, so customers can adopt agentic AI confidently—without creating a new class of unmanaged, high?risk identities.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

August 12th, 2025 | Q & A | Top Stories