KuppingerCole Analysts

AI is everywhere, but are we using it the right way? In this Analyst Chat, Matthias Reinwarth speaks with CTO Alexei Balaganski about responsible AI usage, prompt engineering myths, data risks, and building a sustainable AI culture. From hallucinations to zero trust, this episode is your practical guide to using generative AI safely and effectively in business.
Key Topics:
✅ AI is mathematics — not intelligence
✅ The biggest AI usage mistakes in companies
✅ Data leakage & third-party risks
✅ Prompt engineering made simple
✅ Context limits & hallucinations
✅ Building a responsible AI culture
💡Practice “Zero trust for AI”, skepticism is your strongest security control!
💡AI can boost productivity, but only if you stay responsible, transparent, and in control.

Identity is no longer just about provisioning and single sign-on. Today’s organizations face fragmented IAM architectures, API sprawl, non-human identity growth, AI agents, and increasing Zero Trust demands. In this episode, Matthew Gardiner speaks with Binod Singh, Founder and Chairman of Cross Identity, about what the Identity Fabric really means and why it has become essential for modern enterprises. They discuss how legacy IAM environments evolved into siloed systems, why integration “tax” is becoming unsustainable, and how a federated, API-driven identity fabric architecture enables scalability, orchestration, and Zero Trust.
You’ll learn:
✅ What the Identity Fabric architecture actually is (and what it is not)
✅ Why IAM silos and legacy systems create integration and security risks
✅ How federated, API-based architectures improve interoperability
✅ The rise of non-human identities and AI agents — and how to manage them
✅ Why convergence and orchestration are critical for Zero Trust
✅ How organizations can transition from fragmented IAM to a fabric model
Whether you are a CISO, IAM architect, or security leader, understanding how to evolve toward an Identity Fabric approach is critical to reducing complexity, enabling Zero Trust, and future-proofing your identity strategy.

Access recertification is one of the most disliked processes in Identity & Access Management, and for good reason.
In this episode, Matthias Reinwarth and Martin Kuppinger challenge the way organizations approach access reviews. Instead of endlessly optimizing broken campaigns, they ask a more fundamental question: What if we eliminated most of recertification altogether?
Key topics:
✅ Why traditional access certification campaigns fail
✅ How overengineered role models create complexity and “rubber stamping”
✅ Why 80–90% of entitlements can be automated via policy
✅ How time-limited access dramatically reduces review effort
✅ Where AI and usage analytics can safely remove unused permissions
✅ Why static entitlements and standing privileges are the real root cause
✅ How modern authorization (e.g., externalized policy models) changes the game
The discussion also touches on the 50-year legacy of IBM RACF and why we still haven’t fully embraced externalized authorization — despite knowing better since 1976.
If you struggle with 70-page access review PDFs, role explosion, or endless recertification campaigns, this episode offers practical, implementable guidance — much of it possible with capabilities you already have in place.

Shadow IT has evolved. Now it’s Shadow SaaS. Shadow AI. And it’s everywhere.
In this week's episode of the KuppingerCole Analyst Chat, Matthias welcomes Matthew Gardiner for his first appearance to unpack one of the fastest-growing security domains: SaaS Security Posture Management (SSPM) and why that name may already be too narrow. Today’s organizations run on hundreds of SaaS applications. Many are sanctioned. Many aren’t. Some are connected via OAuth. Others are quietly leaking data through AI tools. And most security teams don’t have full visibility.
In this conversation, we explore:
✅ What SSPM actually means (and why the “PM” might be limiting)
✅ How Shadow IT evolved into Shadow SaaS and Shadow AI
✅ The intersection of identity and cybersecurity in SaaS environments
✅ Misconfiguration risks, MFA bypass, OAuth sprawl & SaaS drift
✅ Why continuous monitoring beats periodic audits
✅ CASB vs SSPM vs CNAPP — where the lines blur
✅ The growing governance challenge in AI-powered SaaS
✅ Why SaaS security can’t be ignored anymore
If your organization uses SaaS (spoiler: it does), this discussion is not optional.

Decentralized identity is moving from concept to reality, driven by the upcoming EU Digital Identity (EUDI) Wallet! But can digital identity truly become something we trust?
Join us in this Road to EIC episode of the KuppingerCole Analyst Chat where Matthias speaks with Martin Kuppinger about what decentralized identity actually means, how EUDI Wallets work, and why their success depends on real business value. Tune in to learn how verifiable credentials, issuer-holder-verifier models, and privacy-preserving architectures could fundamentally reshape authentication, onboarding, and digital transactions across Europe.
You’ll learn:
✅ What decentralized identity and verifiable credentials actually are
✅ How the EUDI Wallet changes control over personal data
✅ Why trust depends on implementation, not just technology
✅ The difference between mandatory use cases and real adoption
✅ How businesses can reduce costs and streamline processes
✅ Why success requires compelling everyday use scenarios
✅ What organizations should do now to prepare
Beyond government interactions, the real potential lies in transforming complex business processes, from onboarding and compliance to loans, contracts, and digital transactions using trusted, reusable identity data. The EUDI Wallet isn’t just a new login method, it’s foundational infrastructure for Europe’s digital economy. Watch now to understand what decentralized identity means for enterprises, citizens, and the future of trust online.