PAM is morphing into identity‑centric security

Palo Alto Networks agreed to acquire CyberArk on July 30, 2025, signaling platform-level consolidation in identity security (announced). paloaltonetworks.com Delinea signed a definitive agreement to acquire StrongDM on January 15, 2026 to combine PAM with just‑in‑time runtime authorization for engineers, DevOps and AI agents. cyberdefensewire.com CyberArk expanded its machine‑identity security portfolio with advanced discovery and context capabilities in October 2025 to inventory certificates, keys and service accounts at scale. cyberark.com Delinea’s 2025–2026 product messaging and an industry Frost analysis show vendors adding AI‑driven discovery, vaulting and lifecycle automation specifically for service accounts and ephemeral agent identities. delinea.com Microsoft announced the retirement of Entra Permissions Management and a collaboration with Delinea on April 1, 2025, shifting some cloud entitlements workflows toward third‑party identity providers. techcommunity.microsoft.com The Cloud Security Alliance’s November 24, 2025 guidance frames privileged access as a cloud‑first, identity‑centric discipline—emphasizing entitlement discovery, continuous monitoring and policy enforcement. cloudsecurityalliance.org A CyberArk study published January 8, 2026 found only 1% of organizations had fully adopted just‑in‑time privileged access, while vendor materials from SailPoint and Okta warn that service accounts, bots and automation are prolific blind spots. cyberark.com Operationally, security teams cite millions of ephemeral tokens across CI/CD pipelines, render farms and moderation bots; industry playbooks recommend secrets vaulting, automated rotation and session auditing—capabilities highlighted in 2025–2026 vendor whitepapers and reports. auth0.com