Published to clients: November 20, 2025 ID: TBW2107
Published to Readers: November 21, 2025
Whisper Email Release:
Public Release Date:
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
“This Whisper Report explores the most desired casino innovations identified at G2E 2025. Industry experts highlighted two key areas: operational improvements for casinos—such as seamless system integration and cross-platform play—and enhanced player experiences through biometric authentication, personalized VIP services, and engagement strategies. These insights reveal opportunities for transformation and differentiation in gaming technology.”
“Recent advancements in decentralized identity include passwordless authentication, time-bound credentials, and dynamic identity chaining. These innovations reduce risk, improve privacy, and enhance user control. Separation of authentication from authorization enables more precise access management. One-way functions protect biometric data in cloud environments. Emerging standards like SPIFFE and CSA’s agentic identity frameworks offer scalable, interoperable solutions. Together, these developments support secure, flexible identity ecosystems without relying on centralized authorities.”
We took the most frequently asked and most urgent technology questions straight to the Technologists gathering at Identiverse 2025 held at Mandalay Bay in Las Vegas. This Whisper Report addresses the question regarding the latest advancements in decentralized identity and verifiable credentials. But what is a decentralized identity. Panini’s Jim Harris explained, “identity – being able to capture that information using nearfield technology and then verifying that issue issuing information with the agency that issue it to certify that customer is legitimately who they say they are so we believe that’s one of the ways we can support authentication in a digital decentralized environment.” Let’s dive into six advancements in decentralized identity for you to add to your environment as depicted in Figure 1.
Frequently involved in moving authentication from something you know to something you are, Passwordless takes those pesty passwords out of the equation. As Simeio’s Octavio Lopez observed, “I’ve been seeing a lot of a lot of organizations are pushing towards passwordless.” For vendor examples that provide biometric identity options see Conference Whispers: Identiverse 2025 and Conference Whispers: ISC West 2025.
A favorite tactic to limit any damage from stolen credentials is to time bound them. As GitGuardian’s Dwayne McDaniel explained, “How do we not store a long-term credential but instead expose only the bit of the credential you need to verify that entity should be doing that thing and then issue a very short live jot or 509 Cert (X.509 certificate) that will expire immediately.” Any compromised short-lived credential is useless thereby limiting the blast radius in the system.
Related to time bound credentials is the dynamic identity chaining. As Apono’s Ofir Stein revealed the key to decentralization of identities is, “it’s the ability to create dynamic changes in the identity that exist in the environment. Meaning by that we keep what we call identity chaining while if I need access to some resources let’s say in cloud we create all the identities that needed for me to work and then we revoke them so dynamic approach to decentralized identity in a panel the dynamic approach is the decentralized identity when we create identity when needed and we work them when they when they don’t need them.”
“Although commonly associated together, as the namespace identity and access management imply, the decentralized identity world is seeing a separation. Authentication — the verification you are who you say you are — is being distinguished from authorization — the granting of some authority to some resource. As GitGuardian’s Dwayne McDaniel highlighted, “we’re going to see some major advancements with this idea of I can prove on me but that doesn’t automatically authorize me for things the authorization is starting to be separated from authentication in a way that should have probably done in the first place.”
As one might suspect, many identity solutions involve the cloud. The concern becomes, how to store the data in such a way that even if the data stored is compromised – the identity information is not? Keyless’ Alex Jones elaborated on the use case. “when you’re talking about privacy in the biometric space it’s all about where your biometric data goes does it stay on the device does it stay on the cloud so within cloud-based biometrics which is what Keyless does, there’s different ways of making sure that the biometric data on the cloud is kept really safe and this is where a decentralized biometric system come in it’s basically transforming the biometric data when it goes on the cloud so that when it’s there it is completely unrecognizable so even if the cloud server is compromised the biometric data or the data that’s stored there is kept safe.” This is the same approach we saw leveraged during our coverage of ISC West. A hash of the data is stored not the data itself. This hash function can be used against new data presented to see if the two results match properly. There is no reverse of this hash function thus the original data cannot be disclosed even if the resulting hash is compromised.
Finally, when you are creating your roadmap or architecture you do not have to reinvent the wheel. As GitGuardian’s Dwayne McDaniel denoted, “we’re seeing the standards emerge right now about 7 years ago we saw SPIFFE the secure production identity framework for everyone emerge and that came out of what Google was doing internally. Number of working group that sprung up at Netflix and they wrote a beautiful book on it called solving the bottom turtle. The CSA has just put out a new paper May 25th on how dissolve this multi- agent system problem and introducing concepts like agentic name spacing and a distributed ID like as name spaces and it’s just a fascinating time now.”
For those wishing to see a case study about how to bring a massive, decentralized identity solution to life, Identiverse had a keynote for you. Specifically, a case study of the UK mobile identity deployment featuring Hannah Rutter, Deputy Director, Digital Identity of the United Kingdom. If your organization is on the decentralized identity path, there is no reason to go alone. Reduce the risk and increase your chances of success by working with TBW Advisors LLC. Schedule an inquiry at the beginning of the process and each critical step to stop missteps.
Cyber-physical security, like healthcare tech, must carefully manage PII. Experts highlight privacy-preserving biometrics, user-controlled consent, and anonymous face matching. Regulatory compliance, such as GDPR, drives standardization and innovation. As laws vary by region, adaptable and consistent global system architectures are essential for scalable, secure, and compliant operations.
Publicly Published with video edition: August 18, 2025
Analyst(s): Dr. Doreen Galli
Photojournalist(s): D. Doreen Galli
Abstract:
Identiverse 2025 welcomed 3,300+ attendees to Mandalay Bay – nearly a 20% gain over 2024. Featuring 250+ sessions and 150 exhibits all on one floor, the event was smooth and accessible. Keynotes and sessions emphasized teamwork, resilience, and collaboration, while exploring AI in identity, decentralized credentials, and zero-trust implementation. Exhibitors showcased innovations from selfie-based authentication to intelligent access control and secrets vault cleanup. The shift from Aria to Mandalay Bay marked a new chapter for the expanding event, which returns to Mandalay Bay in 2026.
The Conference
Identiverse 2025 was held at Mandalay Bay Convention Center, a move from Aria in 2024. It hosted 3300 attendees, 250 sessions and 150 exhibitors.
Cautions
Friendly reminder: this research provides examples of what was shared with us at the event, not an evaluation, validation, or recommendation of the given technology.
TAGS
Identiverse 2025, digital identity, identity security, zero trust, AI in cybersecurity, decentralized identity, verifiable credentials, identity governance, privileged access management, IAM, IGA, cybersecurity conference, Mandalay Bay, authentication, biometrics, secrets management, SSO, MFA, ITDR, access control, enterprise security, digital trust, identity trends, identity innovation, conference highlights, tech expo, identity tech, identity solutions, cybersecurity trends, identity keynote, identity management
After over 53 videos, almost 200 minutes of content only 2 escalator rides, 30,000 steps and over 25 fact checks, our coverage of 2025 Identiverse ends. The event spanned 4 days, had over 250 speakers, 150 exhibits and with over 3300 attendees – 700 more registered over last year. Registration went very smooth with rarely any waiting time. Interestingly, we were informed many registered late. Executives realize that reducing risks and therefore related losses is a viable path to protecting profits in uncertain times. This year’s event took place at Mandalay Bay Convention Center, a change from Aria last year. Most enjoyed the conference taking place all on the same floor. It was great to see the conference grow and expand. Like all changes, there were the old timers yearning for the days when they all packed into too small rooms at Aria. Unfortunately, some of the sessions located physically further from Expo Hall reported some in person attendance challenges from those too tired to walk to the room. The event featured a full collection of meals. We were able to capture the Tuesday Seminar’s Lunch and the lunch on Wednesday in Expo Hall.
While at Identiverse, we conducted research for three additional forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
Readers and viewers wishing to experience the entire event are encouraged to view the Conference Whispers: Identiverse Playlist in its entirety. Once the video edition is available, the playlist will be sited as a pinned comment on the video edition. It is also easy to locate any previous Conference Whispers playlists through TBW Advisors Website under Subscribers research/Conference Whispers.
Identiverse is absolutely one of those events where regardless of the amazing session you choose, you are aware you are also missing an incredible session – or two. Fear of missing out was rampant. Fortunately, we were able to capture 53 videos for our clients and subscribers. The first Keynote featured John Pritchard, CEO of Radiant Logic. Titled, “Identity isn’t a solo Game” it drove home the message that one cannot succeed in identity without collaboration with the professionals around you throughout the organization and with others in the industry.
Another frequently referred to keynote featured the UK’s Hanna Rutter who is realizing their government digital identity solution. In her talk she spoke about the challenges of such a decentralized digital identity solution and how she is overcoming roadblocks on her path to success. A much in demand topic regarding identity challenges in the realm of AI was presented by Richard Bird. A tech talk held in the expo hall was hosted by Microsoft. Their tech talk covered the hot topic of ITDR, Identity threat detection and response.
Identity is a topic found not only in the expo halls of Identiverse, but was also seen in the halls of HIMSS, Fintech Meetup, Money 20/20 and ISC West just to name a few. What is interesting is the different manners of vendors describe their technology. At ISC West, vendors in the expo hall spoke in terms of a solution. They would always emphasize the PII information is not on the badge, rather a hash of the biometric data which enables verification is provided instead. While this was not clarified on the videos at Identiverse, the vendors later disclosed the same technical approach that was taken on the technology captured at Identiverse. If you are seeking a tap-in to sign-in on a shared device for your organization, Imprivata was in the expo hall with their solution. If you would like to verify the customer requesting the high-risk transaction is the same customer who signed up for the account, Panani shared their technology. Keyless offers a solution to authenticate high risk actions with a selfie. If you are an engineer developing a solution and need the capability to onboard customers, no need to start at square one! PropelAuth provides an out of the box identity capability you can add on to your solution to onboard customers! Seeking to manage your remote teams and seeking a cost effective out of the box solution to provide SSO and MFA? Cubeless shared their free and easy SSO and MFA solution made for you.
Is managing privileges gotten to be too much for you and your organization? Apono Unified Access Management is an intelligent solution that aims to provide just enough just in time privilege for human and non-human-identities (NHI). Oasis goes one step further in managing AI Agents’ Identity, provisioning, deprovisioning and cleaning up stale accounts. Are your coders overwhelmed trying to identity what secrets vault to use so they land up hardcoding the secret? Is your organization suffering from identity vault sprawl? GitGuardian was on hand with their solution that can assist you in identifying and remediating secrets vault sprawl.
Expo hall also featured quite a few IGA (identity governance and administration) and PAM (privileged access management) platforms. Omada captured their 25-years’ IGA experience into a free best practice framework. This framework includes use cases and related configuration recommendations for their platform, Omada Identity Cloud. Lumos shared their agentic AI autonomous IGA solution. This solution can even recommend what privileges a new employee should get based on their role and department. If you have a small but complex environment, Clarity Security has an IGA solution targeted at your organization.
Keeper Security shared their zero-knowledge identity solution for endpoints. Their solution is referred to as zero knowledge as the customer’s data is encrypted on the endpoint with the customers key; meaning, Keeper Security has no access to customer data whatsoever. Bridgesoft shared their complete identity platform that also can adapt and include any components that may already exist in your environment. Specializing at the start of the process, CyberSolve helps organizations commence new identity programs. Looking for IAM services across the portfolio? Simeio was on site there to offer guidance. Clients are reminded to schedule an inquiry to review the current state of your identity program. If you are seeking to expand it or modernize it, we will produce an inquiry plan to guide you along the journey even if you are working with an outsource provider or consultant.
Identiverse will once again be held at Mandalay Bay Convention Center June 15-18, 2026.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
Publicly Published with video edition: July 28. 2025 2pm.
Analyst(s): Dr. Doreen Galli
Photojournalist(s): Dr. Doreen Galli
Abstract:
After capturing almost 50 videos, over 150 minutes of content and countless shorts forthcoming, our coverage of ISC West 2025 closes. Attendees gathered for ISC West 2025 held in Las Vegas March 31-April 4. The event featured innovations in video surveillance, driver-assisted systems, palm vein identity solutions, edge AI, and gunshot detection. Exhibits included AI vision, camera intelligence, and layered security solutions. TBW Advisors was able to capture exclusive content from the live sessions as well as full details on top products at exclusive Press Briefings.
Cautions
ISC West offers the option to print your badge at home. It is important to note that you not only need your badge holder and lanyard on site, but you still must wait in the registration line. Specifically, you must present and verify your ID to get a sticker on your badge for it to be useful. IF you only snag the badge holder, you will land up back at the long registration lines.
Our coverage of ISC West 2025 includes over 38 videos and over 150 minutes of video content spanning session summaries, product overviews, and answers to three urgent questions. There will be countless shorts forthcoming so save the entire Conference Whispers: ISC West 2025 playlists by clicking on the book mark symbol. Registration was quite interesting for the x attendees as one could print the badge at home but still required face to face registration to get the validation sticker. Held at Venetian, the customary Venetian Café Presse was open as well as the Venetian Food Marketplaces within expo hall if you got hungry. The event seemed to exceptionally crowded as you can feel as all waited for expo* hall to open and was loud enough to trigger a 100db warning on my watch. Upon clearing security, endless exhibits featuring massive amounts of vision AI, AI video analysis, IoT sensor data, and complex security identity solutions bridging the physical and cyber worlds.
While at ISC West, we conducted research for three forthcoming Whisper Reports for our clients. The playlists are unlisted but available and will eventually fill in with the video version of the report so you may wish to bookmark these playlists.
We are excited to share that we have two exclusive pieces of content where the presenters gave a special overview just for TBW Advisors LLC, our clients, and subscribers. First, we have the session by Intel RealSense. This session focused on the combination the long history in vision and the long history of AI together to successfully create the current generation of facial recognition for the purpose of useful Identity and Access Management via the biometric field of one’s face. Keep in mind, data representing one’s face is PII or personally identifiable information. While not healthcare, the protection of PII requires the same care as all PII data as discussed during our coverage of Conference Whispers: HIMSS 25.
The second session summary we were also treated to includes a look at when cyber and physical security combine. Operations and IT coordinating to achieve a business function is quite common. As anyone who has been a corporate CIO in an organization with physical buildings knows, security is security. Physical security must interface with IT systems to understand who is permitted to do what. Historically, if physical security fails, IT systems are always at a higher risk due to information being left around or the increased attack surfaces made available via the ability to physically access a network terminal or a server itself depending on the organization. In 2025, the rush to get data from everything connected to survive the pandemic or to rush ahead with AI solutions has increased possible attack surfaces. The confluence of these scenarios together has made the Cyber Physical Security practice space blossom so expect to hear and see a lot more in this space for the foreseeable future.
Whenever given the chance, we try to bring unique content and details about the companies at the conferences to you. At ISC West we were able to attend a special, press only event held by Taiwan Excellence better known as Taitra. Taitra’s mission is to help spread the word around the world about innovations coming out of Taiwan by featuring some of their companies. The editor in Chief for Security Today Magazine, Ralph Jensen also spoke at this event to kick it off. We were able to capture the full 10-minute presentations for each of the 6 technologies featured!
The first technology featured is Cyberlink. Cyberlink provides extensive video surveillance capabilities including the ability to successfully track people. In the event of a violent attack or a lost child, finding the desired human being from all the surveillance video available can be quite timely without the right technology. Cyberlink’s people tracking works even if the face is not visible on the video through posture, clothing, or body movement signature.
Advanced driver-assisted systems (ADAS) are popular in automobiles but for larger vehicles it is still newer due to the complexity and size of semi-trucks. EverFocus gave the press an in-depth overview of their current solution including the company’s success in obtaining many Taiwan and global certifications enabling deployment.
The third technology presented at the event was Himax with their palm vein identity solution. As this contactless solution works even if a surgeon has scrubbed for surgery and put on their two pairs of surgical gloves, this technology could have easily been featured at HIMSS25 or Identiverse. Himax is not only known for their palm vein identity solution but also for their ultralow power AI processor that runs their solution and is available on the market as WiseEye.
The fourth and fifth companies presenting both featured edge solutions. Kneron featured a general-purpose secure full stack edge AI solution that support AI services at the edge for a large variety of use cases. One example is combing standard RGB video with thermal camera information for a cohesive image to properly identity living beings or animals in the camera’s view. Likewise, Vivotek specializes in IP Surveillance solutions including network cameras, network video recorders (NVRs) and related software solutions and accessories.
The product mix set at ISC West is interesting as it spans AI vision, Camera Intelligence, surveillance, and identity. Let’s start with the best in show new product two-time award winner, Vaidio. Vaidio provides an AI vision platform leveraging their deep AI expertise. Their belief is you should be able to point a camera at anything and make it safer. Safr is a vision AI solution focuses on facial recognition and liveness verification for live video including watchlist alarms. We also had an extensive booth tour by Intel RealSense. As you can see, their solution is quite easy to integrate for developers. Enrolment is quite simple. Their chip/software solution is integrated into many of the products on the floor. They also provided a live demonstration of their solution in action. If you are famous or a high NetWorth individual and you are not comfortable with your personal identity or other information floating around the web, 360 Privacy was there with their solution.
Advancis is 30-year-old company that provides a one-stop identity solution that focuses on integrating as many hardware devises as possible. It currently can integrate with over 550 hardware devices on which it can capture and verify credentials. They add support for approximately 30 devices each year. Also playing in the Physical Identity and Access Management (PIAM) space is RightCrowd. RightCrowd specializes in complex scenarios for organizations with many employees, many visitors across many locations. For those seeking a PIAM solution leveraging facial recognition or fingerprints, Bioconnect might be on your radar. Bioconnect integrates with the top 8 IAM platforms in the market. For a layered security approach, dormakaba provided TBW Advisors LLC with an exclusive booth tour walking through their offering and various layers. If any of the biometric or other identity information needs to be put on a secure card with any of the contact and contactless embedded technology, Dascom was on site. Their printer can securely hold up to 200 finished product cards until a batch is completed and retrieved.
Diving more into the physical security aspects, LVT provides a mobile security unit that is rapidly deployable. LVT’s low power solution leverages cellular connectivity and high scalability for future proofing its deployment. Underneath the surface, LVT leverage the latest in agentic AI capabilities within its solution to provide these advanced capabilities. Another agentic AI solution that
stops threats without human intervention based on video surveillance, Spot.ai might be on your radar. As an Agentic AI solution, Spot.ai not only detects an issue but can automatically handle the threat in 90% of the cases. Specifically, the solution will automatically be able to execute things like intimidating announcements, spotlights on, and following the potential threat as well as turn on sirens. The solution notifies a humans if the automation determents fail.
Finally, if safety and security means identification of a gun shot and its source, Databuoy was on hand. With technology funded by DARPA, their solution is just as effective in your closest metropolitan area as it is in a urban combat.
ISC West 2026 conference will once again be held at the Venetian in Las Vegas, Nevada. The dates are yet to be announced for 2026.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
