The world is changing very, very rapidly.
We can no longer trust our eyes or our ears.
All of a sudden now, agents are a new identity type that we're going to need to secure.
Agents can be compromised.
Identity is just becoming so central.
How the world works, It's the foundation of digital trust.
It's the control plane for your business, and our vision is to provide a unified architecture and a unified vision that helps you maintain trust in every digital moment.

In a universe where uncertainty is the only constant, trust has become both your greatest Challenge and your greatest opportunity.
Welcome to Ping Universe, where trust isn't just earned, It's engineered, where identity isn't a barrier.
It's your gateway to resilience, Security, and growth.
This year's theme is Resilient Trust, Because in a digital landscape under siege by Deep Fakes, AI threats, and rising complexity, your ability to adapt, To evolve, will define your future.
Discover how global leaders are redefining their identity and access management strategy With real-world solutions that secure every identity, every interaction, Every innovation.
You'll learn to fortify identity, Build resilience, and thrive in uncertainty.
From AI-powered access control to passwordless authentication and decentralized identity, This is your front-row seat to the future of digital trust.
This is more than a conference.
This is a chance to rewrite the rules, to take back control, To turn trusts into your most powerful competitive edge.
This is Ping Universe 2025, and it starts now.
Well, good morning and uh welcome and thank you all for being here.
This is uh the 2nd to last, uh, universe that we've been given around the globe.
Been a super busy year, super exciting, and, uh, so I'm gonna walk you through all the things We've been working on.
I'm gonna start by saying super exciting, but also super challenging year.
And let me, Let me orient a little bit, see what I'm looking at just since we've got one monitor out.
OK, so if I click forward.
There we go.
OK, so here's, uh, one of the things, Not one of the things, many things we've been challenged with is that we just have a lot To maintain these days and the attack surface is obviously growing, So more identities, more devices, more types of identities, more instances or tenants as we Segregate identity types across everything, it just is creating a very large attack surface.
It's not getting any easier, frankly.
Uh, and the identity infrastructure, as we all know, is under attack, Very distinctly under attack.
They're not breaking our crypto, They're breaking our authentication mechanisms.
They're breaking the back door and the side door, the onboarding, The recovery, all of the weak links, if you will, in our Identity infrastructure are being Significantly challenged right now.
So we've got our work cut out for us, um.
Trusting every digital moment is, hold on one second, there we go.
OK, now I'm gonna orient.
Trusting every digital moment is a vision of pain and what we mean by that.
Is all of the identities that sit between you initiating a transaction and that transaction Completing accurately all of our API endpoints, all of the different computers that we are Using to service those transactions, literally every step in the digital transaction Ultimately needs to be secured, and we view that as our job to help you do that at all of Your organizations.
All right, so just a few things to kinda level set on what we've been busy doing, A few statistics.
We're super honored to be the company that is trusted by so many of you.
These are the, the globe's leading enterprises nearly in every vertical.
So thank you for giving us your trust, and today's speech is really about all the things that we're doing to maintain that trust on your behalf.
Also super honored to have been recognized by the analysts.
This is a recent, uh, Gartner report that, uh looked at the critical capabilities across Every major use case in identity.
So this is customer, workforce, developer, machine, uh, And Ping showed up number 1 in every single one of those critical capabilities.
So thank you for that.
We're also honored to be trusted with Protecting about 8 billion accounts now globally across every vertical in every major Geo that Ping operates.
So thank you for that.
We're working hard to maintain the resiliency of our cloud infrastructure.
And so we continue to invest in all of the locations that we serve up both our multi-tenant SaaS and our single-tenant SaaS.
I wanna say we're in 16 or 17 now regions that's growing.
Uh, every year we invest in a new location.
We recently deployed our multi-tenant SaaS in both Singapore and Dammam.
We have Melbourne and Doha coming soon.
So if we don't serve a region that is important to you today.
Talk to us because we're, we continue to expand our footprint.
All right, so the theme of the conference now is, uh, Resilient trust, and we break this convo down into two major themes, Things that we're doing, things that we're investing in to make sure that we are building Upon a foundation which is trustworthy.
And so the first theme is this notion of unified architecture.
Our silos aren't just killers of our agility.
The truth is they are the enemy of our security.
And so if we're talking about minimizing the Attack surface, a fragmented or siloed identity system across all of our business units.
Is more vulnerable than when we get our act together and centralize the identity control Plane.
So we're very focused on what we can do with The services and capabilities that we provide to unify those capabilities.
The second major theme is this notion of continuously verified.
So we're kind of moving from, uh, you know, implicit trust to explicit trust now, too Verified trust.
And I'll talk a little bit more about what that means, but to the extent that trust has been Weaponized, meaning all the places in our business that we haven't inspected for a while that we deem trustworthy, if that makes sense, those are all the weak spots in our identity Infrastructure and our processes which are being exploited.
I'll talk a lot, a lot more about that, but Identity needs to be context aware.
Informed in real time by all the signals that we have access to incorporated into the flows Of how we authenticate users, how we onboard users, and especially now how we re-verify People when they've been disconnected from their account and they call into the data Center to somehow either reset credentials or re-enroll their phone into Strong Authentication.
Those are the things right now which are being Significantly abused.
So let's shift in right now to this notion of unified UM architecture and kind of no Surprise, a lot of surveys have shown that organizations are looking to simplify their own Vendor landscape to the extent possible, they're looking to centralize the identity Controls.
Sometimes that centralization occurs with a Workforce focus, sometimes it’s on a customer focus, and sometimes it’s both.
About 25% of Ping's customers actually use our infrastructure for both customer and the workforce use case.
Just another example of the unification, if that makes sense.
So here I wanna break down.
Um, both the things that we are investing in, but also highlight this larger what I call More expansive view of unification of the Platform that we're building for you.
It begins at the bottom.
What is the identity that we're securing, and we're well-known, and many of you use us for, Say, the customer identity, the workforce identity, in some cases, the partner or B2B Identity.
So that's the foundation of the house, and we have always designed our systems.
Once you select the platform from Ping and say you choose to secure your workforce, Same underlying platform you could create a separate tenant for and secure your customers or your partners.
So it's always been about how do we leverage the same technology and the same understanding Of how that technology is applied.
To secure multiple identity types and, as I said, about 25% of our customers use us for more than One Identity type.
The second major layer of unification and the term that has been used here has been the Convergence of the identity security controls has been a platform that can Accommodate Access-Management, I think strong authentication.
Uh, an authorization, think governance.
So this is all the Identity-Management-IDM and, uh, Entitlement Management and provisioning of Users to applications, and then lastly this notion of privileged access.
So these are the administrators that have access to critical infrastructure.
And so there has been a move afoot over time for Platform vendors to seek out the Capabilities that span all three of these, and Ping is one of those companies as well.
The 3rd and 4th layers are a bit unique to Ping.
So while you may have seen plenty of vendors out there with a similar vision to unify the Underlying platform for identity types, to unify the various capabilities for identity Security, when you get up into this notion of identity fraud, And the next layer I'll share in a second, you start to enter some pretty unique territory where Ping has invested pretty significantly over the course of the last 5 or 6 years, both in acquisitions and internal innovation.
And so this notion of risk and fraud signals or the threat protection that we inject into our Authentication policies, so at the moment of Authentication, It's not just the explicit strong authentication or the MFA event that a user is Going through, it’s upwards of 20 or more signals that we use invisibly behind the scenes To provide a level of assurance, if you will, that we're interacting with the right Individual.
And then along with that is this notion of Authorization, fine-grained or dynamic authorization.
Some of the decisioning which is now going on in the Authentication Policies is becoming Pretty sophisticated and it's not just one signal provider that you're looking to ingest.
You might have your own behavioral analytic systems.
You might be getting signals from your endpoints.
You might be getting signals from CrowdStrike.
You might be getting signals from your API Gateways or other Gateways, um, and how you ingest those signals, If you will, to determine do I let the user in or not.
Those policies are becoming pretty sophisticated.
Fraud and scams are putting more pressure on the level of decisioning happening now in your systems right now.
So, the simple authentication policies we lived With maybe 5, 10 years ago now, don't apply.
Where do you put that Centralized Decisioning matters?
And so that's where our Authorization capability in connection with our signals is Strengthening the underlying identity control plane.
The last level here of unification then is this notion of identity verification and The notion of credentials, meaning verifiable Credentials or the decentralized credentials that we are now gonna be putting in wallets.
So when you add all of this up.
The unification, if you will, of identity type, the identity security capabilities, The fraud, risk signaling, and decision-making, and the ability to verify users' actual real Identity.
And then to issue them credentials that enable them to prove their real identity in other subsequent interactions.
Is also now playing to the entire end-to-end view of how we manage the trustworthiness of The identity control plane.
So I'm gonna break it down here a little bit.
The first step, as I said, is a one platform for all identity types.
One of the things that we've been hard at work on over the course of the last, I'd say 3 months significantly is this notion of how are we gonna secure all of these new Enterprise agents.
So these are frontline agents, these are digital workers built on a number of different Systems that we have access to and do we have a uniform way to recognize them, To onboard them, to provision, or entitle them?
Are those agents gonna be given credentials in the future?
Maybe digital credentials, maybe agents have their own wallet?
How do we authorize them?
How do we scope back access to data?
That is more narrowly defined than the scopes that they would get, Say, in generic OO, for example.
So there's a lot of questions, and I'll cover this in more detail.
And Peter will then follow on, and we've got additional sessions later on in the afternoon That'll, that'll walk you in, uh, walk us through a little bit more detail.
One level up, then on the unified platform access, governance, and privilege just wanted to Highlight a few things that we've delivered over the course of the last year with Access And I'll start with password list authentication.
We obviously have been evolving over the course of a decade.
10 years ago we were focused on standards-based single sign-on, And then through COVID, we said, well, send everyone home, But we need to have multi-factor authentication on everything.
We quickly, as soon as we rolled out MFA, we said, make it disappear.
And so this whole notion of how do we leverage risk signals.
To eliminate redundant MFA prompts if the risk is low, And we've had customers use our Protect signals, say in the workforce use case to eliminate up To 90% of those MFA prompts in the customer or consumer use case, we've had retailers that only Log users in one time a year.
But the risk signals run invisibly behind the scenes on every interaction to provide some Indication, has the account been compromised?
Has there been an account takeover?
Has the session been hijacked?
Moving right on up, now, we are all on a journey to see if we can eliminate passwords Entirely.
And so the investments that we've been making In PTO 2 Biometrics and then subsequently Passkeys have been pretty significant.
The identity verification now, which we haven't spent a lot of time on, I'm gonna spend a little bit more time on later because it's just so significant.
It has now become what I'm gonna say the weak entry point.
So, while I think all of us feel pretty good that we're not done, But fairly fairly far down the evolution, if you will, of strengthening the authentication.
The initial Identity verification when on boarding, and especially in remote onboarding has become exposed by the threat actors.
So how sure are you?
That the person that you're enrolling their phone into Strong Authentication actually is Who the intended recipient is.
The ability to remotely, in a self-service way digitally verify a person's real identity now has become exceptionally important.
So it's not an afterthought, it's a forethought, and we need to architect end-to-end Trustworthiness in the entire life cycle, if you will, Our journey of all identities that enter into, call it our Identity Control Plane.
So adding verification now to the vision of strong authentication has become paramount at PingOne and we've invested pretty significantly in our capabilities there.
Second major area I want to provide a bit of update on is Governance and, Um, so this is for Ping, Heritage Ping, a new capability that came to us through the merger with ForgeRock in the last couple of years.
And you think about governance and the life cycle management of both identities and Entitlements as basic role user org and Entitlement management, There are a whole host of additional capabilities there as you look to manage the Life cycle of both these identities, their entitlements, and how they come together into Roles and groups.
One of the things that we are adding now is the notion of agents and which agents need to be Governed, which agents do we need to administer the entitlements to, And so you'll see this is the attic somewhere between how does the Authentication control Plane authenticate agents?
How does it authorize appropriate access to data, in some cases, Which agents need to be governed.
And which entitlements and the mapping of those do we need to have good controls over, and then Thirdly, there are scenarios where agents kind of take on the role of a privileged user.
And so you will see PingOne look at the patterns of agentic and begin to apply, If you will, the principles of both governance, access control, and privilege as appropriate to all of these various agents that are gonna be entering our Systems.
Another major thing that we've done is we have Introduced a number of essentially AI-based features.
These are on our capability called Helix.
Helix is Ping's investment in generative AI to Build automation into everything that we do.
Some of the extreme challenges that we've given to the group are, Is it possible that 5 years from today we can fully automate.
All the things that are today manual in the administration of identities and so you're Seeing us introduce features right now which are on the path towards full automation and Starting out as recommendations that are in line with the administration that you do on these identities, so recommendations for approvers and certifiers recommended access for End users to help them understand what people with similar roles have access to.
That's an example of the AI recommendations.
We're adding capabilities for IGA to provide governance capabilities for service accounts.
And we're adding all of these notions of role insights.
Is this role appropriate for this user?
Is it?
Is it over-privileged?
Does that make sense?
Have they inherited privileges from other roles that might overscope their access to systems?
So in light of this notion of just-in-time, just enough access, which is a principle of Zero Trust, generative AI is gonna play a major role in scoping Back.
The rights and entitlements of individuals as We strengthen the real-time decisioning capabilities, leveraging signals, Do we allow access across everything?
Access, think Authentication across Governance, IGA.
And also into privilege.
OK, so that covers Access and Governance, but notably missing is, As I just said, this notion of privilege.
And so I'm super excited to announce that Ping has made a lot of progress here in the last Several months.
We have introduced, uh, at our Universe Conference in, uh, APJ, this is about 3 weeks ago that we acquired a company called Proseon.
Proseon has been focused on next-gen privileged access management, not where the Assets have been, but where the assets are now going.
So what I mean by that specifically is all of the Applications and Data that are now moving To the public cloud, I think Azure, GCP, um, and AWS.
So this is a Just in Time, Just Enough Privileged Access Management system.
That leverages not Secrets Management.
But leverages a gateway in essence to control all the privileged access, Say for DevOps developers accessing resources in the public cloud.
Uses a novel approach of securing the passwordless access by leveraging the trusted Computing platform of our desktops and machines and so it's got a passwordless capability that Leverages the TPM to gain access almost in a tunnel-like fashion to those resources, and it's All real-time access control with just enough entitlement just in time.
Doesn't just work for cloud resources.
RDP and SSH and servers and databases can also be secured leveraging the same tech.
So this capability that we refer to as privilege.
Is being put into our multi-tenant platform PingOne, And this is super important.
It is being designed the way all the other services in PingOne have been delivered from Orchestration to risk signals to credentials to our verification service.
To our fine-grained Authorization capabilities, all of these now are being referred to as Universal Services on our Multi-Tenant Platform.
And when I say universal service, specifically, what I mean is that they are not hard-coded or Integrated with Ping acting as the IdP, the identity provider.
They're being designed in such a manner that they can be added to any Identity Provider, Meaning your own homegrown authentication systems.
It could mean Microsoft Entra.
It could be one of Ping's direct competitors.
We've always been an open company, and by open I mean adherence to Open standards as the Foundation of interoperability.
We've always strived to be a partner of choice, not a vendor of lock-in.
And so in many ways this notion of universal services is a return to values and the way We approach the market for the first decade of our existence.
Which was very focused on standards-based single sign-on as additive to any of the Authentication systems or IdP identity providers that you had.
And so companies knew us as a way to extend their authentication services, Leveraging SAML, OAuth, and OIDC to every application.
So in light of that history, it's really remanifesting now at a much larger scale around The vision of universal services.
Any or all of these services can be used independently or in combination to solve Problems, not just in the Ping infrastructure or on our platforms, Meaning our software or single tenant capabilities, but also with other IdPs.
Super, super important.
All right, other areas that we have been, uh, investing in unification, So this is now a bit of a report card, if you will, on things that we promised, Uh, after we did the merger with ForgeRock.
We said there are a number of things that we're gonna bring together.
Don't worry, we're not gonna pull the rug out on any of the investments that you've made in Core platforms, but we will look to unify some of our capabilities in multiple areas.
So here's a bit of a report card on our progress on that.
The first one is on the notion of unified services.
And so these are all the things that kind of surround our core platforms, PingOne and Advanced Identity Cloud.
So think things like um the MobileIron app, which I'll talk about here in a few moments, Our integrations, our multi-factor authentication, the SDKs and gateways.
We've been busy behind the scenes building a unified roadmap for all of those.
So one gateway could talk to PingOne, same gateway could talk to Advanced Identity Cloud, For example.
The SDKs that we deliver, we have a unified SDK Framework now.
So as we introduced new SDKs, we have SDKs for MFA, we have an SDK to verify that SDKs all plug into an underlying unified framework, an SD SDK framework.
So that's one area, and we've made great progress on all of those.
The second area is on the user experience.
And here we've made some improvements.
The Marketplace, which holds all of the integrations for all of our platforms, Now that's been unified between the two companies post-merger.
The Document Site and the Developer Portal also have been unified.
There are a number of things that are coming.
Uh, so say, for example, PingOne Privilege will inherit much of the look and feel as it becomes A universal service in PingOne.
It will be recognized like all the other capabilities are in PingOne.
It'll share a very similar Administration experience.
I won't take you through all of these, but you can see all the areas in which our UX team is Looking to unify the customer experience.
Another area of unification that we promised is that we didn't want two MobileIron authenticators For MFA for strong authentication between the Heritage Ping platform and the Heritage Forge Rock Platform.
So we have now unified those.
The ForgeRock-Authenticator is now basically embedded inside of PingID, So it continues to work with the MFA capabilities that you have in your Advanced Identity software or Advanced Identity Cloud.
But it now will inherit all of the vision runway of Identity verifications and wallets and credentials and protect signals that Ping has been innovating on over the last couple of years.
So a unified SDK, we didn't want to confuse end Users with multiple MFAs in the App Stores.
So that has actually now been delivered.
Another major area, as a matter of fact, the number one investment area in 2025 has been on Our organization for everything that you experience post-sales.
So I think customer success, support our professional services organization.
Many of you have different journeys, but you have the same desire to succeed in the outcomes As quickly as possible, so reorienting Ping and investing in that post-sales Experience, we know for many of you, you might feel and experience us one way pre-sales, It's that post-sales experience that we really wanted to focus on.
So about 60% of our investment this year.
Uh, meaning additional investment all went into the post-sales experience, And we hope you start to see and feel the difference as to how Ping shows up there.
All right, I'm gonna switch gears.
I want to talk about, Uh, continuously verified, and all the things that we're doing now to Ensure that we maintain and enable resilient trust by always verifying.
And one of the things that kind of, it felt like it started here.
Maybe 4 or 5 months ago it extended to US and it’s kind of rolling its way through Different verticals.
Are the attacks that scattered spider.
Our really, um, doing to all of the various companies in different industries started in Retail, it went to airlines.
I can see other verticals kind of bracing for Is it gonna hit healthcare?
Is it gonna hit Financial Services?
And in particular, the attacks that we're seeing are not particularly Sophisticated, but they are particularly effective; and again, when I talk about trust Being weaponized, these are in many cases the systems that we haven't spent as much time on.
The back door and the side door.
I'll talk a little bit more about that later.
And this is where our verified Trust Services play a major role in what Ping is doing to Help you become more resilient in the face of these attacks.
So, let me kinda take you through some of the things that we're doing there, and I'll start With threat protection and the fraud and risk signals that we deliver.
Uh, PingOne Protect is our capability here in this space.
It's actually been our fastest-growing product over the course of the last 12 months or so.
And if you look at the life cycle of an identity to when it transacts, It used to be that the fraud signals were largely focused at moment of transaction.
But what's happened is the adversaries have shifted their attention left and now are Abusing all the places in the identity life cycle that are not AS, As strong, so.
Why focus on the transaction if you can get a hold of the account?
As I said, they're not breaking our crypto, so much as they're breaking our processes and our Technology.
For Identity.
So this is an area that we're spending a tremendous amount of time on every step in the Identity life cycle from onboarding to account recovery and everything in the middle now has a Set of or a combination of signals which denote authenticity or denote an Abnormality.
So here we've been delivering on a lot of those signals.
The number of signals is growing.
You can absorb these signals as a Universal service on any Authentication system or any Authentication policy.
It doesn't have to be Ping.
So you can layer these into AI-ML.
You can layer these into Ping Access Management.
You can layer these signals into an onboarding that may or may not use our Verify.
You can leverage these signals on a re-verification through your Call Center.
If you wished, so again, very consistent with how Universal Services can be absorbed, They are integrated or pre-integrated, if you will, on our platforms, Core technologies, but they are not limited there.
You are, you are capable of putting these signals wherever they're appropriate.
The second thing that we’re doing in addition to those signals, which is really important.
And it started with OpenBanking and just kind of the more sophisticated consent management and data sharing of the financial sector and OpenBanking, But it's where do you put the more sophisticated decisions.
Do we have a centralized place to make decisions?
This is where fine-grained Authorization plays such a critical role in our future.
And let me be clear, I don't think there's any future of identity and access management where Authorization doesn't become the center of the house.
So we've been largely focused on authentication.
Which is a means to an end.
Are we authenticating the right user into a digital transaction?
But the decision-making ultimately is why.
That's why we do identity and access management.
So if the last 15 years have been largely focused on authentication, I think the next 10 to 15 are gonna be largely focused on what drives Centralized decisioning.
And the decisioning there needs to be fine-grained and dynamic.
Not coarse-grained and static, fine-grained and dynamic, meaning we must be able to make Decisions all the way down to a field of data based upon real-time signals of do we allow That transaction to go through.
That's exactly what we're focused on with our authorized product.
Which is available both in software and as a Universal Service.
And what we're seeing drive the use cases right now are some pretty sophisticated scams and Fraud in both the Mobile and Web channels, and we've had some of our customers come to realize that when the decisioning is embedded in the channels, meaning in the web app or mobile App, and they see fraud against those channels.
The ability to remediate is limited by time to release a new version of the web app or a New version of the MobileIron app, and it's too slow.
So how can you respond faster?
Well, one of the ways you can respond faster is Take the decisioning out of the channels, centralize them and authorize, And when you see abuse against some sort of decisioning that you're making, You can change the policy.
And the policy becomes immediately rolled out to all channels simultaneously.
So that's just the most recent, uh, I would say driver, if you will, Of recognition of how we've architected in the past and how we will architect here in the Future.
OK, Scattered Spider, I've talked about that One a little bit, uh, and I've said upon analysis, it's not as if the attacks are Super sophisticated, but as I said, the attacks are being super successful, Unfortunately, a lot of it boils down to the weaknesses in Verification or re-verification on account recovery, in particular, coming through our Call centers.
So if we've outsourced the call center.
And we've said you're responsible as an outsourced part of our IT or IS infrastructure To do password resets, to take requests for privilege escalation, if you will, Those are the things that are being abused right now.
Uh, and so we've spent, you know, better part of a decade focused on the front door.
It's like, how strong is authentication?
Have we centralized Authentication?
Are we somewhere on the maturity journey from basic authentication to multi-factor Authentication to adaptive authentication to passwordless authentication.
And we've been very focused on that as an industry, but what that means is that the entry Point, both the onboarding and the help desk have had less attention.
And we need to come back around and put a lot of attention on that.
So what Ping is doing specifically in this space.
Is Neo Neo is the umbrella term for our capabilities that cover both identity Verification.
And credentials, meaning digital credentials or Digital verifiable credentials, and the reason we talk about these in hand in glove because They sound separate.
Is that when used in combination.
You have an ability to self-service, digitally verify users' real identity.
Through means and mechanisms that are a little bit more costly both in terms of the user Experience and the actual dollar figure, but Once you do that, You can issue a digital credential, and that digital credential can be used for every Subsequent re-verification.
And we can take the cost both in terms of user experience and the absolute cost down to the Same level as Authentication.
So how do we bring the assurance level.
Of re-verification.
To the cost level of authentication, does that make sense?
It's a combination of these two technologies used in sequence, which unlocks what I just Described.
We want every digital transaction on a high Assurance level.
We would like all those transactions to have a low friction level.
This is the way we convert the high friction verification into the low friction Re-verification.
It's the combination of these two technologies.
Here we're making a lot of progress as well, so I won't go into a lot of details, But the number of mechanisms we give you to verify a user's real identity on the Onboarding or the re-verification if they call your call center.
We have a lot of capabilities.
This, my prediction in the last 90 days, probably will be our fastest growing capability.
There's a lot of urgency right now for companies to go figure out, Are they exposed to the same attacks which are being successful vertical by vertical as Scattered spider moves around.
And I would suggest, at least in my conversations, most companies are vulnerable Here.
And I heard a great comment from one of our Banks in the US, uh, I won't say the name, but I think top 3 Bank.
They looked at scattered Spider, they said, are we vulnerable?
They went into their own call center.
They did a whole bunch of security training.
They even changed compensation models.
They put posters all over the walls, letting everyone know how important it was that they Follow the procedures when someone calls up and says, "I've lost access to my account." Can you help me re-enroll?
As soon as they were done, they sent their red team in, They went through them like Swiss cheese, like they weren't there.
The, the learning, if you will, or the conclusion of that was that verification needs to be self-service centrally managed, that they couldn't trust the controls or humans in That process.
Humans can be bribed.
You have new ones starting all the time, so the efficacy, if you will, Of the verification process needed to be fully centrally managed and self-service in its Delivery model.
It's exactly what we're doing with Verify here.
The other thing I would say about this is that you don't want to be caught flat-footed.
Not having access to this technology at a moment's notice.
And what I mean by that is that Ping has received several calls over the course of the Last 2 or 3 months.
Saying we've had an incident.
We've kicked the bad actors off our network.
We have 1 user on the network, and we need to get 70,000 back on the network as fast as Humanly possible.
We need to re-enroll them into Authentication.
We need to re-enroll all their devices into Strong authentication.
But they are all remote, and we want to put verification on the front end of the Re-enrollment.
And they're scrambling to get ready, and in some Cases we've put together these quick-reaction teams at Ping to help them, and we've got Companies, these DaVinci flows with Verify that can bring people back on board in 72 hours.
Still, it's not best practice.
Best practice right now, I think, is that you want a verification service available to you at A moment's notice, and you might wanna think about going through your entire employment base If you haven't done it, it's good hygiene and just re-verify everybody right now.
Because the state actors are trying to get into our companies and they are applying, And in certain industries, as many as 15% of applicants are fraudulent.
And are you letting one into your company?
So it's just a very, very big deal.
So this whole notion of verified trust and Ping ID and what we're doing there.
It's just so incredibly important.
It's where we're just placing a tremendous Amount of innovation here at Ping.
This notion that PingID is a super App for identity, I think probably captures the right idea where verification and protect Signals and digital credentials and the biometrics which bind all of this together into The onboarding use cases, into the recovery use cases.
Into the strong authentication use cases, so whether it's the app itself or the SDK, the SDK that you could embed in your MobileApp for your customers.
This is the vision that we're moving toward to verify trust.
From a verification point of view, we have a long list now of capabilities.
It's not just document check.
There's all of these other data and other signals that you can now integrate into your Verification process.
There’s a number of new ones we’re adding Over the course of the next couple of months.
So I feel as if we're largely there now, and we've had massive companies, Companies with 500,000 employees.
Now that we have run the verification process across their entire deployment base, So I'm increasingly confident that this technology is now ready for prime time and you Can orchestrate the various flows that you want, whether it's original onboarding or Re-verification, however you wish using our orchestration engine, uh, DaVinci.
So if you look at that, the verified onboarding use case that I just described, This notion of a user who applies at your company; best practice is to run them through a Self-service digital verification.
As part of the onboarding process, if they pass the verification, Then you issue them a digital credential.
And for every subsequent interaction from the first time they show up to apply to a job, Every subsequent interview to the actual onboarding, it's a combination of an initial Verification combined with digital credentials.
This we feel is now best practice for onboarding, and the concept is not limited to Employees or contractors or B2B partners.
If you really think about it, the concept probably should apply to everyone that has an account.
At our company, including our customers over time.
So that's the onboarding side in terms of the Verified Help Desk, same thing applies Here is that if employees have been run through Verification or issued a digital credential, the digital credential can be used.
As a self-service re-verification.
So this is also just another great use case that would strengthen and/or provide more Resiliency against the scattered Spider attacks that we're seeing.
All right, so I'm gonna shift gears here a little bit and just talk about a few of the Other things that we are enabling verification for.
Number one is this notion of verified secure containers for our software, So any of you that are self-managed leveraging our software.
This is all of our software, so think Heritage ForgeRock as well as Heritage Ping.
Uh, we have gone through the effort to enable our software for FERaram in The U.S.
FERRAM is the guideline for security for all SAS that the federal government uses.
The underlying software that is being made FedRAMP compliant has basically, Uh, been delivered in these secure containers.
Well, the same secure containers that we are Doing for FedRAMP, we're releasing to all of our customers.
So if you want an additional layer of security assurance on the software that you're Downloading and running and self-managing, just know that this is now gonna be another option For you, secure containers.
OK.
Next up, 22 last topics, and then I'm gonna wrap it up.
Uh, the first one here is quantum resilience.
Um, last thing we want to see is another black swan event where, You know, OpenAI and ChatGPT just show up.
We've been talking about AI for the better part of 15 years, but then all of a sudden things changed very, Very rapidly, so we can all see quantum coming.
We wanna make sure that the secrets management Of our underlying infrastructure is resilient.
To quantum compute, and so this is the roadmap and timeline that we've committed to.
So we have inventoried all the places where our crypto and our algorithms are Potentially um.
I'll say vulnerable, if you will, to quantum compute, and our commitment is to make sure that We cycle through all of those crypto mechanisms following the Open Standards which we're Following very, very closely right now, um, making sure that we adhere to the Open Standards, uh, and the advisory that the industry is coming up with.
So end of 2027 is the goal, and that'll be a little bit of rolling thunder.
You'll see us move through all of our products, both software and software-as-a-service.
Lastly, I wanted to talk a few moments about what we're doing in AI and connect About last year, which is the introduction of Helix.
So Helix is our no-code, low-code agent builder.
This is a singular way in which all Ping products will absorb capabilities of generative AI.
Our goal was to build an engine at the core of Our platform that all of our products use so that every feature leveraging AI was Adhering to the same standards, the same security protocols that we had vetted once would get used everywhere.
Helix itself is a drag-and-drop agent builder.
It looks kind of similar to orchestration if you've experienced that in journeys or PingOne DaVinci.
You start with a blank canvas.
You drag boxes to the canvas, you start typing things in the boxes which are logic, which create automation.
And so Helix and this generative AI capability will sit at the Core of now two different ways to think about AI in our platforms.
One we refer to as Identity for AI.
We're gonna spend a lot more time on that today, And the second one is AI for Identity.
When it comes to AI for identity.
One of the first features that we will be delivering, which is a Helix feature, is essentially an Admin Assistant.
So think a super smart assistant in the Administrative Council of our products that you Could type to and it has access to all of our knowledge bases, Obviously access to all the documentation.
And you could ask it questions, and it will give you answers, essentially, so we've been training Up this AI assistant on all of our materials to be like the smartest, You know, support person, so to speak, that you have access to directly in the Administration Capabilities of our product.
I wanna say I think this is Q1 of next year if I saw this right or first half of next year.
The second piece of the equation here is identity for AI, And this is the one that we're gonna spend a lot more time on.
So, in all of the urgency to figure out how you are going to incorporate automation into your Companies, how are we gonna secure AI and is there a uniform way in which the identity Platform can secure this for us?
So here I'll just kind of break it out and say Agents are coming, Lots of agents are coming.
We break them into three categories; this notion of personal agents, Agents that you bring, so think ChatGPT is a personal assistant or personal agent that you will ask to do things on your behalf, and instead of going to a website, Your agent would go hit an MCP server on your behalf, and it might be looking for something, It might be researching something.
It might want to look to take you to the point of transaction.
But allow you as an individual human in the loop to actually approve the transaction.
But we do everything prior to that.
And then your partners and your business, all of these different automations that we will Embed in our systems, and if you think about the number of interactions and the type of Interactions we're gonna need to secure the notion that agents will have access to apps Directly.
And the data behind those applications and how Do we scope the data, the fact that humans will be interacting with their agents, Those agents then on our side think personal agents might be interacting with agents that Companies are managing to interact with you, but rather than interact with you, a human directly, the company ManagedClient, Frontline Agent will be interacting with a Personal agent.
So now you've got two agents.
Each with their own instructions and prompts on how to interact.
All of a sudden, now agents are a new identity type that we're gonna need to secure.
Which is a super big deal.
Agents can be compromised.
You could have good agents that are compromised.
We're gonna have a lot of ephemeral agents, so agents that have no history or reputation that We can draw upon.
They're not authenticated to our systems.
Yet they're gonna be interacting with our systems.
So up until now, there's been a lot of effort to say, Is that a bot or is that a human?
Let's separate bots and humans.
Now we need to separate bots from good bots and bad bots.
Recognized bots and unrecognized bots, bots that we, That we thought were good, but might be compromised.
And all of a sudden a bot that is recognized might even be authenticated.
Now I was behaving in a poor way.
And so how do we see the intent of bots?
It’s just gonna get complicated here.
And so one of the things that we are working on now in our PingOne Protect signals, which we've had before is not just denoting humans from bots, But now humans from agents and good agents from bad agents.
That's the new level of granularity our risk and fraud signals will need to include.
So that's coming here shortly that the Protect signals will be extended into agents and Recognize the intent of agents.
There's something really profound that lies beneath the principles of Zero Trust when it Comes to recognition of intent.
And I'm just gonna say this once, but I, I think it's pretty profound.
And that is the notion that long-lived trust, unfortunately, I think is dead.
We are coming into a world where.
For the last 3 years, you could have had an actor and identity behave well, And then the next second it doesn't.
That would be an example of an account that's been compromised.
The account had a good reputation, but the account was compromised.
So trust, for a second, probably is our new reality.
The presumption here is that you're good actor until the second you're not.
And the second you're not a good actor, we somehow need to know.
And that's where we're going with the real-time identity control plane ultimately and where We're going with these risk and fraud signals and why decisioning, Not long-lived or static entitlements, are the future of the identity control plane and why Authorization is going to become so central to the architectures going forward.
So the new normal here is gonna be more sophisticated, and it's gonna have a scale that We haven't seen this before.
Agentic scale doesn't turn off, It doesn't wake up.
It's always available.
It might be regulated by how expensive it is, right?
How often do you tell agents to go out and do things on your behalf?
Every hour, every 30 minutes?
Once a day?
Some of our systems might get hit once a week, Once a month, once a year, but our agents can go out on our behalf and constantly be probing The market for changes in supply and demand.
So it's just a very, very big deal.
The genetic scale is gonna be unlike something That we've seen before.
When you break these agents out, as I said, managed, unmanaged, Personal, two of these agents that we think are managed, the digital assistants, Think the chatbot on your website, digital workers think automations where manual tasks Now are done in an automated fashion using, say, for example, Helix.
And you think about the infrastructure that is Required to secure the new actors in this new architecture.
One of the things Ping is busy doing, and you will see a lot more of this both today and Going forward, is being very explicit about what architectures and what technologies Enable trust in agentic and specific agentic use cases.
So this notion where now rather than just have APIs exposed, You now have MCP servers exposed to agents, those are agents that you build or agents that come from the outside and are hitting your services.
How do you secure those M2M-APPs and A2A servers?
If you do have a chatbot on your website, I'm just using that as an example, As a managed frontline worker agent that extends now the chatbot's ability to gain Access to data and systems in the back end, but it's managed.
What's the underlying Ping infrastructure to secure the lifecycle of that agent to scope Back what data that agent can see.
So where trust extends all the way out now to this notion of a digital worker, This would be some agent that you developed internally to do a manual task in an automated Fashion.
So if you look at the underlying infrastructure Of all of this, these capabilities from Life Cycle Management.
To, uh, to authenticating the agents, to authorizing appropriate access to data that is More fine-grained than OAuth could allow, for example.
All of these are patterns and infrastructure you will see Ping's Platform extend into.
And when you net it all out.
What we're really looking to deliver is a solution that helps you secure all of these Agent types.
We're looking to enable your business to securely adopt AI technology into your business For agentic commerce and the notion of improving efficiency.
We want not a singular way, but we want common patterns and a common architecture that Allows you to scale this safely.
And then lastly deliver on the ability to authenticate, authorize, Grant entitlements, manage the life cycle, choose the custodian, the human custodians of Appropriate agents.
We want a standardized method for you to do that as well.
AI agents are here, bringing incredible potential, but also real risks.
These Autonomous digital helpers handle tasks and make decisions without direct human Intervention.
So, can we extend trust to them?
At Ping Identity, we know digital trust must be earned and verified, Especially for artificial intelligence.
An AI agent should never impersonate a human.
And a human should never give an agent direct Credentials.
That's why we're building a solution.
Specifically for AI agents.
We help you identify and authorize only the right AI agents.
Each agent gets its own secure, traceable, and policy-based identity.
We ensure they have just the access they need, only when they need it, With clear boundaries and expiration timers.
It's about empowering your AI while keeping you.
In control for critical tasks, Human approval is essential.
Human in the loop authorization leverages built-in workflows to reduce risk, Ensure compliance, and provide trusted human oversight.
We also go beyond basic good bot, bad bot filtering.
We analyze intent and behavior to detect legitimate AI agents from those with bad Intentions.
Ping Identity simplifies agenic AI.
Management with automated setup, tailored access, and easy deactivation.
With continuous monitoring and detailed audits, we keep your AI agents functioning as intended and your organization secure.
Ping Identity empowers you to embrace the power of AI agents without constant worry and gives You the clarity and control you need, so your agents act with purpose and accountability, Not risk.
All right, so hopefully that's exciting.
I, I, I know many of you internally are having a lot of conversations around what to do Right now to help enable your business to incorporate the capabilities of AI, And I hope you view us as a trusted partner in that.
Last couple of notes, if there's one thing I would hope you walk away with today, It's that.
Many of you have thought of and used Ping as a Trusted partner to enable secure access, which has been fantastic, And, you know, we thank you for your trust and for your partnership in business on that front.
But if you look at the new Ping.
What we have been building over the course of the last 5 or 6 years, Certainly accelerated through our ForgeRock with ForgeRock.
There's so much more.
I would just invite you.
To think of Ping as a partner not just for the last 10 years, but a partner that you could build the foundation of your identity security and Identity is the control plane for the next 10 years.
There is so much more that we are now delivering on your behalf and our vision is to Provide a unified architecture and a unified vision that helps you maintain trust in every Digital moment.
So thank you for your trust and your Partnership.
I'm gonna hand it back to Alex.
Thank you.

Alex kind of set me up on that one, the Energizer Bunny, So the bar is high, I guess I've gotta keep that energy, and I totally agree the Presentation was amazing—just looking at how the role of Identity is connecting people and Providers and you have cross-domain trust, you know, people like delegated, uh, access to Have things like financial planners access your data.
It's just really complex.
Uh, set of use cases, but a real-world set of use cases of how identity can really help and Enable a business.
So very exciting.
So thank you for the presentation.
It's great to see the role of identity and how We can enable that.
So I'm uh here to talk a bit more about The architecture of resilient trust.
I'm gonna talk about just a couple of things.
Though.
I'm gonna focus in on a couple of really Important topics.
Uh, Andre earlier talked uh about more, more attacks, More complexity, more vendors, you know, there's just so much more, Uh, and naturally what comes along with this is more identities and.
Identity is just becoming so central to how the world works.
Uh, it's the foundation of digital trust.
It's the control plane for your business at the end of the day.
It's just such an incredible layer that enables and secures what's happening in the world today.
So I am going to focus on two things, as I said, and they both revolve around AI.
Uh, the first is around the threat of AI and when we look at things like deepfakes and the Threat of deep fakes and how we're combating that threat and how we're helping you with this Problem, but also the opportunity of AI with the agentic era.
So we're gonna start with deepfakes.
Let's dive into that.
And um focus a little bit, uh, first with a, a quote, uh, Here from Sam Altman, who's the CEO of OpenAI, obviously the folks who brought us Chat GPT and Kind of changed the world, I would say, for good, Um.
You know, but at the same time, the person who's introducing all this change is warning us About the significant impending fraud crisis that we are facing, and yes, That, you know, the opportunity is immense, but the, The challenges, the, the threat is real, um, and at Ping Identity, Our strategy to address this is around verified.
Trust, and how do we help not just Authenticate anymore, but how do we continuously verify and assure that The people interacting with our services are actually who we believe them to be because we Find ourselves in a world now where we can no longer trust our eyes or our ears we cannot.
We, we, you know, especially in a digital medium where we're doing things like web Conferences and what have you, where deep fakes can be injected easily to fool the people on The other side of the equation.
So at Ping we have a long history of innovation around verified trust, and it really Starts in a layer I would call Identity Security.
So this includes things like in the early days, single sign-on, Multi-factor authentication, directory, access, but we followed that with more capabilities Around identity fraud.
So this is our Protect product, our risk and fraud signals Product as well as authorization.
And we followed that as well with additional Products in the world of identity assurance.
So our verification capability.
And then we layered in additional capabilities on top of that, Orchestration, credentials, the merger with ForgeRock to even strengthen the portfolio Further.
And then just as Andre shared this morning, We announced the acquisition of Proseon, so now we have just-in-time privileged access as well.
So a really rich portfolio, but as you can see across those swim lanes across the top, It's not just about identity security, but also about identity fraud and identity assurance.
And I want you to remember those three swim lanes for a minute because I want to talk about The importance of how they're coming together.
So Andre talked about dimensions of unification and the first dimension of unification was Around unifying the identity types, so workforce, customer, partner, and now Agents so having a single provider, a single platform to help you deal with the complexity Of all of these identity types, the next level.
Of convergence or unification was really around The identity security unification.
So for those of us in the Identity industry, we talk about these swim lanes, You know, Access-Management-AM, IGA, and Privilege.
Those things are also converging together also at P.
But there's a third order of.
Unification that I want to talk about, which is those three swim lanes at the top of that Earlier slide, it's that these forces now are coming together.
It's not just identity security any longer, but also identity fraud and identity assurance.
These 3.
Worlds which historically in our industry I Think customers have thought about a little bit independently and deploying each of these Pillars in their own right, focusing on how you’ve focused on how to Orchestrate these things together, how to Integrate them together.
But at Ping Identity we really believe these three things need to come together for you to Work all together cohesively to deal with the threats that we're now facing, And that's where verified trust comes in.
It's really unifying these 3 concepts.
Together in a more integrated End-User experience that not only provides Authentication but much more from there.
So let's talk about that journey from Authentication to verified trust.
If you look at the world today, at the paradigm of identity that we face today, It's really one of implicit trust.
And what I mean by that is in identity, what a user does today is they authenticate to a Digital account and by virtue of the authentication to that digital account, The service trusts that the user is who they say they are.
And I think we understand that's no longer enough.
It's, we don't have enough assurance just because somebody successfully authenticates That it's actually who we believe they are.
And so the paradigm of identity needs to shift.
It needs to shift from one of being implicit Trust to one of being explicit trust, And it's not just from user to service trust, but actually service to user, Meaning that the service Service explicitly verified the user is who they say they are and not a one-time event, but an ongoing event as well.
And then also we see another extension of this concept to be user-to-user trust So it's not just the service user.
An example of where user-to-user trust is really important if you think about, I think it was in April there was a major headline that in Southeast Asia, Uh, uh, a.
Big Bank was defrauded of $25 million because a Deepfake chief financial officer was on Zoom and convinced them, Uh, the, uh, finance person to issue a check for $25 million or a transfer for $25 million.
And that's an example where maybe if, for example, Andre's asking me to do something very Important, I might want to verify it's actually Andre who's asking me to do that.
So that's where user-to-user comes in.
So this whole concept of verified trust is basically bringing the concept of not just Authentication, but continuous.
Uh, verification and assurance.
So it's no longer just authentication, But it's verified authentication.
It's no longer just authorization, but verified authorization so that we know in every identity Interaction we have high assurance that it's the person we think it is.
And there are many use cases we hear from customers that are really important where this Stronger assurance level is really relevant, It's really critical.
Um, account onboarding and registration, uh, verified access to ongoing authentication, Uh, account recovery and password reset, for example, a very critical moment to have a high Assurance, uh, the peer-to-peer verification cases, and then also authorization.
If you think about high-value transactions where maybe I'm authorizing the transfer of Funds from me to someone else, and I sign that transfer, uh, Maybe the signature needs to include verification also to make sure it's me Authorizing that.
And so, for us at Ping Identity to Bring this concept to life of infusing verification and assurance into every identity Interaction, there's some design principles that we really need to consider.
And the first is that we need to go from low assurance to high assurance in milliseconds.
And the reality is today with identity verification techniques, And when I say that, what I mean is, for example, you're taking a photo of the front and Back of maybe your driver's license or your passport, you're taking a selfie, You might have to answer some data knowledge.
Type questions to prove it's you that process is expensive.
It's expensive from a user experience, uh, perspective.
It's expensive from a time perspective.
It's also expensive just from a financial perspective.
It costs more to do those transactions.
So for us to really realize the vision of verified trust, We really need to make verification as cheap as authentication.
The experience has to be as fast, the time has to be in milliseconds.
And the cost has to be cheap for our customers to really choose to deploy verification at Scale and in much more situations than things like just initial onboarding or maybe, Uh, account resets.
It has to be privacy-preserving and standards based.
And when we say privacy-preserving, the reason I mentioned this here is one of the critical Methods that we will employ to help you get assurance in milliseconds is to utilize Biometrics.
And you know, biometrics can be kind of a Polarizing word sometimes to folks because instantly with that word folks worry about Privacy.
So as we're looking at employing and utilizing Biometrics to get that really fast, easy user experience, we want to make sure that in Reality we're not dealing with, and we're not asking you as customers to deal with any Sensitive information.
That we do it in such a way that it can't be used for bad purposes, Nor can the data be compromised, but we can still achieve the, The user experience that we're going after.
Uh, we want it to be infused in every identity interaction.
We want it to be frictionless and invisible UX and we want it to be a low cost of ownership so That we can deploy higher-assurance methods at scale.
And the way that we plan to bring this to life is at first via our PingID mobile app Which, for customers who are deploying the Ping ID mobile app, you know that this is primarily Used for workforce identity use cases but also importantly we will put it into our SDKs so that you can bring the same functionality, the same capability into your Applications that You're deploying to your customers, so the.
PingID app and the SDKs become much more than Just MFA because today if you think about Ping ID, it's an Authenticator app, But the reality is we need it to be much more a, a Super App, As Andre said, that is doing more than MFA.
It includes identity verification.
It includes decentralized verifiable credentials.
It includes our risk and fraud signals.
Our PingOne Protect product is abused.
And then also Device Trust.
We have Device Trust now in PingOne ID for desktop and laptop operating systems, But also we'll be bringing it for Mobile as well.
And so, as you can imagine, this is a really important concept to bring all of this together into a seamless End-User-UI experience where not just Authentication is happening, But in, in a very high-assurance environment, delivered for every interaction.
So I mentioned a few different services here on this slide.
So I'm gonna share some roadmap with you on individual services that we are working on.
The first one starting with our PingOne Verify product.
Verify is our identity verification solution.
This is where we prove that the human is who They say they are.
Um, there's several areas we're working on and continuing to enhance the service.
This includes introducing IP, email, and phone number, uh, Intelligence into the service, also, uh, Introducing more global data-based checks So that when you are verifying users in different jurisdictions, we have more Knowledge for data to do verification and also global watch list checks.
We want to make sure that we're not onboarding people who are on watch lists.
On PingOne Protect, uh, PingOne Protect is our risk and fraud signals product.
Uh, this is where you can protect against things like account takeover.
You can, uh, detect suspicious IP addresses.
You can detect other types of attacks like credential stuffing.
It helps protect our customers from identity attacks.
Some really cool stuff that we're gonna be doing here in this product as well, Um, the first of which is.
We'll use PingOne Protect to help detect good versus bad bots.
You know, it used to be that the word bot in the world, The world of identity used to just have purely a negative connotation.
We need to get rid of all the bots.
Bots are bad, but the reality is with AI agents, bots probably now.
Can be good too, so we're gonna need to know the difference between good and bad bots.
So we are working on with our PingOne Protect to introduce the notions of good and bad bots or to and so that you can treat them differently in your identity journeys.
Um, we're going to be introducing more advanced signals for new account fraud and.
Account takeover protections.
So the techniques we're going to employ, we're gonna, we're gonna expand our detection Techniques to use more graph-based relationships to enable richer detection Protection in the service.
And then finally we're working on making the products simpler for customers to just deploy Out of the box and as Andre said earlier, um, there's this concept of Universal Services.
These are the services that we make available to our Customers no matter which platform of Ping that you may be deploying, Whether that comes from Heritage Ping, it comes from Heritage Ford, Doesn't matter if it's SaaS or if it's software-based, these services will be available to you.
So PingOne Protect is just one such service.
And then finally, uh, one other area which is our part of our Neo Suite, Which is our verifiable credentials product decentralized.
Identity product.
Some additional things we're doing here, UM, issuance into third-party wallets, which is really important for interoperability.
Um, we also want to do verification from Platform-based wallets as well, and then Advanced delegation cases.
Um, Wallets are wallet-based identity is coming and so at Ping Identity we've been investing Here to make sure that you as customers are ready.
So those are roadmaps for some of the individual services that are comprised in Verified Trust, but we also have a roadmap for Verified Trust itself.
And what this is referring to is the integrated experience that we're going to deliver.
Into the PingOne Mobile app and our first priority is to introduce this, These integrated experiences that bring these multiple signals and capabilities together into A unified User Experience, the super app experience that Andre talked about.
Uh, the first is we're gonna be introducing verified onboarding and access, so as customers You won't have to worry about integrating these different disparate pieces together.
You just enable the capability, and it'll deliver a seamless experience to your users.
We're starting with PingID, the Mobile app.
The SDKs will come later in our roadmap.
Next is verified account recovery.
And reset, then followed by, Uh, the peer-to-peer capability as well.
So really excited about this vision to bring This all together, and then as Andre also mentioned, for those of you who are Heritage ForgeRock customers who may be deploying the ForgeRock-Authenticator, Our strategy is to unify all of that into Ping ID.
Uh, PingID will work now with the ForgeRock back end so that you can have one mobile app Experience regardless of which platform you're on.
OK, so that's verified Trust.
That's our answer about what we're doing.
About the threat of deep fakes and AI, the attacks on identity that are happening out There.
So I'm gonna switch gears now and talk about The agentic era.
So this is kind of talking a little bit more about the opportunity we see.
That AI agents are really, uh, bringing to the table, and the first thing I'd like to say is, You know, as I've thought about this transformation, I think we're all experiencing Right now, if for those of you who may be using ChatGPT or other, uh, LLM Based uh helpers if you will or co-pilots or other things like this.
If you kind of step back and think about what's happening in the world today, I would argue that the UI of the Internet is changing, and it's going from Search engines to answer engines to outcome engines.
And what do I mean by that?
Well, today, if you think about what we all Have been doing for many, many years, is we Have trained ourselves when we are trying to Access the internet.
We have trained ourselves to search with Keywords and get really, really good about putting the right combination of words to try to get a set of links returned to us that would give us the information we're looking for, Right?
And I think this is how we all interacted with the Internet.
That is changing, and it's changing now to where We don't just watch; we no longer search.
We ask questions, and we get answers, yes.
Sometimes the answers are hallucinated a little bit, but generally speaking they're pretty dang Good answers that we're getting, and it's cutting out this entire process where we are Searching for links, and we're investigating just, it's, It's really kind of cool you can just sort of give.
The, the, uh, LLM some context and say this is the question I'm asking; just give me an answer Or give me some options, and it's taking so much work out of the system, and this Mean by removing from Search Engines to answer Engines.
It's just giving us answers instead of search results, but what's next.
And this is where AI agents come into the picture is outcomes.
It's no longer just about search for something or get an answer, But it's actually do something, right?
It's not, hey, show me car insurance providers or now.
Tell me the best insurance providers as an answer.
It's now just go get me some new insurance that meets this criteria at this price.
The world is changing very, very rapidly, and this is the promise that AI agents really bring To us and, you know, of course, we'll go back to Mr.
Altman, and, you know, he's warning, let's, let's give minimum access to the agents.
Uh, this is the concept of least privilege.
I think for those of us in the Identity industry, we understand the concept of least Privilege and how important this is.
Um, and so we're focused on that too at, at Ping Identity.
So there's two critical concepts when it comes to AI and AI agents.
The first is identity for AI, and what we're talking about here is when you use the Ping Identity Platform to secure the AI agents.
The other is AI for identity, and this is where Ping is introducing AI into Our products using our Helix platform.
To help you automate identity in your environment and bring AI to it.
And so these are the two halves of AI that we, we see how you're using our products to secure AI, how Ping is bringing AI into our products.
So for identity for AI, if you look at what's needed to really secure and enable Identity for AI, you're going to see a lot of familiar words up on this slide, Identify, onboard, lifecycle manage, Authenticate, authorize, Monitor, audit, govern.
It's at the end of the day, it's just another identity type that we're dealing with today.
We deal with workforce identities, we deal with customer identities, We deal with partner identities.
Agents are just another Identity type using all the traditional methods of Identity to secure and enable them.
It's a form of non-human identity or NHI, and so it's just another type we have to deal with.
The good news in that statement is.
Generally speaking, there aren't a lot of new concepts involved in order to secure them Because we can repurpose a lot of existing functionality that exists in our Identity Platforms to deal with this new identity type.
On the other hand, when we look at AI for identity, what we're looking at here is a Different set of concerns.
So these are concerns that at Ping, For example, as developers of AI-based features in our products, We need to be worried about.
And so the Helix platform is our AI development platform inside our products that all of our Developers are using to build AI features.
And at Ping we took a really intentional approach to implementing AI in our products Where instead of just asking all of our developers, and we have about 700 of them now.
To just go put AI into the products, we actually said, No, you know, first we need to make sure we have a Centralized-Control and governance Framework to deliver AI safely into our products, and also as customers when you’re Doing business with us and you're contracting with us for AI features that you can know that We're doing it in a way that is well controlled and governed so we can comply with your TOS.
And so the concerns for AI for identity are a little bit different.
These are all the things our developers are concerned about agentic workflows.
It has to be developer-friendly.
Privacy and safety has to be built in, uh, it has to be consumed anywhere.
It has to have Future Support.
The reason this is important is while Ping ourselves are the first customer of Helix.
We want to open up Helix to our customers as well because we know that you'll want to Automate identity in your ways to tailor it to your business as well.
And so this is our strategy around Helix.
So I'm gonna take just a minute longer here on AI for Identity.
I'm gonna show you another demo.
Of using Helix, uh, of, of combining multiple concepts together here in One view.
So here's a screen we've got our PingOne administration panel here.
You can see on the right side there is.
Uh, a chat window where you can, you could type some natural language queries into it.
Ask it some questions, but in this demo we're going to bring in two additional concepts.
One is we're going to bring in the concept of voice, and we're also going to bring in the Concept of the actual UI itself.
And so the scenario here is.
We have an administrator who maybe doesn't know The product very well.
They want to adjust the MFA timeout for how long an MFA challenge is valid and adjust it from its setting to another setting.
So I'm going to go ahead and run the demo, so you can get an idea of how we can bring Multiple concepts together using Helix to accomplish that task.
Started the workflow to increase MFA frequency in an Authentication policy.
Please specify the policy you'd like to select.
I would like to use the default policy.
I'll now navigate to the settings of the selected policy by expanding the selected Policy and clicking on the Edit button.
Here you'll see the settings for the selected policy.
Please let me know if you have any questions or if you are ready to proceed.
I'm ready to continue.
The first checkbox here is the setting to Modify the frequency of MFA checks.
It is currently set to 24 hours.
Before we save this change, please note that reducing the MFA frequency means users will be Prompted to complete multi-factor authentication more often.
This can enhance security but may lead to user frustration if the frequency is too aggressive.
Especially for roles with frequent logins.
Thank you.
You're welcome.
Let me know if you have any more questions.
So, as you can see there, we're, we're again infusing multiple concepts together.
It's using AI to help you understand the product, to navigate the product, To give you advice.
It's, it's pretty cool what's gonna be possible and how deeply infused Helix is Products.
OK, so I'm just gonna finish up my presentation.
To talk a little bit more about identity for AI and AI agents, And the first thing I'd like to say is at Ping Identity we have been working on this for quite Some time.
As I said earlier, AI agents are another form or another type of identity.
It's an NHI.
Type we've been working on non-human Identity for quite some time.
We've got some great customers here in the region who are deploying our products to secure Things, uh, you know, uh, things that are connected that are not human all the time.
So we've been, we've been working on this since 2019.
And since AI agents are nothing more than another non-human type, We've basically already supported in our platforms.
The other thing that's been happening also simultaneously is the concept of complex Authorization, particularly in UK Open Banking and equivalent standards, Even if we look at the Pensions Dashboard presentation from earlier, Very complex authorization flows, and what's important about them is they're multi, Multi-party trust authorization scenarios that again, we've been working on for quite some Time, starting back with our support with Open Banking in 2019.
Why that one’s important is if you think about AI Agents and a user asking an AI Agent to Go interact with a Service on their behalf, that's effectively a multi-party trust scenario where the agent themselves is one of the parties in the trust chain.
So this is why these concepts come together actually enable Ping to really uniquely help You address the opportunity of AI agents.
And so at Ping, our view is it's not just about providing identity for AI or agent Identity.
It's also providing that user authorization, Importantly, keeping the human in the loop so that we provide identity for agents and trust For humanity, and I use the word Humanity here kind of intentionally because, You know, the, the, the possibilities of AI are endless, but we've got to make sure we keep it Human.
And AI agents, you know, a lot of folks, When they think about AI agents, we think about the risk side of it.
But there's a really other important half to the coin here, which is the commerce side of it.
AI agents represent an entirely new channel of commerce.
Just like if you think about bricks and mortar, you think about Web, You think about Mobile, all of these are channels that exist today.
AI agents are the next channel of commerce, just like those other ones are.
And so there's some implications here.
It's a new channel, as I said, it means what does customer relationship management even mean?
When your customer now is an agent, right?
So we have to start thinking in a more complex Terms, and that might mean we need more sophisticated tracking for customer experience or Agent experience.
Um, human in the loop, of course, is very important.
And then the other implications on the risk side of securing AI agents, You know, it's a new NHI type.
We need to make sure we have that authorization.
And governance as well, some of the traditional concepts that we need to deal with.
So at Ping, our approach is simple around Agent Identity or AI Agents.
It's.
Not only to secure them but to enable them as Well.
There are several different types of agents That we think about.
The two on the right are what we consider Enterprise Managed Agent types, And then the one on the left is Personal Agents, the ones that you are External Agents that your Customers are going to bring to you.
Um, in the enterprise Manage class we kind of see two types.
One is a digital assistant, one that helps your customers out on behalf of your company, and the other is a fully Autonomous digital worker.
And then, of course, the customer brings their agents, and you can have all kinds of Interactions.
And so if we look at this picture of how these Different agent types are interacting, there's a trust boundary here which would be your Organization.
In the case of personal agents, The user is in control of the Agent, and there's a trust boundary where it crosses into Your organization talking things like MCP and A2A to access resources.
And at Ping Identity, we provide all of the capabilities to enable this scenario, Everything from the end-user identity capability to agent authorization and regis, Uh, Authentication, Registration, Authorization, and then also keeping that human in the loop with consent.
For the digital assistant case, That trust boundary kind of moves one, because in this case, The user is still outside your organization, but the agent is now working on your behalf to Assist the customer.
And again, Ping has great solutions to help you.
Scena Uh secure and enable this scenario as well.
Everything from user identity, agent lifecycle management now enters the equation and of Course keeping the human in the loop.
And then finally for that fully Autonomous digital worker, Now you've got all of the actors and the objects inside your organizational boundaries, so that trust boundary is on the far left.
And again, Ping provides very rich solutions to enable this.
So regardless of which type of AI agent mode that you’re thinking about, And I think, for every customer out there, all three types are very relevant Great solutions now and we're, um, we have some, I'll, I'll tease in a little bit, Some great sessions later this afternoon to go into much more depth about how you can use Ping's products to do this.
So I'm gonna leave you with this final slide which talks about.
The roadmap for AI and again there's two halves to AI, So the roadmap for identity for AI.
So we are working right now, um, we today can support agent authentication and Authorization in Ping's products.
We're further productizing that capability to make it even more apparent to our customers.
We'll be releasing a lot of that here this quarter, uh, Q4.
Um, we also will be introducing the ability to Manage the AI agent life cycle in our products As well coming up early next year, And then also that detecting and protecting against good versus bad bots in our Protect Product is coming up in the first half.
And then for us at Ping introducing AI capabilities into our products, Uh, Q1, we're gonna be introducing that AI assisted administration and orchestration, That voice demo I showed you, we're not gonna be introducing the voice part of that at first, But that natural language chat interface to our products that's coming in Q1.
Uh, we're also gonna be enhancing our Identity Governance and our analytics and reporting Capability, which with much more natural language, uh, Capabilities first half of next year.
And then also, importantly, we know that you as customers may want to use agents to interact with our products, and so we'll be introducing MCP servers on our products as well, so that you Can interface with them successfully.
As I mentioned earlier, there's some great sessions coming up later on today, Um, don't miss these ones.
I think these are great ones.
So, uh, Diana Gerrard is going to talk a bit about passwordless and everything.
Um, that we need to deal with on PingOne Neo verification and decentralized identity.
Arnaud and Adam are gonna be talking in much more depth about how to really deploy IAM for um AI agents, mouthful to say.
And then finally, David Adams is gonna talk about machine identity support.
And that includes agent types in our products.
So a lot of great, Now these folks will get in a lot more detail than I did in my presentation.
But I encourage you to check it out.
And then finally, if you have questions about any of the other product stuff we've got.
A great team of Product Managers here today in our Trust Lab.
Go on downstairs near where I think the coffee is, and they’re there for you to answer any Question about any of the products we have.
We have a full complement of folks here to help.
Support you answer your questions.
So thank you very much.
Have a great rest of your conference, back to Alex.

AI agents are here, bringing incredible potential, but also real risks.
These Autonomous digital helpers handle tasks and make decisions without direct human Intervention.
So, can we extend trust to them?
At Ping Identity, we know digital trust must be earned and verified, Especially for Artificial Intelligence.
An AI agent should never impersonate humans, and a human should never give one access.
Direct credentials.
That's why we're building a solution specifically for AI agents.
We help you identify and authorize only the right AI agents.
Each agent gets its own secure, traceable, and policy-based identity.
We ensure they have just the access they need, only when they need it, With clear boundaries and expiration timers.
It's about empowering your AI while keeping you In control.
For critical tasks, human approval is essential.
Human in the loop authorization leverages built-in workflows to reduce risk, Ensure compliance, and provide trusted human oversight.
We also go beyond basic Good Bot, Bad Bot filtering.
We analyze intent and behavior to weed out legitimate AI agents from those with bad Intentions.
Ping Identity simplifies eugenic AI management.
With automated setup, tailored access, and easy deactivation, with continuous monitoring and Detailed audits, we keep your AI agents functioning as intended and your organization Secure.
Ping Identity empowers you to embrace the power of AI agents without constant worry, and gives you the clarity and control you need.
So your agents act with purpose and accountability, not risk.

Today's digital world requires that we elevate experience and security together without Compromising on either.
With customer identity and access management from Ping Identity, You can have both.
Many businesses face challenges with customer abandonment at sign-up and frustration during Login, while the business struggles with fraud and privacy compliance.
So when first impressions matter most, Ping Identity's progressive profiling reimagines the Registration process by asking for only the necessary information first and collecting Additional data over time.
Once a customer is registered, Ping Identity makes authentication easy with biometrics, Passkeys, or social logins.
Plus, your customers can gain frictionless access to multiple services or shop freely across your brand umbrella without having to create a separate profile or sign into a Different portal.
And all can rest assured that the personal Information and financial details.
Details shared during the transaction process are secured and protected by Ping Identity's Fraud prevention and risk monitoring solutions.
The Ping Identity platform uses AI-driven fraud detection that detects bots, Deep fakes and anomalies in real time to verify every digital moment.
Meanwhile, our adaptive risk-based authentication challenges those access attempts That tip the truck.
Threshold.
This reduces MFA fatigue while maximizing the customer experience for those with familiar Patterns of use.
Even better, decentralized Identity reduces risk by storing minimal personal identity Information to verify users.
And when it comes to compliance, Our consent management gives customers full control over their data and who has access to It.
Ultimately, when it comes to extraordinary Digital experiences, leading organizations and global enterprises trust Ping Identity.
So take the next step.
Connect with our team today to see how our World-class SIA solutions can transform your organization.

Honestly, we want to trust our coworkers, the voices on our calls, the faces in our meetings, but what happens when that trust can be manufactured?
In a world of deep fakes and hiring fraud, we can't rely on what we see or hear.
Digital trust must be earned and verified.
That's why Ping Identity is reimagining workforce identity around a simple principle, Verified trust, because when your people, systems, and data are constantly under attack, Identity can't be an afterthought.
It must be the foundation of your security, and the engine of your productivity.
By verifying new hires with a deepfake resistance selfie and government ID scan, You establish trust before granting access to sensitive systems.
Ping's workforce identity solutions are purpose built to secure every moment of the employee Journey from onboarding to Help Desk to access needs.
Ping makes it easy to verify identities without slowing anyone down, So your team stays productive, your system stays protected, and your business stays agile.
Ping Identity, verify trust for a more secure workforce.

Managing identities across third-party B2B relationships isn't just important, It's essential for the growth of your business.
Whether you're working with suppliers, Distributors, contractors, third parties, or business customers, Seamless and secure access is key to driving productivity, collaboration, and revenue.
Yet, the volume, complexity, and diverse access Needs of B2B Identity Partnerships often overwhelm identity systems, Leading to frustration with siloed identities, slow onboarding, and inefficient processes.
That's where Ping Identity comes in.
Ping Identity's B2B Identity solution helps you securely manage third-party access, Allowing your organization to scale quickly and efficiently.
With the Ping Identity platform's organization modeling, you can structure and organize Third-party partnerships to fit your business needs, giving you granular control over access Rights for.
Each partner or vendor.
Delegated administration empowers partners to manage their own users and permissions, While you maintain oversight and security, ensuring you can scale efficiently as your Relationship grows.
And because the Ping Identity platform Integrates seamlessly with your partners and applications; you can reduce onboarding times From months to just weeks or days.
With features like customized branding, Relationship management, and personalized login, you can deliver.
Tailored experiences that reduce fraud, build trust and boost conversions, All without compromising security.
Ping Identity protects against security risks.
Like unauthorized access or data breaches, while ensuring regulatory compliance.
All through one powerful platform.
With the Ping Identity platform, you're not just managing B2B Identity access, You're creating secure, efficient, and scalable relationships that fuel business growth.