Modern security architecture assumes a clean world: apps sit behind ingress, users authenticate via an IdP, and OIDC tokens flow neatly through services. Reality is messier. Many applications still can’t speak OIDC, many IdPs still don’t fully support passkeys, and teams end up running mixed-generation systems with inconsistent identity and session models. On top of that, while “AI integration” is heavily marketed across security tools, practical and reliable AI-driven enforcement is still weak, hard to trust, and often difficult to operationalize.
This talk maps out today’s common ingress and IdP patterns, reviews OIDC token flows and what they actually guarantee, and explains the failure modes that appear in real deployments: legacy apps, partial SSO adoption, brittle redirects, token leakage risks, and abuse by both unauthenticated traffic and valid users. We’ll then introduce Gateryx WAF as a pragmatic layer that helps bridge these gaps by enforcing protections at the edge: request normalization, policy controls, rate limits, abuse mitigation, and strong observability, even when identity and automation aren’t “perfect” yet.