The Last Login by Kai London
10:47 p.m. A login succeeds. Twenty minutes later, a single criminal holds the keys to 134 organisations. That was Okta — and, in pattern, Change Healthcare, MGM, Marks & Spencer, Transport for London and Jaguar Land Rover. The decisive failure was never exotic malware. It was an identity that logged in when it should have been challenged.
One doctrine: VERIFY · LIMIT · DETECT · PROVE.
Verify trust continuously; limit the blast radius; detect the attacker inside the boundary in seconds; and prove — to the board, the regulator, and the court — that the control held. By the last page you will be able to:
Answer the board's five identity questions
With evidence, not assurance.
Score crown-jewel identities
Use the Identity Blast Radius Calculator and harden the ones that could end the company first.
Build Conditional Access that proves itself
Verify every login, contain every compromise, and prove every control operated.
Run the 90-Day Board-Survivable Roadmap
And the first-hour Breach Replay Protocol when it matters most.
Govern machines and AI agents
The fastest-growing, worst-controlled identity class of all.
Keep it on the desk
Framework diagrams, a Conditional Access policy library, KQL detections, a KRI library, 25 board questions and a sourced incident register.
Govern the login. Limit the blast. Detect the movement. Prove the control.
About the author
Professor Kai London — CISSP, CISM.
An internationally recognised cybersecurity executive, board advisor and Founder & CEO of Quantum AI Systems Security LLC, writing at the convergence of AI, governance and operational resilience. Honorary Professor and Researcher at UCL.