EPISODE · Jun 24, 2026 · 19 MIN
The Identity Gap Behind Nearly Every Breach | A Brand Spotlight Conversation with Kevin Surace, CEO of TokenCore
from The ITSPmagazine Podcast · host ITSPmagazine Their Story, Sean Martin, Kevin Surace, TokenCore
For most of the internet's life, proving identity has meant proving something you know or something you hold: a password, a code, a text message. Kevin Surace, CEO of TokenCore, argues that era is closing fast. As one of the people who helped invent the AI assistant at General Magic, he has a clear view of why the same technology now makes faces and voices simple to fake. Why isn't MFA enough? Because it protects a weak foundation. A decade-old paper mapped fifteen ways to defeat SMS codes, auth apps, and push approvals. Few attackers bothered with them until platforms like Salesforce and Microsoft made those methods mandatory. Now the attack has moved to where the door is. Surace walks through one of the common methods: an AI-written phishing email from a service you already trust, a PDF, and a pixel-perfect login page generated in moments. The credentials you enter relay to an attacker who is logging into the real site in real time. The push prompt asks if it is you, you approve, and the intruder is inside within minutes. The numbers back it up. Palo Alto Networks Unit 42 found that roughly ninety percent of successful intrusions over the past year involved hacked identity, almost all of them MFA or auth apps. The people compromised had privileged access, which means they had MFA in place. So what actually works? Surace makes the case for biometric-assured identity, a category Gartner projects growing into a twelve billion dollar market. TokenCore ties access to a fingerprint stored only on your device, the exact domain your account lives on, and physical proximity over a short-range wireless link. Look-alike domains never register, remote relays never get close enough, and the company never holds your biometric. The hardware comes as a ring, a portable, or a node about the size of an AirTag, and it is FIDO2 compatible, so it works with existing single sign-on. Most customers go passwordless once it is running. The reaction Surace hears most often from security leaders is that they can finally sleep at night. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Kevin Surace, Chief Executive Officer, TokenCore LinkedIn: https://www.linkedin.com/in/ksurace/ RESOURCES Learn more about TokenCore: https://www.tokencore.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Kevin Surace, TokenCore, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, biometric assured identity, identity security, multi-factor authentication, MFA bypass, phishing resistant authentication, FIDO2, credential theft, passwordless, deepfake, AI security, account takeover, Unit 42, Gartner Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
What this episode covers
Roughly ninety percent of successful breaches now begin by defeating the identity layer, and the multi-factor tools most companies just finished rolling out are exactly what attackers are walking through. Kevin Surace explains how AI turned faces, voices, and one-time codes into easy forgeries, and what it takes to prove a real human is the one logging in.
NOW PLAYING
The Identity Gap Behind Nearly Every Breach | A Brand Spotlight Conversation with Kevin Surace, CEO of TokenCore
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m