New independent research: Most enterprises aren’t fully ready to secure autonomous AI agents →

TRY AEMBIT
TALK TO AN ENGINEER
Blog
Blog
Blog
X

Blog

Author: Apurva Davé

service accounts

The Real Risk Behind Service Accounts (And Why Nobody’s Watching Them) 

While companies pour resources into securing employee accounts with MFA, zero trust and regular access reviews, service accounts still get created with static credentials, granted sweeping permissions and then left unmanaged. This creates a growing population of identities that operate outside traditional IAM controls.
Apurva Davé
Mar 2026
|
6 min read
Trivy gets breached and the secrets problem.

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access.
Apurva Davé
Mar 2026
|
5 min read
AI Agent Identity Security: Why It Matters and How to Get It Right

AI Agent Identity Security: Why It Matters and How to Get It Right

AI agent identity security is the set of practices and controls that treat AI agents as distinct, governable identities with their own authentication, authorization and audit requirements.
Apurva Davé
Mar 2026
|
5 min read
secret remediation best practices

Secret Remediation Best Practices: A Step-by-Step Guide

Secret remediation is the process of responding to an exposed credential by revoking it, rotating it and removing every trace of it from your environment.
Apurva Davé
Mar 2026
|
6 min read
The OWASP Top 10 for LLM Applications 2025

The OWASP Top 10 for LLM Applications (2025): Explained Simply

The OWASP Top 10 for LLM Applications is the most widely referenced framework for understanding these risks. First released in 2023, OWASP updated the list in late 2024 to reflect real-world incidents, emerging attack techniques and the rapid growth of agentic AI.
Apurva Davé
Mar 2026
|
6 min read
Risks of Agentic AI

6 Cybersecurity Risks of Agentic AI (and How to Address Them)

Agentic AI introduces new cybersecurity risks, primarily concerning autonomous identity, tool chain exposure, and cascading compromises, requiring security teams to urgently adopt least-privilege identity frameworks and real-time monitoring designed specifically for self-directed, persistent workloads.
Apurva Davé
Jan 2026
|
6 min read
MCP vs Traditional API Security

MCP vs. Traditional API Security: Key Differences

Securing MCP requires a fundamentally different approach than traditional API security.
Apurva Davé
Dec 2025
|
6 min read
What is Agentic AI

What Exactly Is Agentic AI (and Why It Matters Now)

Agentic AI systems act autonomously to achieve goals, planning multi-step tasks and adapting to changing conditions.
Apurva Davé
Nov 2025
|
5 min read
JIT Access for Wordkloads

Just-in-Time Access for Workloads: Eliminating Standing Privileges

JIT access replaces the common practice of issuing and locally storing keys with a workflow that evaluates a workload’s rights every time it tries to access sensitive data.
Apurva Davé
Nov 2025
|
7 min read
The Promise and Perils of Agentic AI: Autonomy at Scale

The Promise and Perils of Agentic AI: Autonomy at Scale

How do you govern entities that can learn, adapt, and act independently while maintaining security and compliance?
Apurva Davé
Nov 2025
|
7 min read
Load More