Meet Aembit IAM for Agentic AI. See what’s possible →

TRY AEMBIT
Blog
Blog
Blog
X

Blog

Category: Breach Analysis

A blurred software error message on a computer screen showing an exception response with a visible token value.

CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems

The exposure demonstrates how ordinary errors can reveal internal credentials and how stronger limits on scope and lifespan can contain the impact.
3 min read
Claude Code external UI.

Anthropic Disruption of an AI-Run Attack and What It Means for Agentic Identity

The incident demonstrates how autonomous behavior reshapes intrusion patterns when identity is not clearly assigned or enforced.
4 min read
Red Hat GitLab instance breach analysis with thumbnail of code on a laptop.

Red Hat’s GitLab Breach and the Cost of Embedded Credentials

The incident shows how repositories double as inadvertent credential stores, extending risk from vendors into customer environments.
3 min read
Businessperson interacting with CRM data.

When Salesforce Becomes a De Facto Credential Repository: Lessons from the Drift OAuth Breach

This malicious campaign demonstrates how long-lived token theft can become the first step in a much broader breach.
3 min read
Vault with a warning sign superimposed.

Vault Fault: Secrets Managers and the Limits of Centralized Trust

Recent flaws in Conjur and Vault highlight the risks of concentrating trust in a single repository – and why workload IAM may offer a more resilient path forward.
3 min read
A person vibe codes

When Identifiers Aren’t Identities: Security Lessons from the Base44 AI Vibe Coding Flaw

The vulnerability shows how modern application development is accelerating without bringing access controls along for the ride.
3 min read
Man typing code.

What the xAI Key Leak Teaches Us About Secrets – And How to Fix Them

One careless push unlocked 52 AI models, but the real story is how to keep this from happening again.
3 min read
Workload to workload breach prevention.

5 Non-Human Identity Breaches That Workload IAM Could Have Prevented

Each breach exploited a gap in how workloads authenticate and access resources.
5 min read
Image of back of developer working at three computers.

GitHub Action tjactions/changed-files Supply Chain Breach Exposes NHI Risks in CI/CD

Long-lived credentials and secrets fueled the attack.
4 min read
Image of lock on top of computer hardware

BeyondTrust Breach Exposes API Key Abuse Risks

When a single API key compromise spiraled into a broader attack, it exposed how overlooked non-human identities can become gateways for escalating threats.
3 min read
Load More