New independent research: Most enterprises aren’t fully ready to secure autonomous AI agents →

TRY AEMBIT
TALK TO AN ENGINEER
Blog
Blog
Blog
X

Blog

Tag: Breaches

Claude Code external UI.

Anthropic’s AI-Run Attack and What It Means for Agentic Identity

Anthropic’s disclosure of an AI-driven espionage campaign it halted is best understood as a faster, more persistent version of patterns the industry has seen before. What distinguishes this incident is the continuity of activity an autonomous system can sustain once it is given the ability to interpret its surroundings and act on that understanding.
Dan Kaplan
Mar 2026
|
6 min read
Trivy gets breached and the secrets problem.

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access.
Apurva Davé
Mar 2026
|
5 min read
Secrets figuratively spilling out of LexisNexis.

How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment

Details shared by the attacker suggest the intrusion expanded beyond the initial application through permissions that allowed access to dozens of internal credentials.
Dan Kaplan
Mar 2026
|
3 min read
Man working on laptop with ServiceNow software running.

Agents Aren’t People: What the ServiceNow Vulnerability Reveals About Agentic AI Access Control

A ServiceNow impersonation flaw illustrates how agentic systems turn weak identity assumptions into durable access paths across enterprise environments.
Dan Kaplan
Jan 2026
|
3 min read
Aembit engineer Sebastian working on computers while looking at camera.

When the Vendor Becomes the Customer: Building Internal Tools on an Agentic IAM Platform

A project to improve test visibility meant using Aembit the same way customers do, in a real deployment environment where software runs unattended and requires trusted access to external services.
Dan Kaplan
Jan 2026
|
4 min read
A blurred software error message on a computer screen showing an exception response with a visible token value.

CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems

The exposure demonstrates how ordinary errors can reveal internal credentials and how stronger limits on scope and lifespan can contain the impact.
Dan Kaplan
Nov 2025
|
3 min read
Red Hat GitLab instance breach analysis with thumbnail of code on a laptop.

Red Hat’s GitLab Breach and the Cost of Embedded Credentials

The incident shows how repositories double as inadvertent credential stores, extending risk from vendors into customer environments.
Dan Kaplan
Oct 2025
|
3 min read
Businessperson interacting with CRM data.

When Salesforce Becomes a De Facto Credential Repository: Lessons from the Drift OAuth Breach

This malicious campaign demonstrates how long-lived token theft can become the first step in a much broader breach.
Dan Kaplan
Aug 2025
|
3 min read
Image of back of developer working at three computers.

GitHub Action tjactions/changed-files Supply Chain Breach Exposes NHI Risks in CI/CD

Long-lived credentials and secrets fueled the attack.
Dan Kaplan
Mar 2025
|
4 min read
Open physical lock sitting on a laptop keyboard.

OWASP’s Top Security Risks for Non-Human Identities and How to Address Them

We deep dive into the first-ever NHI threat list – exploring each risk, real-world breaches that prove the threat is real, and how to defend against them.
Dan Kaplan
Mar 2025
|
5 min read
Load More