The security team said yes: How a $300B investment firm deployed Claude agents across the enterprise →

TRY AEMBIT
TALK TO AN ENGINEER
Blog

Tag: Breaches

Illustration of a computer monitor in an office workspace displaying a ransomware-style warning message tied to the Canvas and Instructure data breach, surrounded by desks, office equipment, and a blurred corporate office environment.

The Canvas Breach Shows What Happens When SaaS Platforms Become Identity Infrastructure

The response to the Canvas breach revealed how much modern institutions still depend on long-lived credentials, shared trust layers, and persistent access between systems.
Dan Kaplan
May 2026
|
6 min read
OWASP's Top 10 Security Risks for Non-Human Identities

OWASP’s Top Security Risks for Non-Human Identities and How to Address Them

Non-human identities outnumber human users 144 to 1, yet most security programs overlook them. The OWASP NHI Top 10 maps the risks.
Dan Kaplan
Apr 2026
|
5 min read
Credentials insights from Verizon DBIR Report

Credential and Secrets Theft: Insights from the 2025 Verizon Data Breach Report

The 2025 Verizon DBIR confirmed what security teams already suspect: credential theft is outpacing the defenses most organizations have in place.
Dan Kaplan
Apr 2026
|
5 min read
Claude Code external UI.

Anthropic’s AI-Run Attack and What It Means for Agentic Identity

Anthropic’s disclosure of an AI-driven espionage campaign it halted is best understood as a faster, more persistent version of patterns the industry has seen before. What distinguishes this incident is the continuity of activity an autonomous system can sustain once it is given the ability to interpret its surroundings and act on that understanding.
Dan Kaplan
Mar 2026
|
6 min read
Trivy gets breached and the secrets problem.

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access.
Apurva Davé
Mar 2026
|
5 min read
Secrets figuratively spilling out of LexisNexis.

How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment

Details shared by the attacker suggest the intrusion expanded beyond the initial application through permissions that allowed access to dozens of internal credentials.
Dan Kaplan
Mar 2026
|
3 min read
Man working on laptop with ServiceNow software running.

Agents Aren’t People: What the ServiceNow Vulnerability Reveals About Agentic AI Access Control

A ServiceNow impersonation flaw illustrates how agentic systems turn weak identity assumptions into durable access paths across enterprise environments.
Dan Kaplan
Jan 2026
|
3 min read
Aembit engineer Sebastian working on computers while looking at camera.

When the Vendor Becomes the Customer: Building Internal Tools on an Agentic IAM Platform

A project to improve test visibility meant using Aembit the same way customers do, in a real deployment environment where software runs unattended and requires trusted access to external services.
Dan Kaplan
Jan 2026
|
4 min read
A blurred software error message on a computer screen showing an exception response with a visible token value.

CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems

The exposure demonstrates how ordinary errors can reveal internal credentials and how stronger limits on scope and lifespan can contain the impact.
Dan Kaplan
Nov 2025
|
3 min read
Red Hat GitLab instance breach analysis with thumbnail of code on a laptop.

Red Hat’s GitLab Breach and the Cost of Embedded Credentials

The incident shows how repositories double as inadvertent credential stores, extending risk from vendors into customer environments.
Dan Kaplan
Oct 2025
|
3 min read
Load More