New independent research: Most enterprises aren’t fully ready to secure autonomous AI agents →

TRY AEMBIT
TALK TO AN ENGINEER
Blog
Blog
Blog
X

Blog

Tag: Secrets

Trivy gets breached and the secrets problem.

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

The Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access.
Apurva Davé
Mar 2026
|
5 min read
secret remediation best practices

Secret Remediation Best Practices: A Step-by-Step Guide

Secret remediation is the process of responding to an exposed credential by revoking it, rotating it and removing every trace of it from your environment.
Apurva Davé
Mar 2026
|
6 min read
Secrets management vs. secrets elimination

Secrets Management vs. Secrets Elimination: Where Should You Invest?

Most organizations still treat credentials as something that must be protected, stored, and rotated. But a second model is quietly reshaping how machine authentication works: eliminate static secrets altogether and authenticate workloads using identity and just-in-time access.
Dan Kaplan
Mar 2026
|
6 min read
The Ultimate Guide to MCP Security Vulnerabilities

The Ultimate Guide to MCP Security Vulnerabilities

SPIFFE focuses on who a workload is. It issues cryptographic identities to services and workloads so they can prove their authenticity to each other without relying on stored secrets. OAuth focuses on what a workload is allowed to do. It defines how access is delegated and controlled when one service needs to interact with another or call an external API.
Ashur Kanoon
Mar 2026
|
7 min read
Secrets figuratively spilling out of LexisNexis.

How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment

Details shared by the attacker suggest the intrusion expanded beyond the initial application through permissions that allowed access to dozens of internal credentials.
Dan Kaplan
Mar 2026
|
3 min read

Aembit Connects AI and Workload Access to AWS Secrets Manager

Aembit’s AWS Secrets Manager integration makes it easier to protect AI and workload access today – and evolve toward short-lived, policy-driven authentication.
Ashur Kanoon
Oct 2025
|
4 min read
Secrets Sprawl is Killing DevOps Speed — Here's How to Fix It

Secrets Sprawl is Killing DevOps Speed – Here’s How to Fix It

Secrets sprawl forces developers into constant rework while leaving organizations exposed to the exact security risks they’re trying to prevent.
Dan Kaplan
Oct 2025
|
5 min read
Red Hat GitLab instance breach analysis with thumbnail of code on a laptop.

Red Hat’s GitLab Breach and the Cost of Embedded Credentials

The incident shows how repositories double as inadvertent credential stores, extending risk from vendors into customer environments.
Dan Kaplan
Oct 2025
|
3 min read
Why Hybrid Windows Security Fails

Why Hybrid Windows Environments are Still a Security Blind Spot

Most enterprises struggle with hybrid Windows security gaps. Discover workload identity federation and conditional access to eliminate blind spots.
Ashur Kanoon
Sep 2025
|
5 min read
Are you suffering from credentialitis with doctor asking.

We’ve Identified a New IT Ailment. It’s Called Credentialitis – And It’s Spreading Fast

Credentialitis isn’t just a clever name. It’s a real condition plaguing modern IT teams. Dr. Seymour Keys is here to walk you through the symptoms, the screening, and the treatment.
Dan Kaplan
Sep 2025
|
2 min read
Load More