The security team said yes: How a $300B investment firm deployed Claude agents across the enterprise →

TRY AEMBIT
TALK TO AN ENGINEER
Blog

Tag: Secrets

Illustration of a computer monitor in an office workspace displaying a ransomware-style warning message tied to the Canvas and Instructure data breach, surrounded by desks, office equipment, and a blurred corporate office environment.

The Canvas Breach Shows What Happens When SaaS Platforms Become Identity Infrastructure

The response to the Canvas breach revealed how much modern institutions still depend on long-lived credentials, shared trust layers, and persistent access between systems.
Dan Kaplan
May 2026
|
6 min read
Access granted.

5 Capabilities of Workload Access Managers – And Why WAM Isn’t WIM

Workload access management isn’t identity management – it enforces access and eliminates credentials. Learn the five core WAM capabilities
Apurva Davé
May 2026
|
10 min read
5 Secrets Manager Alternatives for Securing Non-Human Identities

5 Secrets Manager Alternatives for Securing Non-Human Identities

Secrets managers store credentials but can’t close the access gaps that multicloud workloads and AI agents create. Five alternatives can.
Dan Kaplan
Apr 2026
|
6 min read
Dynamic Authorization vs Static Secrets: Rethinking Cloud Access Controls

Dynamic Authorization vs. Static Secrets: Rethinking Cloud Access Controls

Hardcoded credentials and shared tokens give attackers ongoing access. Dynamic authorization replaces them with real-time decisions.
Dan Kaplan
Apr 2026
|
6 min read
Dark horizontal diagram showing a “Delete Resource” action enabled by a redacted access token, leading to a production database dissolving and a “resource permanently deleted” warning.

How a Long-Lived API Credential Let an AI Agent Delete Production Data

An agent behaved like a true insider threat. Unmanaged API keys made those mistakes devastatingly consequential. Both can be true at the same time.
Dan Kaplan
Apr 2026
|
4 min read
encryption keys vs access keys

Managing Encryption Keys vs. Access Keys

Modern infrastructure depends on keys: encryption and access. They’re not the same, and treating them the same quietly introduces risk.
Dan Kaplan
Apr 2026
|
6 min read
API Keys vs. JWTs: Choosing the Right Auth Method for Your API

API Keys vs. JWTs: Choosing the Right Auth Method for Your API

Not all credentials are created equal. Compare API keys and JWTs across security, scalability, and fit for modern workload authentication.
Ashur Kanoon
Apr 2026
|
5 min read
Credentials insights from Verizon DBIR Report

Credential and Secrets Theft: Insights from the 2025 Verizon Data Breach Report

The 2025 Verizon DBIR confirmed what security teams already suspect: credential theft is outpacing the defenses most organizations have in place.
Dan Kaplan
Apr 2026
|
5 min read
moving beyond static credentials

Moving Beyond Static Credentials in Cloud-Native Environments

Static credentials were never built for cloud-native environments, and the gaps they leave behind are exactly what attackers count on.
Ashur Kanoon
Apr 2026
|
5 min read
Connectivity of boxes

Secrets Management vs. Access Management: What You Need to Know

When your team stores API keys in a vault and rotates them on a schedule, it feels like the access problem is handled.
Apurva Davé
Apr 2026
|
5 min read
Load More