The recent disclosure of 14 vulnerabilities in CyberArk Conjur and HashiCorp Vault, “which protect virtually every Fortune 500 organization,” deserves close examination, not only for what it reveals about these particular systems, but also for what it suggests about the architecture of secrets management itself.
Researchers at Cyata demonstrated that in both products, flaws in authentication and plug-in design could be chained to achieve remote code execution without valid credentials. In one instance, a single unauthenticated API call was sufficient to obtain full control of the vault.
The vulnerabilities varied in nature. In Conjur, a default integration with Amazon Web Services allowed an authentication bypass that let attackers impersonate any AWS identity and escalate to remote code execution. In Vault, researchers identified nine flaws across popular authentication methods such as LDAP and multifactor authentication. One particularly severe issue permitted malicious plugins to be loaded, providing persistent access and even enabling attackers to invert Vault’s encryption mechanism in a ransomware-style attack that would effectively lock the organization out of its own secrets.
Together, these weaknesses showed that common configurations and default behaviors could be leveraged for complete compromise. The vulnerabilities are now patched, but the episode underscores the structural risks that arise when every key, token, and credential is gathered into a single repository. The vault becomes an indispensable control point, but it also becomes a high-value target whose compromise results in sweeping consequences.
The Role and Constraints of Secrets Managers in the Cloud & AI Era
It is important to recognize that secrets managers remain highly effective for the tasks they were designed to perform. They safeguard static credentials, automate rotation, and provide auditable storage. In legacy or less flexible environments where long-lived credentials remain in use, secrets managers play an essential role in protecting and rotating them.
The challenge is that as computing shifts toward distributed workloads, ephemeral infrastructure, and multi-cloud deployments, the limitations of a purely secrets-centric model become more visible. The technology is stretched beyond its original mandate, and gaps appear, particularly around the permissions, policies, or workflows that determine who – or what – gets access across a dynamic environment.
This is particularly evident with the rise of agentic AI. Traditional vaults assumed static management, predictable workloads, and human oversight. Agentic AI upends those assumptions, acting in real time, across changing contexts, and beyond human scale – conditions static credentials cannot meet.
How Workload IAM Can Help Remove the Risk
Workload identity and access management (IAM) addresses those shortfalls by inverting the problem. Instead of storing a large inventory of secrets and distributing them to workloads as needed, Workload IAM validates the identity of the workload itself in real time, then grants short-lived access according to policy and context.
This approach reduces the number of static secrets that must be managed, while simultaneously narrowing the blast radius of any compromise. If a workload is misused, the impact is confined to that specific identity and its active session, rather than to the entirety of the organization’s secrets store.
Workload IAM does not extract all risk. If IAM policies are misconfigured or workarounds are put in place, an attacker can still gain access. The difference is that vault breaches expose all secrets at once, while IAM compromises typically are narrower in scope, provide a central control control mechanism and are easier to detect. Key to this is that Workload IAM systems start with the objective of providing short-lived credentials to authenticated workloads just-in-time per task or request, giving them a more continuous form of control over access when compared to vaults.
The contrast thus is not between “good” and “bad” technologies, but between different modes of trust. Secrets managers centralize trust in a vault and require careful protection of that vault above all else. Workload IAM distributes trust by grounding it in verified workload attributes (federated identity), dynamic environmental conditions (conditional access or MFA for machines) and policy evaluation at the moment of access. The former is indispensable for certain scenarios, while the latter provides resilience in environments where scale, speed, heterogeneity, and agentic AI–driven automation make vault-only strategies precarious.
Takeaways from Vault Vulnerabilities
For security leaders, the lesson from the Conjur and Vault disclosures is therefore twofold. First, patch management and monitoring of vault systems must be treated as urgent, ongoing priorities. Shoring up holes before attackers can exploit them will forever be priority number one in a situation like this.
Second, reliance on secrets managers alone should be reconsidered. By introducing Workload IAM alongside existing vaults (such as in this use case), organizations can reduce their dependency on long-lived credentials, constrain the consequences of compromise, and better align access control with the fluid nature of modern computing.
The objective is not to discard one tool in favor of another, but to recognize that the security of non-human identities requires more than a central vault. It requires a layered model in which secrets managers retain their place, but where identity-driven controls ensure that access is conditional, contextual, and ephemeral.
