March 26, 2026
Real-World Lessons
Chain Reaction: How One Stolen Token Tore Through Five Ecosystems
Why Your Static Credentials Are a Ticking Time Bomb The TeamPCP campaign, one of the largest credential theft campaigns of 2026, began with a compromise in Trivy. A security tool trusted to scan for vulnerabilities and leaked secrets was weaponized against the very environments it was meant to protect. Instead of catching exposed credentials, it …
February 4, 2026
Real-World Lessons
AI Agents Don’t Need Better Secrets. They Need Identity.
December 18, 2025
Real-World Lessons
TruffleNet and Cloud Abuse at Scale: An Identity Architecture Failure
December 15, 2025
AI
Your AI Agents Aren’t Hidden. They’re Ungoverned. It’s time to Act
November 24, 2025
AI
AI Attack Automation Is Here. And It’s Coming for Your Credentials.
November 13, 2025
Company
Defakto Security Named a 2025 Gartner® Cool Vendor™ in Identity-First Security
November 12, 2025
Uncategorized
AI, SPIFFE, and the Rise of Non-Human Identity: Takeaways from Workload Identity Day 0
November 7, 2025
Real-World Lessons
From Reaction to Resilience: Why Breaches Keep Repeating Themselves
October 21, 2025
Company
Defakto Secures $30.75 M Series B to Set a New Standard in Non-Human Identity Security
October 11, 2025
Company
Introducing Defakto: The Future of Non-Human Identity Security
September 29, 2025
Identity
Authentication is not Authorization: Why treating them as the same breaks your security model
September 17, 2025
Real-World Lessons
Shai-Hulud npm Supply Chain Attack: Why Secrets Fueled the Worm
September 2, 2025
Real-World Lessons