Defakto Security Named a 2025 Gartner® Cool Vendor™ in Identity-First Security

Get Started

December 18, 2025

Real-World Lessons

TruffleNet and Cloud Abuse at Scale: An Identity Architecture Failure

The recent TruffleNet campaign, first documented by Fortinet, highlights a familiar and uncomfortable truth for security leaders: some of the most damaging cloud attacks aren’t exploiting zero-day vulnerabilities. They’re exploiting identity models that were never designed for the scale and automation of modern cloud environments. Nothing about this attack was novel. That’s precisely the problem. …

August 1, 2025

AI

When AI Knew Too Much: A Cautionary Tale About Agentic Systems Without Guardrails

July 31, 2025

Real-World Lessons

Wiz’s Base44 Vulnerability Findings Spotlight a Fixable Gap: Non-Human Identity

July 16, 2025

Real-World Lessons

Another Day, Another Leaked API Key — This Time, It’s xAI

July 11, 2025

Real-World Lessons

McDonald’s McHire Breach Shows Why APIs Need Non-Human Identity and Strong Auth

July 9, 2025

CI/CD

Want Control Over Secrets? Start with Your Strategic Control Point: CI/CD.

June 30, 2025

Identity

Secret Sprawl: Understand It To Reduce Your Risk

June 19, 2025

Real-World Lessons

Asana’s MCP Bug Wasn’t Unique — It Was a Sign of What’s Coming

June 17, 2025

AI

AI’s Security Problem Isn’t AI — It’s Everything Around It

June 9, 2025

Identity

NHI, Agentic AI & the Future of Identity: Recapping Identiverse 2025

May 29, 2025

AI

The Rise of AI Agents Is an Identity Crisis in Disguise

May 6, 2025

Company

KuppingerCole Recognizes Defakto, formerly known as SPIRL, as a 2025 Rising Star in Non-Human Identity Security

May 2, 2025

Real-World Lessons

Grok’s Key Leak Proves It: Static Secrets Don’t Belong in Code