March 26, 2026
Real-World Lessons
Chain Reaction: How One Stolen Token Tore Through Five Ecosystems
Why Your Static Credentials Are a Ticking Time Bomb The TeamPCP campaign, one of the largest credential theft campaigns of 2026, began with a compromise in Trivy. A security tool trusted to scan for vulnerabilities and leaked secrets was weaponized against the very environments it was meant to protect. Instead of catching exposed credentials, it …
May 2, 2025
Real-World Lessons
Grok’s Key Leak Proves It: Static Secrets Don’t Belong in Code
April 15, 2025
AI
Agentic AI Without Secrets, Part 3 – Making it Real
April 7, 2025
AI
Securing AI Agents in the Real World: A Case Study – Part 2 of 3
March 26, 2025
Standards
Workload Identity – Key Takeaways from IETF 122
March 14, 2025
Secret Sprawl
It’s 2025. Let’s Talk About Secrets Sprawl
March 14, 2025
Standards
Join us at IETF Bangkok
March 12, 2025
Identity
Defakto Wins Best CyberSecurity Startup in 2025 Cybersecurity Excellence Awards
March 4, 2025
Real-World Lessons
Lessons from the Snowflake Breach: Moving Past the Age of Secrets
February 24, 2025
Secret Sprawl
“Don’t break prod,” and why your secrets are future outages
February 19, 2025
AI