breach analysis Archives

The Canvas Breach Shows What Happens When SaaS Platforms Become Identity Infrastructure

Dan Kaplan | May 12, 2026 | Authentication, breach analysis, breaches, Secrets, Workload Identity

6 min readThe breach involving Instructure, the company behind the Canvas learning management system used by thousands of schools and universities worldwide, arrived at a particularly bad moment for educational institutions. Final ...

Aembit

How a Long-Lived API Credential Let an AI Agent Delete Production Data

Dan Kaplan | April 28, 2026 | AI Workloads, APIs, breach analysis, Secrets

4 min readWhat began as a routine staging task for a SaaS startup ended in a disaster that would have been unthinkable just months ago: an AI agent operating as a super ...

Aembit

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

Apurva Dave | March 23, 2026 | breach analysis, breaches, Secrets, Workload Identity

6 min readThe Trivy incident exposed a credential architecture failure, not just a supply chain one. Here’s the case for workload identity and access. The post The Trivy Compromise: The Fallacy of ...

Aembit

How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment

Dan Kaplan | March 4, 2026 | breach analysis, breaches, Secrets, Workload Identity, zFeatured

3 min readLegal AI solutions provider LexisNexis has confirmed a massive breach of its AWS environment According to reports, initial access was gained by exploiting the “React2Shell” vulnerability in an unpatched React ...

Aembit

Agents Aren’t People: What the ServiceNow Vulnerability Reveals About Agentic AI Access Control

Dan Kaplan | January 16, 2026 | access, Agentic AI, breach analysis, breaches

3 min readEnterprise security teams are beginning to encounter a category of access failure that feels unfamiliar only because its consequences arrive faster than expected. Systems that once required multiple steps, approvals, ...

Aembit

CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems

Dan Kaplan | November 26, 2025 | Agentic AI, breach analysis, breaches, Workload Identity

3 min readAs AI platforms grow more complex and interdependent, small failures can cast long shadows. That’s what happened inside the open-source CrewAI platform, where a vulnerability in its error-handling logic surfaced ...

Aembit

The lifecycle of the cyberattack, showing the move from human-led targeting to largely AI-driven attacks using various tools (often via the Model Context Protocol; MCP). At various points during the attack, the AI returns to its human operator for review and further direction.

Anthropic’s AI-Run Attack and What It Means for Agentic Identity

Dan Kaplan | November 18, 2025 | Agentic AI, breach analysis, breaches, Workload Identity

6 min readAnthropic's disclosure of an AI-driven espionage campaign it halted is best understood as a faster, more persistent version of patterns the industry has seen before. What distinguishes this incident is ...

Aembit

Red Hat’s GitLab Breach and the Cost of Embedded Credentials

Dan Kaplan | October 3, 2025 | breach analysis, breaches, CI-CD, Secrets

3 min readOpen-source software giant Red Hat has confirmed that one of its GitLab instances, dedicated to consulting engagements, was breached. The attackers, a group calling itself “Crimson Collective,” claim to have ...

Aembit

When Salesforce Becomes a De Facto Credential Repository: Lessons from the Drift OAuth Breach

Dan Kaplan | August 29, 2025 | breach analysis, breaches, identities, OAuth

3 min readThis malicious campaign demonstrates how long-lived token theft can become the first step in a much broader breach. The post When Salesforce Becomes a De Facto Credential Repository: Lessons from ...

Aembit

Vault Fault: Secrets Managers and the Limits of Centralized Trust

Dan Kaplan | August 20, 2025 | AI, AI Workloads, breach analysis, Secrets, workloads

3 min readRecent flaws in Conjur and Vault highlight the risks of concentrating trust in a single repository – and why workload IAM may offer a more resilient path forward. The post ...

Aembit

breach analysis

The Canvas Breach Shows What Happens When SaaS Platforms Become Identity Infrastructure

How a Long-Lived API Credential Let an AI Agent Delete Production Data

The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity

How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment

Agents Aren’t People: What the ServiceNow Vulnerability Reveals About Agentic AI Access Control

CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems

Anthropic’s AI-Run Attack and What It Means for Agentic Identity

Red Hat’s GitLab Breach and the Cost of Embedded Credentials

When Salesforce Becomes a De Facto Credential Repository: Lessons from the Drift OAuth Breach

Vault Fault: Secrets Managers and the Limits of Centralized Trust

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On