Workload identity federation has come to AI agents. The agentic identity era starts here. Using API Keys to access AI platforms was never going to survive the agentic era. Anthropic’s support for ...

Why Your Static Credentials Are a Ticking Time Bomb The TeamPCP campaign, one of the largest credential theft campaigns of 2026, began with a compromise in Trivy. A security tool trusted to ...

Last week, Wiz disclosed a major security exposure involving Moltbook, an AI agent social network. A misconfigured database exposed 1.5 million API keys, each one capable of fully impersonating an agent on ...

The recent TruffleNet campaign, first documented by Fortinet, highlights a familiar and uncomfortable truth for security leaders: some of the most damaging cloud attacks aren’t exploiting zero-day vulnerabilities. They’re exploiting identity models ...

Anthropic’s recent report on “disrupting AI espionage” paints a clear picture of the next frontier in cybersecurity: attack automation. Attackers are now using large language models (LLMs) like Claude and connecting them ...

Every week, a new breach headline reminds us of the same painful truth: attackers aren’t getting more creative, we’re just leaving the same doors wide open.The names change, but the pattern is ...

Shai-Hulud: Why the Future of Security Means Leaving Key Rotation Behind A new worm, ominously named “Shai-Hulud” after the giant sandworms in Dune, has torn through the npm ecosystem. It began with packages like @ctrl/tinycolor, downloaded ...

The Salesforce / Salesloft Drift breach shows OAuth tokens, API keys, and passwords are toxic data. Attackers targeted AWS and Snowflake keys proving the credential model is broken ...