Non-Human Identity
Identity Access Management Strategy for Non-Human Identities
Build an identity and access management strategy for non-human identities. Secure service accounts, workloads, and machine identities in the cloud.
MOST POPULAR
all tags
other
Identity Access Management Strategy for Non-Human Identities
Build an identity and access management strategy for non-human identities. Secure service accounts, workloads, and machine identities in the cloud.
A Mini Shai-Hulud Targeting the SAP Ecosystem
7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP's Node.js packages — and it's still active. Here's what GitGuardian found.
The Bot Left a Fingerprint: Detecting and Attributing LLM-Generated Passwords
LLMs leave statistical fingerprints in the passwords they generate. We built a 100-year-old model to find them and detected 28,000 in the wild.
Short-Lived Credentials in Agentic Systems: A Practical Trade-off Guide
Understand where short-lived credentials reduce risk in agentic systems and where operational complexity requires stronger monitoring and governance controls.
What the Mythos-Ready Briefing Says About Credentials
The Mythos-ready briefing names secrets rotation, NHI governance, and honeytokens as critical controls. Zero-days don't replace credential attacks; they accelerate them. Credential security deserves to move up every CISO's priority list.
@bitwarden/cli - GitGuardian Views on helloworm00
GitGuardian analysis of the @bitwarden/cli compromise: GitHub used as C2, new Cloudflare exfiltration domain found, linked to April 22 Checkmarx KICS compromise via Dependabot.
No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours
Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines.
Top 11 Identity Orchestration Tools and Platforms for 2026
Compare the best identity orchestration tools and platforms for 2026. Covers orchestration engines, identity fabrics, NHI exposure prevention, and more to unify and secure your IAM stack.
SnowFROC 2026: Secure Defaults, Real Trust, and a Better Layer on Top
This year's Devner OWASP event showed why modern AppSec depends on secure defaults, stronger provenance, and security controls that appear where developers make decisions.
Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too
Vercel's Context.ai breach exposed environment variables that weren't marked sensitive. Learn how to pull and scan your secrets with GitGuardian.
ATLSECCON 2026: Context, Identity, and Restraint in Modern Security
From AI agents to identity abuse, ATLSECCON 2026 focused on how security teams can reduce exposure, improve visibility, and make trust enforceable while moving ever faster.
AI Agents Authentication: How Autonomous Systems Prove Identity
AI agents need to authenticate with numerous systems, making AI authentication a crucial security boundary that determines blast radius, revocability, and long-term governance risk.
