Secrets Management stories

Machine accounts and AI agents are now eclipsing human users in many IT estates, prompting warnings that outdated identity controls are no longer enough.

Orca Security warns that AI credentials, vulnerable dependencies and lax pipeline controls are leaving production environments exposed across US and Europe.

Codenotary unveils AgentMon to help Chief Information Officers and security teams track AI agent behaviour, costs and policy risks.

AppOmni upgrades Heisenberg to help teams trace GitHub Actions and spot tainted dependencies after the LiteLLM supply chain breach.

BeyondTrust warns a surge of unsupervised AI agents is creating a hidden “shadow workforce” with admin-level access inside enterprises.

BeyondTrust expands Pathfinder to discover, govern and lock down proliferating enterprise AI agents, identities, privileges and secrets.

Aqua Security's Trivy GitHub Action was hijacked to ship infostealer code via CI/CD pipelines, exposing secrets across downstream users.

Oasis raises USD $120 million to expand its AI-first access control platform for non-human identities across large enterprises.

Entro launches AGA to map, monitor and control AI agents in enterprises, tackling shadow AI and non-human identity risks at scale.

Backslash adds cross-tool governance to discover, vet and monitor 'Skills' powering AI coding assistants like Cursor, Claude Code and Copilot.

Keeper launches KeeperDB to centralise zero-trust database access, hiding credentials and recording sessions within its existing security vault.

AI-fuelled coding drives record 29 million hardcoded secrets on GitHub in 2025, with leaks from AI tools and services surging sharply.

1Password unveils Unified Access to secure AI agents and machine credentials, promising endpoint-to-agent visibility for security teams.

Okta sets out blueprint and tools to corral workplace AI agents, promising tighter discovery, access control and rapid kill switches.

Entrust unveils cloud-based cryptographic security platform to centralise key, certificate and secrets management across hybrid IT estates.

Keeper Security has kicked off a global identity-first cybersecurity campaign as it enters a third season backing the Atlassian Williams F1 team.

Attackers are ditching malware for stolen identities, misconfigurations and abused AI tools, Google warns in its latest cloud threat report.

JFrog warns 13 GitHub CI/CD workflow flaws, mostly critical, could let attackers hijack pipelines and steal secrets at scale.

Claude Code flaws found by Check Point could let malicious repos run code and grab API keys before developers confirm a project is trusted.

Keeper launches native Jira integrations to tie security incident workflows directly to privileged access approvals while retaining zero-knowledge controls.