Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today’s man-in-the-middle (MitM) attacks go far beyond coffee-shop Wi-Fi: they target browsers, APIs, device enrollments, and DNS infrastructure. Using automated proxykits and supply-chain flaws, attackers hijack session cookies, tokens, and device credentials—turning one interception into persistent, high-value access. Concerningly, these are not edge cases.

Security and engineering teams today face a tough balance: protecting sensitive resources while keeping developers productive. As organizations shift from on-prem to the cloud, access management becomes one of the biggest challenges. With more identities—human and non-human—gaining access to more resources across hybrid environments, the risks rise.

Identity-related threats are draining time and resources faster than security teams can keep up. The challenge is no longer just about stopping breaches; it’s about keeping up with the scale of alerts and risks. On average, organizations spend 11 person-hours investigating each identity-related security alert. Meanwhile, credential theft has soared 160% in 2025, making privileged accounts and non-human identities (NHIs) a prime target for attackers.

The Shai‑Hulud worm and the Nx / S1ngularity attacks show how token‑stealing malware, vulnerable workflows, and always‑on elevated permissions allow cascading compromise. Enforcing JIT access on repository, organization owner/admin roles, and team‑based inherited permissions sharply reduces exposure, limits damage, and strengthens audit/compliance posture.

The Shai‑Hulud worm and the Nx / S1ngularity attacks show how token‑stealing malware, vulnerable workflows, and always‑on elevated permissions allow cascading compromise. Enforcing JIT access on repository, organization owner/admin roles, and team‑based inherited permissions sharply reduces exposure, limits damage, and strengthens audit/compliance posture.

APIs are the foundation of modern applications, and attackers know it well. A single misconfigured endpoint or exposed token can give adversaries a direct path into sensitive systems and data across your environment. Your already overburdened security teams can’t afford to miss what may be their fastest-growing attack surface. How fast-growing is the threat?

We’re excited to announce the launch of our MCP server for end users, designed to boost engineering productivity while keeping security strong. Engineers often know exactly what they need to do—deploy to a new environment, spin up a workload, investigate logs—but not which permissions translate into those tasks. That leads to two common problems: The result is wasted time, frustrated teams, and an inflated attack surface from unnecessary standing privileges.

The Drift OAuth breach didn’t just expose one SaaS vendor — it exposed a systemic blind spot: the sprawling, ungoverned world of Non-Human Identities. In case you missed it, in August 2025, attackers from UNC6395 exploited compromised OAuth tokens from Salesloft’s Drift integration—an AI chat tool—to access and exfiltrate data from Salesforce, including credentials like AWS keys and Snowflake tokens.

Modern enterprises run on automation. But behind every line of code deploying infrastructure, moving data, or triggering workflows is something often overlooked: a non-human identity (NHI). These NHIs—service accounts, machine credentials, API tokens, CI/CD integrations—outnumber human users by orders of magnitude. And they’re everywhere. Yet in too many organizations, they’re still unmanaged, invisible, and dangerously overprivileged.