Since the widespread launch of GPT-3.5 in November of last year, we’ve seen a meteoric rise in generative AI (GenAI) tools, along with an onslaught of security concerns from both countries and companies around the globe. Tech leaders like Apple have warned employees against using ChatGPT and GitHub Copilot, while other major players like Samsung have even go so far as to completely ban GenAI tools. Why are companies taking such drastic measures to prevent data leaks to LLMs, you may ask?

San Francisco, CA, August 4, 2023—Nightfall AI, the leader in cloud data leak prevention (DLP), announces the launch of the industry’s first complete data security platform designed specifically for Generative AI (GenAI).

Data breaches loom large for organizations big and small. On top of being incredibly time-consuming, they can lead to legal damages, shattered customer trust, and severe financial fallout—and that’s just the tip of the iceberg. ‍ ‍ Laws and technologies are constantly evolving, which means that, in turn, security strategies must always adapt to keep up.

Nightfall’s recent “State of Secrets” report uncovered that collaboration, communication, and IT service tools have the highest risk of data exposure, particularly in industry-leading SaaS apps like Slack and GitHub. This trend highlights an incredibly pervasive (yet often overlooked) risk in cloud cybersecurity: Data sprawl.

While Gen AI tools are useful conduits for creativity, security teams know that they’re not without risk. At worst, employees will leak sensitive company data in prompts to chatbots like ChatGPT. At best, attack surfaces will expand, requiring more security resources in a time when businesses are already looking to consolidate. How are security teams planning to tackle the daunting workload? According to a recent Morgan Stanley report, top CIOs and CISOs are also turning to AI.

What is it: Agentless architecture refers to platforms and services that are built to run as cloud-native applications. They require no installation, patching, or other forms of long term upkeep on the part of a user. Why it matters: Agentless applications, especially agentless security applications have a lower total cost of ownership (TCO), in terms of man-hours saved in deployment, maintenance, and overhead.

We're excited to share that Nightfall has been named as a Leader in Data Security in G2's Summer '23 rankings. Huge thank you to our customers and supporters who made this possible, and to our dedicated team who works so hard to keep their cloud data safe. This year has been busy, with the release of our Zendesk Integration, which provides market-leading AI-powered DLP to the most widely used customer support platform.

CircleCI is a platform that enables continuous integration and delivery of software projects. It allows teams to automate their software development process by building, testing, and deploying their code changes in a consistent and reliable manner. In this blog post, we will explore the Tactics/Techniques/Procedures (TTP) of how environment variables that house sensitive credentials and secrets can be exfiltrated using Circle CI.

With this short guide we will explain how you can add data loss prevention (DLP) as code to communications services like Twilio and SendGrid in a few lines of code, helping ensure your customer communications remain compliant.

When looking for programmatic secrets, it’s not easy to figure out what is truly sensitive and how high-risk it is. There are many different types of secrets and credentials, and the context makes a difference. For example, there could be public URLs with tokens in them, public UUIDs, or credentials used in frontend code — these could all be considered API keys or secrets, but not necessarily at the same degree of sensitivity/severity as something like AWS credentials.