Secrets Management stories

DTEX warns that AI agents controlled via Telegram and WhatsApp can quietly access files, expose credentials and exfiltrate data from endpoints.

Check Point says Anthropic's Claude Code can quietly stash credentials in .claude/settings.local.json, which may be published in public npm packages.

LevelBlue says unsanctioned AI agents are slipping into enterprise systems, creating a hidden governance and security blind spot for businesses.

AI coding accelerates software delivery, but security teams struggle to keep up as more code, alerts and manual checks pile up.

Grafana Labs rolls out Grafana 13 and a Loki overhaul as it pushes open observability, Kubernetes support and simpler dashboarding.

Chainguard and Cursor strike partnership to embed verified open source dependencies into AI coding, aiming to curb supply chain risks at machine speed.

Tenable warns a GitHub Actions bug in Microsoft's Windows-driver-samples repo could let attackers run code and steal secrets via public issues.

Vercel says an attack on a third-party AI tool let hackers hijack a staff Google Workspace account and reach internal systems.

Machine accounts and AI agents are now eclipsing human users in many IT estates, prompting warnings that outdated identity controls are no longer enough.

Orca Security warns that AI credentials, vulnerable dependencies and lax pipeline controls are leaving production environments exposed across US and Europe.

Avocado urges Australian firms to tighten repository security as the ACSC reissues a high alert on active supply chain attacks and secrets sprawl.

Codenotary unveils AgentMon to help Chief Information Officers and security teams track AI agent behaviour, costs and policy risks.

Dubber trims observability run costs by 25% after shifting to Grafana Cloud, simplifying metrics, logs and monitoring across its global platform.

AppOmni upgrades Heisenberg to help teams trace GitHub Actions and spot tainted dependencies after the LiteLLM supply chain breach.

BeyondTrust warns a surge of unsupervised AI agents is creating a hidden “shadow workforce” with admin-level access inside enterprises.

BeyondTrust expands Pathfinder to discover, govern and lock down proliferating enterprise AI agents, identities, privileges and secrets.

Aqua Security's Trivy GitHub Action was hijacked to ship infostealer code via CI/CD pipelines, exposing secrets across downstream users.

Oasis raises USD $120 million to expand its AI-first access control platform for non-human identities across large enterprises.

Entro launches AGA to map, monitor and control AI agents in enterprises, tackling shadow AI and non-human identity risks at scale.

Keeper launches KeeperDB to centralise zero-trust database access, hiding credentials and recording sessions within its existing security vault.