Secrets Management stories

Machine accounts and AI agents are now eclipsing human users in many IT estates, prompting warnings that outdated identity controls are no longer enough.

Keeper Security has upgraded KeeperPAM with remote browser isolation, multi-tab support and AI session monitoring to better secure web-based privileged access.

Orca Security warns that AI credentials, vulnerable dependencies and lax pipeline controls are leaving production environments exposed across US and Europe.

Codenotary unveils AgentMon to help Chief Information Officers and security teams track AI agent behaviour, costs and policy risks.

AppOmni upgrades Heisenberg to help teams trace GitHub Actions and spot tainted dependencies after the LiteLLM supply chain breach.

BeyondTrust warns a surge of unsupervised AI agents is creating a hidden “shadow workforce” with admin-level access inside enterprises.

BeyondTrust expands Pathfinder to discover, govern and lock down proliferating enterprise AI agents, identities, privileges and secrets.

Aqua Security's Trivy GitHub Action was hijacked to ship infostealer code via CI/CD pipelines, exposing secrets across downstream users.

Oasis raises USD $120 million to expand its AI-first access control platform for non-human identities across large enterprises.

Entro launches AGA to map, monitor and control AI agents in enterprises, tackling shadow AI and non-human identity risks at scale.

Keeper launches KeeperDB to centralise zero-trust database access, hiding credentials and recording sessions within its existing security vault.

AI-fuelled coding drives record 29 million hardcoded secrets on GitHub in 2025, with leaks from AI tools and services surging sharply.

1Password unveils Unified Access to secure AI agents and machine credentials, promising endpoint-to-agent visibility for security teams.

ControlPlane launches enterprise support for OpenBao as IBM's USD $6.4 billion HashiCorp deal drives demand for open source Vault alternatives.

Entrust unveils cloud-based cryptographic security platform to centralise key, certificate and secrets management across hybrid IT estates.

Keeper Security has kicked off a global identity-first cybersecurity campaign as it enters a third season backing the Atlassian Williams F1 team.

Attackers are ditching malware for stolen identities, misconfigurations and abused AI tools, Google warns in its latest cloud threat report.

JFrog warns 13 GitHub CI/CD workflow flaws, mostly critical, could let attackers hijack pipelines and steal secrets at scale.

Claude Code flaws found by Check Point could let malicious repos run code and grab API keys before developers confirm a project is trusted.

Keeper launches native Jira integrations to tie security incident workflows directly to privileged access approvals while retaining zero-knowledge controls.