Read the latest about compliance & security

Learn from experts, understand everything you need to know about compliance, and find answers to your pressing security questions.

How a Single GitHub Issue Title Compromised 4,000 Developer Machines
10 min read

How a Single GitHub Issue Title Compromised 4,000 Developer Machines

A prompt injection in a GitHub Issue title hijacked Cline's AI triage bot, stole npm tokens, and silently installed a rogue AI agent on 4,000 developer machines. The era of AI-installing-AI supply chain attacks has arrived.

Ben Kim
Ben Kim
Team Member
How a Single GitHub Issue Title Compromised 4,000 Developer Machines
Nx Package Supply Chain Attack: In-Depth Analysis of a Global Security Crisis Starting from GitHub Actions Vulnerability
Aug 28, 2025

Nx Package Supply Chain Attack: In-Depth Analysis of a Global Security Crisis Starting from GitHub Actions Vulnerability

Nx Package Supply Chain Attack: In-Depth Analysis of a Global Security Crisis Starting from GitHub Actions Vulnerability

Ben Kim
Ben Kim
Team Member
The 2025 Cybersecurity Landscape: Download the Full Report
May 29, 2025

The 2025 Cybersecurity Landscape: Download the Full Report

The 2025 Cybersecurity Landscape: Download the Full Report

Ben Kim
Ben Kim
Team Member
A Study on Secret Exposure Cases within Vercel Environment Frontend Code: AWS, Stripe, Github Keys Were Exposed
Apr 27, 2025

A Study on Secret Exposure Cases within Vercel Environment Frontend Code: AWS, Stripe, Github Keys Were Exposed

A Study on Secret Exposure Cases within Vercel Environment Frontend Code: AWS, Stripe, Github Keys Were Exposed

Ben Kim
Ben Kim
Team Member
OWASP NHI5:2025 - Overprivileged NHI In-Depth Analysis and Management
Apr 25, 2025

OWASP NHI5:2025 - Overprivileged NHI In-Depth Analysis and Management

OWASP NHI5:2025 - Overprivileged NHI In-Depth Analysis and Management

Ben Kim
Ben Kim
Team Member
Beyond Lifecycle Management: Why Continuous Secret Detection is Non-Negotiable for NHI Security
Apr 23, 2025

Beyond Lifecycle Management: Why Continuous Secret Detection is Non-Negotiable for NHI Security

Beyond Lifecycle Management: Why Continuous Secret Detection is Non-Negotiable for NHI Security

Ben Kim
Ben Kim
Team Member
OWASP NHI4:2025 Insecure Authentication Deep Dive Introduction: The Era of Non-Human Identities Beyond Humans
Apr 22, 2025

OWASP NHI4:2025 Insecure Authentication Deep Dive Introduction: The Era of Non-Human Identities Beyond Humans

OWASP NHI4:2025 Insecure Authentication Deep Dive Introduction: The Era of Non-Human Identities Beyond Humans

Ben Kim
Ben Kim
Team Member
Securing Your Software Pipeline: The Role of Secret Detection
Apr 18, 2025

Securing Your Software Pipeline: The Role of Secret Detection

Securing Your Software Pipeline: The Role of Secret Detection

Ben Kim
Ben Kim
Team Member
Navigating the Expanding AI Universe: Deepening Our Understanding of MCP, A2A, and the Imperative of Non-Human Identity Security
Apr 16, 2025

Navigating the Expanding AI Universe: Deepening Our Understanding of MCP, A2A, and the Imperative of Non-Human Identity Security

Navigating the Expanding AI Universe: Deepening Our Understanding of MCP, A2A, and the Imperative of Non-Human Identity Security

Ben Kim
Ben Kim
Team Member
Stop Secrets Sprawl: Shifting Left for Effective Secret Detection
Apr 14, 2025

Stop Secrets Sprawl: Shifting Left for Effective Secret Detection

Stop Secrets Sprawl: Shifting Left for Effective Secret Detection

Ben Kim
Ben Kim
Team Member
Hidden Dangers: Why Detecting Secrets in S3 Buckets is Critical
Apr 14, 2025

Hidden Dangers: Why Detecting Secrets in S3 Buckets is Critical

Hidden Dangers: Why Detecting Secrets in S3 Buckets is Critical

Ben Kim
Ben Kim
Team Member
Rising Data Breach Costs: Secret Detection's Role
Apr 4, 2025

Rising Data Breach Costs: Secret Detection's Role

Rising Data Breach Costs: Secret Detection's Role

Ben Kim
Ben Kim
Team Member
Human vs. Non-Human Identity: The Key Differentiators
Apr 1, 2025

Human vs. Non-Human Identity: The Key Differentiators

Human vs. Non-Human Identity: The Key Differentiators

Ben Kim
Ben Kim
Team Member
Wake-Up Call: tj-actions/changed-files Compromised NHIs
Mar 25, 2025

Wake-Up Call: tj-actions/changed-files Compromised NHIs

Wake-Up Call: tj-actions/changed-files Compromised NHIs

Ben Kim
Ben Kim
Team Member
Behind the Code: Best Practices for Identifying Hidden Secrets
Mar 18, 2025

Behind the Code: Best Practices for Identifying Hidden Secrets

Behind the Code: Best Practices for Identifying Hidden Secrets

Ben Kim
Ben Kim
Team Member
OWASP NHI1:2025 Improper Offboarding- A Comprehensive Overview
Mar 3, 2025

OWASP NHI1:2025 Improper Offboarding- A Comprehensive Overview

OWASP NHI1:2025 Improper Offboarding- A Comprehensive Overview

Ben Kim
Ben Kim
Team Member
Stop the Sprawl: Introducing Cremit’s AWS S3 Non-Human Identity Detection
Feb 25, 2025

Stop the Sprawl: Introducing Cremit’s AWS S3 Non-Human Identity Detection

Stop the Sprawl: Introducing Cremit’s AWS S3 Non-Human Identity Detection

Ben Kim
Ben Kim
Team Member
Build vs. Buy: Making the Right Choice for Secrets Detection
Feb 25, 2025

Build vs. Buy: Making the Right Choice for Secrets Detection

Build vs. Buy: Making the Right Choice for Secrets Detection

Ben Kim
Ben Kim
Team Member
Bybit Hack Analysis: Strengthening Crypto Exchange Security
Feb 18, 2025

Bybit Hack Analysis: Strengthening Crypto Exchange Security

Bybit Hack Analysis: Strengthening Crypto Exchange Security

Ben Kim
Ben Kim
Team Member
OWASP NHI2:2025 Secret Leakage – Understanding and Mitigating the Risks
Feb 18, 2025

OWASP NHI2:2025 Secret Leakage – Understanding and Mitigating the Risks

OWASP NHI2:2025 Secret Leakage – Understanding and Mitigating the Risks

Ben Kim
Ben Kim
Team Member
OWASP NHI3:2025 - Vulnerable Third-Party NHI
Feb 4, 2025

OWASP NHI3:2025 - Vulnerable Third-Party NHI

OWASP NHI3:2025 - Vulnerable Third-Party NHI

Ben Kim
Ben Kim
Team Member
6 Essential Practices for Protecting Non-Human Identities
Dec 5, 2024

6 Essential Practices for Protecting Non-Human Identities

6 Essential Practices for Protecting Non-Human Identities

Ben Kim
Ben Kim
Team Member
Vigilant Ally: Helping Developers Secure GitHub Secrets
Nov 19, 2024

Vigilant Ally: Helping Developers Secure GitHub Secrets

Vigilant Ally: Helping Developers Secure GitHub Secrets

Ben Kim
Ben Kim
Team Member
Credential Leakage Risks Hiding in Frontend Code
Nov 17, 2024

Credential Leakage Risks Hiding in Frontend Code

Credential Leakage Risks Hiding in Frontend Code

Ben Kim
Ben Kim
Team Member
Cremit Joins AWS SaaS Spotlight Program
Nov 6, 2024

Cremit Joins AWS SaaS Spotlight Program

Cremit Joins AWS SaaS Spotlight Program

Ben Kim
Ben Kim
Team Member
Introducing Probe! Cremit's New Detection Engine
Aug 3, 2024

Introducing Probe! Cremit's New Detection Engine

Introducing Probe! Cremit's New Detection Engine

Ben Kim
Ben Kim
Team Member
Understanding the OWASP Non-Human Identities (NHI) Top 10 Threats
Apr 9, 2024

Understanding the OWASP Non-Human Identities (NHI) Top 10 Threats

Understanding the OWASP Non-Human Identities (NHI) Top 10 Threats

Ben Kim
Ben Kim
Team Member
DevSecOps: Why start with Cremit
Mar 18, 2024

DevSecOps: Why start with Cremit

DevSecOps: Why start with Cremit

Ben Kim
Ben Kim
Team Member
Customer Interview: Insights from ENlighten
Mar 4, 2024

Customer Interview: Insights from ENlighten

Customer Interview: Insights from ENlighten

Ben Kim
Ben Kim
Team Member
What Is Secret Detection? A Beginner’s Guide
Feb 26, 2024

What Is Secret Detection? A Beginner’s Guide

What Is Secret Detection? A Beginner’s Guide

Ben Kim
Ben Kim
Team Member
Microsoft Secrets Leak: A Cybersecurity Wake-Up Call
Oct 23, 2023

Microsoft Secrets Leak: A Cybersecurity Wake-Up Call

Microsoft Secrets Leak: A Cybersecurity Wake-Up Call

Ben Kim
Ben Kim
Team Member
Secret Sprawl and Non-Human Identities: The Growing Security Challenge
Oct 22, 2023

Secret Sprawl and Non-Human Identities: The Growing Security Challenge

Secret Sprawl and Non-Human Identities: The Growing Security Challenge

Ben Kim
Ben Kim
Team Member