• Product

    Product Overview

    Discover, secure and manage AI agents & NHIs

    Learn more

    CAPABILITIES

    Discover

    Maintain real-time inventory of all AI agents, MCP servers, and NHIs, with context to understand risk and business usage.
    Secure

    Identify and remediate AI agents and NHIs with excessive privileges, vulnerable configurations, abnormal activity, and policy violations.
    Deploy — powered by ACP (Agent Control Plane)

    Provision secure-by-design AI agents with short-lived credentials, just-in-time, precisely scoped access, and policy at creation.

    Supported environments

    Astrix logo: five black and white interlocking loops, symbolizing secure non-human identity and NHI Management leadership.
    A vibrant, ribbon-loop logo in blue, green, yellow, orange, and pink. Astrix: the leader in NHI security and service account protection.
    Astrix, the leading NHI Security platform, expertly manages the security of non-human identities. Alt text: Black silhouette of a featureless cat inside a circle, resembling the GitHub logo.
    Astrix, the leading NHI security platform, ensures robust protection and management for non-human identities.
    Astrix is the leading platform in NHI Management and Service Account Security. *Alt Text: A white ship's wheel symbol inside a blue hexagonal shape, representing leadership in non-human identity security.*.
    A geometric logo with interlocking shapes in red, green, blue, and yellow on a transparent background representing Astrix. Astrix: The leading platform for NHI Management and service account security solutions.
    Astrix, the leading NHI security platform, showcases a blue gradient abstract shape akin to a stylized mountain on white background.
    Blue circular icon with antennae, stylized non-human face; Astrix: the leading NHI Management and service account security platform.
    Astrix is the leading NHI Security platform, providing top-tier service account and non-human identity management solutions.
    Astrix: the leading NHI security platform, safeguarding non-human identities and service account integrity.
    Astrix: Leading platform for NHI Management and service account security.
    Astrix: The leading NHI Security platform, ensuring robust service account and non-human identity protection. Alt text: Blue Windows logo with four rectangles forming a window shape on a transparent background.
    more
  • Use Cases

    AI AGENTS

    Discovery and Governance for AI Agents
    Discovery & Governance for AI Agents

    Set policy to resolve hygiene issues, reduce attack surfaces and prevent compliance violations.

     Agentic Threat Detection & Response (ATDR)
    Access & Lifecycle Management for AI Agents

    Manage AI agents and their NHIs from provisioning to decommissioning.

     Agentic Access & Lifecycle Mgmt
    Agentic Threat Detection & Response (ADR™)

    Detect and respond to threats such as compromised credentials and out-of scope agent actions.

    non-human identities

    NHI Discovery & Governance

    Control and enforce policies across your NHI attack surface.
    NHI Lifecycle Management

    Manage NHIs from provisioning to decommissioning.
    Non-Human ITDR

    Detect and respond to suspicious NHI activity & 3rd party breaches.
    Secret Management

    Centralized secret management across vaults & cloud.
    Third-Party Risk Management

    Discover and assess third-party apps & vendors accessing your environment
  • Company

    COMPANY

    About Us

    The industry leader in AI Agent and Non-Human Identity security
    Careers

    The latest job opportunities

    Partners

    Explore partnership opportunities
    News

    Company announcements and press
    Contact Us

    Ask us anything
    The NHI Security Conference

    Watch the sessions on-demand

    Customer Stories

    Astrix is the leading NHI Security platform, safeguarding non-human identities in service account environments. Alt text: Astrix logo with a focus on securing non-human identities and service accounts.
    Workday

    HRTech

     A red sphere with white bands, symbolizing secure NHI Management by Astrix, the leader in NHI and service account security.
    Xerox

    Technology

     Orange HubSpot logo on a light background. Astrix is the leading platform for NHI Management and service account security.
    HubSpot

    Tech - CRM

     Astrix: The leading platform for NHI Management, securing non-human identities and service accounts efficiently. Alt Text: A stylized lowercase blue letter "b" with an orange dot above the upper right curve on a transparent background, representing Astrix, the leading NHI Security platform.
    Boomi

    Technology

     Astrix is the leading platform in NHI Management and service account security, safeguarding your non-human identity assets.
    BigID

    Cybersecurity

     Astrix: Leading NHI Security Platform with Advanced Non-Human Identity Management.
    Workato

    Technology

     Astrix is the leading platform for NHI Management and service account security. Alt text: A black Celtic knot design, showcasing a circular pattern with interconnected loops and swirls.
    Mercury

    Digital Banking

     Astrix's logo: A blue-striped triangular play button with overlapping shapes, embodying our leadership in NHI security. Alt text: Blue-striped triangular play button logo with overlapping shapes, symbolizing three-dimensionality and Astrix's NHI security expertise.
    Pagaya

    Fintech

     Dark green geometric logo with two diamonds forming a hexagon. Atrix: The Leading NHI Security Platform.
    RevMed

    Biotech

     Astrix's blue geometric house icon symbolizes excellence as the leading NHI Security platform.
    Guesty

    Tech - Real Estate
    More customer stories
  • Learn

    Resources

    AI agent & NHI glossary

    Resources

    Blog

    The latest on AI agent & NHI threats, products stories and more
    Events

    Meet Astrix at industry leading events
    Videos

    Watch on-demand sessions and expert insights

    News

    The latest company announcements and press
    Customer Stories

    How our customers secure their NHIs with Astrix
    Whitepapers

    Latest reports and whitepapers about NHI security
    Explore all

    AI agent & NHI glossary

    Agentic AI

    What is Agentic AI and related NHI risks
    Model Context Protocol

    Core concepts, functional components, and technical capabilities
    Service Accounts

    What are they & common vulnerabilities

    Machine Credentials

    How attackers exploit them & how to prevent it

    OAuth Tokens

    The risks they pose & how to secure them
    Non-human identities

    Definition, common use, and why they're important to secure
    Explore all

    WHAT’S NEW

    Meet Astrix’s AI Agent Control Plane (ACP)
    Astrix’s Agent Control Plane (ACP): Secure AI Agents from Day One
    GPT-5 Makes AI Agents Easy — Astrix Secures Their Access
    Case Study – How a Major Brand Expanded from NHI Security to AI Agent Governance
Book a demo

ShadyPanda Browser Extension Campaign — and How Astrix Helps Organizations Stay Ahead

Oleg Mogilevsky December 2, 2025
ShadyPanda Browser Extension Campaign — and How Astrix Helps Organizations Stay Ahead

New research from Koi Security has exposed a long-running malicious browser extension operation dubbed “ShadyPanda.” This campaign has quietly persisted for seven years, infecting over 4.3 million users via malicious Google Chrome and Microsoft Edge extensions.

This discovery serves as a stark reminder of the risk posed by unmanaged browser extensions. While often viewed as simple productivity tools, extensions function as powerful integrations with extensive access to sensitive corporate data.

Here is what happened, and how Astrix customers stay protected.

What happened: The ShadyPanda Campaign

The report identifies roughly 30 variants of browser extensions distributed by ShadyPanda. These extensions are often disguised as utility tools such as PDF converters or cleaners, to establish a foothold in affected environments. Once installed, these extensions didn’t just block ads or clear caches; they acted as Remote Code Execution (RCE) backdoors and spyware.

The scope of data exfiltration is alarming. The malicious extensions were designed to harvest:

  • Full Browsing Visibility Every URL visited and complete browsing history.
  • Navigation Patterns HTTP referrers that show how users move across the web.
  • Fingerprinting User agents, screen resolution, timestamps, and platform data.
  • Persistent Tracking Perhaps most dangerously, they inject a UUID4 identifier (stored in chrome.storage.sync) that survives across devices and sessions, allowing the actor to build a permanent profile of the user.

These data points enable long-term tracking, profiling, and cross-device persistence. The extensions also functioned as backdoors capable of executing remote commands through malicious C2 infrastructure.

The Enterprise Risk Explained

One of the primary culprits identified in the campaign is an extension titled “Clean Master: the best Chrome Cache Cleaner”.
While the extension claims to optimize browser performance, it actually grants the threat actor “Access to All Resources.”

For an enterprise, this means that if an employee installs this on a work profile, the threat actor potentially gains visibility into internal SaaS platforms, proprietary data, and sensitive workflows.

How Astrix Helps

ShadyPanda is a clear example of why securing integrations and Non-Human Identities (NHIs), not just human users, is critical. Browser extensions, SaaS integrations, and AI agents all behave like entities with permissions. Unmonitored, they create blind spots that attackers exploit. Astrix helps organizations reduce this risk through three core capabilities:

Discovery and Early Detection

Astrix continuously delivers a real-time inventory of all AI Agents and NHIs (service accounts, OAuth apps, API keys, SSH keys, IAM roles, and more), and secrets across cloud, SaaS, and on‑prem environments.

Secure

Visibility is only the first step; context is key. In this specific campaign, Astrix provided the context needed to make a security decision:

  • High-Risk Origins: Alerts indicated the supplier origin was a high-risk country (China).
  • Over-Privileged Access: The extension requested high-sensitivity permissions (webRequest, browsingData) with zero legitimate business justification.

Armed with this data, Astrix customers were able to remove these integrations proactively, neutralizing the threat before the campaign was publicly attributed to ShadyPanda.

Policy Enforcement

Astrix enables security teams to transition from a reactive to a proactive approach. It enables them to deploy automated policies, such as blocking extensions from untrusted countries or requiring justification for high-sensitivity permissions, to prevent similar threats from entering the environment in the future.

The Bottom Line

Malicious browser extensions are a favored vector for attackers because they sit at the intersection of user trust and high-privilege access.

The Astrix team is here to help. You cannot secure what you cannot see. By monitoring all AI agents and Non-Human Identities with Astrix, organizations gain the visibility and control needed to detect, block, and remove these risks early, before they turn into incidents.If you want help validating extension exposure or reviewing next steps, contact the Astrix team today.

Learn more

Advisory

The OWASP Agentic Top 10 Just Dropped – Here’s What You Need to Know

Tal Skverer
Tal Skverer 10 Dec, 2025
Advisory

Salesforce Revokes Gainsight App Tokens: Latest OAuth Supply Chain Breach

Oleg Mogilevsky
Oleg Mogilevsky 21 Nov, 2025

The first reported AI-orchestrated cyber espionage campaign: Deconstructing the Anthropic Report

Oleg Mogilevsky
Oleg Mogilevsky 17 Nov, 2025

33 Arch Street Boston, MA 02110, USA

© 2025 Astrix Security. All rights reserved.