Book a demo

Pagaya Gains Visibility & Governance Over NHIs With Astrix

Danielle Guetta August 13, 2024

Connecting more people with financial opportunities

Pagaya, a leading fintech company, leverages advanced predictive AI to revolutionize consumer credit assessment. By creating and analyzing more features beyond traditional credit scores, Pagaya enables fintechs and banks to offer more personalized financial opportunities to a broader range of consumers. However, with the increasing complexity of their AI-driven platforms, the company faced significant challenges in managing and securing non-human identities (NHI).

The NHI promise – and perils 

As a company deeply embedded in AI and fintech, Pagaya quickly realized that the scale and complexity of their non-human identities far exceeded their human identities—by almost tenfold. These non-human identities, including APIs, service accounts, and other machine credentials, were integral to their operations, yet posed substantial security risks. Without a clear understanding and visibility into these identities, Pagaya was exposed to potential misconfigurations and vulnerabilities.

Yaniv Toledano, Global CISO of Pagaya, reflects on the initial stages of their journey: “We started with Astrix to really understand how non-human identities affect us. We realized that for every human identity, we had around ten times more non-human identities. These identities were linked across all our platforms and applications, creating scenarios where we might have provided the wrong set of privileges or overlooked potential vulnerabilities.”

Making the most of GenAI & automation with Astrix

Understanding the critical role of non-human identities in their ecosystem, Pagaya partnered with Astrix to gain control over this rapidly growing aspect of their infrastructure. Astrix’s NHI Security Platform provided the visibility, discoverability, and remediation capabilities Pagaya needed to secure their environments.

“Astrix’s mindset around NHI allows us to continuously adapt to the changing risk landscape,” says Yaniv. “The platform helps us prioritize mitigation actions, ensuring that we address the most pressing NHI threats first. With Astrix, we’ve been able to understand better how to manage the risks associated with non-human identities, especially as we enter the GenAI landscape.”

A trusted partner in Pagaya’s journey toward AI excellence

By integrating Astrix’s NHI Security Platform, Pagaya has achieved a comprehensive understanding of the risks associated with non-human identities across their various environments, including Google, Snowflake, and AWS. This has enabled them to proactively manage these risks and avoid potential data breaches and misconfigurations.

Yaniv highlights the importance of this partnership: “Security is a place where you cannot count on anyone, but with Astrix, we know we can approach them for the necessary support and guidance. As our ecosystem grows, so does our relationship with Astrix. They’ve got the vision, team, and technology we need to secure our future.”

Learn more

CSA and Astrix Research: The State of Non-Human Identity Security

CSA and Astrix Research: The State of Non-Human Identity Security

Danielle Guetta
Danielle Guetta 12 Sep, 2024
Massive NHI attack: 230 Million cloud environments were compromised
Attacks

Massive NHI attack: 230 Million cloud environments were compromised

Dana Katz
Dana Katz 22 Aug, 2024
App-Specific Passwords: Origins, Functionality, Security Risks and Mitigation
Research

App-Specific Passwords: Origins, Functionality, Security Risks and Mitigation

Tomer Yahalom
Tomer Yahalom 14 Aug, 2024

© 2024 Astrix Security. All rights reserved.