# Astrix Security > Control and secure API keys, OAuth apps, service accounts and other NHIs. Protect your environments from unauthorized access. --- ## Pages - [Agentic AI Security](https://astrix.security/security-programs/agentic-ai-security/): Control access, reduce NHI risk, and govern AI Agents. Secure Agentic AI with Astrix’s continuous monitoring and lifecycle management. - [Secure AI Agent Access](https://astrix.security/use-cases/agentic-ai/): Secure your AI Agents and NHIs with complete visibility, threat detection, and lifecycle management from Astrix. - [DPF Certification Notice](https://astrix.security/dpf-certification-notice/): Read Astrix Security’s Terms of Use to understand the guidelines for accessing and using our non-human identity security services. - [Secret Management](https://astrix.security/use-cases/secret-management/): Simplify NHI secret lifecycle management with Astrix Security—automate rotation, unify vault visibility, and eliminate policy gaps securely. - [Non-Human ITDR](https://astrix.security/use-cases/non-human-itdr/): Detect and respond to Non-Human ITDR threats fast with Astrix Security’s automated anomaly detection, behavioral analytics, and proactive remediation. - [NHI Governance](https://astrix.security/use-cases/nhi-governance/): Discover how Astrix Security simplifies NHI governance through continuous visibility, automated risk management, and compliance reporting. - [Lifecycle Management](https://astrix.security/use-cases/lifecycle-management/): Automate NHI lifecycle management—from creation to revocation. Eliminate manual overhead, enforce policies, and prevent security gaps. - [Compliance](https://astrix.security/use-cases/compliance/): Simplify NHI lifecycle visibility, audits & compliance reporting with Astrix Security’s automated management solution. - [Free NHI Risk Assessment](https://astrix.security/free-nhi-risk-assessment/): Get a free NHI security posture assessment to get a full report with top risks and suggested remediation steps. - [Download the NHI Security Report](https://astrix.security/state-of-non-human-identity-security-report/): The first Non-Human Identity Security Report, based on insights from 800 security leaders. - [Register a deal](https://astrix.security/partners/register-a-deal/): Submit your deal with Astrix Security to equip clients with advanced non-human identity security solutions and support - [Become a partner](https://astrix.security/partners/become-a-partner/): Join Astrix Security’s partner program to help clients secure non-human identities, bridging critical gaps in identity management and cybersecurity. - [Cloud Security](https://astrix.security/security-programs/appsec/): Astrix helps engineering teams secure all access keys and tokens, both internal and external, and prevent NHI exploits. - [Non-Human IAM & ITDR](https://astrix.security/security-programs/iam-itdr/): Extend IAM and IGA protection to Non-Human ITDR identities. Automate visibility, lifecycle management, and threat remediation with Astrix Security. - [Shadow AI Discovery](https://astrix.security/security-programs/shadow-ai/): Gain visibility into GenAI access across platforms like Salesforce, GitHub, and AWS. Trust Astrix for comprehensive shadow AI security solutions. - [Third-Party Risk](https://astrix.security/security-programs/third-party-risk/): Astrix enhances TPRM programs with continuous discovery and risk prioritization of all NHIs connected to third-party apps and vendors. - [NHI Lifecycle Management](https://astrix.security/product/nhi-lifecycle-management/): Control NHIs from the moment they are provisioned through permission changes, ownership assignment, rotation, revocation and expiration. - [Anomaly Detection](https://astrix.security/product/detect-suspicious-non-human-activity/): Identify and mitigate NHI threats with Astrix's anomaly detection—secure your non-human identities across all environments. - [NHI Auto-Remediation](https://astrix.security/product/nhi-remediation/): Easily remediate NHI risks. Use out-of-the-box policies, custom workflows, enterprise integrations and end-user communication. - [NHI Discovery](https://astrix.security/product/discover-non-human-identities/): Uncover and manage non-human identities across your systems with Astrix Security's discovery platform. Enhance visibility and control today. - [Next-Gen Secret Scanning](https://astrix.security/product/protect-secrets/): Easily rotate exposed secrets across cloud environments, using rich context and risk prioritization to rotate confidently. - [NHI Posture Management](https://astrix.security/product/reduce-your-non-human-attack-surface/): Quickly improve your security posture with a prioritized list of the top 5% NHI risks. Remediate confidently using holistic context. - [Why Astrix](https://astrix.security/why-astrix/): NHIs are the building blocks of automation, so they will only continue to increase. Astrix provides visibility and governance over NHIs. - [Thank You](https://astrix.security/thank-you/): Thank you for reaching out to Astrix Security. We’ll connect with you soon. Meanwhile, explore our resources on non-human identity security. - [Partners](https://astrix.security/partners/): Join the Astrix ecosystem to help your customers solve the biggest Identity blindspot – and secure their Non-Human Identities. - [Learn](https://astrix.security/learn/): Learn about NHI Security, recent attacks, expert insights and updates about the Astrix Security platform and solutions. - [SaaS Agreement](https://astrix.security/saas-agreement/): Review Astrix Security's SaaS Agreement, detailing terms for the subscription, usage, and compliance in non-human identity security services - [Book A Demo](https://astrix.security/schedule-a-live-demo/): Book a live demo with our experts to see how the Astrix platform can help you secure and manage non-human identities. - [Careers](https://astrix.security/careers/): Join Astrix Security and shape the future of non-human identity security. We're looking for amazing people to join our team! - [See Astrix in Action](https://astrix.security/see-astrix-in-action/): Watch a demo video of how the Astrix platform can help you secure and manage non-human identities, and easily mitigate risks. - [Terms of Use](https://astrix.security/terms-of-use/): Read Astrix Security’s Terms of Use to understand the guidelines for accessing and using our non-human identity security services. - [Company](https://astrix.security/company/): Astrix is a pioneer of non-human identity security, helping leading enterprises extend IAM and threat detection and response to NHIs since 2021. - [Contact Us](https://astrix.security/contact-us/): Contact our team to ask questions about the Astrix platform, request a demo or ask for help with NHI Security. - [Product](https://astrix.security/product/): Astrix secures the biggest identity blindspot - non-human identities. From discovery and risk prioritization to threat detection and mitigation. - [Non-Human Identity Security](https://astrix.security/): Astrix Security is the leader in non-human identity security, helping fortune 500 companies secure, manage and govern NHIs across environments. - [Privacy Policy](https://astrix.security/privacy-policy/): Learn how Astrix Security collects, uses, and protects personal information, ensuring transparency and compliance with privacy standards. --- ## Posts - [The Hidden Risk in Financial Services: Securing Your Non-Human Identities](https://astrix.security/blog/the-hidden-risk-in-financial-services-securing-your-non-human-identities/): In today’s digital-first financial landscape, your institution faces a critical security challenge that many organizations overlook, until it’s too late.... --- ## Blog - [Astrix Research Presents: Touchpoints Between AI and Non-Human Identities](https://astrix.security/learn/blog/astrix-research-presents-touchpoints-between-ai-and-non-human-identities/): A new research by Astrix and Bayer reveals the touchpoints between AI Agents and NHIs - their security risks, and best practices - [Astrix Security Joins Elite List of Startups Defining the Future of Cyber](https://astrix.security/learn/blog/astrix-security-joins-elite-list-of-startups-defining-the-future-of-cyber/): Astrix Security joins the Rising in Cyber 2025 list, recognized for leading non-human identity security. Discover why CISOs trust Astrix’s AI-driven approach. - [Gartner’s Leaders’ Guide to Modern Machine IAM](https://astrix.security/learn/blog/gartners-leaders-guide-to-modern-machine-iam/): Gartner Recognizes Astrix in Its First Leaders’ Guide for Machine Identity and Access Management. Continue reading to learn why this... - [AI Agents vs. AI Chatbots: Understanding the Difference](https://astrix.security/learn/blog/ai-agents-vs-ai-chatbots-understanding-the-difference/): While AI chatbots respond, AI agents act. Both automate tasks, but the security implications differ significantly, primarily due to how... - [Meet The NHI Security Platform Built for the AI Era](https://astrix.security/learn/blog/agentic-ai-security-starts-with-nhis-how-astrix-solves-the-hidden-identity-risk/): Astrix is proud to introduce a major expansion of our NHI security platform, which is purpose-built to secure AI agents... - [The Hidden Risk in Financial Services: Securing Your Non-Human Identities](https://astrix.security/learn/blog/the-hidden-risk-in-financial-services-securing-your-non-human-identities/): In today’s digital-first financial landscape, your institution faces a critical security challenge that many organizations overlook, until it’s too late.... - [PCI DSS 4.0.1: Compliance for Non-Human Identities](https://astrix.security/learn/blog/pci-dss-4-0-1-compliance-for-non-human-identities/): The proliferation of NHIs, such as service accounts, APIs, and OAuth Apps, has significantly reshaped the attack surface, with machine... - [NIST Highlights NHI Governance: What You Need To Know](https://astrix.security/learn/blog/nist-highlights-nhi-governance-what-you-need-to-know/): Understand the role of non-person entities in NIST's Zero Trust guidelines and see how Astrix enhances security for these identities. - [How Mature is Your NHI Security Program?](https://astrix.security/learn/blog/approaching-nhi-security-assessing-your-current-state-and-next-steps/): Managing non-human identities (NHIs) is a top cybersecurity challenge today due to their complexity across interconnected systems, rapid growth, and dynamic nature - [Introducing the OWASP NHI Top 10: Standardizing Non-Human Identity Security](https://astrix.security/learn/blog/introducing-the-owasp-nhi-top-10-standardizing-non-human-identity-security/): The non-human identity market has significantly matured in the past couple of years. While NHIs like service accounts, API keys,... - [Securing NHIs in NetSuite](https://astrix.security/learn/blog/securing-nhis-in-netsuite/): Learn how Astrix secures non-human identities (NHIs) in NetSuite to prevent data breaches, operational disruptions, and compliance failures. - [Securing NHIs in Jira and Confluence](https://astrix.security/learn/blog/securing-nhis-in-jira-and-confluence/): Secure Jira & Confluence with Astrix. Discover NHIs, manage access risks, and protect your sensitive data effectively. - [How Astrix Will Use Series B Funding to Transform Identity Security](https://astrix.security/learn/blog/how-astrix-will-use-series-b-funding-to-transform-identity-security/): Astrix CTO Idan Gour shares his vision for identity security in the AI era following the recent Series B funding. - [10 Predictions for Non-Human Identity Security in 2025](https://astrix.security/learn/blog/10-predictions-for-non-human-identity-security-in-2025/): Our security experts, Tal Skverer, Tomer Yahalom, and Timothy Youngblood, have outlined ten key NHI Security predictions for 2025. - [The Service Accounts Guide Part 2: Challenges, Compliance and Best Practices](https://astrix.security/learn/blog/the-service-account-guide-part-2-challenges-compliance-and-best-practices/): From April to early June of this year, a threat actor referred to as UNC5537 wreaked havoc on various Snowflake... - [The Service Accounts Guide Part 1: Origin, Types, Pitfalls and Fixes](https://astrix.security/learn/blog/the-service-accounts-guide-part-1-origin-types-pitfalls-and-fixes/): Read the first part of the Service Accounts Guide about the different types of service accounts, common pitfalls and best practices. - [Detect and Rotate Exposed Secrets with Astrix](https://astrix.security/learn/blog/detect-and-rotate-exposed-secrets-with-astrix/): Exposed secrets are a critical part of your NHI risk landscape. Astrix detects and rotates exposed secrets. - [Securing NHIs in Salesforce and NetSuite for SOX Compliance](https://astrix.security/learn/blog/securing-nhis-in-salesforce-and-netsuite-for-sox-compliance/): Learn how to secure non-human identities in Salesforce and NetSuite to meet SOX compliance and protect financial data integrity. - [Employee offboarding: What about their NHIs?](https://astrix.security/learn/blog/employee-nhi-offboarding/): Discover how to securely offboard non-human identities (NHIs) like API keys and service accounts with Astrix’s automated solutions. - [CSA and Astrix Research: The State of Non-Human Identity Security](https://astrix.security/learn/blog/csa-and-astrix-research-the-state-of-non-human-identity-security/): CSA and Astrix Research: The State of Non-Human Identity Security - Astrix Security - [Massive NHI attack: 230 Million cloud environments were compromised](https://astrix.security/learn/blog/massive-nhi-attack-insecure-aws-stored-credentials-lead-to-compromise-of-230-million-cloud-environments/): Insecure AWS Stored Credentials Lead to Compromise of 230 Million Cloud Environments - [App-Specific Passwords: Origins, Functionality, Security Risks and Mitigation](https://astrix.security/learn/blog/app-specific-passwords-origins-functionality-security-risks/): To address the apparent security concerns of LSAs, Google introduced App-Specific Passwords (ASP). What are they, and are they safe? - [From Radio Shack to the Fortune 500 And now Astrix : My Cybersecurity Journey](https://astrix.security/learn/blog/from-radio-shack-to-the-fortune-500-and-now-astrix-my-cybersecurity-journey/): From Radio Shack to the Fortune 500 And now Astrix : My Cybersecurity Journey - Astrix Security - [NHI attacks making waves: Insights on latest 5 incidents](https://astrix.security/learn/blog/nhi-attacks-making-waves-insights-on-latest-5-incidents/): Get insights from Astrix Research on the latest non-human identity attacks on JetBrains, New York Times, GitHub, Snowflake, and HuggingFace. - [Securing non-human identities in AWS environments (and beyond)](https://astrix.security/learn/blog/securing-non-human-identities-in-aws-environments/): Only Astrix tells you what permissions NHIs have, to which resources, who is behind them, and the risks they pose in real-time. - [Bridging the NHI security gap: Astrix and Torq partner up](https://astrix.security/learn/blog/bridging-the-nhi-security-gap-astrix-and-torq-partner-up/): We are thrilled to announce our partnership with Torq, making it easier than ever to manage, secure, and remediate NHI risks seamlessly. - [13 non-human identity attacks in 16 months](https://astrix.security/learn/blog/11-attacks-in-13-months-the-new-generation-of-supply-chain-attacks/): Recent attacks how how non-human identities and their ungoverned access to enterprise environments is a gold mine for attackers to gain & maintain access. - [Part 3: The anatomy of supply chain attacks: Non-human identities & TPRM failure](https://astrix.security/learn/blog/part-3-anatomy-of-supply-chain-attacks/): Learn how non-human identities are leveraged for supply chain attacks & why attackers opt to use third party vendors as means for a larger attack - [Breach analysis: Cloudflare falls victim to Okta attack](https://astrix.security/learn/blog/breach-analysis-cloudflare-falls-victim-to-okta-attack/): Learn what happened in the Cloudflare breach, and how Astrix can help to prevent such attacks, from discovery to anomaly detection & secret security - [OAuth attack against Microsoft by Midnight Blizzard](https://astrix.security/learn/blog/oauth-attack-against-microsoft-by-midnight-blizzard/): A summary of the attack flow and recommendations on ensuring your environment is not vulnerable to such OAuth abuse. - [Part 2: How attackers exploit OAuth: A deep dive](https://astrix.security/learn/blog/part-2-how-attackers-exploit-oauth-a-deep-dive/): Learn how the OAuth framework works, the inherent downsides of OAuth, and what makes it so lucrative for attackers to try and exploit. - [Part 1: Non-human identity security - The complete technical guide](https://astrix.security/learn/blog/what-are-non-human-identities-and-why-theyre-your-biggest-blindspot/): Machine credentials are a wild west of ungoverned access. But what are they? How can you monitor them? and why should you care? - [Top 5 non-human identity attacks of 2023](https://astrix.security/learn/blog/top-5-non-human-access-attacks-of-2023/): Astrix research looks back at the high profile non-human access attacks in 2023, ranks the top 5, and explains what we can learn from them. - [Insecure Non-Human Identities in your GitHub May Trigger a Supply Chain Attack](https://astrix.security/learn/blog/insecure-third-party-connections-to-your-github-may-trigger-a-supply-chain-attack/): Unmonitored GitHub connections create a new ecosystem of supply chain dependencies that expand your attack surface and expose your organization to attacks. - [How to Close the Service Account Security Gap in GCP and Snowflake](https://astrix.security/learn/blog/close-service-account-security-gap-in-gcp-and-snowflake/): Discover how to mitigate risks associated with service accounts in GCP and Snowflake. Learn strategies to reduce your attack surface effectively. - [Practical ways to combat Generative-AI security risks](https://astrix.security/learn/blog/tips-for-genai-security/): Knowing how to combat risks AI tools pose will keep your organization gleaming. Idan Gour explains how to prepare for a safe adoption of GenAI. - [Not just code vulnerabilities: The overlooked cause of software supply chain attacks](https://astrix.security/learn/blog/not-just-code-vulnerabilities-the-overlooked-cause-of-software-supply-chain-attacks/): While the software supply chain has been a huge catalyst for vulnerabilities and attacks, non human access creates a new attack surface - [Sumo Logic: Compromised non-human identity leads to potential supply-chain exploits](https://astrix.security/learn/blog/sumo-logic-incident-guide/): Read this guide to learn what happened in the recent Sumo Logic incident and how to remediate - from Astrix Research experts - [The Okta breach: The results of a leaked service account](https://astrix.security/learn/blog/okta-breach-leaked-service-account/): Tal Skverer shares his insights about the recent Okta breach, what happened and how a leaked service account can cause a lot of trouble % - [Key takeaways about GenAI risks from Gartner reports](https://astrix.security/learn/blog/key-takeaways-about-genai-risks-from-gartner-reports/): Key takeaways from two recent Gartner reports about GenAI related threats and why Astrix was mentioned in them - [Looking Back at Our Journey in the 2023 RSA Innovation Sandbox Contest](https://astrix.security/learn/blog/looking-back-at-our-journey-in-the-2023-rsa-innovation-sandbox-contest/): Looking back at Astrix's journey as a 2023 RSA Innovation Sandbox finalist, and how far we've come since then. - [Securing Non-Human Identities in Slack](https://astrix.security/learn/blog/securing-non-human-identities-in-slack/): Non-human identities accessing Slack environments expose organizations to supply chain attacks. Astrix helps prevent these risks. - [Securing Non-Human Identities in Microsoft 365 & Azure AD](https://astrix.security/learn/blog/securing-non-human-identities-in-microsoft-365-azure-ad/): Non-human identities accessing M365 & Azure AD environments expose organizations to supply chain attacks. Astrix helps prevent these risks. - [Securing non-human identities in Salesforce](https://astrix.security/learn/blog/securing-non-human-identities-in-salesforce/): Non-human identities accessing Salesforce environments expose organizations to supply chain attacks. Astrix helps prevent these risks. - [Securing Non-Human Identities in Google Workspace](https://astrix.security/learn/blog/securing-non-human-identities-in-google-workspace/): Non-human identities accessing Google Workspace and GCP environments expose organizations to supply chain attacks. Astrix helps prevent these risks. - [Forbes - Shadow Connections: How They're Impacting Your Production Environment And Software Supply Chain Security](https://astrix.security/learn/blog/forbes-shadow-connections-how-theyre-impacting-your-production-environment-and-software-supply-chain-security/): With the increasing use of interconnected applications, security teams often overlook these shadow connections, leaving potential vulnerabilities in the software supply chain. - [Security Magazine - Non-human identities: Secure them now, not later](https://astrix.security/learn/blog/security-magazine-non-human-identities-secure-them-now-not-later/): Idan Gour shares his insights about identity-related attacks being on the rise, with credential misuse becoming a prominent attack vector. - [GhostToken - Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts](https://astrix.security/learn/blog/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/): GhostToken - Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts - [The CircleCI breach: The results of a stolen access token](https://astrix.security/learn/blog/the-circleci-breach-the-results-of-a-stolen-access-token/): Discover how the CircleCI breach exposed critical access tokens. Explore implications for third-party integrations and strategies to enhance your security posture. - [Slack's GitHub breach: 6 tips to avoid similar attacks](https://astrix.security/learn/blog/slacks-github-breach-6-tips-to-avoid-similar-attacks/): The Slack attack proves that organizations must protect API keys as vigorously as they protect passwords. Here are 6 tips to help you avoid similar attacks. - [CircleCI Security Alert - Are You at Risk?](https://astrix.security/learn/blog/circleci-security-alert-are-you-at-risk/): Following a possible breach, CircleCI published a security alert urging their customers to rotate all CircleCI secrets to prevent supply chain attacks. - [2022 Recap: 6 Surprising Third-Party Connectivity Stats ](https://astrix.security/learn/blog/2022-recap-6-surprising-third-party-connectivity-stats/): Discover hidden risks in app-to-app connections. Astrix reveals alarming findings, offering secure solutions for organizations. - [Dark Reading - The Next Generation of Supply Chain Attacks is Here to Stay](https://astrix.security/learn/blog/the-next-generation-of-supply-chain-attacks-is-here-to-stay/): The new generation of software supply chain attacks is here to stay. But not all hope is lost. See how business can prevent becoming the next headline breach. - [20 Minute Leaders: Leadership & the Future of App-to-App Security](https://astrix.security/learn/blog/leadership-and-the-future-of-app-to-app-security/): Catch Alon Jackson on the 20 minute Leaders podcast! He covers everything from the founding of Astrix Security to the future of app-to-app security. - [DrZeroTrust: Securing App-to-App Connectivity and Low or No Code Apps](https://astrix.security/learn/blog/securing-app-to-app-connectivity-and-low-or-no-code-apps/): Learn how organizations should address common third-party integration risks, and the new generation of supply chain security attacks. - [Astrix on a CISO Series Episode: Hacking Third-Party Integrations](https://astrix.security/learn/blog/ciso-series-hosts-astrix-third-party-integrations/): Astrix Co-Founder and CEO Alon Jackson alongside Amplitude CISO Olivia Rose and David Spark in a Super Cyber Friday episode dedicated to third-party application integration security: “Hacking Third-Party Integrations.” - [GitHub Apps Bug Created Significant 3rd-Party Risk: How You Can Stay Protected](https://astrix.security/learn/blog/github-apps-bug-created-significant-3rd-party-risk-how-you-can-stay-protected/): A recently disclosed bug in GitHub Apps could have been abused to grant excessive permissions to malicious third-party applications. - [PLG and security leaders: going with the flow](https://astrix.security/learn/blog/plg-and-security-leaders-going-with-the-flow/): PLG and security leaders: going with the flow - Astrix Security - [The promise and peril of third-party integrations](https://astrix.security/learn/blog/the-promise-and-peril-of-third-party-integrations/): Explore the security challenges of third-party integrations and discover how Astrix Security helps mitigate risks in today's hyperconnected digital landscape. - [5 cloud-app connectivity trends for 2022](https://astrix.security/learn/blog/5-cloud-app-connectivity-trends-for-2022/): 5 cloud-app connectivity trends for 2022 - Astrix Security --- ## Customer Stories - [RSAC 2025: How Workday Implemented NHI Security](https://astrix.security/learn/customer-stories/rsac-2025-how-workday-implemented-nhi-security/): How Workday secures non-human identities with Astrix amid the rise of AI agents, autonomous systems, and NHI proliferation. - [How Workato Gained 360° NHI Visibility with Astrix](https://astrix.security/learn/customer-stories/how-workato-gained-360-nhi-visibility-with-astrix/): Shyam Bhojwani, Senior Director of Business Technology and Cybersecurity at Workato, oversees a dynamic intersection of IT and cybersecurity. In... - [How RevMed Solved Token and Key Management Challenges with Astrix](https://astrix.security/learn/customer-stories/how-revmed-solved-token-and-key-management-challenges-with-astrix/): Discover how RevMed improved token visibility and simplified key management with Astrix, transforming their NHI security strategy. - [Mercury Cuts Mitigation Time With Astrix](https://astrix.security/learn/customer-stories/mercury-cuts-mitigation-time-with-astrix/): How fintech company Mercury used Astrix's non-human identity security platform to speed mitigation and gain visibility. - [BigID Enhances GRC, TPRM and Cloud Security With Astrix ](https://astrix.security/learn/customer-stories/bigid-enhances-grc-tprm-and-cloud-security-with-astrix/): BigID automates non-human identity security, streamlines risk management and enhances visibility across SaaS and cloud environments with Astrix. - [Automotive Technology Provider Secures NHIs with Astrix Security](https://astrix.security/learn/customer-stories/case-study-automotive-company-secure-nhis/): Astrix Security achieves SOC 2 Type 2 certification, validating its robust security measures for app-to-app integrations just five months after launch - [Boomi Controls 3rd-Party NHI Access With Astrix](https://astrix.security/learn/customer-stories/boomi-controls-3rd-party-nhi-access-with-astrix/): Why Boomi turned to Astrix for non-human identity visibility, governance and risk mitigation, and their results. - [Pagaya Gains Visibility & Governance Over NHIs With Astrix](https://astrix.security/learn/customer-stories/pagaya-gains-visibility-governance-over-nhis-with-astrix/): Pagaya used Astrix's non-human identity security platform to gain crucial visibility into GenAI access and other NHI risks. - [Story 4: Detecting compromised secrets & careless 3rd-party vendors](https://astrix.security/learn/customer-stories/story-4-detecting-compromised-secrets-and-careless-vendors/): Learn about real-life Astrix customer wins. This one is a story about 2 companies that leveraged behavioral analysis to prevent NHI risks. - [Story 3: Catching the Red-Team Red-Handed](https://astrix.security/learn/customer-stories/story-3-catching-the-red-team-red-handed/): Learn about real-life Astrix customer wins. This one is a story about a SOC team catching the Red Team in the middle of an exercise. - [Story 2: Reducing new risk by 97% - The automation of security awareness](https://astrix.security/learn/customer-stories/story-2-reducing-new-risk-by-97-percent/): Learn about real-life Astrix customer wins. This one is a story about automating security awareness and reducing new risk by 97% - [Story 1: Removing super-admin tokens across 33 GitHub tenants in 2 hours](https://astrix.security/learn/customer-stories/story-1-removing-super-admin-tokens-across-33-github-tenants-in-2-hours/): Learn about real-life Astrix customer wins. This one is a story about finding out compromised CircleCI tokens, and improving posture in GitHub. --- ## Events --- ## Glossary - [Model Context Protocol (MCP)](https://astrix.security/glossary/model-context-protocol-mcp/): Learn how MCP redefines AI integration for security and cloud teams—enabling scalable, real-time, and secure connectivity across tools, data, and systems. - [Agentic AI](https://astrix.security/glossary/agentic-ai/): Discover how Agentic AI leverages NHIs, the security risks it introduces, and how to mitigate them for safe, autonomous AI adoption. - [Generative AI and non-human identity security](https://astrix.security/glossary/how-generative-ai-impacts-non-human-identity-security/): Gen AI poses risks as employees connect unvetted and overly permissive AI apps to organizations' environments. Protect your system from unvetted gen AI apps. - [Identity Threat Detection And Response (ITDR)](https://astrix.security/glossary/what-is-identity-threat-detection-and-response/): Identity threat detection and response (ITDR) is a holistic cybersecurity framework that mitigates and addresses human and non-human identity-based threats. - [OAuth Tokens](https://astrix.security/glossary/what-are-oauth-tokens-and-why-are-they-important-to-secure/): OAuth Tokens are an authentication mechanism delegating access for machines. If exploited, they pose significant threats. Astrix helps secure OAuth Tokens. - [Service Accounts](https://astrix.security/glossary/what-are-service-accounts-and-why-are-they-important-to-secure/): Service accounts identify machine services and apps, unlike human users. If exploited, they pose significant threats. Astrix helps secure non-human identities. - [Machine Credentials](https://astrix.security/glossary/what-are-machine-credentials-and-why-are-they-important-to-secure-in-your-organization/): Machine credentials are essential for secure machine communication. Learn how Astrix can help protect these digital keys from potential threats. - [Non-human identities](https://astrix.security/glossary/what-are-non-human-identities/): Non-human identities (NHI) are programmable access credentials that play a crucial role in ensuring the integrity of digital environments. --- ## News - [Double Win at RSAC 2025: Astrix Takes Home Two Global InfoSec Awards](https://astrix.security/learn/news/double-win-at-rsac-2025-astrix-takes-home-two-global-infosec-awards/): We’re proud to share that Astrix has been named a winner of two Global InfoSec Awards from Cyber Defense Magazine... - [Astrix Security Named Top Growth Company by Qumra Capital](https://astrix.security/learn/news/astrix-security-named-top-growth-company-by-qumra-capital/): Astrix Security has been recognized as one of the Top 10 Israeli Startups to Watch in 2025 by renowned venture... - [Securing the Future of AI Agents - An Interview with Astrix CEO Alon Jackson](https://astrix.security/learn/news/securing-the-future-of-ai-agents-an-interview-with-astrix-ceo-alon-jackson/): Alon Jackson, CEO & Co-founder of Astrix, sat down for an interview to share the story of Astrix—from its inception... - [Astrix’s Series B Funding: Our CTO in the NYSE Floor Talk Show](https://astrix.security/learn/news/astrixs-series-b-funding-our-cto-in-the-nyse-floor-talk-show/): Discover Astrix's Series B funding and CTO Idan's vision for non-human identity security from his NYSE interview. - [Astrix Raises $45M Series B to Redefine Identity Security for the AI Era](https://astrix.security/learn/news/astrix-raises-45m-series-b-to-redefine-identity-security-for-the-ai-era/): Astrix raises $45M in Series B funding to enhance identity security for human and non-human identities, empowering organizations to innovate securely. - [Astrix Security Recognized as a 2024 SINET16 Innovator](https://astrix.security/learn/news/astrix-recognized-as-a-2024-sinet16-innovator/): Recognized as a 2024 SINET16 Innovator, Astrix Security pioneers Non-Human Identity security, empowering organizations to innovate securely. - [Astrix Partners with GuidePoint Security](https://astrix.security/learn/news/astrix-partners-with-guidepoint-security/): Astrix partners with GuidePoint Security to fortify non-human identity security, tackling unmanaged service accounts and API risks for enterprises - [Astrix takes home three 2024 Global InfoSec Awards](https://astrix.security/learn/news/astrix-wins-three-2024-infosec-awards/): Astrix Security, the enterprise's trusted solution for securing non-human identities, has earned three awards from Cyber Defense Magazine - [Astrix integrates with Slack](https://astrix.security/learn/news/astrix-integrates-with-slack/): Astrix is now available on the Slack App Directory and enables enterprises to secure non-human identities in Slack environments. - [Astrix partners with Google Cloud](https://astrix.security/learn/news/astrix-partners-with-google-cloud/): Astrix partners with Google Cloud to protect non-human access in Google Workspace and Google Cloud services - [Astrix wins 2023 CISO Choice Awards in Cloud Security Solution category](https://astrix.security/learn/news/astrix-wins-2023-ciso-choice-awards/): Astrix Security has been recognized as the winner of the 2023 CISO Choice Awards in the Cloud Security Solution category - [The White House mentions Astrix as one of innovators for AI security Executive Order](https://astrix.security/learn/news/the-white-house-mentions-astrix-as-one-of-innovators-for-ai-security-executive-order/): Astrix Security Joins President Biden’s Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence - [Astrix Security named a Cool Vendor in the 2023 Gartner Cool Vendors in Identity-First Security](https://astrix.security/learn/news/astrix-security-named-a-cool-vendor-in-the-2023-gartner-cool-vendors-in-identity-first-security/): Astrix Security was granted Cool Vendor by analyst firm Gartner for its innovative non-human identity security solution - [Astrix Security Raises $25M in Series A Funding](https://astrix.security/learn/news/astrix-security-raises-25m-in-series-a-funding/): The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services - [Astrix Security Takes Home Three Coveted Global InfoSec Awards](https://astrix.security/learn/news/astrix-security-takes-home-three-coveted-global-infosec-awards/): Astrix is named the winner of the prestigious Global InfoSec Award during RSA 2023. - [Astrix Discovers 0-Day Vulnerability in Google Cloud Platform](https://astrix.security/learn/news/astrix-discovers-0-day-vulnerability-in-google-cloud-platform/): Astrix Security uncovers 'GhostToken,' a 0-day vulnerability in Google Cloud, allowing hidden, unremovable access to Google accounts via trojan apps - [Astrix Security mentioned in a 2023 Gartner® report under Secure Access to Machine and Environments tool](https://astrix.security/learn/news/astrix-security-mentioned-in-a-2023-gartner-report-under-secure-access-to-machine-and-environments-tool/): Astrix Security was mentioned in a 2023 Gartner report as a tool that addresses Secure Access to Machines and Environments - [Astrix Security was mentioned in a 2023 Gartner® report as a Representative Vendor for SSPM](https://astrix.security/learn/news/astrix-security-was-mentioned-in-a-2023-gartner-report-as-a-representative-vendor-for-sspm/): Astrix Security was mentioned in a 2023 Gartner report as a Representative Vendor for SSPM - [Astrix Security is mentioned in two 2023 Gartner® reports](https://astrix.security/learn/news/astrix-security-is-mentioned-in-two-2023-gartner-reports/): Astrix Security announces it was mentioned in two 2023 Gartner reports. - [Astrix Security Named a Finalist for RSA Conference 2023 Innovation Sandbox](https://astrix.security/learn/news/astrix-security-named-a-finalist-for-rsa-conference-2023-innovation-sandbox/): Company’s App-to-App Security Solution Recognized in Cyber Industry’s Most Prestigious Startup Competition - [Security Boulevard - Supply Chain Dependency: What Your GitHub Connections May Trigger](https://astrix.security/learn/news/what-your-github-connections-may-trigger/): Astrix CEO on why the recent Circle CI and Slack breaches should be a clear call-to-action for security leaders to start securing non-human access to their GitHub. - [Astrix Security Achieves SOC 2 Type 2 Certification Five Months After Emerging from Stealth](https://astrix.security/learn/news/astrix-security-achieves-soc-2-type-2-certification-five-months-after-emerging-from-stealthnbsp-strong/): The audit verifies that Astrix’s App-to-App Integration Security solution complies with the highest security principles – Astrix Security, the first... - [Astrix Security Named Winner of Global InfoSec Award at RSA 2022](https://astrix.security/learn/news/astrix-security-named-winner-of-global-infosec-award-at-rsa-2022/): Astrix Security wins the Global InfoSec Award at RSA 2022 for Third Party Cyber Risk Management, highlighting its innovative app-to-app security solutions --- ## Videos - [Case Study (Part 1): How We Implemented NHI Security in Our Enterprise](https://astrix.security/videos/nhi-conf-part-1-how-we-implemented-nhi-security-in-our-enterprise/): CISOs Gary Owen and Carl Siva share real-world insights on securing NHIs, from inventory practices to lifecycle management and automation strategies. - [Case Study (Part 2): How We Implemented NHI Security in Our Enterprise](https://astrix.security/videos/nhi-conf-part-2-how-we-implemented-nhi-security-in-our-enterprise/): Albert Atias and Vinay Patel discuss NHI security implementations, focusing on policies, real-time visibility, and proactive risk management in enterprise systems. - [How Attackers Exploit Non-Human Identities](https://astrix.security/videos/nhi-conf-how-attackers-exploit-non-human-identities/): Francis Odom and Michael Silva show how attackers exploit NHIs in a live hacking demo, revealing methods to move across cloud environments undetected. - [Making the Business Case for an NHI Security Program](https://astrix.security/videos/nhi-conf-making-the-business-case-for-nhi-security-program/): Experts discuss how to build a compelling business case for NHI security, focusing on risk prioritization, stakeholder engagement, and strategic investment. - [The State of NHI Security: Data-Driven Insights](https://astrix.security/videos/nhi-conf-data-driven-insights/): John Yeo from CSA unveils key survey insights on the state of NHI security, including top concerns, common risks, and emerging practices for managing NHIs. - [Webinar Recap: State of Non-Human Identity Security](https://astrix.security/videos/webinar-recap-state-of-non-human-identity-security/): Discover key insights from the latest CSA webinar on the state of non-human identity security according to the latest report. - [Top 4 use cases of non-human identity security: Live event recap](https://astrix.security/videos/top-4-use-cases-of-non-human-identity-security-live-event-recap/): Recap of Astrix Security’s live event on top non-human identity (NHI) use cases - from lifecycle management to breach response. - [How attackers exploit non-human identities: Workshop recap](https://astrix.security/videos/how-attackers-exploit-non-human-identities-workshop-recap/): Recap of a full attack path exploiting non-human identities, from initial access and escalating to supply chain attack. --- ## Whitepapers - [The State of Non-Human Identity Security](https://astrix.security/learn/whitepapers/the-state-of-non-human-identity-security/): Unlock insights from 800 security leaders on non-human identity security. Discover key challenges, risks, and effective security measures in our latest report. --- # # Detailed Content ## Pages > Read Astrix Security’s Terms of Use to understand the guidelines for accessing and using our non-human identity security services. - Published: 2025-03-10 - Modified: 2025-03-25 - URL: https://astrix.security/dpf-certification-notice/ DPF Certification Notice Effective: February 17, 2025 This DPF notice (“Notice”) governs Astrix Security Inc. (“Astrix”, “We” or “Our”) participation in the EU-U. S. DPF programs with respect to the Processing of Personal Data as further explained in Section 1 below. If there is any conflict between the terms in this Notice and the DPF principles, the DPF principles shall govern.  To learn more about the DPF and its principles please visit https://www. dataprivacyframework. gov/s/. “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. “Process”, “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 1. SCOPE Astrix's participation in the DPF applies to Personal Data that is subject to the EU data protection laws. Astrix is a security platform.   2. PURPOSES OF DATA PROCESSING Astrix complies with the principles of the EU-U. S. DPF regarding the collection, use, and retention of Personal Data transferred to the United... --- > Review Astrix Security's SaaS Agreement, detailing terms for the subscription, usage, and compliance in non-human identity security services - Published: 2024-07-05 - Modified: 2025-01-13 - URL: https://astrix.security/saas-agreement/ SaaS Agreement THESE SAAS TERMS OF SERVICE ("AGREEMENT") IS A LEGAL CONTRACT BETWEEN YOU ("YOU" OR "CUSTOMER") AND ASTRIX SECURITY LTD. , TOGETHER WITH ANY OF ITS SUBIDIARIES ("COMPANY") (EACH, AS A "PARTY" AND COLLECTIVELY, AS THE "PARTIES"). BY SIGNING THIS AGREEMENT CUSTOMER ACKNOWLEDGES THESE TERMS AND REPRESENTS THAT IT HAS FULLY READ AND UNDERSTOOD AND AGREES TO BE BOUND BY THIS AGREEMENT (THE DATE OF SUCH OCCURRENCE BEING THE “EFFECTIVE DATE”). CUSTOMER MAY USE THE SERVICE (AS DEFINED BELOW) SUBJECT TO THE TERMS BELOW.   If Customer has purchased the license granted hereunder from a partner, reseller or distributor authorized by Company ("Partner"), to the extent there is any conflict between this Agreement and the agreement entered between Customer and the respective Partner, including any purchase order ("Partner Order Form"), then, as between Customer and Company, this Agreement shall prevail. Any rights granted to Customer in such Partner Order Form which are not contained in this Agreement, apply only in connection with such Partner. In that case, Customer must seek redress or realization or enforcement of such rights solely with such Partner and not Company. 1. Definitions. The following capitalized terms have the meanings set forth below: "Feature" means any module, tool, functionality, or feature of the Service. "Order Form" means any written or electronic order form, applicable to this Agreement's term, and which is executed by the Parties. The "Order Form" shall include the relevant usage and volume parameters, as well as the commercial terms, agreed between the... --- > Read Astrix Security’s Terms of Use to understand the guidelines for accessing and using our non-human identity security services. - Published: 2024-07-03 - Modified: 2024-11-04 - URL: https://astrix.security/terms-of-use/ Astrix Security Terms of Use Welcome to https://www. astrix. security/ (together with its subdomains, Content, Marks and services, the “Site“). Please read the following Terms of Use carefully before using this Site so that you are aware of your legal rights and obligations with respect to Astrix Security Ltd. (“Astrix Security“, “we“, “our” or “us“). By accessing or using the Site, you expressly acknowledge and agree that you are entering a legal agreement with us and have understood and agree to comply with, and be legally bound by, these Terms of Use, together with the Privacy Policy (the “Terms“). You hereby waive any applicable rights to require an original (non-electronic) signature or delivery or retention of non-electronic records, to the extent not prohibited under applicable law. If you do not agree to be bound by these Terms please do not access or use the Site. Background.  The Site is intended to provide general information regarding Astrix Security, its products and services.   Modification.  We reserve the right, at our discretion, to change these Terms at any time. Such change will be effective ten (10) days following posting of the revised Terms on the Site, and your continued use of the Site thereafter means that you accept those changes. Ability to Accept Terms.  The Site is only intended for individuals above the age of 18. If you are under 18 years please do not visit or use the Site. Site Access.  For such time as these Terms are in effect, we hereby grant you... --- > Learn how Astrix Security collects, uses, and protects personal information, ensuring transparency and compliance with privacy standards. - Published: 2024-05-22 - Modified: 2025-03-27 - URL: https://astrix.security/privacy-policy/ ASTRIX PRIVACY POLICY  Last Updated: February 05, 2025 In order to ensure transparency and give you more control over your personal information, this privacy policy (“Privacy Policy”) governs how we, Astrix Security Ltd. and its affiliated entities (“Astrix”, “we”, “our” or “us”) use, collect and store personal information that we collect or receive from or about you (“you”) in connection with https://astrix. security/ (“Website”), the Astrix platform (“Platform”), and the services provided therein (the Website, Platform and provided services, collectively, the “Services”). Please read this Privacy Policy carefully, so you can fully understand our practices in relation to personal information. Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory rights, including your rights to a remedy or other means of enforcement.   Table of contents:  What information we collect, why we collect it, and how it is used How we protect and retain your personal information How we share your personal information Your privacy rights  International transfers of personal information Use by children Interaction with third-party products Analytic tools/ Cookies Specific provisions applicable under California privacy law Data Privacy Framework Contact us This Privacy Policy can be updated from time to time and, therefore, we ask you to check back periodically for the latest version of this Privacy Policy. If we implement material changes in the way we use your information, in a manner that is different from that stated at the time of collection, we will notify you by posting a notice... --- --- ## Posts - Published: 2025-03-20 - Modified: 2025-03-20 - URL: https://astrix.security/blog/the-hidden-risk-in-financial-services-securing-your-non-human-identities/ - Categories: Uncategorized In today's digital-first financial landscape, your institution faces a critical security challenge that many organizations overlook, until it's too late. While your security teams focus on protecting human users, a far larger and more vulnerable attack surface continues to expand unchecked: Non-Human identities, also known as NHIs. Securing the Invisible Threat This surge of non-human identities creates a perfect storm of security challenges for financial institutions, which are bound by stringent compliance requirements like PCI DSS. Non-human identities, including API Keys, Service Accounts, and OAuth applications, operate silently behind the scenes, often with extensive privileges and minimal oversight. With each NHI potentially serving as an entry point for attackers, the absence of proper governance isn't just a compliance oversight; it's a security incident waiting to happen. Why Traditional Security Falls Short for NHIs Traditional identity governance was designed for human users with predictable behaviors and clear ownership. Non-human identities, however, operate differently: They often possess elevated privileges across critical systems Many lack clear ownership and accountability structures They frequently connect to third-party services outside your security perimeter Their credentials may never expire or rotate without proper controls They operate 24/7, making anomalous behavior harder to detect These fundamental differences mean that conventional security approaches can't effectively manage NHI risk and require more rigorous controls. The Mounting Regulatory Pressure on Financial Institutions As financial services increasingly rely on automated processes, APIs, and cloud services, regulatory frameworks are evolving to address the associated risks. PCI DSS 4. 0. 1, in particular, introduces... --- --- ## Blog > A new research by Astrix and Bayer reveals the touchpoints between AI Agents and NHIs - their security risks, and best practices - Published: 2025-06-09 - Modified: 2025-06-09 - URL: https://astrix.security/learn/blog/astrix-research-presents-touchpoints-between-ai-and-non-human-identities/ - Topics: Agentic AI, GenAI, Research Non-human identities such as service accounts, API keys, and OAuth applications, are foundational elements of modern enterprise identity infrastructure. They facilitate automated processes, grant access, and authorize actions across organizational systems. With the accelerating adoption of AI, particularly autonomous AI Agents, a critical question emerges: how do AI systems interact with NHIs? While it might seem like AI would use NHIs just like any other automated process, it isn’t just another script or a scheduled task – AI (specifically AI Agents) can make autonomous nondeterministic decisions, mimic human behavior and even request access dynamically. This behavior raises deeper concerns: Will AI require expanded access compared to traditional NHIs? Will organizations experience a surge in NHIs to support AI adoption? How will AI influence NHI behavior, blurring distinctions between automated and human-like access? Can attackers exploit AI-associated NHIs, leading to novel cyber threats? Tal Skverer, Head of Research at Astrix Research, and Ophir Oren, Cyber and AI Security Innovation Squad Leader at Bayer, examined these concerns. This article outlines their findings relating to AI implications for security, governance, and identity management. Defining AI Agents An AI Agent is an autonomous or semi-autonomous system leveraging AI technologies to perform tasks requiring specific permissions. Examples include AI-driven user onboarding processes, automated calendar summaries, or scheduling meetings without human intervention. AI categories and practical uses Before we examine how AI interacts with NHIs, we need to break down AI usage into distinct categories. AI is not some monolithic entity – it exists and operates... --- > Astrix Security joins the Rising in Cyber 2025 list, recognized for leading non-human identity security. Discover why CISOs trust Astrix’s AI-driven approach. - Published: 2025-06-04 - Modified: 2025-06-04 - URL: https://astrix.security/learn/blog/astrix-security-joins-elite-list-of-startups-defining-the-future-of-cyber/ - Topics: General, News Selected by 150 CISOs and leading investors, the ‘Rising in Cyber 2025’ list recognizes the 30 startups shaping the future of security We are thrilled to announce that Astrix has been included in Rising in Cyber 2025, an independent list launched by Notable Capital to spotlight the 30 most promising cybersecurity startups shaping the future of security. Unlike traditional rankings, Rising in Cyber 2025 honorees were selected through a multi-stage process grounded in real-world validation. Leading cybersecurity venture firms submitted nominations, and nearly 150 Chief Information Security Officers (CISOs) and senior security executives voted on the final list, highlighting the companies solving the most urgent challenges facing today’s security teams. Astrix Security was selected for securing AI agents as part of its holistic non-human identity (NHI) security approach. The Astrix platform provides governance and visibility into NHI & AI Agent privileges, accessed resources, owners, behaviors, and associated risks, allowing organizations to implement policy-based governance and mitigate threats in real-time. The company joins a cohort that has collectively raised over $7. 8 billion according to Pitchbook as of May 2025, and is defining the next era of cybersecurity across key areas like identity, application security, agentic AI, and security operations. “The demand for cybersecurity innovation has never been greater. As the underlying technologies evolve and agentic AI reshapes everything from threat detection to team workflows, we’re witnessing a shift from reactive defense to proactive, intelligence-driven operations,” said Oren Yunger, Managing Partner at Notable Capital. “What makes this list special is that... --- - Published: 2025-06-03 - Modified: 2025-06-04 - URL: https://astrix.security/learn/blog/gartners-leaders-guide-to-modern-machine-iam/ - Topics: General, News Gartner Recognizes Astrix in Its First Leaders’ Guide for Machine Identity and Access Management. Continue reading to learn why this marks a turning point for machine IAM and how Astrix is helping define the category. A Milestone for the Machine IAM Market Gartner has published its first dedicated reports on Machine Identity and Access Management (Machine IAM), marking a significant development in how organizations manage and secure nonhuman identities (NHIs). The publication of these resources—“Leaders’ Guide to Modern Machine IAM” and “Innovation Insight: Improve Security With Machine IAM”—signals a formal acknowledgment of the machine IAM space as a critical and distinct area within the broader IAM landscape. As the number of machine identities—such as workloads, APIs, scripts, containers, and SaaS integrations—continues to grow exponentially, security leaders are facing increased complexity and risk in managing machine-to-machine access. These new reports provide clarity on the scope of the problem and offer guidance on modernizing IAM programs accordingly. Astrix Security is featured in both reports for its role in Workload Identity Management—a category Gartner defines as essential for discovering, governing, and securing machine identities across hybrid and cloud-native environments. Machine IAM: A Fast-Growing, Underdeveloped Priority Gartner identifies machine IAM as one of the least mature areas within most IAM programs, despite being one of the fastest growing in scale and risk exposure. The shift toward automation, cloud adoption, and nonhuman actors has outpaced the capabilities of traditional IAM frameworks designed for human users. “Machine identities significantly outnumber human identities, and this disparity is... --- - Published: 2025-04-24 - Modified: 2025-04-24 - URL: https://astrix.security/learn/blog/ai-agents-vs-ai-chatbots-understanding-the-difference/ - Topics: Agentic AI While AI chatbots respond, AI agents act. Both automate tasks, but the security implications differ significantly, primarily due to how they interact with NHIs. Agents make autonomous decisions, through adaptive learning, while Chatbots stick to scripts and predictable interactions. Let’s dive into what sets them apart. Key differentiations AI Chatbots: predictable, constrained, and easier to secure AI chatbots are rule-based systems designed for narrow, task-specific interactions like answering FAQs or guiding users through predefined steps. Their access to systems and data is typically limited, tightly scoped, and managed through static permissions. Unlike AI agents, chatbots don’t adapt or learn on their own and rely on structured inputs within constrained environments. This predictability translates to a simpler security footprint. With fewer privileges and limited integration points, the risk of unauthorized access or behavioral drift is significantly lower. While still important to monitor, chatbot NHIs pose less threat and are far easier to govern and contain. AI Agents: dynamic, autonomous, and high-risk by design In contrast, AI agents operate autonomously across systems, making real-time decisions and executing complex workflows with minimal human oversight. To perform these actions, they require broad and continuous access to sensitive data, infrastructure, and applications. These AI agents are enabled through non-human identities (NHIs) like API keys, service accounts, and OAuth tokens. Their ability to maintain context, learn from interactions, and adapt their behavior makes them powerful tools, but also introduces significant security risks. Without strict governance, these agents can become unmonitored entities with escalating privileges and persistent... --- - Published: 2025-04-24 - Modified: 2025-04-30 - URL: https://astrix.security/learn/blog/agentic-ai-security-starts-with-nhis-how-astrix-solves-the-hidden-identity-risk/ - Topics: Agentic AI Astrix is proud to introduce a major expansion of our NHI security platform, which is purpose-built to secure AI agents at scale. Backed by our recent series B funding, this launch marks a critical step in helping enterprises regain control, visibility, and governance over the fast-evolving AI-driven workforce. Agentic AI Security Starts with NHIs AI Agents are already a major part of organizations’ workforce. These agentic systems perform tasks, access the organization’s data, and even deploy code. How do they perform all these actions and access all this data? NHIs. In their recent report, the OWASP framework explicitly recognizes that Non-Human Identities (NHIs) are critical to securing AI agents. It highlights how these autonomous entities independently make decisions, execute complex tasks, and run continuously without human oversight. OWASP LLM Applications & Generative AI Top 10 emphasize NHI risks AI Agents increase NHI sprawl Here's what security leaders are not necessarily considering: AI agents don't operate in isolation. To function, they need access to data, systems, and resources. This highly privileged, often overlooked access happens through non-human identities: API keys, service accounts, OAuth tokens, and other machine credentials. These NHIs serve as the connective tissue between AI agents and your organization's digital assets, defining precisely what your AI workforce can access and do. While AI security covers many aspects, securing AI agents fundamentally means securing the NHIs they use. When unchecked, the broad and sensitive permissions AI agents inherit create significant blind spots that can easily spiral into severe security incidents,... --- - Published: 2025-03-24 - Modified: 2025-03-24 - URL: https://astrix.security/learn/blog/the-hidden-risk-in-financial-services-securing-your-non-human-identities/ In today's digital-first financial landscape, your institution faces a critical security challenge that many organizations overlook, until it's too late. While your security teams focus on protecting human users, a far larger and more vulnerable attack surface continues to expand unchecked: Non-Human identities, also known as NHIs. Securing the Invisible Threat This surge of non-human identities creates a perfect storm of security challenges for financial institutions, which are bound by stringent compliance requirements like PCI DSS. Non-human identities, including API Keys, Service Accounts, and OAuth applications, operate silently behind the scenes, often with extensive privileges and minimal oversight. With each NHI potentially serving as an entry point for attackers, the absence of proper governance isn't just a compliance oversight; it's a security incident waiting to happen. Why Traditional Security Falls Short for NHIs Traditional identity governance was designed for human users with predictable behaviors and clear ownership. Non-human identities, however, operate differently: They often possess elevated privileges across critical systems Many lack clear ownership and accountability structures They frequently connect to third-party services outside your security perimeter Their credentials may never expire or rotate without proper controls They operate 24/7, making anomalous behavior harder to detect These fundamental differences mean that conventional security approaches can't effectively manage NHI risk and require more rigorous controls. The Mounting Regulatory Pressure on Financial Institutions As financial services increasingly rely on automated processes, APIs, and cloud services, regulatory frameworks are evolving to address the associated risks. PCI DSS 4. 0. 1, in particular, introduces... --- - Published: 2025-03-03 - Modified: 2025-03-03 - URL: https://astrix.security/learn/blog/pci-dss-4-0-1-compliance-for-non-human-identities/ - Topics: Compliance The proliferation of NHIs, such as service accounts, APIs, and OAuth Apps, has significantly reshaped the attack surface, with machine identities now outnumbering human users 45:1.  This rapid expansion has left enterprises exposed, as seen in recent high-profile breaches at the U. S. Treasury, Snowflake, and Okta, where compromised machine identities played a pivotal role. In fact, according to a recent CSA report about the State of NHI Security, 1 in 5 organizations experienced a security incident related to NHIs.   Recognizing this widening security gap, the PCI DSS framework has quickly evolved, with version 4. 0. 1 introducing new and specific requirements addressing NHI management, access controls, and lifecycle governance. The message is clear - securing NHIs is no longer optional; it’s a critical, compliance-driven necessity. PCI DSS Overview and NHI Relevance Nowadays, the established Payment Card Industry Data Security Standard (PCI DSS) is tightly linked with non-human identity management. The previous 4. 0 version of the framework explicitly addressed the unique security challenges posed by NHIs. The framework now mandates robust access control measures, secure credential management, continuous monitoring, and effective lifecycle management for NHIs. It emphasizes the application of the least privilege principle and the implementation of unique credentials for each non-human identity. What’s New in PCI DSS 4. 0. 1 PCI DSS v4. 0. 1 marks a strategic evolution in payment security standards, refining the foundation established in version 4. 0 with targeted enhancements that address the complexities of today's threat landscape. Key advancements include:  Mandatory... --- > Understand the role of non-person entities in NIST's Zero Trust guidelines and see how Astrix enhances security for these identities. - Published: 2025-02-18 - Modified: 2025-02-18 - URL: https://astrix.security/learn/blog/nist-highlights-nhi-governance-what-you-need-to-know/ - Topics: Compliance The NIST Special Publication 800-207 acknowledges an open issue regarding Non-Person Entities (NPEs), AKA - Machine/Non-Human identities when implementing Zero Trust Architecture. In this quick article, we provide an overview of the NHI angle in NIST’s special publication, and how Astrix helps customers address this gap and apply the zero-trust principles for non-human identities. Zero Trust in a nutshell Zero Trust is a security framework that operates on the principle of "never trust, always verify. " This model assumes that no user, device, or network should be trusted by default, even if they are within the organization's network perimeter. Key aspects of Zero Trust include: Continuous authentication and authorization Least privilege access Micro-segmentation Continuous monitoring and validation NIST SP 800-207 highlights NHI risks The National Institute of Standards and Technology (NIST) Special Publication 800-207 provides comprehensive guidance on Zero Trust Architecture. This document has become a de facto standard for both government agencies and private enterprises implementing ZTA, and includes a specific focus on non-human identities, referred to as Non-Person Entities (NPE). From NIST SP 800-207: 5. 7 Use of Non-person Entities (NPE) in ZTA AdministrationArtificial intelligence and other software-based agents are being deployed to manage security issues on enterprise networks. These components need to interact with the management components of ZTA (e. g. , policy engine, policy administrator), sometimes in lieu of a human administrator. How these components authenticate themselves in an enterprise implementing a ZTA is an open issue. ” Non-Human Identities are an open issue in ZTA... --- > Managing non-human identities (NHIs) is a top cybersecurity challenge today due to their complexity across interconnected systems, rapid growth, and dynamic nature - Published: 2025-01-20 - Modified: 2025-02-03 - URL: https://astrix.security/learn/blog/approaching-nhi-security-assessing-your-current-state-and-next-steps/ - Topics: General Managing non-human identities is a top cybersecurity challenge today due to their complexity across interconnected systems, rapid growth, and dynamic nature. Limited budgets and staffing add to the difficulty, leaving many organizations vulnerable and anxious without the right tools and cohesive strategies. This guide provides practical steps to refine your strategy, processes, and tools, helping you understand your current position and the critical next steps to secure and manage your NHIs effectively. The risk of doing nothing At the core lies the easiest option - doing nothing. But what does this really mean? A recent survey showed that 1 in 5 organizations has experienced security incidents involving non-human identities due to outdated credential rotation, lack of monitoring, and overprivileged accounts. Organizations that choose to ignore non-human identities expose themselves to serious risks: unauthorized access to sensitive systems, data breaches, loss of critical information, operational disruptions, and delayed detection of malicious activity. Unsecured NHIs can jeopardize confidential data, intellectual property, and customer information. Developing in-house solutions The “build it yourself” option is both impractical and ineffective. Companies attempting this approach face overwhelming demands for man-hours and resources, trying to identify hundreds of thousands or even millions of NHIs scattered across systems. Building and maintaining this type of solution requires specialized skills, which diverts valuable resources from other high-priority projects. This often results in fragmented security, where some areas are protected, but others are left exposed. Despite their efforts, some NHIs will inevitably be missed, and hackers only need one weak point... --- - Published: 2025-01-07 - Modified: 2025-02-03 - URL: https://astrix.security/learn/blog/introducing-the-owasp-nhi-top-10-standardizing-non-human-identity-security/ - Topics: Research The non-human identity market has significantly matured in the past couple of years. While NHIs like service accounts, API keys, and OAuth apps are not new, the realization that managing and securing them has to be a priority is somewhat recent.   With that, many security teams lack a clear, standardized view of the risks these identities pose, and how to go about including them in security programs. To address this gap, OWASP has launched the OWASP Non-Human Identities Top 10, a community-driven framework led by a collective of industry experts from leading cybersecurity companies, including Astrix Security.   Below, we dive into why this project is critical, what the Top 10 risks are, and how you can use it as a framework to build a resilient NHI security strategy. Watch the project leaders panel on the Top 10 NHI risks: https://astrixvideos. wistia. com/medias/g39o6jxyv3 What are the OWASP Top 10 projects? The OWASP Top 10 lists have long been a cornerstone of web application security and beyond. They identify the most critical risks in web applications, APIs, and more. Security professionals and development teams worldwide rely on these lists to prioritize mitigation strategies and build security frameworks.   The new NHI Top 10 follows this tradition, providing a clear roadmap for addressing the most critical security implications of non-human identities. Why we initiated the OWASP NHI Top 10 project Automation, connectivity, AI adoption, and cloud adoption all rapidly increase the prevalence of non-human identities in corporate and engineering environments, making... --- > Learn how Astrix secures non-human identities (NHIs) in NetSuite to prevent data breaches, operational disruptions, and compliance failures. - Published: 2025-01-06 - Modified: 2025-02-03 - URL: https://astrix.security/learn/blog/securing-nhis-in-netsuite/ - Topics: Corporate NetSuite is a cloud-based ERP platform centralizing critical functions like financial management, CRM, inventory, and operations. As it handles sensitive data and connects with various systems, securing non-human identities within it is essential. Why are NHIs prevalent in NetSuite? Organizations depend on NHIs such as OAuth apps, service accounts, and integrations to automate workflows and extend NetSuite's capabilities. These identities often have broad access, making them attractive targets for attackers. What are the risks? Compromised NHIs in NetSuite can lead to: Data breaches: Attackers gaining access to financial reports, customer data, or supplier contracts through inactive or misconfigured NHIs. Operational disruption: Unauthorized changes to workflows, such as automated payment processing or inventory updates, causing financial or supply chain havoc. Compliance failures: Orphaned NHIs with excessive privileges exposing companies to non-compliance with regulations like SOX. Real-world example: A breached API key for a payment gateway could enable attackers to redirect payments or exfiltrate transaction details. How does Astrix help? Astrix addresses these risks by: Discovery: Mapping all NHIs to ensure no service accounts or integrations operate unnoticed. Posture management: Identifying high-risk NHIs, such as those with excessive privileges, inactive or orphaned, or with untrusted third-party vendors. Remediation: Proactively deactivating unused NHIs, removing excessive permissions, and fixing vulnerabilities before they are exploited through custom and out-of-the-box workflows. { "@context": "https://schema. org", "@type": "Article", "headline": "Securing NHIs in NetSuite", "author": { "@type": "Person", "name": "Danielle Guetta", "url": "https://www. astrix. security/authors/danielle-guetta" }, "publisher": { "@type": "Organization", "name": "Astrix. security", "url": "https://www. astrix. security" },... --- > Secure Jira & Confluence with Astrix. Discover NHIs, manage access risks, and protect your sensitive data effectively. - Published: 2025-01-06 - Modified: 2025-01-07 - URL: https://astrix.security/learn/blog/securing-nhis-in-jira-and-confluence/ - Topics: General Jira and Confluence are widely used collaboration and project management platforms. Jira tracksand manages work, while Confluence centralizes documentation and team knowledge. Theseplatforms often store sensitive information, such as project pipelines, proprietary data, andembedded secrets, making them high-value targets for attackers. Why are NHIs prevalent in Jira and Confluence? Non-human identities like OAuth apps, webhooks, service accounts, and integrations enhanceworkflows and collaboration. These identities automate repetitive tasks, connect third-party tools, and streamline project management, often with broad access across systems. What are the risks? Compromised NHIs in Jira and Confluence can lead to: Intellectual property theft: Attackers accessing sensitive project details, developerpipelines, or proprietary knowledge stored in these platforms. Credential exposure: Leaked secrets or API keys embedded in Confluence pages or Jiratickets can allow attackers to move laterally into other systems. Read more about our secret scanning capabilities here. Operational risks: Unauthorized changes to projects or documentation workflows candisrupt business processes. Real-world example: In the Okta breach, attackers exploited unauthorized access to Jiraand Confluence to gather sensitive information, demonstrating the potential for damage. How does Astrix help? Astrix mitigates these risks in Jira and Confluence environments by: Discovery: Discovering and mapping all NHIs, including service accounts, bots, andintegrations, for complete oversight. Posture management: Identifying high-risk NHIs, such as those with excessive privileges,inactive or orphaned, or with untrusted third-party vendors. Remediation: Custom workflows for revoking unused permissions, deactivating orphanedNHIs, and correcting misconfigurations to reduce risk. { "@context": "https://schema. org", "@type": "Article", "headline": "Securing NHIs in Jira and Confluence", "author": { "@type":... --- > Astrix CTO Idan Gour shares his vision for identity security in the AI era following the recent Series B funding. - Published: 2024-12-16 - Modified: 2024-12-16 - URL: https://astrix.security/learn/blog/how-astrix-will-use-series-b-funding-to-transform-identity-security/ - Topics: General Following our recent B funding, I couldn’t be more excited about what’s ahead. With the AI era transforming how organizations operate, we’re standing at a critical juncture where the definition of identity security is expanding dramatically.   Our customers have always been our driving force - their security needs, challenges, and business priorities shape everything we do. We’ve been laser-focused on helping our customers secure their biggest identity blindspot - NHIs. Until Astrix, no vendor had ever tackled this problem head-on, even though non-human identities have been outnumbering them by a factor of 50 due to advancements in cloud and API technologies.   High-profile cyberattacks such as those reported by Microsoft, Okta, Cloudflare, AWS, and many others, have repeatedly highlighted how attackers exploit NHIs, bringing them into sharp focus, elevating the importance of the NHI Security market from a niche concern to a priority in enterprises’ identity security strategies. Earlier this week, during the opening keynote at Gartner’s Annual IAM Summit, “Machine IAM” was highlighted as a no. 1 Trend in enterprise identity strategies. Not surprisingly, our recent research with CSA reveals that 1 in 4 organizations is already investing in these capabilities, and an additional 60% plan to do so within the next twelve months. Top identity security trends presented in the 2024 Gartner IAM Summit. Agentic AI expands the definition of Identity Security  Our No. 1 goal remains clear: enabling our customers to adopt AI technologies, automation, and connectivity without compromising security.   Gartner predicts that by 2028,... --- > Our security experts, Tal Skverer, Tomer Yahalom, and Timothy Youngblood, have outlined ten key NHI Security predictions for 2025. - Published: 2024-12-12 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/10-predictions-for-non-human-identity-security-in-2025/ - Topics: General Non-human identities are emerging as a critical focus for organizations worldwide. Based on current trends, expertise, and experience in the market, our security experts, Tal Skverer, Tomer Yahalom, and Timothy Youngblood, have outlined ten key predictions for 2025.   Prediction 1: Recognition by auditors and regulators that NHIs will be important for compliance Why we predict it:The latest PCI DSS 4. 0 guidelines already incorporate stronger controls around authentication and access management, including requirements that could extend to NHIs. The Cloud Security Alliance’s 2024 State of Non-Human Identity Security report reveals that 68% of organizations feel their NHIs are under-monitored, signaling a compliance gap. External auditors, especially in highly regulated industries, are increasingly questioning organizations about their NHI controls, a trend driven by breaches involving unmanaged NHIs. Prediction 2: Threat actors will increasingly exploit NHIs as cloud adoption grows Why we predict it:The rapid adoption of cloud platforms introduces more credentials, misconfigurations, and technologies that attackers can exploit. According to the CSA report, 1 in 5 organizations saw security incidents involving NHIs last year. This aligns with the growing attack surface presented by misconfigured API keys, service accounts, and automation scripts. Prediction 3: Increased investment in NHI-focused tools Why we predict it:Organizations are realizing that stringing together legacy tools like PAM and IGA fails to provide comprehensive NHI security. The CSA report notes that 56% of organizations find their current identity management tools insufficient for NHIs, driving the need for purpose-built solutions. Prediction 4: Universal NHI standards will begin to... --- - Published: 2024-12-04 - Modified: 2025-01-27 - URL: https://astrix.security/learn/blog/the-service-account-guide-part-2-challenges-compliance-and-best-practices/ - Topics: Guides, Research From April to early June of this year, a threat actor referred to as UNC5537 wreaked havoc on various Snowflake instances and its customers.   The incident put the Snowflake name all over the headlines, causing a sharp decline in stock price in May when the incident first made headlines, and didn’t see a rebound until July after a roughly 23% decrease.   The material impact was undeniable... but was Snowflake at fault? The reality of this ‘incident’ was not a matter of compromised or unauthorized access to Snowflake’s enterprise environment, but rather a lack of best practices for securing the service accounts customers use to connect their Snowflake instances to other technologies.   Each of these accounts had only a single factor of authentication—a password—to protect it against unauthorized use. A single credential stood between many organizations’ most sensitive data and the threat actors of UNC5537.   In the previous part of this guide, we covered the origins of service accounts, their different types, common pitfalls, and key strategies for addressing them. In this part, we will explore the challenges of managing these non-human identities, and sprinkle in tips for securing them like a pro. Part 2: Challenges , compliance and best practices Service accounts, although not a new concept, are prone to mismanagement, security threats, and compliance issues. An example of the latter is the latest PCI DSS 4. 0 which emphasizes some very specific requirements around the management and privilege of system and application accounts (non-human identities).... --- > Read the first part of the Service Accounts Guide about the different types of service accounts, common pitfalls and best practices. - Published: 2024-11-06 - Modified: 2024-12-05 - URL: https://astrix.security/learn/blog/the-service-accounts-guide-part-1-origin-types-pitfalls-and-fixes/ - Topics: Guides, Research When you hear "Service Account" what comes to mind?   Unrotated passwords? MSSQL Server 2008? Terminator-style robots? These “OGs of non-human identities” are the interconnection point between automated processes for accessing sensitive data, driving business intelligence, and running scripts. But with so many different ways to use these identities come abuse and vulnerabilities.   In this three-part guide, we will explore the nuances of the elusive term “Service Account,” how these identities look in different environments, common pitfalls, best practices for handling and securing them, and finish with a live workshop about common vulnerabilities and how attackers might exploit them. Let’s begin. Part 1: Origin, types, pitfalls and fixes The inception of the service account began back in the days of Windows NT.   Designed as a powerful, non-interactive service account to facilitate essential system functions, LocalSystem was created with elevated privileges to manage core Windows services, including access to nearly all system resources and full control over files, processes, and registry entries. The original service accounts In recent years, service accounts have rapidly evolved from legacy on-prem systems into essential components of modern SaaS and cloud environments. Originally designed for local, isolated tasks within single servers or specific applications, they’ve now become critical for supporting complex automation across distributed systems.   With the rise of cloud infrastructure, the role of service accounts has expanded to facilitate inter-service communication, data processing, and API integrations at scale. However, this shift also brings new challenges: service accounts are often provisioned with extensive... --- > Exposed secrets are a critical part of your NHI risk landscape. Astrix detects and rotates exposed secrets. - Published: 2024-10-22 - Modified: 2025-02-10 - URL: https://astrix.security/learn/blog/detect-and-rotate-exposed-secrets-with-astrix/ - Topics: Engineering Exposed secrets such as API keys, tokens, and other machine credentials are a critical part of your NHI risk landscape. Astrix discovers exposed secrets and provides rich context and risk prioritization to easily remediate without breaking anything. The Challenge Secrets often end up in repositories, infrastructure templates, and different chat channels like Slack and Teams channels, making them a vulnerability that is often exploited for initial access and even privilege escalation. But it's not enough to detect an exposed secret; in order to properly rotate or remove a leaked secret, security and engineering teams need operational and technical context in order to understand what is the risk (and prioritize), and what processes depend on that secret. Astrix’s Secret Scanning Solution: Automated Discovery & Remediation Astrix’s secret scanning solution automatically detects and addresses exposed secrets across environments. It continuously scans, alerts, and provides detailed insights to help security teams act quickly. Key Benefits: Strengthen your NHI security program Astrix’s NHI security capabilities, combined with advanced secret scanning, reveal threats that would otherwise go undetected—like an exposed secret used in China. Map exposed secrets in real-time Get an up to date inventory of all exposed secrets across cloud and SaaS platforms. See exactly where they are, and who exposed them. Get unparalleled context Knowing a secret is exposed is not enough. Astrix allows you to prioritize risk and easily rotate exposed secrets through rich context about the secret’s lifecycle and usage.   Automate & remediate Automate secret rotation and decommissioning through out-of-the-box... --- > Learn how to secure non-human identities in Salesforce and NetSuite to meet SOX compliance and protect financial data integrity. - Published: 2024-10-15 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/securing-nhis-in-salesforce-and-netsuite-for-sox-compliance/ - Topics: Corporate Platforms like Salesforce and NetSuite are essential for automating business operations and managing workflows. But these powerful tools also introduce a hidden risk: non-human identities. These service accounts, integrations, bots, and extensions use non-human credentials to perform critical tasks and process sensitive financial data. Securing these identities is crucial, especially for organizations that need to comply with SOX (Sarbanes-Oxley) regulations and protect the integrity of their financial information. Let’s break down why this is so important and how to address the risks. Non-Human Identities: A high-risk target NHIs often have elevated privileges that make them attractive targets for attackers. In platforms like Salesforce and NetSuite, these identities drive core processes such as: Automating invoicing and financial reporting Managing customer and partner interactions Processing financial transactions If these credentials are compromised, attackers can gain unauthorized access to sensitive data, potentially leading to inaccurate financial reporting or even SOX violations. The SOX Compliance connection SOX compliance is all about ensuring the accuracy and integrity of financial data. Since NHIs in platforms like Salesforce and NetSuite often have broad access to financial systems, they can bypass standard user-level controls. If left unsecured, attackers can use these NHIs to: Manipulate financial statements Obscure or alter transactions Skew financial reports This can directly undermine the internal controls SOX compliance requires, exposing businesses to penalties and damaging their reputation. The visibility challenge A key challenge with NHIs is visibility and governance. Many organizations struggle to keep track of: Where and how NHIs are used Who created... --- > Discover how to securely offboard non-human identities (NHIs) like API keys and service accounts with Astrix’s automated solutions. - Published: 2024-09-30 - Modified: 2025-02-10 - URL: https://astrix.security/learn/blog/employee-nhi-offboarding/ - Topics: Corporate, General When employees leave, most organizations either manually remove their access or, in more mature setups, use IGA or IdP platforms integrated with HR systems.   But there’s a problem: IGA and IDP solutions focus on human identities. Even if they handle some workflows for service accounts tied to the employee, it’s not enough. Employees create and connect a variety of non-human identities like API keys, SSH keys, OAuth tokens and service accounts across engineering and business environments. These NHIs play a critical role in operational processes, but also create significant security vulnerabilities if left unmonitored. The challenge: Offboard, transfer, or rotate (and how)? It’s no news that NHIs are the enablers of all communication between between services and machines. They are everywhere, and employees create them regularly as part of their daily tasks.   Engineers create various types of secrets to authenticate services, build automations, and drive innovation. Marketing, sales, BA or other departments connect different apps and tools to corporate systems through NHIs like OAuth tokens and service accounts.   So what do you do when the employee that created these identities, or even just uses them and has access to them, leaves? Do you manually look for every NHI they ever created and blindly remove them? Do you transfer ownership to their colleague? How do you ensure operational continuity, but also avoid security risks? A research by CSA & Astrix reveals that only 19% of organizations have automated processes for offboarding API keys. Offboarding employees' associated NHIs presents... --- > CSA and Astrix Research: The State of Non-Human Identity Security - Astrix Security - Published: 2024-09-12 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/csa-and-astrix-research-the-state-of-non-human-identity-security/ - Topics: Research As NHI attacks soar, CSA and Astrix reveal critical gaps in NHI protection. New data shows that one in five organizations have experienced a security incident related to non-human identities; and only 15% remain confident in their ability to secure them. Findings from the State of Non-Human Identity Security Survey Report, a survey of more than 800 experts coupled with data from more than 2 million monitored NHIs in Fortune 500 companies, reveal a significant security disparity: organizations are far less equipped to secure non-human identities compared to their human counterparts. The most common challenges include service account management and NHI discovery. Though the survey also revealed there is a growing recognition of the importance of investing in NHI security with 1 in 4 organizations already investing in these capabilities and an additional 60% planning to within the next twelve months. Download the full report here "NHIs – like bots, API keys, service accounts, OAuth tokens, and secrets – are all lifelines of today’s organizations, enabling automation, efficiency, and innovation," said John Yeoh, Global VP of Research at CSA. "And while organizations recognize the importance of securing NHIs and often deploy a mix of tools like Identity Access Management systems, these tools are not specifically tailored to the unique challenges that NHIs present. The mismatch is evident in recent attacks on major brands like AWS, Okta, Cloudflare, and Microsoft, where despite having security measures in place, hackers still managed to infiltrate. This joint survey only underscores this vast issue, highlighting... --- > Insecure AWS Stored Credentials Lead to Compromise of 230 Million Cloud Environments - Published: 2024-08-22 - Modified: 2024-09-07 - URL: https://astrix.security/learn/blog/massive-nhi-attack-insecure-aws-stored-credentials-lead-to-compromise-of-230-million-cloud-environments/ - Topics: Attacks, Research Massive NHI Attack: Insecure AWS Stored Credentials Lead to Compromise of 230 Million Cloud Environments. Researchers from Unit 42 have uncovered a sophisticated and large-scale cyberattack targeting over 230 million AWS, cloud and SaaS environments. The attack exploited exposed environment variable files (. env) commonly stored insecurely on web servers. These files contained sensitive credentials, including AWS keys, database passwords, and API tokens, which the attackers used to gain unauthorized access to numerous cloud environments. Read more to learn about the exact flow of the attack and get 4 practical tips on minimizing your attack surface.   Campaign Rundown Discovery and Tactics The campaign was initially uncovered during an investigation into a compromised AWS environment being used to scan other domains. The attackers were found to have collected . env files from approximately 110,000 domains, exposing over 90,000 unique environment variables. Among these were 1,185 AWS access keys, OAuth tokens for PayPal, GitHub, and HubSpot, and webhooks for Slack and other services. Exploiting Misconfigurations The attackers used a combination of automated tools and deep AWS knowledge to compromise the targeted environments. They began by running AWS API calls such as GetCallerIdentity, ListUsers, and ListBuckets to identify the capabilities of the stolen credentials. Although the initial IAM roles they acquired lacked full administrative privileges, they escalated their privileges by creating new IAM roles with administrator rights. The attackers then deployed AWS Lambda functions to automate the scanning of additional domains for exposed . env files. This recursive scanning allowed them to... --- > To address the apparent security concerns of LSAs, Google introduced App-Specific Passwords (ASP). What are they, and are they safe? - Published: 2024-08-14 - Modified: 2025-01-14 - URL: https://astrix.security/learn/blog/app-specific-passwords-origins-functionality-security-risks/ - Topics: Research Google announced it will terminate support for Less Secure Apps (LSAs) on September 30, which presents a great opportunity to dive into their evolution - App-Specific Passwords, and the security concerns that still remain. Less Secure Apps (LSAs): How it all began Less Secure Apps (probably called regular apps back in the day) are applications that were created before the introduction of the Open Authorization Framework (OAuth) and other modern authentication and authorization methods. To access the user’s Google information (such as their Google Calendar), these applications had to request the user’s username and password, log in to the user’s account and fetch the required data. This created two major security concerns: LSAs have unrestricted access to the user’s account, allowing them to access all their resources, such as emails and files in Google Drive. Users who rely on LSAs cannot enable two-factor authentication (MFA) on their accounts, as this would prevent the LSA from logging in successfully. Despite the inherent risks, this was the standard back in the day - so it was used even by central applications such as Microsoft Outlook, iOS mail app, Mozilla Thunderbird and more. As awareness of the aforementioned security concerns grew, it became apparent that a more secure mechanism was needed. App-Specific Passwords: The perfect solution? To address the apparent security concerns of LSAs, Google introduced App-Specific Passwords (ASP). These were designed to provide a more secure and manageable way for apps to access user information, especially in scenarios where modern authentication methods,... --- > From Radio Shack to the Fortune 500 And now Astrix : My Cybersecurity Journey - Astrix Security - Published: 2024-06-26 - Modified: 2024-10-31 - URL: https://astrix.security/learn/blog/from-radio-shack-to-the-fortune-500-and-now-astrix-my-cybersecurity-journey/ - Topics: General I started my career in technology at the age of 10 years old. I was a self-taught hacker who didn't even own a computer. I read computer magazines and then played on computers at the local electronics store, Radio Shack. I'm lucky because I always knew I would be in technology. Hacking was a way of learning, and I soon discovered it was also a way of causing significant damage. After years on the operational side, I got the opportunity to be an auditor in Big 4 consulting, where I learned the fundamentals of controls. I noted that company after company had control breakdowns in the most fundamental processes. Yet those control breakdowns, which often translated into vulnerabilities, could result in significant losses to a company. I saw such losses in a breakdown of controls while working as a consultant at Eron when it imploded. I learned it doesn't take much to bring a company down. When I eventually became the first CISO of a major Fortune 500 company, I felt it was my duty to protect the company from such extinction events. Unfortunately, I have noticed throughout my career that the greatest danger comes from the identity ecosystem, the last mile to company resources. Identity Management at Scale: Successes and Setbacks I had the pleasure of deploying identity platforms for some of the largest companies in the world. Getting identity right is no easy task. It's complicated work to juggle directories between customer, employee, and machine identities. I even... --- > Get insights from Astrix Research on the latest non-human identity attacks on JetBrains, New York Times, GitHub, Snowflake, and HuggingFace. - Published: 2024-06-14 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/nhi-attacks-making-waves-insights-on-latest-5-incidents/ - Topics: Attacks Non-human identity (NHI) attacks are making waves in the cybersecurity landscape, with five high-profile incidents reported in the past few weeks alone. To help you stay on top of this threat vector, our research team provides insights on the latest incidents in this short article. Let's get started. Incident 1: Snowflake data breach by UNC5537 (May 15, 2024) Incident overview: One of the largest incidents in recent years, hundreds of Snowflake instances have been breached by a financially motivated threat actor identified as UNC5537. Approximately 165 organizations have been affected. Details: The breach primarily involved credentials obtained through infostealer malware on vulnerable servers or unprotected employee laptops. These credentials, often linked to service accounts without multi-factor authentication (MFA), were used to gain access to Snowflake instances and exfiltrate large amounts of data. The threat actor demanded ransom from breached organizations and, when unsuccessful, sold the data and credentials on dark web forums. This breach provides an important reminder that in addition to user accounts, Snowflake environments are rich in service accounts. These accounts are not protected by MFA by default, which increase their vulnerability to exploits. This emphasizes the need to inventory them as well as have runtime anomaly detection capabilities. Astrix's recommendations (in a nutshell): Enable MFA for all users. Convert service accounts to use key pair authentication or OAuth applications instead of static credentials. Employ behavioral monitoring to detect suspicious activity. Incident 2: New York Times source code theft (June 3, 2024) Incident overview: Attackers managed to steal... --- > Only Astrix tells you what permissions NHIs have, to which resources, who is behind them, and the risks they pose in real-time. - Published: 2024-05-28 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/securing-non-human-identities-in-aws-environments/ - Topics: Engineering Non-human identities (NHIs) such as IAM users, roles, service accounts, external keys, and secrets are crucial for accessing resources within AWS environments. However, managing and securing these identities presents unique challenges. In this article, we will cover how Astrix helps you with the toughest questions of identity security: what permissions NHIs have, to which resources, who is behind them, and the risks they pose in real-time. Let's get to the details. Visibility and discovery Maintaining an accurate and up-to-date inventory of NHIs is a significant task. Astrix provides real-time discovery of all NHIs, mapping their interconnectivity within AWS and external platforms. This holistic visibility ensures you always understand who is behind each NHIs and how they are used, helping prevent unauthorized access. Lifecycle management Managing the lifecycle of NHIs from creation to decommissioning is challenging, to say the least. Astrix streamlines this process through policy-based attestation, automated alerts, and offboarding procedures. This ensures that NHIs are appropriately governed, reducing the risk of orphaned identities and permission creep. Actionable risk modeling Not all NHIs pose the same level of risk. Astrix provides actionable risk modeling by offering context into the services and resources an NHI can access, the permissions it holds, its usage patterns, and real-time behavior. This detailed analysis helps prioritize risks and focus on the most critical security issues, enabling more effective risk management and resource allocation. Proactive threat detection Astrix is the only NHI security solution that offers non-human ITDR capabilities. In addition to policy deviations and third-party... --- > We are thrilled to announce our partnership with Torq, making it easier than ever to manage, secure, and remediate NHI risks seamlessly. - Published: 2024-05-22 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/bridging-the-nhi-security-gap-astrix-and-torq-partner-up/ - Topics: Partnerships While zero-trust policies and identity-centric programs excel at protecting user identities and login credentials with IAM policies and security tools like MFA or IP restrictions, non-human identities (NHIs) like API keys, OAuth apps, service accounts, and secrets often lack visibility, monitoring, and governance. This gap has not gone unnoticed by attackers. While zero-trust policies and identity-centric programs excel at protecting user identities and login credentials with IAM policies and security tools like MFA or IP restrictions, non-human identities (NHIs) like API keys, OAuth apps, service accounts, and secrets often lack visibility, monitoring, and governance. This gap has not gone unnoticed by attackers. Astrix Security stepped in as the first solution to fill this gap, and we are thrilled to announce our partnership with Torq, making it easier than ever to manage, secure, and remediate NHI risks seamlessly within your SOC automation processes. Simplifying NHI security with Astrix and Torq By integrating Torq with Astrix, security teams can automate identifying and responding to anomalies, excessive permissions, unused credentials, and non-rotated non-human identities through streamlined workflows. This integration helps eliminate silos, allowing teams to operationalize Astrix effortlessly within their existing Torq setup. Automated response and remediation Astrix brings behavioral analysis, typically used for human identities, to non-human identities - enabling real-time detection of unusual activities. To that extent, Torq allows customers to respond automatically using remediation playbooks driven by preset logic, allowing immediate threat responses without switching between different tools. Posture management and risky integrations Unused permissions, risky connections, and unrotated tokens increase your NHI attack surface. Using Astrix and Torq, customers can customize rules to detect unused, overly permissive, and malicious NHI access. These rules are converted into automated playbooks through Torq, ensuring continuous reduction of attack surfaces by removing risky access and non-rotated tokens. Enhanced change management Astrix and Torq enhance... --- > Recent attacks how how non-human identities and their ungoverned access to enterprise environments is a gold mine for attackers to gain & maintain access. - Published: 2024-05-19 - Modified: 2025-04-01 - URL: https://astrix.security/learn/blog/11-attacks-in-13-months-the-new-generation-of-supply-chain-attacks/ - Topics: Attacks A new generation of supply chain attacks has been rising in recent years. In such attacks, hackers abuse third-party & internal non-human identities as a means of accessing core business systems. While many conversations about supply chain security risks focus on vulnerabilities in software application components themselves, or in their human-to-app connections, they overlook a critical area of supply chain security risk: non-human identities and their ungoverned access to core business and engineering environments. The threat is real: A new generation of supply chain attacks Security issues related to app-to-app connections are not theoretical. A variety of recent incidents highlight the risk posed by insecure non-human access: US Treasury Network (Dec 2024): BeyondTrust, a third-party cybersecurity service provider, experienced a security breach where attackers exploited a zero-day vulnerability in a third-party application to access an AWS asset, obtain an API key, and compromise customer instances by resetting local application passwords. 𝐈𝐧𝐭𝐞𝐫𝐧𝐞𝐭 𝐀𝐫𝐜𝐡𝐢𝐯𝐞 𝐛𝐫𝐞𝐚𝐜𝐡 (Oct 2024): 𝐨𝐧𝐞 𝐀𝐏𝐈 𝐤𝐞𝐲 𝐞𝐱𝐩𝐨𝐬𝐞𝐝 1 𝐦𝐢𝐥𝐥𝐢𝐨𝐧 𝐬𝐮𝐩𝐩𝐨𝐫𝐭 𝐭𝐢𝐜𝐤𝐞𝐭𝐬 . thousands of Internet Archive users with support tickets received a follow-up message revealing that an exposed API key was not properly rotated, allowing access to their support data. Massive NHI Attack (Aug 2024): Insecure AWS stored NHIs and machine credentials lead to compromise of 230 Million cloud environments. Gitloker (June 2024): The threat actor Gitloker exploited malicious OAuth apps to target GitHub users, causing significant data loss and ransom demands. JetBrains (June 2024): JetBrains found a vulnerability in their GitHub Plugin for IntelliJ IDEs, risking unauthorized... --- > Learn how non-human identities are leveraged for supply chain attacks & why attackers opt to use third party vendors as means for a larger attack - Published: 2024-02-07 - Modified: 2024-08-07 - URL: https://astrix.security/learn/blog/part-3-anatomy-of-supply-chain-attacks/ - Topics: Guides “Identity is the new perimeter. ” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations - big or small. The realization that user identities and login credentials need to be vigorously protected with IAM policies and security tools like MFA or IP restrictions or via SSO happened long ago. However, when it comes to non-human access like API keys, OAuth tokens, service accounts, secrets and other programmable access credentials, the situation is very different. Lack of visibility, monitoring and governance to this permissive access is everywhere, and attackers have figured it out. In this guide, we will deep dive into the non-human identities attack surface, how it’s created, how attackers exploit it, and what steps you can take to minimize your exposure now. Part 1 & 2 recap In the first and second installments of this series, we covered the non-human identity problem and the drivers that make it such a prevalent security gap. The modern standards for speed, automation, and free flowing data between platforms have increased the proliferation of non-human identities.   We dove into OAuth, one of the most commonly used authorization methods of non-human access, and covered the behind the scenes of the authorization process, the inherent issues of the framework and how attackers exploit OAuth apps for all parts of their attacks. This brings us to the third installment,... --- > Learn what happened in the Cloudflare breach, and how Astrix can help to prevent such attacks, from discovery to anomaly detection & secret security - Published: 2024-02-05 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/breach-analysis-cloudflare-falls-victim-to-okta-attack/ - Topics: Attacks In a not-so-surprising turn of events, one of the victims in Okta’s supply chain attack reveals further exploits. Cloudflare recently reported that their entire Atlassian suite - Bitbucket, Jira and Confluence were breached back in November by the same threat actor that breached Okta’s support systems.   In this article we will cover what happened in this breach, and how Astrix can help with such attacks. Register for the live workshop: How attackers exploit non-human access A classic case of vendor supply chain attack  Supply chain attacks involve a compromised vendor that’s been breached, and the data stolen is then used to compromise the vendors’ customers. In this case, attackers breached Okta’s support ticket system using a compromised service account. From there the attackers stole HAR files uploaded by Okta’s customers, which contain customers’ credentials. Cloudflare, being an Okta customer, responded to the initial breach by rotating 5000 exposed credentials. Sadly, their efforts fell short. In an extensive report, Cloudflare describes how a few weeks after the incident, the Okta attackers used two credentials that were not rotated to compromise their Atlassian suite: A token and service account credentials, both belonging to integrations within Cloudflare’s Atlassian environment, and were used to gain administrative access to Cloudflare’s Jira, Confluence and Bitbucket.   The compromised production Atlassian suite contained Cloudflare’s internal Confluence wiki (14,099 pages), Jira bug tracking (2M tickets) and Bitbucket source code (11,904 repositories), all of which the attackers had access to. Cloudflare shares how the attackers tried using the... --- > A summary of the attack flow and recommendations on ensuring your environment is not vulnerable to such OAuth abuse. - Published: 2024-01-28 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/oauth-attack-against-microsoft-by-midnight-blizzard/ - Topics: Attacks Midnight Blizzard, the Russian state-sponsored actors, were abusing OAuth applications as part of their attack against Microsoft’s corporate environment. Learn about the attack flow and get the recommended remediation steps. Once again, non-human access manifests as a significant blindspot in organizations’ identity layer. Midnight Blizzard, the Russian state-sponsored actors, were abusing OAuth applications as part of their attack against Microsoft’s corporate environment. Microsoft’s Office 365 email server was breached, and internal email correspondences of Microsoft employees’ were exposed.   In the initial disclosure of the incident, Microsoft revealed that the threat actors achieved initial access via password spraying. However, the initial access only granted them limited permissions to the Microsoft tenant. A few days later, Microsoft published a thorough analysis of the techniques that allowed the threat actors to achieve and maintain access to Microsoft's own Office 365 Exchange server. This blog provides a summary of the attack flow and recommendations on how to ensure your environment is not vulnerable to such OAuth abuse. Abusing deprecated OAuth application for Privilege Escalation The Midnight Blizzard APT group was able to find an unused, deprecated OAuth application with the full_access_as_app role to the Office 365 Exchange server.   This kind of application essentially allows any user in the tenant, even one with very limited permission, to generate valid access tokens to Microsoft’s own Exchange server and access the mailboxes of other Microsoft employees in the Office 365 tenant. The threat actors abused this application to generate tokens and target Microsoft corporate mailboxes. How to protect yourself against this attack technique? Security posture review:  start by reviewing all the non-human identities in your organization’s Microsoft tenant to detect deprecated unused OAuth apps. This... --- > Learn how the OAuth framework works, the inherent downsides of OAuth, and what makes it so lucrative for attackers to try and exploit. - Published: 2024-01-25 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/part-2-how-attackers-exploit-oauth-a-deep-dive/ - Topics: Guides “Identity is the new perimeter. ” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations - big or small. The realization that user identities and login credentials need to be vigorously protected with IAM policies and security tools like MFA or IP restrictions or via SSO happened long ago. However, when it comes to non-human access like API keys, OAuth tokens, service accounts, secrets and other programmable access credentials, the situation is very different. Lack of visibility, monitoring and governance to this permissive access is everywhere, and attackers have figured it out. In this guide, we will deep dive into the non-human identities attack surface, how it’s created, how attackers exploit it, and what steps you can take to minimize your exposure now. Watch the on-demand workshop: How attackers exploit non-human identities Part 1 recap In the first installment of this series, we covered the non-human identity problem space, and the drivers that make it such a prevalent security gap. The topic of consent fatigue, and how employees will connect anything without really understanding the permissions they grant tools and services to sensitive systems and data, is one of the main drivers of the non-human access issue. Permission scopes and lack of offboarding of machine credentials make non-human access the path of least resistance for hackers looking to gain initial access, and then escalate... --- > Machine credentials are a wild west of ungoverned access. But what are they? How can you monitor them? and why should you care? - Published: 2024-01-09 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/what-are-non-human-identities-and-why-theyre-your-biggest-blindspot/ - Topics: Guides “Identity is the new perimeter. ” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations - big or small. The realization that user identities and login credentials need to be vigorously protected with IAM policies and security tools like MFA or IP restrictions or via SSO happened long ago. However, when it comes to non-human access like API keys, OAuth tokens, service accounts, secrets and other programmable access credentials, the situation is very different. Lack of visibility, monitoring and governance to this permissive access is everywhere, and attackers have figured it out. In this guide, we will deep dive into the non-human identities attack surface, how it’s created, how attackers exploit it, and what steps you can take to minimize your exposure now. Watch the on-demand workshop: How attackers exploit non-human identities What are non-human identities and why they’re your biggest blindspot These days, every employee delegates access to external entities to automate tasks and increase efficiency. This sprawl of third party non-human access to core systems like Salesforce, GitHub and Microsoft365 via service accounts, OAuth tokens and API keys creates a mostly ungoverned attack surface. Astrix has found that for every 1,000 users, companies typically have 10,000 non-human connections. To make matters even more complicated, R&D teams regularly create secrets that connect internal services and resources to, for lack of better phrasing, “make... --- > Astrix research looks back at the high profile non-human access attacks in 2023, ranks the top 5, and explains what we can learn from them. - Published: 2024-01-02 - Modified: 2024-08-05 - URL: https://astrix.security/learn/blog/top-5-non-human-access-attacks-of-2023/ - Topics: Attacks 2024 is here, and before we delve into new year resolutions and looking to the future, we wanted to take a moment and look back at some of the most high profile non-human identity attacks in 2023, rank the top 5, and see what we can learn from them. For that, our research team set the ranking criteria, analyzed each attack accordingly, and provided their insights on the lessons that we can learn from each attack. But first, what is a non-human identity attack? Threat actors, like all humans, look for the path of least resistance, and it seems that in 2023 this path was non-user access credentials (API keys, tokens, service accounts and secrets). These programmable access credentials are used to connect apps and resources to other cloud services, and what makes them a true hacker's dream is that they have no security measures like user credentials do (MFA, SSO or other IAM policies). To make matters worse, these credentials are also often over-permissive, ungoverned, and never-revoked. How we ranked the top 5 attacks Our research team at Astrix sat down to discuss the past year’s non-human identity attacks, and ranked the top 5 according to three key criteria: Impact: this criteria takes into consideration the severity of the consequences of the breach as well as the scale. How sensitive the data stolen, how many organizations were impacted and app downtime are all part of this criteria. Cost of mitigation: this criteria takes into consideration what was the cost... --- > Unmonitored GitHub connections create a new ecosystem of supply chain dependencies that expand your attack surface and expose your organization to attacks. - Published: 2024-01-01 - Modified: 2025-05-13 - URL: https://astrix.security/learn/blog/insecure-third-party-connections-to-your-github-may-trigger-a-supply-chain-attack/ - Topics: Engineering Unmonitored GitHub connections create a new ecosystem of supply chain dependencies that expand your attack surface and expose your organization to attacks. Do you really know how many internal and third-party services have access to your GitHub repository? IT teams, DevOps, and developers are increasingly authorizing new third-party applications to access the organization’s GitHub repositories in a bid to boost productivity. However, many of these are shadow integrations (connected via API keys, service accounts, webhooks, OAuth tokens, or even SSH keys) that are not vetted by security teams. They are also often over-privileged or were connected by users who have since left the company. Making matters worse, development teams constantly create secrets as part of application development, often not following best practices such as vaulting and least-privilege permissions. These unmonitored NHIs in your GitHub create a new ecosystem of supply chain dependencies that expand your attack surface and expose your organization to supply chain attacks, compliance violations, and unauthorized access. Organizations should protect their API keys as vigorously as they protect their passwords. Leaking an API key can be more consequential than leaking a username and password login since logins are often protected by two-factor authentication nowadays, whereas API keys are not. The threat is real: GitHub attacks triggered by ungoverned Non-Human Identities Recent high-profile attacks targeting Github or services that are connected to GitHub environments, reveal the risks of ungoverned NHIs. Gitloker malicious OAuth apps (June 10, 2024) In a sophisticated attack, a threat actor known as Gitloker targeted GitHub users by exploiting malicious OAuth apps. This breach has affected numerous users, leading to significant data loss and ransom demands. JetBrains... --- > Discover how to mitigate risks associated with service accounts in GCP and Snowflake. Learn strategies to reduce your attack surface effectively. - Published: 2024-01-01 - Modified: 2025-05-13 - URL: https://astrix.security/learn/blog/close-service-account-security-gap-in-gcp-and-snowflake/ - Topics: Engineering There's a big security gap in data warehouses with 1000s of service accounts connecting them to other cloud-services. See how to reduce this attack surface Many security and IT teams are concerned about a substantial security gap in their data warehouses such as GCP’s BigQuery and Snowflake. By now they understand that there are probably hundreds, if not thousands, of service accounts that are currently connecting their data warehouses to other cloud-services. Some of them are third-party cloud services, which may not be necessarily trustworthy. These service accounts, which are essentially very powerful credentials, are usually created by employees like data analysts and DevOps practitioners in order to increase process automation and interconnectivity between systems. However, these app-to-app connections are created and granted powerful permissions under the radar of the security teams, and often increase organizations’ attack surface.   So what is exactly this attack surface and how can you minimize it with the help of Astrix?   Let’s start from the basics. What are service accounts?   We are all familiar with the concept of user accounts. These accounts are specific to individuals, and allow us to sign in using our own credentials or identities to computers, networks, applications and services. There is a wide range of identity platforms out there that organizations can use to help them manage their user accounts - Okta and Duo being two noteworthy examples. Similar to humans having user accounts, services and applications can have service accounts. These accounts are designed to complete tasks on behalf of a particular application or automated service - without human involvement. As such, service accounts are a popular tool for connecting core... --- > Knowing how to combat risks AI tools pose will keep your organization gleaming. Idan Gour explains how to prepare for a safe adoption of GenAI. - Published: 2023-12-07 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/tips-for-genai-security/ - Topics: GenAI As many have come to realize in the cyber world, all that glitters is not gold. Generative AI, and its ability to automate work processes and boost productivity, is increasingly being used across all business environments. While it’s easy to get wrapped up in the excitement of these tools, like Otter. ai being able to recap a Zoom meeting with a click of a button, we can’t push security and rational thinking to the back burner - the risks to the enterprise are too high. Knowing how to combat the risks these AI tools pose will keep your organization gleaming. Supply chain risks are around the corner with Generative-AI When it comes to generative AI apps, such as ChatGPT and Jasper. ai, there are two main risks for security leaders to be aware of. The first (and more obvious one) is data sharing. A general good practice here is to be aware of the app’s data retention policies when using a third-party application. How is your data being used and retained by the solution? Where is your data being moved to and from, and how? During this data sharing process, it’s important to monitor the actual data transfer between your environment and a third party’s environment in order to detect potential security issues. Otherwise, you could result in a similar situation as Samsung - just recently, Samsung employees were interacting with ChatGPT and shared a source code that invariably leaked the electronic conglomerate’s sensitive data on three different occasions. The... --- > While the software supply chain has been a huge catalyst for vulnerabilities and attacks, non human access creates a new attack surface - Published: 2023-11-15 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/not-just-code-vulnerabilities-the-overlooked-cause-of-software-supply-chain-attacks/ - Topics: Engineering According to Gartner: “Software supply chain attacks have added a new dimension to software security problems because the software delivery pipelines and the tools used to build and deploy software are the new attack vectors. ”  While the software supply chain has been a huge catalyst for vulnerabilities, and consequently attacks, there is a new type of supply chain attacks that has proliferated in the last couple of years – taking advantage of the third-party tools and services that are connected to development environments such as AWS, GCP, Azure and Git platforms. While DevOps and other AppSec stakeholders turn to classic AppSec solutions to secure their code and engineering environments, which are vital for securing the app’s code, CI/CD environments and sometimes runtime, there is a crucial missing piece - ungoverned third-party and internal non-human access via keys and tokens. But what does that actually mean, and why should you care? Unmonitored internal access keys and tokens: To develop an app and make it work, R&D teams regularly generate ‘secrets’ - keys and tokens, as part of their day to day job. These keys and tokens allow access to resources, code and infrastructure - aka your most valuable intellectual property, and the vitality of your app. Safekeeping these keys is a challenge since they are scattered across different secret managers (vaults), and regularly accessed by R&D teams that often unintentionally expose them (for debugging, for example).  While AppSec solutions with shift left methodologies secure code vulnerabilities & dependencies, CI/CD processes... --- > Read this guide to learn what happened in the recent Sumo Logic incident and how to remediate - from Astrix Research experts - Published: 2023-11-09 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/sumo-logic-incident-guide/ - Topics: Attacks On Friday, November 3rd, Sumo Logic discovered that a compromised credential was used to access Sumo Logic’s AWS account. Since then, Sumo Logic rotated the exposed AWS credentials and locked down potentially affected infrastructure, and reported they didn’t detect access to customer’s data.   Nonetheless, Sumo Logic still suggested that customers rotate all Sumo Logic API access keys immediately. For extra caution, since the investigation is still ongoing and until further details are given, Astrix also recommends rotating all types of non-human identities credentials saved on Sumo Logic’s systems, per Sumo Logic’s original guidelines: Installed collector credentials. Third-party credentials stored with Sumo for data collection by a hosted collector. Third-party credentials stored with Sumo for webhook configuration. Sumo Logic user passwords. Next steps guide: How to successfully rotate each type of credentials Sumo Logic integrates to and collects data from many different sources, both cloud or on-prem. Depending on the type of connection, a specific credential is necessary for the integration to work. This makes it especially hard for Sumo Logic administrators to handle the recommended approach to handle the recent breach.   As a first step, Astrix experts reviewed the necessary actions and dove deep into the different credentials that could have been affected by this breach. Below you will find a list explaining the different credentials required for rotation, including links to relevant documentation. Sumologic API Access Keys What are these credentials? These keys are simply used to access Sumo Logic’s API. They can be used as part... --- > Tal Skverer shares his insights about the recent Okta breach, what happened and how a leaked service account can cause a lot of trouble % - Published: 2023-11-06 - Modified: 2025-01-14 - URL: https://astrix.security/learn/blog/okta-breach-leaked-service-account/ - Topics: Attacks Two weeks ago Okta reported that attackers managed to steal credentials and access Okta's support case management system. This allowed the attackers to view files uploaded by some Okta customers as part of recent support cases. Some of the affected customers are Cloudflare and BeyondTrust, which have since released their own reports about the effects on customers. New updates shed more light on the breach, exposing the root cause of the incident was a leaked service account. During the time Okta released their initial incident report, several high-profile Okta customers revealed that they detected an intrusion to their systems using stolen credentials. These credentials were extracted from HAR files uploaded during the handling of the support ticket in Okta’s support system. But how did the threat actor have access to Okta support tickets?   In an update delving into the root cause analysis, Okta’s CISO sheds more light on the breach: a service account that had access to view all support tickets and read files that were uploaded to it, was used to steal these HAR files.   And how did the password of this service account leak?   Okta found that an employee who signed into their personal Google account on their Okta-managed laptop had these account’s credentials saved to their personal Google account. Any rogue extension, app or compromised machine that had access to this personal Google account potentially could access these credentials. So what can we learn from this? Service accounts skip security measures that normal accounts... --- > Key takeaways from two recent Gartner reports about GenAI related threats and why Astrix was mentioned in them - Published: 2023-09-27 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/key-takeaways-about-genai-risks-from-gartner-reports/ - Topics: GenAI As the buzz around GenAI security continues to grow, research reports around the burning subject continue to arise. In this article we will share key takeaways from two recent Gartner reports about GenAI related threats, why Astrix was mentioned in them, and the way we see them representing the new security landscape surrounding GenAI. In the report “Emerging Tech: Top 4 Security Risks of GenAI”, Gartner explains the risks and opportunities that come with the prevalent use of GenAI tools and technologies, from data security and privacy risks to third party black-box style APIs, integrations, and LLMs that rapidly expand organizations’ attack surface.   Schedule a GenAI assessment with our experts According to the report, “The use of generative AI (GenAI) large language models (LLMs) and chat interfaces, especially connected to third-party solutions outside the organization firewall, represent a widening of attack surfaces and security threats to enterprises. However, they also offer new opportunities for security technology provider offerings. ” In the report, Astrix is mentioned as a sample vendor in the category of API Risk, Authorization and Access-Control-Oriented. In our view, this mentioning positions Astrix as an enabler for organizations to use these advanced technologies to support growth and innovation, while maintaining security and governance.   In another report “Innovation Guide for Generative AI in Trust, Risk and Security Management” Gartner covers the categories of GenAI risks, and explains why IT leaders need to evaluate emerging TRiSM (Trust, Risk and Security Management) technologies and solutions to better address these... --- > Looking back at Astrix's journey as a 2023 RSA Innovation Sandbox finalist, and how far we've come since then. - Published: 2023-08-31 - Modified: 2024-08-05 - URL: https://astrix.security/learn/blog/looking-back-at-our-journey-in-the-2023-rsa-innovation-sandbox-contest/ - Topics: General With Q4 around the corner, a reflection on the year so far highlights a standout moment for us at Astrix Security - our achievement as a top 10 finalist in the esteemed RSA Innovation Sandbox contest. The RSA Innovation Sandbox contest isn't your run-of-the-mill event. It's a meeting ground for cybersecurity leaders, investors, and tech enthusiasts all gathered to see what the future of cybersecurity holds. The contest emerged as a remarkable platform in the realm of cybersecurity, and was driven by the need to identify and nurture promising cybersecurity startups. In fact, according to RSA, since the start of the contest in 2005, the top 10 finalists have collectively seen over 75 acquisitions and $12. 48 billion in investments. The acknowledgment of Astrix Security as a top 10 finalist, and the opportunity to showcase our vision for the emerging market of non-human identity security, was a stepping stone in our path to becoming leaders in the industry. This accomplishment not only underscored our innovation, but also the true potential of our amazing team and the solution we’re building.   Impact that Echoes Through Time https://www. youtube. com/watch? v=gpg-v-YLCOU On April 26 2023, Astrix’s CEO Alon Jackson took the stage in front of over 2000 people to tell the story of Astrix. From defining the problem we solve in the non-human identity security realm to how we help tech leaders such as NetApp, Priceline and Rapyd secure their non-human access, Alon took the crowd through our development journey and the... --- > Non-human identities accessing Slack environments expose organizations to supply chain attacks. Astrix helps prevent these risks. - Published: 2023-07-17 - Modified: 2024-12-02 - URL: https://astrix.security/learn/blog/securing-non-human-identities-in-slack/ - Topics: Corporate There are more than 2,400 apps in the Slack app directory, and many more from other, non-verified marketplaces that can be integrated via NHIs like OAuth tokens and Webhooks. In fact, only about 10% of connections to Slack come from the official app directory, meaning that many organizations are using numerous third-party app connections with zero vetting, on a daily basis. Slack often serves as an organization's main communications channel. One of its greatest features to help increase productivity and streamline processes is the ability to build and integrate internal and external applications on top of it.   The risks of unmonitored non-human identities to Slack environments Each NHI grants powerful access to a third-party app vendor that may not be trustworthy. Once those keys fall into the wrong hands, private conversations could be exposed and passwords or tokens shared within private channels may be accessed. Your Slack environment could be more exposed than you think Using the Astrix Security platform, we discovered that Slack environments typically have hundreds of third-party NHIs. From our research we discovered: On average, for every 5000 employees, we saw 40 new OAuth tokens for Slack apps added every week. 60% of installed Slack integrations were not installed from the official app directory. Out of 4,385 apps integrated within Slack, about 2% had access to the entirety of private channels and the DMs (Direct Messages) of the user who installed them. 5% of the installed apps were able to impersonate the user which installed them,... --- > Non-human identities accessing M365 & Azure AD environments expose organizations to supply chain attacks. Astrix helps prevent these risks. - Published: 2023-07-17 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/securing-non-human-identities-in-microsoft-365-azure-ad/ - Topics: Corporate To streamline workflows and maximize its functionality, Microsoft 365 & Azure Active Directory (AAD) can be connected to thousands of apps and services, as well as a large number of non-marketplace apps that can be connected via NHIs like webhooks, OAuth tokens, API keys and workflow automation platforms. Each and every NHI that connects Microsoft 365 and third-party apps poses a security threat to your company, from supply chain attacks to data breaches and compliance violations. The risks of unmonitored non-human identities to Microsoft 365 environments The recent year has seen an uptick in attacks carried out via third-party NHIs, as cyber criminals exploit this ungoverned access to penetrate companies’ Microsoft 365 environments. Here are just some examples: Microsoft Midnight Blizzard (January 2024): Russian state-sponsored threat actors abused OAuth applications as part of their attack against the company’s corporate environment. Microsoft’s Office 365 email server was breached, and internal email correspondences of Microsoft employees’ were exposed. Microsoft365 Forged Access Token (July 2023): Inactive signing key was stolen from a possibly breached enterprise Azure system, and used to sign and create valid email access tokens, which were erroneously accepted by the Azure AD cloud system of several of its customers. This allowed the hackers to expand their reach to Office365 used by all organizations sharing the same Azure AD cloud environment. Microsoft SAS Key (September 2023): A SAS token that was published by Microsoft’s AI researchers actually granted full access to the entire Storage account it was created on, leading to... --- > Non-human identities accessing Salesforce environments expose organizations to supply chain attacks. Astrix helps prevent these risks. - Published: 2023-07-17 - Modified: 2025-05-13 - URL: https://astrix.security/learn/blog/securing-non-human-identities-in-salesforce/ - Topics: Corporate Salesforce environments across the world are connected to 11,225,724 AppExchange services, as well as countless other non-exchange services that can be integrated into Salesforce environments via API keys, OAuth tokens, service accounts and more. All these non-human connections accessing sensitive Salesforce environments significantly expand the attack surface, exposing companies to supply chain attacks, data breaches and compliance violations. Salesforce is one of your organization's most critical core environments, holding crucial business processes and sensitive information. To automate processes and increase productivity, employees regularly connect third-party apps and services to their corporate Salesforce, often without the knowledge of the security team. The risks of unmonitored non-human identities to Salesforce environments Anyone within the organization can connect third-party apps and tools to the corporate Salesforce environment without any vetting from the security teams. While not all Salesforce users can use the app exchange, every single one is able to connect non-marketplace apps in multiple ways such as webhooks, OAuth tokens and more. Everything from the Salesforce interface to accounts, contacts, calendars, Salesforce Flow, documents and more can be breached through third party non-human identities. All it takes is just one of your connected apps or services to be breached, and your organization’s most closely guarded assets, along with vital customer information, could be stolen or leaked. For example, in recent years, sales intelligence solution Apollo fell victim to a breach that exposed some 9 billion data points. Salesforce users were affected by the breach because Apollo is a widespread third-party Salesforce integration,... --- > Non-human identities accessing Google Workspace and GCP environments expose organizations to supply chain attacks. Astrix helps prevent these risks. - Published: 2023-07-17 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/securing-non-human-identities-in-google-workspace/ - Topics: Corporate Google Workspace is a core productivity engine for many businesses. As such, employees are increasingly connecting third-party applications into their Google Email, Calendar, Docs, Drive and more in a bid to increase productivity. These connections are also created when users sign in to third-party apps using the Google Single Sign-On feature. Many of these third-party apps and add-ons (connected via OAuth tokens and service accounts) are not vetted by security teams and are often published by untrusted vendors, are over-privileged, or were connected by users who have since left the company. While Google Workspace itself is innately secure, the more than 5,000 third-party integrations offered on the Google Marketplace and the vast ecosystem of non-public apps may not be. The risks of unmonitored non-human identities to Google Workspace environments This unmonitored non-human access to your Google Account creates a new ecosystem of supply chain dependencies that expand your attack surface and expose your company to supply chain attacks, compliance violations, and unauthorized access. Because of the way Google Workspace and GCP connect to each other, these risks may also apply to your company's Google Cloud Platform (GCP) environment which includes business critical platforms like BigQuery and Looker. In environments like Google Workspace and Microsoft 365, attackers are not just using stolen OAuth tokens to penetrate organizations, but launching sophisticated ‘consent phishing’ campaigns to trick users into granting access to malicious third-party apps:  In the 0-day vulnerability recently exposed by Astrix Security, dubbed “GhostToken”, threat actors are able to potentially change... --- > With the increasing use of interconnected applications, security teams often overlook these shadow connections, leaving potential vulnerabilities in the software supply chain. - Published: 2023-06-13 - Modified: 2024-08-05 - URL: https://astrix.security/learn/blog/forbes-shadow-connections-how-theyre-impacting-your-production-environment-and-software-supply-chain-security/ - Topics: General Astrix Security Co-Founder & CEO, Alon Jackson’s latest article for Forbes emphasizes the risks posed by unmonitored third-party app-to-app connections in corporate environments. With the increasing use of interconnected applications, security teams often overlook these shadow connections, leaving potential vulnerabilities in the software supply chain. In the article, he covers: How unmonitored shadow app-to-app connections can serve as a missing link for supply chain attacks. Why security leaders should shift focus to secure third-party applications alongside core software systems. Security strategies for organizations to adopt - from educating employees to creating access key inventories and more. Read the full article here. --- > Idan Gour shares his insights about identity-related attacks being on the rise, with credential misuse becoming a prominent attack vector. - Published: 2023-06-13 - Modified: 2024-08-05 - URL: https://astrix.security/learn/blog/security-magazine-non-human-identities-secure-them-now-not-later/ - Topics: General Astrix CTO & Co-Founder Idan Gour shares his insights with Security Magazine about identity-related attacks being on the rise, with credential misuse becoming a prominent attack vector. Recent high-profile incidents have highlighted the exploitation of insecure non-human identities, such as API keys and OAuth tokens, to breach organizational systems, steal sensitive data, and cause disruptions.   In the article, he covers: Why identity-related attacks persist in the cybersecurity industry with three main types of threats: supply chain attacks, OAuth phishing, and company access token attacks. The importance of securing non-human identities and extending access management strategies beyond users. All about attacks targeting trusted vendors like GitHub, Microsoft, and Slack. Read the full article here. --- > GhostToken - Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts - Published: 2023-04-20 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/ - Topics: Research On June 19, 2022, Astrix’s Security Research Group revealed a 0-day flaw in Google’s Cloud Platform (GCP) which affects all Google users. The vulnerability, dubbed “GhostToken”, could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim’s Google account infected with a trojan app forever. Google has officially released a patch for the GhostToken vulnerability on April 7th, 2023.   Why is the GhostToken vulnerability severe Today’s workforce is fueled by an entirely new level of productivity hacks as employees seek to increase efficiency and simplify daily processes. This is made possible thanks to thousands of applications, ones that employees can easily install from the Google Marketplace or other websites. Once authorized, the application receives a token, granting access to the employee’s Google Account.   By exploiting the GhostToken vulnerability, attackers can hide their malicious application from the victim's Google account application management page. Since this is the only place Google users can see their applications and revoke their access, the exploit makes the malicious app unremovable from the Google account. The attacker on the other hand, as they please, can unhide their application and use the token to access the victim’s account, and then quickly hide the application again to restore its unremovable state. In other words, the attacker holds a “ghost“ token to the victim’s account. It’s important to note that, since the application is entirely hidden from the victim’s view, they are prevented from even knowing their account is at... --- > Discover how the CircleCI breach exposed critical access tokens. Explore implications for third-party integrations and strategies to enhance your security posture. - Published: 2023-01-16 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/the-circleci-breach-the-results-of-a-stolen-access-token/ - Topics: Attacks Following a reported data breach last month, the company confirmed in a first comprehensive aftermath analysis that customers’ secrets and encryption keys were stolen. This breach joins a series of recent attacks using access tokens and API keys to perform privilege escalation and breach companies’ core environments (like GitHub, Google Workspace, Salesforce, Snowflake and others) to steal sensitive data such as code repositories and customer data. The CircleCI breach started from one of the company’s engineering employees’ computer, which was compromised by malware that bypassed their antivirus solution. The compromised machine allowed the threat actors to access and steal session tokens. Stolen session tokens give threat actors the same access as the account owner, even when the accounts are protected with two factor authentication. Since the engineering employee had privileges to generate production access tokens as part of their regular duties (like most engineers), the threat actors were able to escalate privileges in order to access and exfiltrate data from customer environment variables, tokens, and keys, all without CircleCI’s knowledge. CircleCI reported that while customer data was encrypted at rest, the threat actors were able to obtain the encryption keys that allowed them to decrypt the customer data and potentially access encrypted customer data. Access tokens and API keys don’t have MFA The creation and use of access tokens and API keys is a common practice in organizations, allowing engineers and other employees to integrate apps to companies’ core systems in an effort to streamline work processes and increase productivity.... --- > The Slack attack proves that organizations must protect API keys as vigorously as they protect passwords. Here are 6 tips to help you avoid similar attacks. - Published: 2023-01-11 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/slacks-github-breach-6-tips-to-avoid-similar-attacks/ - Topics: Attacks The Slack attack proves that organizations must protect API keys as vigorously as they protect passwords. Here are 6 tips to help you avoid similar attacks. Slack announced its GitHub code repositories had been breached over the new year holiday weekend. The incident involved threat actors gaining access to Slack's externally hosted GitHub repositories via a "limited" number of stolen Slack employee tokens. Further investigations revealed that the threat actors downloaded private code repositories (so far, no evidence that customer data was compromised). The spike in API key exploits, such as the Slack attack, repeatedly proves that organizations must protect their API keys as vigorously as they protect usernames and passwords. We have listed below six practical tips to help you minimize your attack surface and avoid similar attacks. A spike in attacks targeting GitHub account The Slack exploit joins a chain of attacks targeting GitHub code repositories over the past 12 months, in which attackers take advantage of improperly secured API keys and OAuth tokens to penetrate organizations' GitHub repositories. One recent high-profile example occurred in April 2022, where attackers used stolen OAuth app tokens issued to Heroku and Travis-CI to breach dozens of GitHub customer accounts through authorized Heroku or Travis CI OAuth app integrations. What's more, the current attack against Slack was published merely days after another similar attack on CircleCI was brought to attention. The CircleCI breach exposed its customers to supply chain attacks, in which attackers may use keys and secrets stolen from the CircleCI environment to penetrate their GitHub repositories. In response, CircleCI has urged its customers to detect all connections of GitHub repositories with CircleCI and rotate all secrets,... --- > Following a possible breach, CircleCI published a security alert urging their customers to rotate all CircleCI secrets to prevent supply chain attacks. - Published: 2023-01-05 - Modified: 2024-08-05 - URL: https://astrix.security/learn/blog/circleci-security-alert-are-you-at-risk/ - Topics: Attacks Following a possible breach, CircleCI published yesterday a security alert urging their customers to rotate all CircleCI secrets, specifically API keys and tokens, to prevent supply chain attacks. In such attacks, attackers may use stolen API keys to penetrate CircleCI customers' core systems to exfiltrate sensitive code and business data, insert malware or create business disruption.   Until more information is provided by CircleCI we recommend disconnecting CircleCI from valuable assets and rotating all tokens and secrets provided to CircleCI. It is most probable that more information will be shared from CircleCI to you directly, and via CircleCI’s Twitter or blog. To understand if your organization is at risk, it's important you quickly understand whether CircleCI service is used within your organization and what core systems are connected to it so that you can rotate all the secrets used by the connections across all types of connections - Apps, API and SSH keys and webhooks.   However, detecting all the connections might be a tedious and time-consuming task since these connections are usually created without any governance of the security team or proper vetting process and documentation. For your convenience, we have listed below common connections to CircleCI from organizations' core systems (based on our continuous observations), and the recommended remediation steps required. Please note, due to the functionality of CircleCI, removing the access, or even just regenerating tokens without providing them again to CircleCI would impact your CICD pipeline. Therefore, we highly recommend working with the relevant platform owners... --- > Discover hidden risks in app-to-app connections. Astrix reveals alarming findings, offering secure solutions for organizations. - Published: 2023-01-03 - Modified: 2024-12-24 - URL: https://astrix.security/learn/blog/2022-recap-6-surprising-third-party-connectivity-stats/ - Topics: Research In the perpetual race for greater productivity and agility, employees increasingly connect third-party applications to their organization’s core systems, to automate and streamline their work processes (using API keys, OAuth tokens, service accounts, webhooks, SSH keys and more). New third-party applications (whether it’s a calendar sync app connecting to Google Workspace or a CI/CD productivity cloud service connecting to GitHub), are given access to core systems and business data on a daily basis, often without the security team’s knowledge. These unmonitored, improperly-secured app-to-app connections expose organizations to supply chain attacks, data breaches and compliance violations - and the attack surface is bigger than you might think. Researchers at Astrix analyzed customer data over the past twelve months and discovered alarming numbers. From hundreds of unused connections with non-marketplace apps to thousands of access tokens that have access to core systems, here are our top six findings about organization’s app-to-app connectivity and security. 1. Thousands of access tokens According to our findings, a typical organization has 10 tokens (OAuth tokens, personal access tokens, SSH keys, service accounts and others) per employee on average, across all monitored core systems. This means that each new employee creates 10 tokens that can access their company’s resources. While the number of tokens per employee varies depending on their role, the average remains high - a company with 1000 employees has roughly 10,000 tokens granting different applications access to its core systems. 2. Hundreds of newly added tokens and apps weekly Employees in mid-size organizations create... --- > The new generation of software supply chain attacks is here to stay. But not all hope is lost. See how business can prevent becoming the next headline breach. - Published: 2022-11-18 - Modified: 2024-08-05 - URL: https://astrix.security/learn/blog/the-next-generation-of-supply-chain-attacks-is-here-to-stay/ - Topics: General Astrix Security Co-Founder & CEO, Alon Jackson, has published his latest article for Dark Reading on why the new generation of supply chain attacks are here to stay. Such attacks have been rising dramatically in recent years. So much so that Gartner predicts that 45% of organizations globally will experience such an attack by 2025. In the article, he discusses: What is causing the rise of app-to-app integrations Why these third-parties present an imminent problem How business can close the security gap once and for all Read the full article here. --- > Catch Alon Jackson on the 20 minute Leaders podcast! He covers everything from the founding of Astrix Security to the future of app-to-app security. - Published: 2022-11-10 - Modified: 2024-08-05 - URL: https://astrix.security/learn/blog/leadership-and-the-future-of-app-to-app-security/ - Topics: General Astrix Security Co-Founder & CEO, Alon Jackson, recently caught up with Michael Matias of 20 Minute Leaders to discuss everything from the founding of Astrix Security, his background & leadership, to the need of app-to-app security. Main topics covered: Background & founding of Astrix Security Why today's interconnected world makes it app-to-app security crucial How CISOs are taking notice of this new, worrying attack vector What the future holds for Astrix and the industry at large https://www. youtube. com/watch? v=HEi5DjJdRU0 --- > Learn how organizations should address common third-party integration risks, and the new generation of supply chain security attacks. - Published: 2022-09-05 - Modified: 2024-08-05 - URL: https://astrix.security/learn/blog/securing-app-to-app-connectivity-and-low-or-no-code-apps/ - Topics: General Astrix Security Co-Founder & CEO, Alon Jackson, recently joined Chase Cunningham, host of Dr. Zero Trust, for an in-depth discussion on how to secure business-critical third-party integrations, and prevent breaches from affecting your critical infrastructure. Main topics covered: How can you secure no code or low code applications? How should organizations look at the risks from these types of "factory made" apps? What types of pricing make sense for security applications that you might not own? How should the market approach the future of application security in an all cloud world? You can listen to the full episode here. --- > Astrix Co-Founder and CEO Alon Jackson alongside Amplitude CISO Olivia Rose and David Spark in a Super Cyber Friday episode dedicated to third-party application integration security: “Hacking Third-Party Integrations.” - Published: 2022-07-15 - Modified: 2024-08-05 - URL: https://astrix.security/learn/blog/ciso-series-hosts-astrix-third-party-integrations/ - Topics: General Astrix Co-Founder & CEO, Alon Jackson, recently joined Dan Walsh, the CISO of VillageMD, and David Spark, host of CISO Series for an hour of critical thinking about securing app-to-app integrations.  Astrix Co-Founder and The Super Cyber Friday episode dedicated to third-party application integration security: “Hacking Third-Party Integrations" is now available to watch here. Main topics covered: How are applications being brought into the enterprise IT environment? What does the security department know about and don’t know about? What is the non-user activity that’s happening among applications? How do you keep tabs on this activity that appears to be just a push for more automation? What’s the vulnerability of low code and no code apps that allow people to connect apps easily? What can’t we see in these third party integrations that we should want to see? How do you determine which app integrations are risky? Tune in as Jackson and Dan discuss the risks of app-to-app connectivity, low-code/no-code iPaaS, and more: Click here to watch the full episode here. Here's a sneak peek: https://www. youtube. com/watch? v=mZhr85E5kLE&t=180s? v=_Oh12ROTQCE --- > A recently disclosed bug in GitHub Apps could have been abused to grant excessive permissions to malicious third-party applications. - Published: 2022-06-20 - Modified: 2024-08-05 - URL: https://astrix.security/learn/blog/github-apps-bug-created-significant-3rd-party-risk-how-you-can-stay-protected/ - Topics: Research Overview On June 16, 2022, GitHub sent a message to its customers disclosing a bug in GitHub Apps that existed for a 5-day timeframe between February 25 and March 2, 2022 – and which could have been abused to grant excessive permissions to malicious third-party applications The disclosed bug is the latest example of how third-party integrations can expand organizations’ attack surface by jeopardizing core systems including (but certainly not limited to) GitHub.   The post below shares our current understanding of the GitHub App bug and its implications for GitHub clients security posture. We also share practical mitigation strategies security teams can follow to ensure their organization’s GitHub account hasn’t been compromised.   GitHub Apps Bug Created Significant 3rd-party Risk About the GitHub Apps bug and its implications  According to a GitHub disclosure from June 16, 2022, a bug detected in GitHub Apps allowed privileged escalation from read permission to its equivalent write permission between February 25 and March 3, 2022.   Exploiting this bug would have required:  a) a malicious or compromised GitHub app installed on your organization’s GitHub account before or during that 5-day window  b) a malicious actor familiar with this vulnerability.   Even though GitHub closed the bug in March 3rd 2022, there are several use cases in which a malicious actor could have abused this bug (within this 5-day timeframe) to obtain persistent access and leave long-term effects on your organization’s Github account. For example, they could have gained long-term access to your company source... --- > PLG and security leaders: going with the flow - Astrix Security - Published: 2022-04-20 - Modified: 2024-10-31 - URL: https://astrix.security/learn/blog/plg-and-security-leaders-going-with-the-flow/ - Topics: General PLG is here to stay. More and more cloud-apps are adopting a product-led growth (PLG) strategy as a way to help grow and retain their customer base. Think: Slack, Trello, and Calendly.   In practice, PLG means getting rid of any friction points for signing up and trying a product (e. g. offering free or “freemium” versions), and placing a premium on a smooth and enjoyable user experience. The theory goes that once you've actually used a product, people are more likely to purchase it. Another hallmark of the strategy is leveraging evangelists—users who love a product and spread the word about it. This tactic works particularly well for SaaS products, because people need to share information (and therefore use the same apps) to collaborate effectively in the workplace. There’s no doubt that PLG is here to stay. But what does it mean for security teams suddenly managing a sprawling perimeter defined by bottom-up end user adoption that bypasses the traditional security review process? "How can security teams suddenly manage a sprawling perimeter defined by bottom-up end user adoption that bypasses the traditional security review process? " Meteoric rise It’s been around for a while, but PLG really took off in the past few years. Choosing and purchasing enterprise software used to be the exclusive domain of centralized IT departments, with third-party risk assessment built into the process. Now, with more and more digital infrastructure moving to the cloud, the decision-making power has shifted closer to the actual end user,... --- > Explore the security challenges of third-party integrations and discover how Astrix Security helps mitigate risks in today's hyperconnected digital landscape. - Published: 2022-02-16 - Modified: 2025-05-13 - URL: https://astrix.security/learn/blog/the-promise-and-peril-of-third-party-integrations/ - Topics: General We’ve entered the hyperconnected era. In an effort to drive productivity and growth, businesses are embracing third-party cloud applications at an unprecedented rate. And they’re increasingly tethering these applications to core systems – like Google Workspace, Office 365, Salesforce, and Github – to achieve automation and data-sharing at scale. This is great for innovation – and terrifying for security. (Case in point: 93% of companies report a cybersecurity breach in the past year related to weaknesses in their digital supply chain. ) The exploding world of third-party integrations presents daunting new security challenges. These integrations effectively define a new cloud perimeter, one in which the points of connectivity between applications and core systems have become the most vulnerable attack vectors. "What are the primary risks of third-party app-integrations – and how can digitally connected enterprises protect themselves? " Risk #1: Supply chain attack What it is: A third-party app integrated to a trustworthy central platform may move or “leak” sensitive data into a less secure environment. Malicious actors abuse security vulnerabilities associated with a legitimate (but less secure) third-party application – and exploit its privileged access to distribute malware or access sensitive information (like credentials or data). Recent example: Hackers compromised the software development tool Codecov to gain access to – and rapidly copy and export to an attacker-controlled server – sensitive secrets,credentials and IP associated with software accounts at thousands of clients. Why third-party integrations increase the risk: More and more, third-party applications hold the “keys to the kingdom”: the most privileged credentials in the enterprise. Any third-party... --- > 5 cloud-app connectivity trends for 2022 - Astrix Security - Published: 2022-02-08 - Modified: 2024-10-31 - URL: https://astrix.security/learn/blog/5-cloud-app-connectivity-trends-for-2022/ - Topics: General Five key cloud adoption trends will shape the digital workforce – and the cybersecurity landscape – over the coming year. In just a few short years, the enterprise tech stack has been transformed. It’s not even really a “stack” anymore at all, but a web of new 3rd party cloud apps and platforms along, integrated and sharing data with each other and with the old legacy enterprise platforms. This was already underway before Covid-19, but the historic switch to remote and hybrid work quickly accelerated it. In fact, it’s believed that by 2025, 85% of enterprise IT will be “cloud first”. And it’s easy to see why: slashed budgets, more flexibility, and the ability to effectively support a remote workforce. But the benefits come with some big challenges when it comes securing this new web of integrations from malicious attacks.   In this post we’ll dig deeper into this paradigm shift by taking a closer look at the top 5 cloud app adoption trends for 2022, and what each of them means from a cybersecurity perspective: The new enterprise perimeter is fuzzyThe “perimeter”—the border around an organization’s critical on-premise platforms—has become harder to define. The widespread adoption of 3rd party cloud platforms means the center of gravity has shifted from on-premise to off. Organizations used to be able to build a simple firewall around their proprietary data and call it a day. Unfortunately, this is a lot trickier when 3rd party cloud apps (and the flow of data between them and legacy... --- --- ## Customer Stories > How Workday secures non-human identities with Astrix amid the rise of AI agents, autonomous systems, and NHI proliferation. - Published: 2025-05-26 - Modified: 2025-05-26 - URL: https://astrix.security/learn/customer-stories/rsac-2025-how-workday-implemented-nhi-security/ AI might be dominating the headlines, but at this year’s RSA Conference, one theme rose to the top - non-human identities. In a joint session, Astrix CEO Alon Jackson and Workday’s Director of Identity Security, Albert Attias, explored how the rise of autonomous systems is transforming the identity landscape - and how Workday built their NHI security program for the AI era. Welcome to the era of Artificial Identities Alon kicked off the session by reframing the current identity security conversation. While AI takes center stage, there’s a quieter revolution happening under the hood - AI agents and automations acting on our behalf. These “virtual employees,” as Alon calls them, now carry out tasks from writing code and sending emails to managing production workflows. And these AI-driven automations aren’t just scripts - they’re learning, evolving, and choosing their own tools. “That’s what makes this moment so exciting, and so risky,” said Alon. “We’ve entered a world where you can’t treat these agents like static processes. You have to treat them like identities. ” The problem? Unlike human employees, these identities can’t be held accountable. They don’t log in with a face or fingerprint. And when something goes wrong - an API key exposed, a token misused - there’s no one to blame. “We’ve seen breaches where a single key, a single overlooked NHI, led to billions of records leaking,” said Alon. Real-world lessons from Workday Albert then took the stage to share how Workday has been tackling this problem for... --- - Published: 2025-01-06 - Modified: 2025-01-07 - URL: https://astrix.security/learn/customer-stories/how-workato-gained-360-nhi-visibility-with-astrix/ Shyam Bhojwani, Senior Director of Business Technology and Cybersecurity at Workato, oversees a dynamic intersection of IT and cybersecurity. In his three years with the company, he has faced the growing challenge of managing non-human identities in a cloud-first environment, where service accounts, third-party integrations, and extensions proliferate. Beyond service accounts: The NHI challenge “When I think about NHIs, it’s not just your service accounts. It’s more than that - extensions, Chrome plugins, and third-party marketplace apps,” Shyam explains. “We’re in this era of cloud applications where everyone wants to use marketplace apps. That’s where Astrix becomes important. It gives us insights into these apps, like their scope and the companies behind them. ” Workato’s cloud-driven operations required a solution capable of uncovering hidden risks in third-party apps and vendor interactions, and Astrix provided the visibility they needed. https://astrixvideos. wistia. com/medias/obwpu534w3 Comprehensive NHI visibility With Astrix, Workato achieved what Shyam describes as a “360-degree overview” of their NHIs. “That’s huge for us,” he says. “Building this level of visibility in-house would have been extremely tough, but Astrix makes it easy. ” The platform provided critical insights into how NHIs interact across the company’s ecosystem, from third-party apps to vendor relationships. This level of insight helped Workato streamline its operations and manage risks more effectively. According to Shyam, the ability to view and manage NHIs in a unified way was a game changer. Reducing costs and complexity Astrix also delivered measurable cost and efficiency benefits. “Our total cost of ownership (TCO)... --- > Discover how RevMed improved token visibility and simplified key management with Astrix, transforming their NHI security strategy. - Published: 2024-12-24 - Modified: 2024-12-24 - URL: https://astrix.security/learn/customer-stories/how-revmed-solved-token-and-key-management-challenges-with-astrix/ RevMed, a biotech company specializing in pancreatic cancers like RAS and mutant cancers, faced significant security challenges in managing their non-human identities. Alec Lessard, RevMed’s Information Security Senior Manager, shares how Astrix transformed their approach to token and key management. Visibility into token access The growing prevalence of token-based attacks, such as Midnight Blizzard, drove RevMed's security team to take a close look at their NHI security posture. Like many organizations, they struggled with understanding what their tokens could access within their environment. This lack of visibility left them vulnerable to over-privileged applications and unmonitored token activity. By integrating Astrix into their security stack, RevMed gained critical insights into token access from a non-human perspective. According to Lessard, “With Astrix complementing our security stack, we were able to gain visibility as to what tokens could actually access. Applications had over-privileges, but it helped us clean up really quick and provided us a perfect monitoring solution. ” https://astrixvideos. wistia. com/medias/uhq8dz1wzy Simplified key management Key management had long been a pain point for RevMed. The rapid generation of keys to connect services often resulted in hygiene issues and tracking challenges. RevMed adopted Astrix as the central platform for managing keys, streamlining their approach across the organization. “With Astrix, that worry goes away,” says Lessard. “You get a holistic view through the platform of which keys are talking where. It gives you a chance to reconcile what keys belong to what products, even if you had a hygienic issue in the past. ”... --- > How fintech company Mercury used Astrix's non-human identity security platform to speed mitigation and gain visibility. - Published: 2024-11-07 - Modified: 2024-11-07 - URL: https://astrix.security/learn/customer-stories/mercury-cuts-mitigation-time-with-astrix/ - Topics: Customer Success Mercury’s mission: Powering financial workflows for startups Mercury is a fintech company trusted by over two thousand startups to manage and streamline their financial workflows. As a leader in this space, Mercury’s commitment to security is paramount, especially in the rapidly evolving landscape of identity and access management (IAM). Non-human identities are a blindspot IAM is a cornerstone of any robust security program, and most established companies have mature processes in place for managing human identities. Tools like Okta, single sign-on (SSO), and SAML are commonly used to govern access. However, non-human identities, such as API keys, machine credentials, and other forms of automated access, are often overlooked. These identities, critical for connecting systems and enabling automation, lack the processes and attention given to their human counterparts. Branden Wagner, Head of Information Security at Mercury, explains: "The human side of IAM is well established, but non-human identities are often neglected. Traditionally, protecting these identities has fallen to DevOps practices, with little dedicated tooling available. With Astrix, we can build our program with more maturity and security. " https://astrixvideos. wistia. com/medias/lic5291q6o A real-world test: Rapid remediation during a third-party breach Mercury’s decision to partner with Astrix was put to the test during a proof of value (POV) phase when a breach occurred at Dropbox Sign. Although Mercury wasn’t a direct customer of Dropbox Sign, a third-party vendor they worked with used the service, creating potential exposure within Mercury’s environment. "Astrix allowed us to quickly identify and remediate the affected accounts," Branden... --- > BigID automates non-human identity security, streamlines risk management and enhances visibility across SaaS and cloud environments with Astrix. - Published: 2024-10-20 - Modified: 2024-12-24 - URL: https://astrix.security/learn/customer-stories/bigid-enhances-grc-tprm-and-cloud-security-with-astrix/ BigID’s Mission: Securing Data Across SaaS and Cloud Environments BigID is a leading DSPM vendor that helps organizations understand and manage data risk throughout their environments. As a global, fully remote company with a massive cloud presence, BigID faces the challenge of managing a sprawling network of SaaS applications and non-human identities (NHIs) across multiple cloud platforms. https://astrixvideos. wistia. com/medias/ou2zjxmhq2 The Challenge: Managing Non-Human Identity Sprawl With the rise of SaaS technologies and cloud adoption, BigID needed to keep track of the extensive web of non-human identities in their environment, including API keys and tokens that interact between SaaS applications and cloud platforms. The challenge lies in maintaining an up-to-date inventory of these identities, identifying which were active or stale, and understanding the interconnected relationships between all their technologies. Kyle Kurdziolek, Director of Cloud Security at BigID, explains: "The hardest part for any organization is having an inventory of what’s interconnected across your environment. You need to know which keys and tokens are active, which are stale, and what technologies they’re connected to. " How Astrix Helped: Extending Security Beyond the Team For BigID, Astrix became more than just a security tool - it became an integral part of their broader security operations, extending its benefits to teams beyond security, such as Governance, Risk, and Compliance (GRC) and Third-Party Risk Management (TPRM). "Astrix helped us catch gaps in our processes, like discovering a vendor that hadn’t gone through TPRM review during a proof of concept," Kyle recalls. "It’s not just... --- > Astrix Security achieves SOC 2 Type 2 certification, validating its robust security measures for app-to-app integrations just five months after launch - Published: 2024-08-25 - Modified: 2024-12-24 - URL: https://astrix.security/learn/customer-stories/case-study-automotive-company-secure-nhis/ - Topics: Customer Success Rob Preta is a Director of Cybersecurity at a large automotive technology provider based in the US. Watch the full testimonial video to learn how Astrix enables Rob and his team to discover and remediate NHI-related risks. https://astrixvideos. wistia. com/medias/pxcdzw7rpo Manual processes create security gaps Rob Preta, the Director of Cybersecurity at a leading automotive technology provider, faced a challenge in managing non-human identities within his organization. Detecting and resolving these identities was a manual and painstaking process, often requiring two or three people to track them down. With applications constantly communicating through various methodologies, there was no easy way to monitor these interactions effectively. The lack of scalable processes made it difficult to maintain a secure environment and protect against data exfiltration. Controlling NHIs with Astrix To address these challenges, Rob decided to partner with Astrix Security. The goal was to mature his cybersecurity program and gain better control over non-human identities. Astrix Security provided a solution that allowed Rob to: Enhance security for non-human identities: By implementing Astrix, Rob's team could track and secure the interactions between applications more efficiently. This ensured that only legitimate conversations occurred between service accounts and applications. Prevent data exfiltration: Astrix's solution offered protection against data breaches by securing third-party applications and integrations, reducing the risk of unauthorized access. Implement a least privilege model: With Astrix, Rob could enforce a least privilege model, ensuring that service accounts and application connections only had access to what was necessary, minimizing potential attack vectors. The Astrix... --- > Why Boomi turned to Astrix for non-human identity visibility, governance and risk mitigation, and their results. - Published: 2024-08-16 - Modified: 2024-12-24 - URL: https://astrix.security/learn/customer-stories/boomi-controls-3rd-party-nhi-access-with-astrix/ - Topics: Customer Success Navigating the risks of a cloud-connected ecosystem Boomi, a leading integration and automation company, has been at the forefront of connecting systems securely for nearly 25 years. As a company that operates entirely in the cloud, with all corporate systems being SaaS-based, Boomi faces unique challenges in managing and securing the thousands of connections that drive their business. https://astrixvideos. wistia. com/medias/8gpvw3yhoh The hidden threats in every connection Like many in the industry, Boomi's leadership took note of the increasing risks associated with non-human identities (NHIs) following high-profile incidents at companies like MGM, Okta, and Microsoft. Carl Siva, CISO of Boomi, recognized the potential dangers these connections posed: "It's not just about who is managing these connections, but also the permissions and rights these third-party vendors have within our environment. The potential damage from a compromise is significant, especially when dealing with thousands of connections. " Simplicity and speed in security Faced with the need to manage and secure an ever-growing number of NHIs, Boomi turned to Astrix. The platform’s simplicity, risk scoring, and anomaly detection capabilities stood out immediately. "The tool had to be easy to use," Carl noted. "The simplicity and the ability to quickly understand high-risk connections were key. The time to value was much faster than other software we've seen, and the support from Astrix was phenomenal. " Rapid response in critical moments Astrix proved its value during a critical moment when Boomi needed to assess the impact of a security event involving Snowflake. "What could have... --- > Pagaya used Astrix's non-human identity security platform to gain crucial visibility into GenAI access and other NHI risks. - Published: 2024-08-13 - Modified: 2024-12-24 - URL: https://astrix.security/learn/customer-stories/pagaya-gains-visibility-governance-over-nhis-with-astrix/ - Topics: Customer Success Connecting more people with financial opportunities Pagaya, a leading fintech company, leverages advanced predictive AI to revolutionize consumer credit assessment. By creating and analyzing more features beyond traditional credit scores, Pagaya enables fintechs and banks to offer more personalized financial opportunities to a broader range of consumers. However, with the increasing complexity of their AI-driven platforms, the company faced significant challenges in managing and securing non-human identities (NHI). https://astrixvideos. wistia. com/medias/ym5eqfjpbl The NHI promise - and perils As a company deeply embedded in AI and fintech, Pagaya quickly realized that the scale and complexity of their non-human identities far exceeded their human identities—by almost tenfold. These non-human identities, including APIs, service accounts, and other machine credentials, were integral to their operations, yet posed substantial security risks. Without a clear understanding and visibility into these identities, Pagaya was exposed to potential misconfigurations and vulnerabilities. Yaniv Toledano, Global CISO of Pagaya, reflects on the initial stages of their journey: "We started with Astrix to really understand how non-human identities affect us. We realized that for every human identity, we had around ten times more non-human identities. These identities were linked across all our platforms and applications, creating scenarios where we might have provided the wrong set of privileges or overlooked potential vulnerabilities. " Making the most of GenAI & automation with Astrix Understanding the critical role of non-human identities in their ecosystem, Pagaya partnered with Astrix to gain control over this rapidly growing aspect of their infrastructure. Astrix's NHI Security Platform provided... --- > Learn about real-life Astrix customer wins. This one is a story about 2 companies that leveraged behavioral analysis to prevent NHI risks. - Published: 2024-07-16 - Modified: 2024-08-05 - URL: https://astrix.security/learn/customer-stories/story-4-detecting-compromised-secrets-and-careless-vendors/ - Topics: Customer Success Join Astrix customers as they lead the non-human identity security frontier in this series "The Astrix stories: Real customer wins". From building an automated process around NHI offboarding, to a collaboration between security and engineering to remove super-admin tokens in two hours - these real stories will help you understand what an NHI security strategy looks like for Astrix customers. Chapter 1: Speed and agility come at a (security) cost API keys and OAuth tokens are the standard for integration of technologies in the modern world where self-service is everything and the barrier of entry is low. These API keys, OAuth tokens, and other non-human identities (NHIs) are quickly outpacing their human counterparts. However, they are often overlooked, overprivileged, and unmonitored. This story shows how two companies from different industries leveraged proactive threat detection & behavior analysis not only to identify but actively protect against the constant threats that non-human identities create.   A SaaS company faced significant security challenges due to its heavy use of SaaS-based technologies and integrations. The culture enabled dev and engineering teams to develop innovative solutions rapidly and allowed extensive use of internal and external integration points. One such integration involved an internal Slack app with wide access to sensitive information across private channels and direct messages. This freedom came with risks...   —-- A digital marketplace had a similar culture and set of challenges. In this case, the customer encountered issues with active visibility into their AWS environment. The lack of inventory and historical... --- > Learn about real-life Astrix customer wins. This one is a story about a SOC team catching the Red Team in the middle of an exercise. - Published: 2024-07-02 - Modified: 2024-08-05 - URL: https://astrix.security/learn/customer-stories/story-3-catching-the-red-team-red-handed/ - Topics: Customer Success Join Astrix customers as they lead the non-human identity security frontier in this series "The Astrix stories: Real customer wins". From building an automated process around NHI offboarding, to a collaboration between security and engineering to remove super-admin tokens in two hours - these real stories will help you understand what an NHI security strategy looks like for Astrix customers. Chapter 1: The Red-Team Routine It is very common in the security industry to hear of failed security audits and red-team exercises targeting “the weakest link” - reused passwords, system defaults, unused, yet highly permissioned service accounts. But highly uncommon to hear about defensive security efforts that stop these exercises in their tracks. Today’s story is an example of the latter. We’re all familiar with The Red-Team. Minimal access is granted and they are then tasked with infiltrating the system, uncovering weaknesses along the way. This approach helps organizations identify and fortify any gaps in their defenses. As Non-Human Identity (NHI) attacks become more prevalent, they also became a favored vector for these Red-Teams (and attackers). The increased frequency and sophistication of such attacks necessitated an equally sophisticated response. A major e-commerce platform recently experienced the efficacy of Astrix’s Threat Detection capabilities during a Red-Team exercise that stopped them in their tracks.   Chapter 2: Astrix Spoiling the Red-Team's Party The company’s security team got a notification from Astrix about an internal Slack application that was flagged for exhibiting suspicious behavior when a dormant bot token suddenly came online, accessing... --- > Learn about real-life Astrix customer wins. This one is a story about automating security awareness and reducing new risk by 97% - Published: 2024-05-07 - Modified: 2024-08-05 - URL: https://astrix.security/learn/customer-stories/story-2-reducing-new-risk-by-97-percent/ - Topics: Customer Success Join Astrix customers as they lead the non-human identity security frontier in this series "The Astrix stories: Real customer wins". From building an automated process around NHI offboarding, to a collaboration between security and engineering to remove super-admin tokens in two hours - these real stories will help you understand what an NHI security strategy looks like for Astrix customers. Chapter 1: Educating employees with the Astrix chatbot Billions of dollars are spent annually on educating employees to safely use and adopt new technology. At the heart of integrating new tools and AI-driven solutions are non-human identities: service accounts, API keys, webhooks and OAuth tokens that connect one technology to another. Ensuring employees do not fall victim to attacks that aim to exploit their access to critical environments like AWS, Salesforce, and Google Workspace is a constant struggle in a security leader’s life. For the CISO of an international travel agency that relies on its digital presence 24/7 for marketing, booking, and customer support, the challenges of identifying and controlling non-human access created by employees have always lingered in the back of his head. This brought him to Astrix. But he took it a step further. Beyond using the Astrix platform to control and secure non-human access to critical corporate environments, the CISO decided to leverage Astrix's chatbot function to automatically educate employees about the potential security risks of their non-human integrations. After some time using the chatbot function, the security team saw an effective reduction in new risky integrations... --- > Learn about real-life Astrix customer wins. This one is a story about finding out compromised CircleCI tokens, and improving posture in GitHub. - Published: 2024-04-22 - Modified: 2024-08-05 - URL: https://astrix.security/learn/customer-stories/story-1-removing-super-admin-tokens-across-33-github-tenants-in-2-hours/ - Topics: Customer Success Join Astrix customers as they lead the non-human identity security frontier in this series "The Astrix stories: Real customer wins". From building an automated process around NHI offboarding, to a collaboration between security and engineering to remove super-admin tokens in two hours - these real stories will help you understand what an NHI security strategy looks like for Astrix customers. Chapter 1: Did we actually rotate all compromised keys?   Ever wondered who has access to your keys and tokens other than you? How would you know? A leading SaaS provider asked this question after one of their trusted vendors was compromised. With over 12,000 diverse employees including a global engineering team, multiple business units, a vast salesforce, and a complex digital infrastructure across cloud and on-premises technologies, the company’s security challenges are multifaceted, and non-human identities (NHIs) such as tokens, secrets and service accounts were a total blindspot.   As a result of the CircleCI incident of January 2023, the security team’s main focus was to manually identify thousands of keys that covered this diverse ecosystem, their dependencies, and business impact, and then rotate every single key. This effort alone took hundreds of hours of engineering time and proved fruitful with the successful identification & rotation of the compromised keys. However, the question remains - how do we know we caught everything? This is where Astrix Security came in. As part of the continuing CircleCI remediation effort, the security team leveraged Astrix’s capabilities to identify and remediate risky tokens,... --- --- ## Events --- ## Glossary > Learn how MCP redefines AI integration for security and cloud teams—enabling scalable, real-time, and secure connectivity across tools, data, and systems. - Published: 2025-04-14 - Modified: 2025-05-15 - URL: https://astrix.security/glossary/model-context-protocol-mcp/ Imagine giving your AI assistant a universal remote control to operate all your digital devices and services while eliminating the need for custom integrations for each new app. The Model Context Protocol (MCP) is an open-source standardization that creates a single, unified "language" for connecting AI models with various data sources, tools, and external applications. Source: https://thenewstack. io/mcp-the-missing-link-between-ai-agents-and-apis/ Since its launch in late 2024, MCP has seen rapid adoption by major organizations like Google, OpenAI, and Replit. By early 2025, over 1,000 open-source connectors had been developed. This widespread use highlights MCP's transformative role in standardizing AI integration across tools and data sources. In this article, we will explain the core concepts, architecture, technical capabilities, and key benefits of this soon-to-be widespread standardization of how AI models connect and operate.   MCP Core Concepts and Architecture Client-Server Architecture MCP's fundamental architectural model consists of servers, clients, and hosts communicating through standardized protocols. This architecture allows AI systems to interact with diverse applications using a standard "language," eliminating the need for custom integrations for each new application. Source: https://modelcontextprotocol. io/introduction MCP Server A program that provides tools and data access capabilities for Large Language Models (LLMs) to use. MCP servers act as "translators" embedded in applications that know how to take natural-language requests from AI systems and perform equivalent actions in the applications. MCP Client The bridge connecting LLMs and MCP Servers. Embedded in the LLM, the client is responsible for receiving requests from the LLM, forwarding them to the appropriate... --- > Discover how Agentic AI leverages NHIs, the security risks it introduces, and how to mitigate them for safe, autonomous AI adoption. - Published: 2024-11-28 - Modified: 2025-05-15 - URL: https://astrix.security/glossary/agentic-ai/ Agentic AI represents a significant advancement in artificial intelligence, offering autonomous decision-making capabilities that can transform various industries. However, its integration introduces specific security challenges, particularly concerning Non-Human Identities (NHI). This article explores the concept of Agentic AI, its applications, adoption trends, and associated NHI security risks. What is Agentic AI? Agentic AI refers to systems or programs capable of autonomously performing tasks on behalf of users or other systems by designing their workflows and utilizing available tools. Unlike traditional AI models that require explicit instructions, Agentic AI systems can plan, execute, and achieve goals with minimal human supervision, effectively acting as independent agents. What are the purposes and applications of Agentic AI? The primary purpose of Agentic AI is to enhance efficiency and productivity by automating complex, multi-step processes. Key applications include: Business process automation: Streamlining operations by autonomously handling tasks such as data analysis, customer service interactions, and supply chain management. Software development assistance: Assisting developers by generating code snippets, debugging, and testing, thereby accelerating the development cycle. Personal assistants: Managing schedules, emails, and other administrative tasks without continuous human input. These applications enable organizations to focus on strategic initiatives by delegating routine tasks to intelligent agents. Adoption statistics and future outlook The adoption of Agentic AI is on an upward trajectory. Deloitte predicts that by 2025, 25% of companies utilizing generative AI will initiate Agentic AI pilots or proofs of concept, with this figure rising to 50% by 2027. This growth is driven by the technology's potential... --- > Gen AI poses risks as employees connect unvetted and overly permissive AI apps to organizations' environments. Protect your system from unvetted gen AI apps. - Published: 2024-07-01 - Modified: 2025-03-17 - URL: https://astrix.security/glossary/how-generative-ai-impacts-non-human-identity-security/ The popularity of Generative AI apps such as ChatGPT, Gemini, GPT4, Adobe, and many more is undeniably changing how organizations operate. While these AI-powered apps offer exceptional capabilities to automate tasks and boost productivity, they also pose significant threats and expand an organization's attack surface through various threat vectors - a major one of them is non-human identity risks. How generative AI impacts security? We’ve all been there. We heard about a cool new AI marketing optimization tool or an AI code review app and are eager to give it a try. In fact, AI-powered apps were being downloaded 1506% more than last year, and the trend keeps ballooning. Employees nowadays are rushing to download and connect every shiny, new Generative AI app to their core systems and environments. These integrations are enabled by granting AI apps access via API keys, OAuth tokens, service accounts, and other forms of machine credentials and non-human identities. The Astrix research team found that 32% of GenAI apps integrated into Google Workspace environments have extensive read, write, and delete permissions. Such broad privileges, combined with the lack of governance and management over the non-human identities these third-party integrations create, are an attacker’s dream.   If a threat actor compromises the credentials of a generative AI app, they could exploit its permissions to infiltrate an organization’s entire environment and wreak havoc. For that reason, Gartner placed the risk of integration into Gen AI apps as one of the top risks in the Gen AI field.... --- > Identity threat detection and response (ITDR) is a holistic cybersecurity framework that mitigates and addresses human and non-human identity-based threats. - Published: 2024-06-16 - Modified: 2025-05-15 - URL: https://astrix.security/glossary/what-is-identity-threat-detection-and-response/ Identity Threat Detection and Response (ITDR) is a framework that focuses on protecting your organization from being compromised by threat actors exploiting your organization’s identities. Practically, ITDR solutions include system policies, best practices, and effective tools to monitor, detect, and respond to identity-based threats in real-time across an organization’s environments. Some other known identity threat frameworks in cybersecurity include IAM (Identity Access Management), PAM (Privileged Access Management), and IGA (Identity Governance and Administration). Each one has its own specific pros and cons, but traditionally, they are all mainly focused on securing human identities in systems, such as users and admins. However, non-human identities are often overlooked in those frameworks, neglecting significant risks and vulnerabilities that have become more and more favored by attackers. What is ITDR? With the growing use of cloud services and APIs, controlling non-human identities has become increasingly critical to organizations’ safety. Non-human identities like service accounts, API keys, OAuth tokens, and other machine credentials enable automatic access and communication between different systems and applications within your organization's environments. What is non-human ITDR and why is it important? A comprehensive ITDR solution that addresses non-human identities and their unique risks will assess the threat level of each non-human identity based on factors such as permissions, scopes, third-party vendors, rotation policy, and behavior. With the growing use of cloud services and APIs, controlling non-human identities has become increasingly critical to organizations’ safety. Non-human identities like service accounts, API keys, OAuth tokens, and other machine credentials enable automatic access... --- > OAuth Tokens are an authentication mechanism delegating access for machines. If exploited, they pose significant threats. Astrix helps secure OAuth Tokens. - Published: 2024-05-14 - Modified: 2025-05-15 - URL: https://astrix.security/glossary/what-are-oauth-tokens-and-why-are-they-important-to-secure/ What are OAuth Tokens?   OAuth (Open Authorization) Tokens are Non-Human Identities that work as a secure authentication mechanism. They delegate access to third parties or external apps without exposing your environment’s sensitive credentials.   Organizations that rely on third-party applications and service integrations in their environments commonly use OAuth tokens. There are different kinds of OAuth Tokens, such as Access Tokens, Refresh Tokens, and ID Tokens. They can also come in various structures and formats, increasing the complexity of managing them.   An OAuth token is issued upon request from the vendor’s side to a third party or external app asking for access. The OAuth token specifies the scope of access allowed and grants the permissions to interact with the resources or services within the vendor’s environment. However, granting these external apps access to your environment via tokens can pose significant security risks.   Why is it Important to Secure Your OAuth Tokens?   While OAuth tokens provide a secure way to grant third-party applications access to your environment, they can still pose significant risks. Tokens can be stolen, corrupted, predicted, replayed, and even brute-forced.   Lack of token management or inventorying can lead to significant security vulnerabilities, giving attackers easy targets. These vulnerabilities can be utilized even against well-secured enterprises (like the recent Midnight Blizzard OAuth attack against Microsoft), resulting in full access to your environment.   You can read about our deep dive on how attackers exploit OAuth tokens here. How Can You Secure Your OAuth Tokens?... --- > Service accounts identify machine services and apps, unlike human users. If exploited, they pose significant threats. Astrix helps secure non-human identities. - Published: 2024-05-14 - Modified: 2025-05-15 - URL: https://astrix.security/glossary/what-are-service-accounts-and-why-are-they-important-to-secure/ What are service accounts? Service Accounts are Non-Human Identity accounts used by machines or apps to communicate with one another within a system, unlike user or human accounts. Service Accounts, using machine credentials, provide privileged identities and permissions for applications, scripts, services, or virtual machines to perform tasks or access resources. This allows different systems to work together efficiently and automatically within an organization’s environment. For example, a backup service might use a service account to access and backup data from cloud storage or databases. A monitoring tool might use a service account to collect metrics and logs within an environment. Why is it important to secure service accounts? While user accounts are usually managed with great attention and rotated frequently, Astrix has found that service accounts are often overly permissive by design and allow unnecessary access privileges.   Service accounts often have never-expiring access, are not monitored routinely, and have weak credentials, which increases the risks they pose if compromised.   For these reasons, service accounts are valuable targets for attackers to exploit, as recent attacks, like Okta or Solarwinds, have shown. A service account has its own unique credentials. If those are compromised, an attacker can access the entire organization's environment, not just the service account itself.   How can you secure your environment’s service accounts? Your organization should employ the following practices to protect against the risks posed by service accounts:  Ensure service accounts have only the least privileges and permissions required to perform their intended tasks.... --- > Machine credentials are essential for secure machine communication. Learn how Astrix can help protect these digital keys from potential threats. - Published: 2024-05-14 - Modified: 2025-05-15 - URL: https://astrix.security/glossary/what-are-machine-credentials-and-why-are-they-important-to-secure-in-your-organization/ WHAT are Machine Credentials? Machine Credentials are a collective noun for Non-human Identities that operate as digital access keys used by systems. They are used to authenticate and communicate securely with other applications or services in the organization's environment. By verifying a machine's unique identity, machine credentials allow safe, agreed-upon interaction. Machine credentials come in various forms, including API keys, OAuth tokens, service accounts, and other certificates.   WHY Is It Important to Secure Your Machine Credentials? Machine Credentials are crucial to monitor and secure as they are widely used. They can be exploited as attack paths: from entry points, giving attackers initial access, to privilege escalation, lateral movement across the environment, persistent access, and backdoors.   Compared to human identities, which are typically managed under strict security protocols, organizations often overlook and neglect machine credentials. Machine credentials are usually overly permissive (giving excessive privileges beyond what is necessary for their purposes), easily granted, and aren’t adequately managed. This creates a significant attack surface and attractive targets for threat actors.   In a recent hack using machine credentials, cloud network Cloudflare was breached via a support ticket of its integrated system Okta (IT management service) using a compromised service account. Once inside the system, the attackers stole HAR files uploaded by Okta’s customers containing customers’ credentials. This is merely one example of a prevalent dangerous trend.   Even if your organization’s machine credentials are safe, the machine credentials of a third-party system or a non-native app integrated into your environment... --- > Non-human identities (NHI) are programmable access credentials that play a crucial role in ensuring the integrity of digital environments. - Published: 2024-03-19 - Modified: 2025-05-15 - URL: https://astrix.security/glossary/what-are-non-human-identities/ Non-human identities (NHI) are digital, automated and programmable access credentials that play a crucial role in securing systems, managing access, and ensuring the integrity of digital environments. NHIs come in the form of API keys, OAuth tokens, service accounts, and secrets, and are created daily by employees as they delegate access to external entities to automate tasks and increase business efficiency. Unlike human access, or user access, that are rigorously protected with Identity Access Management (IAM) policies and tools like multi-factor authentication (MFA) and single sign-on (SSO), NHI’s are more difficult to secure due to lack of visibility, monitoring, and governance. What’s the difference between human and non-human identities? Human identities have security protocols that are easily tracked, monitored and have immense oversight as they are protected with policies and tools like MFA, IP restrictions, etc. On the contrary, non-human identities - tokens, secrets, and other machine credentials - are not given sufficient security measures. Compounding the issue, these credentials often lack expiration dates and are excessively permissive. While expiration and proper scoping can mitigate some risks, the absence of security protocols remains a glaring gap. For instance, if a token is compromised, it grants attackers unrestricted access and can evade detection effectively. What are the common drivers of non-human identities? Automation is the most frequent driver in the creation of non-human identities in order to streamline repetitive tasks and workflows, reducing human intervention and increasing operational efficiency. Here are two other factors that continue to push the ungoverned creation... --- --- ## News - Published: 2025-04-29 - Modified: 2025-04-29 - URL: https://astrix.security/learn/news/double-win-at-rsac-2025-astrix-takes-home-two-global-infosec-awards/ We’re proud to share that Astrix has been named a winner of two Global InfoSec Awards from Cyber Defense Magazine (CDM) during this year’s RSA Conference. Astrix was recognized as both a Trailblazing Cybersecurity Startup and a Market Innovator in Identity Security — two categories that reflect our continued commitment to advancing identity security in the age of AI and automation. Now in its 13th year, the Global InfoSec Awards program honors cybersecurity companies that demonstrate innovation, deep understanding of emerging threats, and a strong potential to shape the future of the industry. Judged by a panel of leading information security experts, this recognition from CDM affirms the importance of our work and our vision for the future of identity security. As organizations scale their adoption of automation and AI-driven agents, the security implications tied to Non-Human Identities (NHIs) are becoming more complex and urgent. These agents often interface with cloud services, databases, and external tools using highly privileged NHIs — yet unlike traditional user accounts, NHIs often lack oversight, making them more susceptible to privilege misuse or token abuse if not properly managed. Despite this growing risk, many security teams still lack a standardized framework for identifying and mitigating NHI-related threats. To help close this gap, OWASP recently launched the Non-Human Identities Top 10, a new industry initiative aimed at elevating awareness and driving best practices around NHI security. Astrix Security is proud to have contributed to the development of this framework, helping establish clear guidance for organizations working... --- - Published: 2025-04-03 - Modified: 2025-04-03 - URL: https://astrix.security/learn/news/astrix-security-named-top-growth-company-by-qumra-capital/ Astrix Security has been recognized as one of the Top 10 Israeli Startups to Watch in 2025 by renowned venture capital firm Qumra Capital. The announcement, made during the Mind the Tech conference in New York, highlights Astrix’s rapid growth and pioneering solutions in Non-Human Identity (NHI) security. This underscores Astrix's vital role in a rapidly evolving cybersecurity landscape, mainly as organizations increasingly rely on AI agents and automated systems. Securing NHIs in the Agentic AI Era NHIs, increasingly AI-enabled, represent an exponentially expanding attack surface. Gartner identifies artificial identities, which combine AI with identity management, as a trend surpassing even AI itself. Unlike humans, these identities, including OAuth apps, service accounts, and machine credentials, operate with extensive privileges and lack traditional security measures such as two-factor authentication (2FA) or single sign-on (SSO). This significantly amplifies security and governance risks such as unauthorized operations, data leakage, and operational disruptions. Alon Jackson, Co-Founder and CEO of Astrix Security at the Mind the Tech NYC 2025 conference Our Unique Approach to NHI Security Astrix Security pioneers a new approach by creating the industry's first active directory dedicated to NHIs, enabling businesses to securely adopt and scale AI-driven automation. Unlike traditional endpoint, cloud, or network security models, our identity-centric, horizontal approach provides comprehensive NHI visibility and control. Organizations gain a clear understanding of their NHI’s locations, ownership, permissions, and behaviors. Crucially, Astrix enables security teams to facilitate secure and controlled connectivity, promoting business adoption of AI without compromising security. What’s Next Recognition as... --- - Published: 2025-03-17 - Modified: 2025-03-17 - URL: https://astrix.security/learn/news/securing-the-future-of-ai-agents-an-interview-with-astrix-ceo-alon-jackson/ Alon Jackson, CEO & Co-founder of Astrix, sat down for an interview to share the story of Astrix—from its inception to navigating today’s fast-evolving and competitive landscape of AI and Non-Human Identities (NHIs). Jackson discusses the company’s early days, the challenges of defining a new cybersecurity category, the rise of AI agents, and how Astrix positions itself as a leader in securing machine-to-machine access. Listen to the full interview here: https://www. calcalist. co. il/category/36382. The podcast is in Hebrew, but we invite you to read the translated transcript below. Introduction In recent months, one of the biggest buzzwords in tech and venture capital has been "agents. " Everyone is talking about AI agents—tools that can handle various tasks, from booking flight tickets at the best price to writing code. But like any technological advancement, these tools can also be exploited by malicious actors. Astrix Security was founded to protect organizations from such non-human actors. Alon Jackson grew up in a media environment—his father, Graham Jackson, was a legendary broadcast technician at Galei Tzahal (Israel’s Army Radio). Despite this, Alon chose a different path, joining Unit 8200 in the Israeli military before entering the cybersecurity industry. He founded Astrix in 2021, and the company has since raised $85 million across three funding rounds, with the latest round closing just weeks before this interview. In this conversation, Jackson discusses the challenges of founding a startup, navigating a crowded cybersecurity market, and positioning Astrix as a leader in Non-Human Identity (NHI) security. What Does... --- > Discover Astrix's Series B funding and CTO Idan's vision for non-human identity security from his NYSE interview. - Published: 2024-12-11 - Modified: 2024-12-24 - URL: https://astrix.security/learn/news/astrixs-series-b-funding-our-cto-in-the-nyse-floor-talk-show/ We recently announced our $45 million Series B funding - a major milestone in our journey to redefine non-human identity security. Following the announcement, our CTO, Idan Gour, sat down with the New York Stock Exchange for an insightful interview on the future of identity security, including how Astrix is tackling the challenges brought by the rise of AI agents. https://astrixvideos. wistia. com/medias/grneq1t22c During the interview, Idan explained how Astrix coined the term “non-human identity security” to address the growing risks associated with entities like service accounts, API keys, and AI agents that have extensive access within organizations. While the security industry has heavily focused on human access, attackers are increasingly exploiting the lack of protections around non-human identities, which often have over-permissive access. Idan highlighted what makes Astrix unique: a behavior-based approach to identity security. “Identity is behavior,” he emphasized, discussing how Astrix goes beyond traditional access management by analyzing the behavior of non-human identities, including AI agents. As enterprises continue to integrate more AI-driven systems, understanding and securing their behavior becomes critical. Looking to the future, Idan shared his vision of reshaping organizational infrastructure to provide secure access for AI agents. “This is the new mission we are taking: changing the way things connect,” he said, underscoring Astrix’s commitment to innovation in the evolving landscape of identity security. Watch the full interview to hear more about how Astrix is leading the way in non-human identity security. --- > Astrix raises $45M in Series B funding to enhance identity security for human and non-human identities, empowering organizations to innovate securely. - Published: 2024-12-10 - Modified: 2024-12-24 - URL: https://astrix.security/learn/news/astrix-raises-45m-series-b-to-redefine-identity-security-for-the-ai-era/ The round, which brings the total raised to $85M, is led by Menlo Ventures through their Anthology Fund, a strategic partnership with Anthropic, alongside Workday Ventures and previous investors BVP, CRV, and F2 We’re excited to announce $45 million in Series B funding, led by Menlo Ventures through their Anthology Fund—a strategic partnership between Menlo and Anthropic—with participation from Workday Ventures and existing investors, Bessemer Venture Partners, CRV, and F2 Venture Capital. This funding advances Astrix's mission to secure enterprises’ biggest identity blind spot with a revolutionary infrastructure that ensures trusted access to critical systems and expansion to all identities, including humans.   Gartner predicts that by 2028, at least 15% of day-to-day work decisions will be made autonomously through agentic AI. As organizations increasingly rely on these “virtual employees" to help support human workflows, the very definition of the “workforce” will change, forcing enterprises to rethink their existing identity and access management approaches.   NHIs, such as API keys, service accounts, and secrets, have been repeatedly exploited in recent high-profile cyberattacks such as those reported by Microsoft and Okta. With the rapid adoption of AI agents - software programs that enhance productivity by automating tasks - securing NHIs is becoming even more imperative. "From inception, we’ve been laser-focused on securing enterprises' most vulnerable entry points and defining the NHI security domain. Now, with AI driving the proliferation of API keys, service accounts, and other NHIs in the enterprise, our mission has never been so critical and complex,” said Alon... --- > Recognized as a 2024 SINET16 Innovator, Astrix Security pioneers Non-Human Identity security, empowering organizations to innovate securely. - Published: 2024-10-18 - Modified: 2024-12-24 - URL: https://astrix.security/learn/news/astrix-recognized-as-a-2024-sinet16-innovator/ - Topics: Partnerships Award highlights Astrix’s pioneering solution in addressing a critical identity security gap in today’s enterprises. Astrix Security, the enterprise's trusted solution for securing non-human identities, today announced that it has been named a 2024 SINET16 Innovator Award winner. The SINET16 award identifies the most innovative, compelling, emerging companies and technologies that address cybersecurity threats and vulnerabilities. SINET, an organization with the mission to accelerate Cybersecurity innovation through public-private partnerships, selected 16 winners from a pool of 230 applications from 13 countries this year. All companies are under $15 million in revenue, and the pool has become more and more competitive since launching 15 years ago. "Being named a SINET16 Innovator underscores the growing awareness of the risks posed by non-human identities," said Alon Jackson, CEO and cofounder of Astrix Security. "Business leaders recognize the importance of investing in NHI security as we’ve found that one in four organizations are already investing in these capabilities and an additional 60% plan to within the next twelve months. While NHI security adoption continues to mount, Astrix is laser-focused on closing this security gap by providing enterprises with clear visibility and automated solutions to protect against evolving threats like supply chain attacks and data leaks. " This recognition comes on the heels of Astrix releasing the State of Non-Human Identity Security Survey Report, a survey conducted with Cloud Security Alliance, that revealed a critical security gap: organizations are significantly less prepared to secure non-human identities (NHIs) compared to human ones. The survey data shows... --- > Astrix partners with GuidePoint Security to fortify non-human identity security, tackling unmanaged service accounts and API risks for enterprises - Published: 2024-09-09 - Modified: 2024-11-04 - URL: https://astrix.security/learn/news/astrix-partners-with-guidepoint-security/ - Topics: Partnerships Astrix Security has announced a new partnership with GuidePoint Security to enhance protection of Non-Human Identities (NHIs) in enterprise environments. This collaboration aims to extend IAM and Threat Detection and Response (TDR) capabilities to service accounts, API keys, OAuth tokens, and other machine credentials. With enterprises facing an average of 20,000 Non-Human Identities for every 1,000 employees, NHIs continue to be a significant blindspot in traditional identity security programs. Recent security breaches highlight the growing risk of attackers exploiting unmonitored NHIs to gain access to sensitive environments, escalate privileges, and move laterally within organizations—often without detection. “While 49% of breaches involve stolen credentials, Non-Human Identities (which account for the majority of credentials) have historically been under the radar without visibility and context to secure them. ” says Kevin Converse, Vice President Identity and Access Management at GuidePoint Security. “Our partnership with Astrix delivers the competitive edge and expertise needed to close the non-human identity security gap. ” The partnership combines GuidePoint's expertise in identity governance with Astrix's cutting-edge Non-Human Identity Security platform. Together, this collaboration empowers organizations to: Gain visibility into and manage the lifecycle of NHIs Significantly reduce attack surfaces related to NHIs Detect and respond to NHI-based attacks in real-time Govern NHIs from creation to expiration “We’re thrilled to partner with GuidePoint Security to help our joint customers solve Non-Human Identity. While not a new problem, NHIs have grown exponentially as businesses rely on increasingly interconnected systems and applications - these NHIs often have the same or greater... --- > Astrix Security, the enterprise's trusted solution for securing non-human identities, has earned three awards from Cyber Defense Magazine - Published: 2024-05-06 - Modified: 2024-12-24 - URL: https://astrix.security/learn/news/astrix-wins-three-2024-infosec-awards/ - Topics: Awards Astrix Security, the enterprise's trusted solution for securing non-human identities, has earned three awards from Cyber Defense Magazine (CDM): Editor's Choice Cybersecurity Startup of the Year Best Solution Saas/Cloud Security Market Leader Third Party Cyber Risk “While 49% of breaches involve stolen credentials, 90% of credentials are not protected by existing IAM solutions. Service accounts, API keys, OAuth apps, and other non-human identities hold privileged access to enterprise environments and stay under the radar. The recent attacks on Dropbox, Cloudflare, Okta, and Microsoft prove how attackers recognize that non-human identities are the path of least resistance,” says Alon Jackson, Astrix Security’s CEO and co-founder. “Astrix continues to pioneer this space, helping security teams gain visibility and control over these unmonitored and improperly secured identities, which in turn allows businesses to unleash the immense power of connectivity and automation, without compromising on security. Earning these awards validates the strides we are making in the non-human identity space, and we are honored to be recognized amongst more industry leaders. ” Astrix is the first solution to help security teams gain full control of their non-human identity layer, across all environments - SaaS, IaaS and PaaS. Using an agentless approach, Astrix allows security teams to quickly discover all their non-human identities and access tokens in one place, and automatically detects and remediates over-privileged, unnecessary, and malicious access that exposes their organizations to supply chain attacks, data breaches and compliance violations. Astrix helps security teams automatically detect and remediate attacks leveraging non-human access in... --- > Astrix is now available on the Slack App Directory and enables enterprises to secure non-human identities in Slack environments. - Published: 2024-02-22 - Modified: 2024-08-05 - URL: https://astrix.security/learn/news/astrix-integrates-with-slack/ - Topics: Partnerships Astrix is now available on the Slack App Directory and enables enterprises to secure non-human identities in Slack environments leveraging AI detection capabilities. In addition, Astrix offers deeper integration with Slack, which enables customers to accelerate and streamline the remediation of non-human identity threats across additional core environments like Azure AD, Salesforce, AWS, Github, GCP, and more. Astrix integrates with Slack to strengthen security for non-human identities across enterprises’ core systems like Slack, Microsoft Azure AD, Salesforce, AWS, GCP, GitHub, and more. Employees increasingly connect third-party apps and GenAI tools to their organization's core systems to increase productivity and streamline processes. Each of these connections grants powerful access keys to a third-party app or GenAI vendor. Additionally, engineering teams regularly create secrets that connect internal services and resources to “make stuff work”. These secrets are scattered all over different secret managers, with zero security visibility and context. These two types of connections (internal and third-party) are done through non-human identities, which cannot be monitored by traditional identity and access (IAM) solutions, open an ungoverned attack surface that threat actors exploit to gain initial access, escalate privileges, and move laterally to steal sensitive data. Astrix is a purposely-built solution that helps enterprises secure all non-human identities across their core systems by extending access management and threat prevention to API keys, OAuth tokens, service accounts, and webhooks. Astrix’s integration with Slack allows rapid remediation of non-human identity threats: Astrix Slack bot - Cut communication cycles and get user feedback faster. Whenever a... --- > Astrix partners with Google Cloud to protect non-human access in Google Workspace and Google Cloud services - Published: 2023-12-04 - Modified: 2024-08-05 - URL: https://astrix.security/learn/news/astrix-partners-with-google-cloud/ - Topics: Partnerships Astrix is excited to announce our partnership with Google Cloud. This collaboration is all about providing protection for Google Workspace and Google Cloud services, tackling non-human access and minimizing risks like supply chain attacks, data breaches, and compliance violations. With Astrix, organizations using Google services can now benefit from deep visibility and protection for all non-human access to core Google business platforms. This covers a range of Google platforms, from Google Workspace environments to GCP and other engineering platforms like BigQuery and Looker. Service accounts and other non-human access credentials are the threat vector "Leaked, or inadvertently shared, service account credentials continue to be one of the leading factors of abuse on Google Cloud. " While Google Workspace itself is innately secure, the more than 5,000 third-party integrations offered on the Google Marketplace and the vast ecosystem of non-public apps may not be. This unmonitored non-human access to your Google Account via API keys, OAuth tokens and service accounts creates a new ecosystem of supply chain dependencies that expand your attack surface and expose your company to attacks, namely supply chain attacks. These risks also apply to your company’s Google Cloud Platform (GCP) environment which includes business critical platforms like BigQuery and Looker.   The security challenges presented in the 2023 GCAT Threat Horizon report highlight the need for a solution like Astrix in GCP environments. The report emphasizes the prevalence of leaked service account keys as a significant threat to organizations on Google Cloud. Additionally, the Cloud Security Alliance's... --- > Astrix Security has been recognized as the winner of the 2023 CISO Choice Awards in the Cloud Security Solution category - Published: 2023-11-13 - Modified: 2024-12-24 - URL: https://astrix.security/learn/news/astrix-wins-2023-ciso-choice-awards/ - Topics: Awards We are thrilled to announce that Astrix Security has been recognized as the winner of the 2023 CISO Choice Awards in the Cloud Security Solution category. "I would like to congratulate Astrix Security for winning the 2023 CISO Choice Awards Cloud Security Solution Category. The field was exceptionally competitive this year, and our esteemed CISO Board of Judges was very impressed by the level of innovation that solution providers put forth to safeguard our organizations" says David Cass, CISOs Connect and Security Current President, and Global CISO at GSR. Recognizing security vendors of various types, sizes, and maturity levels, the CISO Choice Awards, judged by prominent CISOs, acknowledge outstanding solutions offered by innovative security providers globally. These judges, drawn from diverse industries, bring firsthand knowledge and insights gained from building and maintaining their own security programs. Astrix Security's achievement in the Cloud Security Solution category is more than just an award; it reflects a broader acknowledgment from the market and leading CISOs that the issue of non-human identities and access is now more critical than ever. In a threat landscape marked by 11 high-profile attacks in the past 13 months exploiting non-human access, it is clear that addressing this attack vector must be a top priority for security leaders, the Astrix winning the CISOs Choice Award is a testament to that. --- > Astrix Security Joins President Biden’s Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence - Published: 2023-11-06 - Modified: 2024-08-05 - URL: https://astrix.security/learn/news/the-white-house-mentions-astrix-as-one-of-innovators-for-ai-security-executive-order/ - Topics: General Astrix Security Joins President Biden’s Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence In a significant step toward shaping the future of AI technology, the Biden Administration issued an Executive Order aimed at maximizing the potential of AI while managing its risks. The order is supported by members of Congress, labor unions and AI Security Innovators - including Astrix Security.   At Astrix Security, we understand the profound impact AI can and already has on cybersecurity, and we're committed to ensuring its responsible integration. The Executive Order's emphasis on the NIST AI Risk Management Framework emphasizes the crucial need for safety and security in technological advancements, and while we're one piece of the puzzle, we recognize the importance of collaboration and shared responsibility in shaping the future of AI. Our support stands alongside industry leaders and cybersecurity innovators OpenPolicy, Armis, Kiteworks, Cranium. AI, Axonius, HiddenLayer, Protect. AI, and Cybeats. “The Executive Order is a welcomed and necessary step forward in ensuring both the trusted deployment of AI and seizing U. S. competitiveness and leadership in AI development. ”  The Executive Order establishes standards for AI safety and security, prioritizing the protection of Americans’ privacy, advancing equity and civil rights, and ensuring consumer and worker rights. Key aspects of the Executive Order are the adaptation and incorporation of the NIST AI Risk Management Framework into safety and cybersecurity guidelines, minimum risk-management practices for government uses of AI, and a coordinated effort with international partners to implement AI-related consensus standards.  ... --- > Astrix Security was granted Cool Vendor by analyst firm Gartner for its innovative non-human identity security solution - Published: 2023-09-11 - Modified: 2024-08-05 - URL: https://astrix.security/learn/news/astrix-security-named-a-cool-vendor-in-the-2023-gartner-cool-vendors-in-identity-first-security/ - Topics: Analysts - Astrix Security, the enterprise’s trusted solution for securing non-human identities, was named a Cool Vendor by Gartner in the research firm’s 2023 Cool Vendors in Identity-First Security report. ” A vendor must be considered innovative, impactful or intriguing in either the products or the IT services sectors. Cool Vendors are not limited to technology coolness; however — coolness may also include services or unique business models. Book a 30-minute live session with our experts to see the Astrix Security Platform in action. The report states that, “SaaS environments are breeding grounds for unnoticed and unmanaged application-to-application connections. Use cases involving machine identity management are difficult to secure, understand and resolve. Over permissioned API keys, OAuth tokens, and overlooked privileged service accounts create substantial risks in attacks and data breaches. ” With an overwhelming amount of data being processed and the rise of AI-powered apps, today’s businesses are becoming increasingly aware of the extent at which their most critical core systems are connected to internal and third-party applications. These non-human identities, such as service accounts, API keys, webhooks, and SSH keys are difficult to discover and monitor since they are often made without the security team’s knowledge. Astrix helps security teams gain visibility and control over these unmonitored and improperly secured connections.   “We are proud to be the leading provider of non-human identity security as our platform has brought awareness to the problem of app to app sprawl - an issue that was difficult to understand, see, and solve... --- > The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services - Published: 2023-06-28 - Modified: 2024-10-27 - URL: https://astrix.security/learn/news/astrix-security-raises-25m-in-series-a-funding/ - Topics: General The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services  Your browser does not support the video tag. - Astrix Security, the enterprise’s trusted solution for securing non-human identities, has secured $25 million in Series A funding led by CRV with participation from existing investors Bessemer Venture Partners and F2 Venture Capital. This new investment brings Astrix’s total funding to almost $40 million.   Fueled by the increased adoption of automation and generative AI initiatives, the enterprise’s connectivity to third-party applications is growing, resulting in an increase in cyber attacks targeting non-human app-to-app connections (via API keys, access tokens, service accounts, etc. ) – as seen in high profile attacks against CircleCI, Mailchimp, GitHub, Microsoft, and Slack.   Despite financial instability within the market, Astrix is experiencing exponential year-over-year growth and momentum as a leader in securing this growing threat vector. The company recently added Figma, Priceline, Bloomreach, Rapyd and many others to its customer roster and was recognized as a finalist in the 2023 RSA Innovation Sandbox contest. The business also doubled its headcount, and will use this funding to continue expanding the team in both the U. S. and Tel Aviv offices, including its research team who recently discovered GhostToken, a critical 0-day vulnerability in the Google Cloud Platform.   “We founded Astrix to close a significant and unaddressed security gap, by allowing security teams to extend access management and threat detection to the non-human... --- > Astrix is named the winner of the prestigious Global InfoSec Award during RSA 2023. - Published: 2023-04-26 - Modified: 2024-08-05 - URL: https://astrix.security/learn/news/astrix-security-takes-home-three-coveted-global-infosec-awards/ - Topics: Awards Company Also Recognized as Innovation Sandbox Finalist at RSA Conference 2023 - Astrix Security, the enterprise’s trusted solution for securing non-human connections and identities, has been awarded three Global InfoSec Awards by Cyber Defense Magazine (CDM): Most Innovative Cybersecurity Startup of the Year Market Leader SaaS/Cloud Security Cutting Edge Third-Party Cyber Risk “As we’ve seen the countless supply chain attack headlines - from GitHub to Slack and Microsoft - there’s a clear need for securing non-human identities, specifically those that connect the enterprise to third-party app vendors,'' said Alon Jackson, CEO and co-founder of Astrix Security. “Astrix continues to stay ahead of the demand – providing a trusted solution to ensure all app-to-app connections are secure by immediately detecting new connections and continuously analyzing their behavior in real time. Winning these awards is truly a privilege and we couldn’t be more proud to be a member of this incredible group of winners. ” Astrix offers the first purposely-built solution to extend Identity Threat Detection and Response (ITDR) and access management to non-human identities such as API keys, access tokens, service accounts, to ensure employees are securely connecting their organization’s core systems to third-party and internal apps, cloud services, and workflows. The Astrix Security platform is modernizing third-party risk programs for cloud first companies by automatically identifying and allowing rapid mitigation of risky connections related to suspicious third-party integrations, anomalous behavior (like suspicious source IPs), overly-permissive integrations, redundant applications, and insecure tokens. “We scoured the globe looking for cybersecurity innovators that... --- > Astrix Security uncovers 'GhostToken,' a 0-day vulnerability in Google Cloud, allowing hidden, unremovable access to Google accounts via trojan apps - Published: 2023-04-20 - Modified: 2024-12-24 - URL: https://astrix.security/learn/news/astrix-discovers-0-day-vulnerability-in-google-cloud-platform/ - Topics: Research The vulnerability, dubbed “GhostToken”, allows attackers to gain permanent and unremovable access to a victim’s Google account by converting an already authorized third-party application into a malicious trojan app, leaving the victim’s personal data exposed forever. This may include data stored on victim’s Google apps, such as Gmail, Drive, Docs, Photos, and Calendar, or Google Cloud Platform’s services (BigQuery, Google Compute, etc.). The flaw, dubbed “GhostToken”, enables hidden and unremovable access to a victim’s Google account via third-party applications. – Astrix Security, the enterprise's trusted solution for securing non-human connections and identities, has discovered a 0-day flaw in Google Cloud Platform (GCP). The vulnerability, dubbed “GhostToken,” allows attackers to gain permanent and unremovable access to a victim’s Google account by converting an already authorized third-party application into a malicious trojan app, leaving the victim’s personal data exposed forever. This may include data stored on victim’s Google apps, such as Gmail, Drive, Docs, Photos, and Calendar, or Google Cloud Platform’s services (BigQuery, Google Compute, etc. ).   Any Google account is a potential target of this vulnerability, which includes Google Workspace’s three billion users. Astrix disclosed the bug in June 2022, and a patch was rolled out by Google in April 2023. The 0-day vulnerability was discovered by Astrix Security Research Group during a routine analysis process, where an API call returned an unusual result. Further investigation unveiled a flaw that makes it possible to hide a third-party application so the account owner is unable to revoke its access or even know it exists. Depending on the permissions granted to the malicious third-party app, the attacker may have access to the victim’s private Gmail correspondence and personal files on Google Drive. Threat actors may even impersonate the victim to launch social engineering attacks.   Victims may unknowingly authorize access to such malicious applications by installing a seemingly innocent app from the Google Marketplace... --- > Astrix Security was mentioned in a 2023 Gartner report as a tool that addresses Secure Access to Machines and Environments - Published: 2023-04-02 - Modified: 2024-08-05 - URL: https://astrix.security/learn/news/astrix-security-mentioned-in-a-2023-gartner-report-under-secure-access-to-machine-and-environments-tool/ - Topics: Analysts In a recent Gartner report titled How to Select DevSecOps Tools for Secure Software Delivery, Astrix Security is mentioned as one of the vendors that addresses the need to secure access to machines and environments in the DevOps pipeline. In this short article we will cover key points from the report, and explain how Astrix solves the non-human access problem. With the benefits of the growing use of quick and agile development practices, open-source resources and cloud-native architectures, security and compliance risks also increase and expand to new, often unknown realms.   According to the report, “Software supply chain attacks have added a new dimension to software security problems because the software delivery pipelines and the tools used to build and deploy software are the new attack vectors. ”  While the software supply chain has been a huge catalyst for vulnerabilities, and consequently attacks, a new type of supply chain attacks has proliferated in the past year - taking advantage of the third-party tools and services that are connected to these development environments. These are service supply chain attacks, in which attackers take advantage of access granted to third-party cloud services as a backdoor into the companies’ most sensitive core systems. In the report, Gartner analysts recommend to engineering leaders that “In addition to securing software, they should also secure access to machines and environments and take an integrated security approach that extends to production. ”  In search of productivity and automation, engineering teams freely adopt third party services on... --- > Astrix Security was mentioned in a 2023 Gartner report as a Representative Vendor for SSPM - Published: 2023-04-02 - Modified: 2024-08-05 - URL: https://astrix.security/learn/news/astrix-security-was-mentioned-in-a-2023-gartner-report-as-a-representative-vendor-for-sspm/ - Topics: Analysts In the recent Gartner report titled Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud? Astrix Security is mentioned as a Representative Vendor in the SaaS Security Posture management (SSPM) market. In this short article we will cover key points from the Gartner report, and cover how the Astrix Security Platform can address the SSPM use case. According to the Gartner report, “Managing the posture of cloud environments is increasingly important, but there is a bewildering array of security posture management approaches. Security and risk management leaders need to select the right approach to realize the benefits of these tools. ” When it comes to SSPM (SaaS security posture management) solutions, Gartner analysts mention that “SaaS protection remains segregated from IaaS and PaaS, and is covered by a separate family of SSPM products”. In our opinion, while this is predominantly true in the SSPM market, the Astrix platform aims to be an exception by providing customers with a complete security solution for non-human access to cloud-based core systems, securing their app-to-app connections across SaaS, IaaS and PaaS environments - from Salesforce, GitHub and Office365 to Workato, Zapier and BigQuery.   The crippling recent attacks on Microsoft, Github, Mailchimp and CircleCI reveal a new generation of supply chain attacks in which attackers take advantage of access granted to third-party cloud services as a backdoor into the companies’ most sensitive core systems. Everything-as-a-service encourages end users to continuously integrate third-party apps into the fabric of the... --- > Astrix Security announces it was mentioned in two 2023 Gartner reports. - Published: 2023-04-02 - Modified: 2024-08-05 - URL: https://astrix.security/learn/news/astrix-security-is-mentioned-in-two-2023-gartner-reports/ - Topics: Analysts Astrix Security is proud to announce it was mentioned as a representative vendor in a recent Gartner report Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud? , and as a tool that addresses the need to secure access to machines and environments in the DevOps pipeline in Gartner’s report How to Select DevSecOps Tools for Secure Software Delivery.   In the report How to Select DevSecOps Tools for Secure Software Delivery, Astrix is mentioned as a tool that addresses the need to secure access to machines and environments in the DevOps pipeline.   In the report, Gartner analysts mention that “Software supply chain attacks have added a new dimension to software security problems because the software delivery pipelines and the tools used to build and deploy software are the new attack vectors. ”  While the software supply chain has been a huge catalyst for vulnerabilities, and consequently attacks, there is a new type of supply chain attacks that has proliferated in the past year - taking advantage of the third-party tools and services that are connected to these development environments. These are service supply chain attacks, in which attackers take advantage of access granted to third-party cloud services as a backdoor into the companies’ most sensitive core systems. Astrix helps engineering teams secure these non-human (machine) access to development core systems like GitHub and BigQuery, by providing a consolidated and comprehensive view of all the internal and third-party integrations to engineering environments (repositories,... --- > Company’s App-to-App Security Solution Recognized in Cyber Industry’s Most Prestigious Startup Competition - Published: 2023-03-22 - Modified: 2024-10-20 - URL: https://astrix.security/learn/news/astrix-security-named-a-finalist-for-rsa-conference-2023-innovation-sandbox/ - Topics: Awards Company’s NHI Security Solution Recognized in Cyber Industry’s Most Prestigious Startup Competition Company’s Non-Human Identity Security Solution Recognized in Cyber Industry’s Most Prestigious Startup Competition NEW YORK – March 22, 2023 – Astrix Security, the enterprise’s trusted solution for securing Non-Human Identities, has been named one of 10 finalists for the RSA Conference™ 2023 Innovation Sandbox contest. Astrix Security will present its technology to a panel of renowned industry judges and a live in-person audience on Monday, April 24 at RSA Conference 2023 in San Francisco. Book a 30 min live session with our experts to see the Astrix Security Platform in action. Since 2005, the RSAC Innovation Sandbox has served as a platform for the most promising young cybersecurity companies to showcase their groundbreaking technologies and compete for the title of “Most Innovative Startup. ” The competition is widely recognized as a catapult for success and the top 10 finalists have collectively celebrated 75 acquisitions and received $12. 5 billion in investments over the last 18 years. “Every year the Innovation Sandbox showcases the best of the best in new cyber innovations, which is why being chosen is a testament to this new and critically important category Astrix is addressing,” said Alon Jackson, CEO and co-founder of Astrix Security. “As we’ve seen with the recent attacks against household names like Slack, GitHub, and Microsoft, a new generation of supply chain attacks is on the rise, emphasizing the importance of securing Non-Human Identity and machine credentials. We’re looking forward to showing everyone at RSA Conference how the Astrix Security Platform is becoming... --- > Astrix CEO on why the recent Circle CI and Slack breaches should be a clear call-to-action for security leaders to start securing non-human access to their GitHub. - Published: 2023-03-06 - Modified: 2024-08-05 - URL: https://astrix.security/learn/news/what-your-github-connections-may-trigger/ - Topics: General Astrix Security Co-Founder & CEO, Alon Jackson, has published his latest article for Security Boulevard on why the recent Circle CI and Slack breaches should be a clear call-to-action for security leaders to start securing non-human access to their GitHub (and other cloud core systems) now. In the article, he discusses the following: Why securing non-human access (API keys, OAuth tokens,... ) to your GitHub environment is equally important as securing user access and credentials. How ungoverned access tokens to you're GitHub increase your organization’s exposure to supply chain attacks, data breaches, and compliance violations.   How security teams can gain control over all their organization access tokens, especially the shadow connections that are difficult to find.   Read the full article here. --- - Published: 2022-07-28 - Modified: 2024-08-05 - URL: https://astrix.security/learn/news/astrix-security-achieves-soc-2-type-2-certification-five-months-after-emerging-from-stealthnbsp-strong/ - Topics: Awards The audit verifies that Astrix’s App-to-App Integration Security solution complies with the highest security principles – Astrix Security, the first solution securing app-to-app integrations, today announced that it has successfully completed a System and Organization Controls (SOC) 2 Type 2 compliance audit. Conducted by a Big Four audit firm, the compliance audit reviewed Astrix’s App-to-App Integration Security solution, which protects enterprises as they connect to third-party integrations across their XaaS critical systems, along with all security controls and practices, and found no deficiencies.   A SOC 2 Type 2 certification verifies that the company’s information security practices and processes meet the trust principles criteria for security, availability, processing integrity, confidentiality, and privacy. In today’s cyber threat landscape, the audit also demonstrates a company’s compliance with critical security policies over an extended period of time.     “We have always held ourselves to the highest standard of security, which is why we invested significant effort and resources into achieving this milestone, and we are proud to have done this so soon after our launch,” said Alon Jackson, CEO and Co-Founder of Astrix. “Receiving this certification demonstrates our ability to offer our customers the highest quality solutions to protect them from the sprawling new attack surface of app-to-app connectivity. ” Astrix launched from stealth in February 2022 with a $15 million seed round led by Bessemer Venture Partners and F2 Venture Capital, with participation from Venrock and numerous cybersecurity angel investors. Co-founded by CEO Alon Jackson and CTO Idan Gour, Astrix enables... --- > Astrix Security wins the Global InfoSec Award at RSA 2022 for Third Party Cyber Risk Management, highlighting its innovative app-to-app security solutions - Published: 2022-06-06 - Modified: 2024-11-04 - URL: https://astrix.security/learn/news/astrix-security-named-winner-of-global-infosec-award-at-rsa-2022/ - Topics: Awards Astrix wins Editor’s Choice Award in 10th Annual Global InfoSec Awards during the RSA Conference Exciting news from RSA Conference 2022 Astrix Security, the industry’s first solution to secure app-to-app integrations, has won the coveted Global Infosec Award for Third Party Cyber Risk Management from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. "Astrix embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine. " "This is a tremendous honor,” said Alon Jackson, Astrix CEO and co-founder. “Being recognized by CDM’s panel of top judges – who are leading information security experts from across the globe – signals that the industry acknowledges the pressing need to secure app-to-app connectivity, not just human-to-app connectivity. " Astrix Security has emerged to solve a critical security gap for companies struggling with seismic shifts in the security landscape. The shift to remote or hybrid digital workforces, end-user software adoption, and low-code/no-code automation have all contributed to a tangled web of third-party applications connected to sensitive core systems. Meanwhile, existing security solutions focus solely on traditional user-to-app connectivity – not on the soaring app-to-app connectivity leading modern digital workforce transformation.   In today’s hyper interconnected workspace, employees can freely and independently integrate cloud services and APIs into core business applications (like Google Workspace, Office 365, Salesforce, Snowflake, and Github) – all in an effort to get their jobs done more... --- --- ## Videos > Discover key insights from the latest CSA webinar on the state of non-human identity security according to the latest report. - Published: 2024-10-14 - Modified: 2025-06-05 - URL: https://astrix.security/videos/webinar-recap-state-of-non-human-identity-security/ - Video Types: Virtual Event In a recent webinar, Astrix Security and Cloud Security Alliance (CSA) teamed up to present findings from the latest report on the state of non-human identity (NHI) security. Featuring expert insights from Hillary Baron, Senior Technical Research Director at CSA, and Tal Skverer, Astrix's Security Research Team Lead, the session covered key challenges organizations face in managing NHIs and provided actionable strategies for strengthening security. Key highlights: The rising threat of NHIs: Non-human identities (such as API keys, service accounts, and automation tokens) are increasingly being targeted in cyberattacks. Recent high-profile breaches, including those impacting Cloudflare and Snowflake, have highlighted how attackers exploit weakly managed NHIs. Top challenges in managing NHIs: A survey of over 800 security professionals revealed widespread struggles with basic NHI security. Over 30% of respondents cited difficulties managing service accounts, and only 19% are continuously monitoring NHI permissions. Alarmingly, 38% reported little or no visibility into third-party OAuth apps. Automation gaps: Organizations still rely heavily on manual processes for managing and offboarding NHIs. Only 16% have automated processes for key rotation, and less than 20% automate offboarding tasks, leaving systems vulnerable to security breaches. Low confidence, high anxiety: Many organizations report low confidence in securing NHIs compared to human identities, contributing to high levels of concern. However, most plan to invest in NHI security within the next 12 months, targeting areas such as third-party access, secret management, and identity discovery. For a deeper dive into the full expert insights, including detailed and technical analysis, check out... --- > Recap of a full attack path exploiting non-human identities, from initial access and escalating to supply chain attack. - Published: 2024-03-11 - Modified: 2025-06-05 - URL: https://astrix.security/videos/how-attackers-exploit-non-human-identities-workshop-recap/ - Video Types: Virtual Event In the workshop we demonstrated a full attack path exploiting non-human identities, starting with initial access to AWS through an exposed secret in a public GitHub repo. We then continued to privilege escalation through a service account, gained access to source code, and managed to steal customer details and perform a supply chain attack. “Identity is the new perimeter. ” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations - big or small. The realization that user identities and login credentials need to be vigorously protected with IAM policies and security tools like MFA or IP restrictions or via SSO happened long ago. However, when it comes to non-human access like API keys, OAuth tokens, service accounts, secrets and other programmable access credentials, the situation is very different. Lack of visibility, monitoring and governance to this permissive access is everywhere, and attackers have figured it out. In this last part of our Technical guide to non-human identity security, we will recap our live workshop. How we performed a supply chain attack through NHIs In the workshop we demonstrated a full attack path exploiting non-human identities, starting with initial access to AWS through an exposed secret in a public GitHub repo. We then continued to privilege escalation through a service account, gained access to source code, and managed to steal customer details and perform a supply chain attack. In this quick recap, we will cover the highlights of the workshop. Watch the on-demand workshop: How attackers exploit non-human identities Phase 1: Initial access We started by following a company’s (SquareCD) users on Github, as users are always public. We found that one of them created a new public repository.... --- --- ## Whitepapers ---