Skip to main content

Posts

SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft

Austin, TX, USA, March 19th, 2026, CyberNewswire New Report Highlights Surge in Exposed API Keys, Session Tokens, and Machine Identities, and more. SpyCloud , the leader in identity threat protection, today released its annual 2026 Identity Exposure Report , one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the criminal underground and highlighting a sharp expansion in non-human identity (NHI) exposure. Last year, SpyCloud saw a 23% increase in its recaptured identity datalake, which now totals 65.7B distinct identity records. The report shows attackers are increasingly targeting machine identities and authenticated session artifacts in addition to traditional username and password combinations and personally identifiable information (PII). “We’re witnessing a structural shift in how identity is exploited,” said Trevor Hilligoss, Chief Intelligence Officer at SpyCloud . “Attackers are no longer just targeting credentials. The...
Post a Comment
Read more
Recent posts

Open SWE Captures the Architecture That Stripe, Coinbase and Ramp Built Independently for Internal Coding Agents

Stripe built Minions. Ramp built Inspect. Coinbase built Cloudbot. Three engineering organizations, working independently, arrived at similar architectural decisions for their internal AI coding agents. LangChain noticed the convergence and open-sourced the pattern. Open SWE, released March 17, is an open-source framework built on LangChain’s Deep Agents and LangGraph that provides the core architectural components for internal coding agents. The MIT-licensed project isn’t trying to be another AI coding assistant . It’s a customizable foundation for organizations that want to build their own — the way Stripe, Ramp and Coinbase already have. The Convergence What caught LangChain’s attention was that these independently developed systems share the same architectural decisions. Isolated cloud sandboxes where tasks run with full permissions inside strict boundaries. Curated toolsets — Stripe reportedly maintains around 500 carefully selected tools. Subagent orchestration where complex...
Post a Comment
Read more

Arcjet Extends Runtime Policy Engine to Block Malicious Prompts

Arcjet today added an ability to detect and block risky prompts before they are shared with a large language model (LLM) embedded within an application. The Arcjet AI prompt injection protection capability is based on an LLM that the company has been specifically training to detect patterns indicative of risky prompts that can then be blocked using a runtime policy engine built using WebAssembly (Wasm). That approach makes it simpler to embed the Arcjet policy engine into application code and apply it to endpoints built with JavaScript, Python or frameworks such as the Vercel AI software development kit (SDK) or LangChain. Arcjet CEO David Mytton said that the overall goal is to prevent malicious prompts from being used to, for example, discover the underlying components of an application environment or delete data. Alternatively, a prompt might also expose sensitive data to an AI model in a way that shouldn’t be allowed. Initially, Arcjet is focused on prompt-extraction and shel...
Post a Comment
Read more

Google, Microsoft and Peers Donate to Support Overloaded Open Source Maintainers

A coalition of major tech companies has committed $12.5 million to strengthen the security of open source software, an effort aimed at coordinating responses to the growing pressures created by AI. The funding is provided by Anthropic, AWS, GitHub, Google, Microsoft and OpenAI. It will be administered by the Linux Foundation through its Alpha-Omega Project and the Open Source Security Foundation (OpenSSF). The funding arrives at a moment when AI tools are reshaping both software development and cybersecurity. Automated systems can now identify vulnerabilities at a scale that was previously unattainable. While that offers huge benefits, it also creates new headaches for the developers who maintain widely used open source projects. Maintainers are increasingly inundated with security reports, many of them generated by AI systems. The volume of these findings has outpaced the ability of small teams (and in many cases, individual contributors) to assess and respond effectively. In re...
Post a Comment
Read more

Spacelift Intelligence Vibe-Codes Infrastructure

Whether the DevOps shops like it or not, they are feeling the pressure from AI. They’re expected to move more quickly, alongside their dev counterparts. The gruntwork that used to take weeks can be automated away, leaving time for fast prototyping, so the managers think. According to Google Cloud’s 2025 DORA State of AI-assisted Software Development Report , 90% of developers now use AI tools, and 25% are now working alongside  AI assistants.  Users of the Spacelift Infrastructure-as-Code platform now have some help with this automation, thanks to a new feature offering a conversational interface that purports to explain what is going on with their IT operations, and even make changes on the user’s behalf if necessary.  “Platform teams are expected to respond at the speed of experimentation while still maintaining security, compliance, and operational consistency,” wrote Technical Senior Product Manager Tim Davis, in a blog item posted today .  It is an app...
Post a Comment
Read more

Komodor Extends Reach of AI SRE Orchestration Framework

Komodor today extended the reach of its orchestration framework for artificial intelligence (AI) agents by adding support for Model Context Protocol (MCP) servers and the OpenAPI specification. Company CTO Itiel Shwartz said those capabilities will make it possible for IT teams to more broadly orchestrate AI agents that are being used to investigate and remediate issues affecting IT infrastructure. Komodor has already developed more than 50 AI agents that automate the management of Kubernetes clusters running cloud-native applications. By adding support for MCP and OpenAPI, that orchestration framework can now be used to manage hybrid IT environments running more complex applications, said Shwartz. For example, IT teams can use the Komodor orchestration framework to invoke third-party AI agents found on the Komodor Marketplace that have been trained to automate network and storage management tasks or provision graphical processor units (GPUs), he noted. Alternatively, the orches...
Post a Comment
Read more

Policy as Code for Cost Control, Not Just Compliance

Policy as code is usually framed as a compliance tool. It blocks insecure configurations, enforces internal standards, and helps teams prove they meet audit or regulatory requirements. That framing is accurate, but incomplete. The same mechanism can also reduce waste. In many organizations, cloud cost is still reviewed after resources are live and spend is already visible on the bill. By then, the expensive decision has already been made. Policy as code gives platform teams a way to shape those decisions earlier, before waste becomes part of the default path. Why Cost Problems Grow Quietly Cloud overspend rarely comes from one spectacular mistake. More often, it grows through small, routine decisions: Dev environments left running over the weekend Instance sizes chosen for peak demand and never revisited Snapshots, volumes, and logs retained long after anyone needs them Kubernetes requests increased “just in case” Premium managed services used for workloads that are usefu...
Post a Comment
Read more