Blog
From the team
We write about what we see in the credential security space — breaches that didn't have to happen, architecture decisions we made and why, and the patterns we think everyone building with AI agents should understand.
#11
Our logo is a black box. On purpose.
Every security logo is a shield, a padlock, or a wolf named Trust — a feeling sold as an icon. Ours is a black square, because the product is a black box we can’t read into, and neither can anyone who steals the database.
#7
DigiCert Lost 27 Code Signing Certificates to a Screensaver File
DigiCert, one of the world's largest Certificate Authorities, was compromised by a screensaver file sent through a customer support chat. Their antivirus blocked it four times. The agent kept clicking.
#3
There Should Be Nothing to Harvest
A compromised Bitwarden CLI harvested SSH keys, cloud credentials, and npm tokens from 334 developer machines. The real problem isn't how the malware got in. It's that every secret was sitting there as a plain file, waiting to be read.