Hacker and Maker of things
I talk about Cyber / Network Science / AI & ML / Quantum Computing / FinTech
CTO & Cofounder @Authomize
Formerly: CTO & VP @PaloAltoNtwks/Cyvera/First Group/SW security lead @intel
AI coding agents are leaking secrets (API keys, tokens) into logs, chat history, and files.
Attackers are already harvesting them.
The fix: don’t give agents raw keys.
→ Issue ephemeral session tokens + script snippets
→ Secret loads only into memory, then wiped
→ Agent works, but never “sees” the key
Blog: https://delinea.com/blog/keep-api-keys-out-of-chat
Code: https://github.com/DelineaXPM/delinea-mcp
If your team uses AI agents, your secrets are already a target.
Join our CTO and Co-founder Gal Diskin for a step-by-step guide on how to harden your Okta. In this live webinar, Gal will walk you through: The top 5 hardening techniques for your Okta tenants Security risks found by Authomize’s security research team How to use free tools for assessing your Okta environment
A few days ago, our team helped someone who had been a target of account takeover (ATO). Despite protecting the account with mandatory two-step verification using SMS and the Authenticator app, attackers had broken into the account and changed the password. MFA had failed. In my last blog I ...
My team just released a new MFA bombing testing tool. It can be used in purple & red team modes to execute MFA fatigue/spamming/bombing on #Okta users. After we'll add more IdPs
AFAIK it is the first MFA bombing tool for Okta.
Https://github.com/authomize/mfa-bombing
#mfa #mfabombing #purpleteam #blueteam #redteam #RedTeamBlues #toolbox #mfafatigue #purplet
