Entro Security

With non-human identities outnumbering humans by 92x, the security stakes have never been higher. Mismanaged permissions and exposed secrets are among the top cloud attack vectors. Entro gives you complete visibility and automation to secure NHIs and secrets before risks become breaches. Ready to reclaim control?

Staying ahead of attackers starts with understanding how they think. We wanted to get in the head of an LLMjacker, so the Entro Labs team intentionally exposed AWS keys to see how quickly they are exploited, and how AI is being utilized on the attacker's side. The results are truly eye-opening. What I included below is just a taste of what our data uncovered. Take a look at the full report and let me know your thoughts: https://lnkd.in/eJNvES7F

During the #NHIGlobalSummit, I had the honor of being on a panel moderated by Lalit Choda discussing some major non-human identity stats and got to share some of my thoughts on why and how the NHI problem continues.

From the prestigious recognition as a "Cool Vendor" 3 months out of stealth (World Record), through 3 hype cycle reports and an Emerging Tech Impact report, to name a few, Entro Security is honored to be recognized in yet another important Gartner report, the Innovation Insight. In less than 2?years Entro has been recognized by Gartner again?and again for its second-to-none?capabilities in securing Non-Human / Machine identities from inception to rotation.? We pioneered?the Industry as the first machine identity security company and continue to lead the industry with dozens of customers securing their Non-human identities with the Entro platform.

OWASP recently released research on Agentic AI Threats & Mitigations and one of the main takeaways I received from it was that Agentic and autonomous AI don’t create entirely new cyber threats - instead, they evolve existing ones into more sophisticated challenges. Agentic AI relies on non-human identities like API keys, service accounts, and tokens to interact with cloud services and automate workflows. These credentials are essential for AI functionality but also make NHIs a top target for attackers. Once compromised, they can be exploited for unauthorized access, data breaches, and system manipulation. This is why a non-human identity security and lifecycle management?platform, like Entro, is so important for securing Agentic AI systems. Check out the rest of the blog for more of my takeaways: https://lnkd.in/edMuyHS2

Everyone’s talking about the GitHub Actions supply-chain attack, but here’s the part they’re missing: according to developers maintaining the tj-actions/changed-files action, the root cause was a compromised Personal Access Token (PAT) linked to a bot with access to the action’s code repositories. Bots, service accounts, and tokens are all non-human identities. When NHIs are exposed, over-permissioned and left unmonitored supply-chain attacks happen (and make headlines). In this case, after compromising the PAT, the attackers were able to inject malicious code into dependent repositories, extracted secrets from memory, and double-encoded them to bypass log masking, all from a single exposed NHI. With a blast radius that big, the compromise is being tracked as a vulnerability (CVE-2025-30066). Entro helps security and developers secure NHIs like PATs by discovering exposure (also in GitHub Actions Workflow logs) and detecting behavior anomalies of tokens in real-time to prevent abuse before it spirals into a supply-chain breach.

The Entro Labs team deliberately leaked AWS keys across platforms to uncover how attackers exploit AI credentials in real-time. In this research report, we dive deep into LLMjacking, how these keys were exploited, and what this means for your non-human identity security. Read it here: https://lnkd.in/dHPwFC9v

Not 1, not 2, but 3 Globee Awards! It's amazing to see all of our hard work being recognized. This only pushes us to reach farther and do more! ??

This year's RSAC is going to be ??HOT?? - and we're not just talking about the surprise at our booth. Will you be there? See what the hype is about at Booth 2360, South Expo.

Over 110,000 apps in Apple's App Store are leaking secrets. An alarming new report highlights how widespread the issue of hardcoded secrets in mobile apps is. ?? 71% of 156,000 apps tested contained embedded secrets (API keys, passwords, sensitive credentials) ?? The average was 5.2 hardcoded secrets per app. ?? Almost 83,000 cloud storage addresses exposed, with 836 publicly accessible, leaking over 406TB of sensitive data. Bonus Stat: Every company listed in this report will get a free Entro Security platform assessment and 15% on license quote for 1 year. Image from Cybernews