@DefaktoSecurity profile picture
Defakto @DefaktoSecurity

The Non-Human IAM Platform

Joined May 2023
  • Tweets 56
  • Following 2
  • Followers 95
15 Photos and videos
Anthropic now supports Workload Identity Federation. API keys for AI agents are on the way out. Pieter Kasselman explains why the shift matters and where agent authentication goes next. Read more: defakto.security/blog/the-ag… #NonHumanIdentity #AIsecurity #WorkloadIdentityFederation
1
3
178
Defakto recognized with 2 #Globee Cybersecurity Awards! 🏆 Best Cybersecurity Startup 🏆 Best Cybersecurity Brand Development This is a direct reflection of the Defakto team: the pace, the focus, and the standard they hold for what gets built shipped #NHI #IdentitySecurity
1
37
This recognition belongs to the customers building with us. Defakto has been awarded 3 Gold Cybersecurity Excellence Awards! 🥇 Non-Human IAM 🥇 Machine Identity 🥇 Best Cybersecurity Startup #Cybersecurity #MachineIdentity #NonHumanIdentity #CyberAwards #SecurityInnovation
1
36
A single compromised token shouldn’t take down multiple ecosystems. But in the TeamPCP campaign, it did. Defakto CTO Eli Nesterov breaks down why this became a chain reaction defakto.security/blog/chain-… #Breach #TeamPCP #Trivy #Secrets
5
1
6
136
AI agents aren’t hidden. They’re ungoverned. In this post, @PieterKasselman explains why visibility alone won’t secure AI — and what actually will. 🔗 defakto.security/blog/your-a… #AIGovernance #AIsecurity #NonHumanIdentity #IdentitySecurity

The Governance Blind Spot in Enterprise AI

Perfect discovery is a trap. Learn how governing known AI agents first reduces risk, eliminates API key sprawl, and accelerates secure AI adoption.

defakto.security
1
42
AI Attack Automation Is Here. And It’s Coming for Your Credentials! 💭 @PieterKasselman breaks down how eliminating long-lived credentials and issuing identity on demand flips the economics of defense. 🔗 defakto.security/blog/ai-att…

How AI Attack Automation Targets Secrets & API Keys

AI-driven attacks automate credential theft at scale. Learn why eliminating long-lived secrets and adopting short-lived non-human identity is key to defending AI workloads.

defakto.security
1
1
49
Breaches in automated systems keep repeating, not because attackers are smarter, but because static secrets and overprivileged access still run the show. Learn why resilience starts with identity, not detection. 🔗 Read the full post: defakto.security/blog/from-r…
42
🚀 Big News! We’ve raised $30.75M Series B, led by XYZ Venture Capital to accelerate our mission to eliminate static secrets and bring real security and governance to non-human identity. Read More: bit.ly/4hkDyy1 #SeriesB #Cybersecurity

Defakto Secures $30.75M Series B to Redefine Non-Human Identity Security

Defakto, the Non-Human Identity security company formerly known as SPIRL, raises $30.75M led by XYZ Ventures to eliminate static secrets and secure every automated interaction across workloads,...

defakto.security
2
62
We’re hiring engineers. If you want to work on identity that powers the next era of automation and AI, check us out. 👉 bit.ly/47ctCBQ #Defakto #Hiring #Engineering #NonHumanIdentity #NHI #MachineIdentity
0:14
1
2
3
529
Authentication ≠ Authorization. Confusing the two breaks your security model. Here’s why the difference matters 👇 spirl.com/blog/authenticatio…

Authentication vs Authorization: Why the Difference Matters

Authentication proves identity. Authorization defines access. Treating them as the same weakens security. Here’s how to protect against real-world risks.

defakto.security
38
The Shai-Hulud worm spread by harvesting static tokens across npm. Highlighting the ongoing pain of key rotation. Its is a treadmill: The only way off the treadmill? Eliminate static secrets entirely. 👉 New blog: bit.ly/4nypfYh #Secretless #shai-hulud #worm
1
295
🔑 OAuth tokens. 🔑 API keys. 🔑 Snowflake & AWS creds. All stolen in the latest Salesloft Drift / Salesforce supply chain breach. Secrets are toxic data and the model is collapsing. Blog: bit.ly/45Kt9Ye #cloudsecurity #infosec #NHI #breach
175
Scaling AI safely means rethinking identity. Multi-attestation is the foundation. “MFA is for humans. Multi-attestation is for AI.” – Pieter Kasselman 👉 spirl.com/blog/mfa-vs-multi-… #MultiAttestation #NonHumanIdentity #NHI #AIsecurity #MachineIdentity

MFA is for humans. Multi-attestation is for AI.

MFA was built for humans, not machines. Learn why AI and workloads and everything in between need multi-attestation layered, runtime identity that reduces risk and scales securely.

defakto.security
37
Service accounts don’t get offboarded. They accumulate risk and attackers know it. It’s time to eliminate static identity and go accountless. SPIRLs Pieter Kasselman's explains how in this latest blog: spirl.com/blog/go-accountles…

Go Accountless: Eliminate Service Account Risk | Defakto

Service accounts are over-permissioned and insecure. Learn how accountless identity reduces risk and secures non-human actors in modern cloud environments.

defakto.security
36
Base44 didn’t need a password. Just a public app_id and no identity checks. Wiz’s latest discovery shows what happens when AI & automation scale without Non-Human Identity 👉 Learn more on what went wrong—and how to fix it bit.ly/4feW5um #Wiz #Base44 #vibecoding #AI #NHI
56
xAI. Last week McHire. Different leaks, same root cause: exposed API keys. We need to stop relying on secrets and start issuing identity. Here’s how SPIRL eliminates static keys: spirl.com/blog/another-day-a…

xAI API Key Leak by DOGE Staffer Reveals Cracks in API Security

A leaked xAI API key posted to GitHub granted public access to 50 LLMs. This incident highlights the risks of static credentials—and why machine identity is the fix.

defakto.security
50
A default password an open API = 64M McDonald’s records exposed. No MFA. No identity. No excuse. We broke down what went wrong — and how NHI could’ve prevented it. 👉 spirl.com/blog/mcdonalds-mch… #McHire #NHI #NonHumanIdentity #APISecurity
1
3
87
Rotating secrets in CI/CD is great. Not needing them in the first place is even better. Pieter Kasselman gets into what that actually looks like → spirl.com/blog/want-control-… #NHI #nonhumanidentity #machineidentity #CICD

Start Eliminating Secrets in CI/CD Pipelines

CI/CD is the gateway to your infrastructure—and your secrets problem. Learn why it’s the smartest place to start replacing secrets with identity.

defakto.security
44
here’s a troll under your infrastructure. 🧌 Its name is Secret Sprawl — and it’s hungry. Feeding it more secrets won’t stop it. Replacing them with identity will. Read how → spirl.com/blog/secret-sprawl… #CloudSecurity #SecretsManagement #MachineIdentity #NHI
73
What happens when AI has access… and no limits? It starts answering questions like: "What's everyone's salary?" Agentic AI needs identity access controls. 🛡 Read more → spirl.com/blog/when-ai-knew-… #AIsecurity #AgenticAI #DataLeak #CISO #NHI #MachineIdentity

Securing Agentic AI: Preventing Access and IP Leaks

Agentic AI is acting without identity or guardrails — risking IP leaks and insider access. Here’s what CISOs and security teams need to know.

defakto.security
2
87
Load more