Hush replaces static secrets with dynamic access policies and correlates posture findings with runtime insights to stop credential-based attacks at the source.
Joined June 2025
- Tweets 68
- Following 0
- Followers 14
- Likes 0
52 Photos and videos
Jun 11
/1
AI agents are already in production, interpreting language, invoking tools, coordinating with other agents.
Anthropic's new #ZeroTrust guide is the clearest map we've seen for securing them.
👇
1
2
13
Jun 11
Our CEO and co-founder Micha Rave calls it the gap the framework can't close on its own. Without runtime identity, Least Agency is just a principle, attribution is guesswork, and JIT access has nothing to anchor to.
Read more in the post below👇
hush.security/blog/the-anthr…
11
Jun 10
🤝 We're partnering with SDG to secure the non-human workforce AI agents, service accounts and MCPs.
Hush's runtime identity platform SDG's identity governance and PAM expertise = static credentials replaced with just-in-time, scoped access.👇
sdgc.com/hush-security-and-s…
1
14
We're at Identiverse in two weeks.
Come see our latest: agentic AI access management, the shift from secrets to identity-based access, and how to get AI adoption back under control.
Book an on-site demo, grab a World Cup jersey 👇
calendly.com/rave_hush/ident…
2
34
May 27
🎉 Big news from Hush Security today.
We're launching a free tier plan. Starting today.
Hush replaces long-lived secrets with identity-based access your devs can provision themselves, no ops ticket, no rotation cycle, no exposed tokens.
/1
1
1
2
99
May 27
With our free tier, you can:
- Remove secrets fully from your environment
- Provision developer access instantly
- Reduce your attack surface immediately
Start free today. 👇
hush.security/free-forever/
8
May 26
🤖 Your team is already using AI tools you haven't approved.
Shadow AI isn't a future threat. It's running right now, in your IDE, your browser, your Slack.
And most security teams have no idea what's actually in use, who's using it, or what data it's touching.
/1 👇
1
1
3
32
May 26
That blind spot is a risk you can't afford to ignore anymore.
In this video, Rita Katzir, Hush Security's VP of Product, talks about the biggest blind spots in enterprise AI security, and what you can do to close them before they become a real problem.
8
May 21
IAM teams, we'll see you at Identiverse. 👋
We're showcasing our latest releases on-site:
↳ Agentic AI access management
↳ Moving from secret-based to identity-based access
Book a live demo with our team and walk away with a branded World Cup jersey🎽⚽calendly.com/rave_hush/ident…
3
15
May 20
/1 - GitHub's source code may be for sale.
And it's the same attack. Again.
Here's why this keeps happening 👇
Trivy. KICS. LiteLLM. Telnyx. Now GitHub.
One group. One playbook. 300GB of stolen credentials from 500,000 machines.
2
1
3
46
May 20
/3 - Is your pipeline still running on long-lived credentials? Our CEO & Co-Founder, Micha Rave breaks down the full incident below 👇
hush.security/blog/github-is…
12
May 20
/2 -They don't need a zero-day. They just need the secret sitting in your CI runner. Rotation doesn't fix it, Aqua tried that. TeamPCP came back weeks later. The structural fix is simple: stop leaving credentials lying around.
19
May 20
Hush Security's team is growing! 💪
We're excited to welcome Jeffrey Poyo as our newest Senior Sales Development rep'
We're happy to have you here, Jeffrey Poyo. Welcome to the team! 😊
3
8
May 19
#CISA left its own keys to the kingdom in public.
The U.S. cybersecurity agency meant to protect critical infrastructure accidentally published AWS GovCloud creds, plaintext passwords, and access tokens to a public GitHub repo, for six months.
The repo was called "Private-CISA."
4
4
136
May 19
Just identity-based access, where permissions are granted dynamically and governed centrally, invisible to anyone who shouldn't see them.
The shift is gradual. But every secret you retire is one less breach waiting to happen.
What's stopping your team from making the move?
8
May 19
The same way AWS, GCP, and Azure handle access, through identity, not keys, every app, service, and workload should work the same way.
- No tokens passed around in CSVs.
- No credentials hardcoded in repos.
- No "importantAWStokens" files sitting in the open.
14
May 19
This is how most breaches actually happen. Not through clever hacking. Through credentials left exposed, unmonitored, and ungoverned.
The real fix isn't better secret management. It's eliminating secrets as an access model entirely.
9
May 19
One file was named "importantAWStokens."
This wasn't a sophisticated nation-state attack. It wasn't zero-day malware.
It was a contractor moving files from work to home , and exposing the agency's entire DevSecOps environment in the process.
15
May 18
🗝️ Stolen token. Accessed GitHub. Downloaded entire codebase. Blackmail attempt.
That was Grafana Labs this week.
Next week, different logo. Same story.
The gap isn't detection, it's elimination.
More from us on this later this week.
Stay Tuned👀
2
32
May 12
1/ Your npm package just became a credential thief. Again. 😔And you didn't write a single line of that code. Remember #ShaiHulud from a few months ago? It's back. Meet #MiniShaiHulud, the sequel no one wanted. 👇
5
1
21
May 12
6/ Wondering if your org is exposed?
We're offering a free risk assessment, understand your current credential exposure and what it takes to remove that attack surface.
DM us or drop a reply to get started. 👇
hush.security/shai-hulud-run…
7