ブログ
チームより
私たちは、資格情報セキュリティの分野で目にしていること――本来防げたはずの侵害、私たちが下したアーキテクチャ上の決定とその理由、そしてAIエージェントを活用するすべての人が理解すべきパターンについて執筆しています。
#15
The Ten Rules of Credential Management
A pass/fail scorecard for any credential system. Ten technical rules, and exactly how Clavitor keeps each one. Most tools fail several.
#12
The malware was signed by Red Hat
This week, credential-stealing code reached developers wearing Red Hat's name. The threat didn't come from outside your circle of trust — it came from inside it. You can't vet your way out of that. You can keep your credentials out of reach.
#11
Our logo is a black box. On purpose.
Every security logo is a shield, a padlock, or a wolf named Trust — a feeling sold as an icon. Ours is a black square, because the product is a black box we can’t read into, and neither can anyone who steals the database.
#7
DigiCert Lost 27 Code Signing Certificates to a Screensaver File
DigiCert, one of the world's largest Certificate Authorities, was compromised by a screensaver file sent through a customer support chat. Their antivirus blocked it four times. The agent kept clicking.
#3
There Should Be Nothing to Harvest
A compromised Bitwarden CLI harvested SSH keys, cloud credentials, and npm tokens from 334 developer machines. The real problem isn't how the malware got in. It's that every secret was sitting there as a plain file, waiting to be read.