Blogg
Från teamet
Vi skriver om vad vi ser inom säkerhet för inloggningsuppgifter – intrång som inte behövde hända, arkitekturbeslut vi har tagit och varför, samt mönster som vi tror att alla som bygger med AI-agenter bör förstå.
#24
The credential in your app's memory is going to leak
The credentials in your application's memory are readable by any code that runs on the box, and in 2026 that includes the agent. An AI model has already taken root on FreeBSD on its own and broken out of its own sandbox. Stop keeping a resident credential to steal.
#22
Even LastPass couldn't protect its own credentials.
LastPass exists to keep credentials safe, and this month it could not keep its own: a legacy integration credential and OAuth tokens, taken through a third-party vendor. You do not guard a standing credential well enough anymore. You stop having one.
#21
You told your agent to fix the errors. One of them was written by an attacker.
A fake Sentry error report tricks AI coding agents into running an attacker's code at the developer's full privilege, 85% of the time. The injection is not the catastrophe; the standing credentials a hijacked agent can reach are.
#20
Nothing Was Hacked. Everything Was Taken.
Hand an AI agent one leaked low-privilege AWS key and it walks the chain to your customer data in about a minute, unattended. Nothing is hacked and every credential is valid. The economics of a leaked key just flipped.
#19
An AI just found 271 dormant bugs in Firefox. Your credential vault is the softer target.
Mozilla turned an AI agent loose on Firefox and it found 271 unknown vulnerabilities in one run. If a defender's agent can do that, an attacker's can point the same capability at your credential vault, the softer and more centralized target.
#18
You split the work across thirteen agents. Paperclip didn’t split the key.
A scan of a 71,000-star agent framework found twelve of its thirteen agents carrying the same plaintext token. Once you run a fleet of agents, 'the secret lives in the config' stops being a shortcut and becomes a multiplier.
#17
The whole industry just agreed your agent shouldn't see your keys. They're hiding them in the wrong place.
In one week, Claude Code, Hermes, and Codex all shipped fixes to stop agents from seeing raw credentials. Convergent patches are not an architecture: the keys should not live in the harness at all.
#16
AI agents are now phishing targets
EchoLeak (CVE-2025-32711) was the first zero-click exploit against an AI agent: a hidden instruction in an email turned Microsoft 365 Copilot against its own user, no click required. The defense that matters is not catching every prompt injection, it is making sure a hijacked agent cannot reach your credentials.
#15
The Ten Rules of Credential Management
A pass/fail scorecard for any credential system. Ten technical rules, and exactly how Clavitor keeps each one. Most tools fail several.
#12
The malware was signed by Red Hat
This week, credential-stealing code reached developers wearing Red Hat's name. The threat didn't come from outside your circle of trust — it came from inside it. You can't vet your way out of that. You can keep your credentials out of reach.
#11
Our logo is a black box. On purpose.
Every security logo is a shield, a padlock, or a wolf named Trust — a feeling sold as an icon. Ours is a black square, because the product is a black box we can’t read into, and neither can anyone who steals the database.
#7
DigiCert Lost 27 Code Signing Certificates to a Screensaver File
DigiCert, one of the world's largest Certificate Authorities, was compromised by a screensaver file sent through a customer support chat. Their antivirus blocked it four times. The agent kept clicking.
#6
Your AI Coding Assistant Just Read Your Wallet
AI coding tools read .env files before you type anything. Your API keys — each one a credit card without a spending limit — are in someone else's context window before you write your first prompt. The problem isn't the AI. The problem is that secrets are files.
#3
There Should Be Nothing to Harvest
A compromised Bitwarden CLI harvested SSH keys, cloud credentials, and npm tokens from 334 developer machines. The real problem isn't how the malware got in. It's that every secret was sitting there as a plain file, waiting to be read.
#5
634 Passwords in 56 Seconds
A developer went through two rounds of interviews with a fake company. Real website, real faces, real technical conversations. Then they ran the coding challenge. In under a minute, every Chrome password, the macOS Keychain, and crypto wallet data were gone.
#4
Vercel Stored Your Secrets in Plaintext and Called It a Feature
An attacker pivoted from a compromised AI tool through a Google account into Vercel's infrastructure, then decrypted every environment variable not manually marked 'sensitive.' The breach lasted two months before anyone noticed.
#2
View Source, Copy Key, Own Everything
A researcher opened ClickUp's page source, found a hardcoded API key in the JavaScript, and used it to pull 959 email addresses and 3,165 internal feature flags in a single request. The key had no scope, no rate limit, and no expiry.