NEW: RSAC 2026 NHI Field Report. How Non-Human Identity became cybersecurity's central axis

Security | Cremit Blog | Cremit

Security

17 posts

Apr 14, 2026

Expired Credentials That Still Work: The Zombie Key Problem (NHI Kill Chain #5)

Secret scanning alert: Resolved. Credential status: Active. Deleting a secret from code is not the same as revoking it. Inside the Zombie Key kill chain.

Ben Kim

Team Member

Apr 11, 2026

Over-privileged API Keys: When One Credential Unlocks Too Much (NHI Kill Chain #4)

A single Stripe API key was copied to 14 locations over three years. When a QA repo went public, the key was exposed — and revoking it meant breaking 14 services simultaneously.

Ben Kim

Team Member

Apr 10, 2026

Unrotated API Keys: Why Years-Old Credentials Still Run Production (NHI Kill Chain #3)

A single AWS key, never rotated for 3 years, spread across 7 systems. When a supply chain attack hit a Terraform CI plugin, the key gave attackers full infrastructure access. Inside the Aged Key kill chain and how to defend against long-lived credentials.

Ben Kim

Team Member

Apr 5, 2026

Shadow Service Accounts: Detecting Undocumented Machine Identities (NHI Kill Chain #2)

A single production outage left credentials in six non-code platforms — Slack, Jira, Confluence, Sentry, Datadog, and PagerDuty. Your secret scanner found none of them. Inside the Shadow Key kill chain.

Ben Kim

Team Member

Apr 2, 2026

Orphaned API Keys: The Security Risk of Credentials With No Owner (NHI Kill Chain #1)

A departed developer's AWS key stayed active for 92 days. When an infostealer hit their personal laptop, the key was sold on the dark web. Inside the Ghost Key kill chain and how to defend against orphaned credentials.

Ben Kim

Team Member

Mar 25, 2026

When the Security Scanner Became the Weapon — A Cyber Kill Chain Analysis of the Trivy Supply Chain Attack

Aqua Security's Trivy was compromised by TeamPCP, cascading into LiteLLM. A 7-phase Cyber Kill Chain and MITRE ATT&CK analysis of how incomplete credential rotation turned a single breach into a five-ecosystem catastrophe.

Ben Kim

Team Member

Mar 17, 2026

Publicly Exposed API Keys: What Happens When Credentials Reach Open Repos (NHI Kill Chain #7)

A .env file pushed to a public GitHub repo is found by attacker bots in 4 minutes. We map the full kill chain — from credential exposure to infrastructure compromise and show how to detect and respond before the damage is done.

Ben Kim

Team Member

Jan 25, 2026

Git Secret Scanning: Complete Guide for 2026

Complete guide to git secret scanning tools. Compare TruffleHog, GitGuardian, GitHub Advanced Security, and Cremit. Learn implementation strategies with real CI/CD examples

Ben Kim

Team Member

Apr 27, 2025

Vercel Environment Variables Best Practices: Preventing Secret Exposure (With Real Cases)

Vercel environment variables are convenient but easy to misconfigure. How AWS, Stripe, and GitHub keys actually leak through Vercel frontends, and the best practices that prevent it.

Ben Kim

Team Member

Apr 1, 2025

How API Keys Leak in Frontend Code: Detection and Prevention

Frontend JavaScript bundles, source maps, and build artifacts routinely expose API keys that should never have reached the browser. How these leaks happen, how to find them, and how to stop them.

Ben Kim

Team Member

Nov 6, 2024

Cremit Joins AWS SaaS Spotlight Program

Ben Kim

Team Member

Mar 18, 2024

DevSecOps: Why start with Cremit

Ben Kim

Team Member

Oct 22, 2023

Secret Sprawl and Non-Human Identities: The Growing Security Challenge

Ben Kim

Team Member

Cremit Inc

Securing the machine layer for the AI era.

Company

About Us
CareersHiring
News
Trust Center
Contact

Platform

Identity Inventory
Secret Scanning
Threat Detection
Lifecycle Automation
Offboarding Automation

Use Cases

E-commerce Security
Fintech Compliance
SaaS Security
Customer Stories

Integrations

GitHub Integration
AWS S3 Integration
Slack Alarm Integration
View All Integrations

The bottom line?

With Cremit, you can reduce your attack surface by 75% compared to manual secret management.

Developers

Trust Center

Expired Credentials That Still Work: The Zombie Key Problem (NHI Kill Chain #5)

Over-privileged API Keys: When One Credential Unlocks Too Much (NHI Kill Chain #4)

Unrotated API Keys: Why Years-Old Credentials Still Run Production (NHI Kill Chain #3)

Shadow Service Accounts: Detecting Undocumented Machine Identities (NHI Kill Chain #2)

Orphaned API Keys: The Security Risk of Credentials With No Owner (NHI Kill Chain #1)

When the Security Scanner Became the Weapon — A Cyber Kill Chain Analysis of the Trivy Supply Chain Attack

Publicly Exposed API Keys: What Happens When Credentials Reach Open Repos (NHI Kill Chain #7)

Git Secret Scanning: Complete Guide for 2026

Vercel Environment Variables Best Practices: Preventing Secret Exposure (With Real Cases)

Human vs. Non-Human Identity: The Key Differentiators

Wake-Up Call: tj-actions/changed-files Compromised NHIs

Behind the Code: Best Practices for Identifying Hidden Secrets

6 Essential Practices for Protecting Non-Human Identities

How API Keys Leak in Frontend Code: Detection and Prevention

Cremit Joins AWS SaaS Spotlight Program

DevSecOps: Why start with Cremit

Secret Sprawl and Non-Human Identities: The Growing Security Challenge