Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Legacy DLP solutions, as well as CASB and app-native DLP solutions, face significant challenges in providing comprehensive coverage across modern SaaS, AI apps, and endpoints. Lack of visibility, clumsy deployments, and expensive implementations are common drawbacks of using these tools — and they leave big gaps in data loss prevention. Even today, we’re still seeing the same problems that have persisted for decades in today’s DLP solutions.

Insider risk is a tricky challenge for security teams: how can you tell the good actors from the bad, or intentional actions from mistakes? Anyone with approved access to endpoints and SaaS systems could expose data to exfiltration risk if those systems are focused solely on preventing outsiders from getting in.

‍ In the modern workplace, data exposure can happen in mere seconds. Legacy data loss prevention tools have often been considered bulky, manual, and time-intensive—especially when it comes to alert resolution and user training.

With the rise of AI chatbots such as DeepSeek, organizations face a growing challenge: how do you balance innovative technology with robust data protection? While AI promises to boost productivity and streamline workflows, it can also invite new risks. Sensitive data—whether it’s customer payment information or proprietary research—may inadvertently end up in the prompts or outputs of AI models.

This year's report offers a look at what changed, what stayed the same, and where you can find a little hope in the quest for effective secrets management. While other reports focus on code repositories, Nightfall detects secrets across numerous mission critical SaaS apps and endpoints, giving a more comprehensive picture of leakage trends throughout the development lifecycle. We found secrets in ticketing apps, messaging and collaboration tools, cloud workspaces, and yes, code repositories.

In today's data-driven world, organizations handle vast amounts of sensitive information, ranging from personally identifiable information (PII) to protected health information (PHI) and payment card industry (PCI) data. Ensuring the security and compliance of this data is not only a legal requirement but also essential for maintaining customer trust and protecting the organization's reputation.

In December 2024, Cyberhaven fell victim to a sophisticated cyberattack that exploited a phishing campaign targeting its Chrome Web Store account. This breach compromised over 400,000 users by injecting malicious code into its browser extension, exfiltrating sensitive data such as cookies and session tokens. The incident has drawn significant attention due to Cyberhaven's role as a cybersecurity provider and the broader implications for browser extension security.

Data breaches cost companies an average of more than $4 million per incident—and that’s before considering the reputational fallout. Data Loss Prevention (DLP) tools have become indispensable for safeguarding sensitive data, especially as organizations embrace hybrid, remote, and cloud-first operations. Once limited to rules-based data classification, modern DLP has evolved into a powerful fusion of AI-driven classification and AI-based data lineage.

While cyber criminals continue to devise ever more creative ways to get into systems, the outcomes of repeat like a broken record: stolen data and lost money. It happened in again and again this year, but our pick proves the stakes are only getting higher with time. We'll explain the logic behind the list, impacts felt, and key takeaways.

An insider is any person with authorized access to systems or data that gives them the ability to take potentially harmful actions. Insiders range from business partners or third party contractors to full- and part-time employees–essentially all valid users with access to resources that you'd rather keep out of the wrong hands. People are just people, but when they mishandle data, they fall into the category of being an insider threat–intentional or not.