Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

MongoDB powers some of the world’s most modern applications.Everything from self-managed deployments to fully managed cloud environments run with MongoDB Atlas. But as teams scale across environments and projects, managing secure access becomes increasingly complex. Apono brings Just-in-Time, least-privilege access to MongoDB services across MongoDB, MongoDB Atlas, and MongoDB Atlas Portal.

Security powerhouse CrowdStrike made headlines this week with a major acquisition in the identity space with their purchase of SGNL for a reported $740 million. If you’re wondering why did CrowdStrike buy SGNL, you’re asking the right question. And you’re probably not alone. Over the past year, we’ve watched some of the largest security platforms in the world spend real money acquiring identity security companies.

As cloud environments sprawl and engineering teams scale, the number of identities you manage has exploded. It’s no longer just employees and contractors; CI/CD pipelines, service accounts, API tokens, and AI-powered agents are all asking for access to production systems and sensitive data. It’s no shock that identity has become a top-line priority for security and platform leaders.

Just-in-Time access is widely accepted as a best practice for reducing standing privilege. The challenge for most organizations is not deciding to use JIT, but designing access policies that actually reduce risk without slowing engineers down. Security teams want tighter controls, stronger auditability, and less standing access. Engineering teams need fast, predictable access to do their work. When approval policies are too rigid, teams get blocked or work around controls.

Privileged access programs were designed for environments where access could be defined ahead of time. That assumption no longer holds in the cloud. Legacy PAM emerged in a world of static infrastructure, long-lived systems, and a relatively small number of privileged users. Access patterns were predictable. Roles could be created in advance, assigned broadly, and reviewed periodically. That model was imperfect, but it worked well enough.

Shai Hulud didn’t invent a new supply chain weakness. It took advantage of something most teams already struggle with: long-lived credentials sitting on developer laptops and CI runners. Once it landed in a workstation or pipeline, it went hunting for secrets, then moved into GitHub, npm, and cloud environments. The damage is huge.

In most organizations, standing privileges don’t show up all at once. They accumulate quietly. A role is added “temporarily.” A contractor needs broad access to finish a project. A service account gets oversized permissions because no one has time to fine-tune them. None of these choices seem harmful in the moment, but over time they build into a privilege surface that’s far too large and far too easy to misuse.

Identity sprawl is exploding. What was once a manageable set of user accounts has rapidly evolved into a complex ecosystem, comprising human identities, service accounts, ephemeral workloads, APIs, and bots, each with its own permissions and potential blast radius. Machine identities alone now outnumber humans by more than 80:1, creating an ever-expanding attack surface that most teams can’t fully see, let alone govern.

Secrets run your applications: API keys, SSH keys, tokens, passwords, database credentials. They reside in repositories, CI/CD pipelines, infrastructure-as-code templates, containers, and even chat logs; one stray commit is enough to expose a path into production. In 2024, abuse of valid account credentials was the initial access vector in roughly 30% of incidents investigated.

Pillar Security’s recent analysis of Docker’s Agentic AI assistant, Ask Gordon, offers an early glimpse into the security challenges organizations will face as AI systems begin operating inside the development stack. Their researchers discovered that a single poisoned line of Docker Hub metadata caused the agent to run privileged tool calls and quietly exfiltrate internal data.