Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Last week’s disclosure from AWS is another reminder that in the cloud, attackers don’t need to break in. They just need a working set of keys. Several AWS customers learned this the hard way when threat actors used compromised IAM credentials to deploy a rapid cryptomining campaign across EC2 and ECS environments. The incident didn’t rely on vulnerabilities or sophisticated exploitation. It relied on valid credentials and overly permissive access.

Manual access requests and long-lived credentials pose a significant scaling challenge for engineering teams, even as they automate pipelines, testing, delivery, and monitoring. As the volume of machine identities grows, the sheer volume of permissions makes manual review and revocation unmanageable, increasing risks of stale tokens and silent privilege exposure. Nearly 47% of cloud intrusions stem from weak or mismanaged credentials, according to a Google Cloud report.

It’s not hard for secrets to sprawl, buried under layers of commits and forgotten branches. Most teams don’t notice it until one bad push exposes everything. Secret leaks don’t come from breaches, but from configuration drift and forgotten credentials; a gap that traditional vault tools struggle to close on their own. Here’s the scale of that mess. Machine identities now outnumber human users by more than 80 to 1, and each one relies on credentials to function.

We’re excited to announce Apono integration with 1Password to help organizations control, automate, and audit access to sensitive credentials and secrets bringing stronger security and smoother operations to teams everywhere. This new integration enables customers to enforce Zero Standing Privileges (ZSP) and provision Just-in-Time (JIT) and just-enough access (JEA) to secrets stored in 1Password Enterprise Password Manager through Apono’s automated access flows.

Large engineering organizations all run into the same challenge: as teams grow, clouds multiply, and environments diversify, access governance becomes noisy, risky, and difficult to delegate safely. Apono’s new Spaces Management feature gives enterprises a clean, scalable way to segment access governance across departments without spinning up multiple tenants or losing centralized control.

Earlier this year, twin brothers Muneeb and Sohaib Akhter, both government contractors, were fired from their employer. Minutes later, they began a weeklong insider attack that compromised or destroyed data belonging to more than 45 federal agencies.

Managing access can become tedious and clunky. Someone always ends up with too much power, someone else is locked out when something’s on fire, and no one remembers who approved what in the first place. It’s the slow creep of “we’ll fix it later.” However, that “later” is catching up.

Every automated workflow, microservice, and CI/CD integration needs credentials to run, but those credentials often live far longer and reach far wider than anyone intends. The result is a growing attack surface hidden in plain sight. Concerningly, 26% of organizations believe more than half of their service accounts are over-privileged. This is a staggering figure when you consider that machine identities now vastly outnumber human users by 80:1.

Some incidents make security teams wince, not because of a complex exploit, but because they were entirely preventable. This one starts with a contractor getting fired. In May 2021, Maxwell Schultz, a contract IT worker from Ohio, was terminated. Instead of moving on, he re-entered his former employer’s network by impersonating another contractor and using their credentials.

In today’s AI-driven world, machine identities are multiplying faster than humans can manage them. Every API key and automation script is a digital identity, often with standing access privileges that attackers can exploit through leaked credentials or misconfigured policies. Recent research shows that non-human identities (NHIs) now outnumber human users by more than 80:1 across enterprise cloud environments.