The Future of User Access Reviews (UAR): Security and Efficiency

User Access Reviews (UARs) are a foundational security practice for enterprises. They reduce business risk and support regulatory compliance by securing access to critical and sensitive resources and data. However, current tools and processes often constrain UARs to a compliance-focused task, thereby limiting their impact as a proactive security control.

‍Why We Need UARs

UAR is a process to validate that users have the appropriate access to systems, applications, and data – ensuring that it aligns with business needs and job responsibilities. 

Given that 93% of enterprises have faced identity attacks in the past two years, and over 95% of identities are found to have excessive privileges, effective UARs are vital to a robust Identity and Access Management (IAM) strategy. 

UAR initiatives are typically led by the Governance, Risk, and Compliance (GRC) team. Their primary objectives include removing unnecessary access, meeting compliance rules, and lowering business risk. Despite their inherent value, current tools and processes frequently confine UARs to a compliance exercise, hindering their effectiveness as a proactive security control.

This blog examines the comprehensive UAR process, the challenges organizations encounter, and how to transition towards a more effective, risk-focused approach that also meets compliance requirements. We will examine how context and automation, when enhanced by AI, have the potential to improve the speed and accuracy of UARs, and reduce the operational burden.

‍How UARs Work

In User Access Reviews (UARs), the GRC team or Asset Owners are responsible for attesting to and proving that users have the correct level of access to designated assets and resources. This validation encompasses applications, cloud infrastructure, role-based access within critical systems, and group memberships.

The initial stage of a UAR campaign is to identify and document all existing user access right and create a comprehensive access inventory. This can be complex, especially in cloud environments where access privileges may not be directly assigned but can be obtained indirectly, such as through lateral movement capabilities like AWS AssumeRole.

Depending on the campaign’s scope and the assets, the review and approval process is typically performed by: 

• Users’ managers
• The relevant asset owners 
• The security/GRC team

A UAR campaign has a defined duration. During this period, designated reviewers must evaluate each user’s access. They will either approve the continuation of access or recommend its revocation. Once all reviews are complete and the recommended revocations are implemented, the UAR campaign concludes. 

Auditors then examine the campaign report and may request detailed information about the review decisions and access revocation process.  A thorough audit trail of all process steps and decisions is essential to answer any questions that arise.

‍Traditional UARs are Tedious and Ineffective

Traditional UARs are often time-consuming, complex and ineffective. Reviewers are typically presented with a long list of user access records, without any context to guide their decisions.

In most cases, there’s very little information about each access being reviewed. For example, 

• What is this application used for? 
• What capabilities does a role allow? 
• What is the implication of a user having this role?
• How and when did they obtain this access? 
• Is the access used regularly? 
• Is it still needed based on the user’s current role or responsibility? 
• What is the potential risk of keeping this access in place? 
• Do other team members have similar access, or is it unique to this user? 

Access may have been granted for a previous job function, and it’s not always clear whether it should be retained during job transitions or team changes.

Reviewers are faced with time constraints and limited information and they have two options:

1. Manually  verify every access – a time-intensive endeavor on top of completing their core responsibilities
2. Or, say “Yes” to everything

Without understanding what the access does or why it was granted, reviewers risk breaking access to critical applications or disrupt business operations if they revoke it. As a result, they’re not motivated to remove access, and instead approve everything – ultimately defeating the whole purpose of the UAR.

‍Effective User Access Reviews for Enhanced Security and Efficiency

To transform User Access Reviews into a meaningful security control and reduce administrative burden, organizations must  evolve beyond basic workflow tools. The goal is to enable intelligent, context-driven reviews that provide actionable insights and recommendations, allowing the reviewers to make informed decisions about whether to approve or investigate access for potential revocation.

This approach alleviates the manual overhead of traditional UARs, transforming them into an effective initiative for strengthening security and reducing business risk.

An intelligent UAR would automatically assess each user’s access based on relevant factors, mirroring the analysis of an experienced security administrator, including:

• How the user’s access compares to that of their peers in their immediate working group or the larger organization.
• The user’s access usage patterns and recent activity
• Changes in the user’s job title or organizational role.
• The inherent risk level of the access being reviewed
• The overall risk profile of the user.

By analyzing these attributes, a confidence score can be generated to understand which entitlements are:

• Safe to approve,
• Should be flagged for potential revocation,
• Requires further manual review 

Imagine a scenario where a reviewer is presented with a more focused list. For instance, if a reviewer needs to evaluate 150 access items across 15 users, an AI model would understand the context of the accesses and provide clear recommendations.

In an ideal world, accesses that require closer review or potential revocation would be accompanied by clear, contextual explanations. These explanations—generated from data analysis and presented in a natural language—would help reviewers understand why an access right is being flagged. With this context readily available, reviewers can make informed decisions without needing to conduct extensive manual investigations.

‍Automated Approval Recommendation with Context

‍Manual Review Recommendation with Context

‍The Long-Term Vision: Continuous Compliance

The traditional User Access Review model is misaligned with the realities of today’s dynamic IT environments. It is time to evolve the process to meet modern needs and support a state of continuous compliance. The ideal UAR is an ongoing, intelligence-driven process that adapts to changes in user roles, behaviors, and risk context in real-time. It enables organizations to maintain accurate access controls, reduce the risk of privilege creep, and respond swiftly to emerging threats— while minimizing the operational burden on reviewers.

‍How Andromeda can help‍

Andromeda’s security-first User Access Review (UAR) solution enables organizations to easily revoke unnecessary access, meet compliance, and more importantly lower your organization’s risk. Through real-time risk scoring and behavioral insights, Andromeda automates UARs to increase business agility and improve security. 

Andromeda Security addresses the most persistent challenges in identity security: excessive and inappropriate access across both human and non-human identities, manual processes and a lack of end-to-end context – compounded by fragmented data. Its data-centric platform unifies identity, entitlement, and activity data into a graph-based architecture—building rich context and laying the foundation for intelligent automation while delivering holistic visibility and remediation. Powered by AI, Andromeda utilizes contextual intelligence built on risk and behavior insights to provide automated and continuous enforcement of least privilege, Just-in-Time (JIT) access, User Access Reviews (UAR), and identity lifecycle governance—helping organizations reduce their attack surface, improve operational agility, and simplify compliance.

Three Questions for TrustFour

1. What is the problem being addressed?

Enterprise computing has been making a relentless shift into the cloud for a decade or more, but the majority start off or remain containerized “lift and shift” re-hosted applications with a growing number of new apps based on micro services and containers.

These traditional apps previously enjoyed the security provided by a strong perimeter, where anything inside is safe. Now these exist in the cloud, often with static credentials and long-lived tokens (aka Non-Human Identities) used to connect application components (aka workloads) at the application layer (Layer 7). Applications are inter-connecting on an increasing basis between other applications leading to a proliferation of non-human identities (NHI).

In additional to proper NHI hygiene including vaulting and credential rotation, its vital that NHI credentials are constrained to only the authorized connection path using the industry standard mutual TLS (mTLS), also with automatic credential rotation which acts as an additional authentication factor.

In general organizations have not had good NHI hygiene, nor have they constrained the use of the NHI credentials to only authorized counter parties has lead increased cyber incidents that exploited NHI credentials during lateral movement based attacks with often catastrophic consequences.

TrustFour is solving this problem by ensuring NHI and connectivity hygiene along with seamlessly enforcing mTLS between workloads.

2. Why is it a problem now?

Misuse of Non-Human Identities and service accounts and the increase in lateral movement attacks are a bigger problem now because of the sheer volume of systems in place — applications and infrastructure — that assumed a strong perimeter but are now living in a post-perimeter hybrid and cloud environment, with increasingly, multi-cloud interactions. The rapid rise of AI and RAG-based systems only add to the number of applications with potential security gaps.

There is a need to ensure that security organizations can acquire high quality telemetry that provides insights into the connectivity between workloads for use by audit, SecOps and SOCs. The telemetry required includes certificates, ciphers, quantum-readiness, NHIs, including inter/intra workload authorization maps.

3. How does TrustFour address the pain/problem?

TrustFour both shifts left and shifts up in terms of workload connectivity controls.

Our patented TLS control plane provides a detection and core protection control capability into the workload interactions and provides an additional control factor for application level NHIs. We shift left by enabling our technology to be controlled by the App’s CI/CD processes and we shift up by moving controls from the network layer to the application making it easy to sustain at the required fine level of controls granularity.

TrustFour provides visibility into the TLS infrastructure for compliance to NIST 800-52 – certs, ciphers, handshake and versions. We also detect the authorization maps for each protected workload and application and the type of NHI credential used and if the NHI credential is static over a given time period.

The Control Plane becomes a layer 4 zero trust security service mesh that provides workload level micro-segmenting and locking down unauthorized lateral movement. The service fabric creates authorization maps and alerts to unauthorized behaviour.

Understanding Akeyless

Understanding Akeyless

Trusted by Fortune 100 companies and industry leaders, Akeyless is redefining identity security for the modern enterprise, delivering the world’s first unified Secrets & Non-Human Identity platform designed to prevent the #1 cause of breaches – compromised machine identities and secrets.

Backed by the world’s leading cybersecurity investors and global financial institutions including JVP, Team8, NGP Capital and Deutsche Bank, Akeyless Security delivers a cloud-native SaaS platform that integrates Vaultless Secrets Management with Certificate Lifecycle Management, Next Gen Privileged Access (Secure Remote Access), and Encryption Key Management to manage the lifecycle of all machine identities and secrets across all environments.

Akeyless Unified Secrets & Non-Human Identity Platform has been adopted by several large enterprises across healthcare, financial, technology, and retail organizations delivering:

The Akeyless platform is designed for complete lifecycle management of the full range of Non-Human Identities, including:

• Secrets Management for NHIs: Centrally manage and secure sensitive credentials, certificates, and API tokens used by non-human identities such as applications, microservices, and automated workflows. Enable dynamic secrets and Just-in-Time access to eliminate risks of standing privileges and enhance security for machine-to-machine communications​​.
• Certificate Lifecycle Automation: Streamline the provisioning, renewal, and revocation of digital certificates critical to authenticating NHIs. Integrate with your PKI systems to ensure continuous, automated trust across hybrid and multicloud environments​​.
• Encryption & Key Management for Machine Workloads: Protect cryptographic keys utilized by non-human entities using Akeyless’s patented Distributed Fragments Cryptography™ (DFC). Ensure Zero-Knowledge encryption for sensitive data and support scalable machine identity management in hybrid environments​​.
• Secure Remote Access for Automated Systems: Facilitate secure, policy-driven access without static credentials or VPN dependencies. Leverage robust authentication mechanisms such as certificates, SAML, and OIDC to manage access seamlessly across machines and services​​.
• High Availability for All Operations: Ensure uninterrupted service and low-latency access for machine identities with 99.99% uptime SLA, multi-region redundancy, and failover mechanisms. Minimize operational disruptions for workflows and infrastructure​​.
• Integration with DevOps Pipelines: Enhance DevOps automation by integrating with CI/CD tools, Kubernetes, and orchestration platforms. Akeyless simplifies the management of non-human identities across complex workflows with extensive SDKs, plugins, and APIs​​.
• Zero-Knowledge Security for Machine Identities: Guarantee end-to-end encryption and ensure that neither Akeyless nor third parties can access sensitive data, thanks to patented DFC™ technology. Protect the lifecycle of NHIs with FIPS 140-2 Level 3 compliant hardware security modules and advanced encryption practices​​.

Understanding the 3-Layers of Non-Human Identity (NHI) Security in TrustFour’s Posture and Attack Surface Management Framework

In today’s interconnected digital ecosystems, securing Non-Human Identities (NHIs) has become a critical focus. NHIs—representing machines, applications, containers, and microservices—outnumber human identities exponentially and serve as essential components in modern IT infrastructures. However, their growing volume and complexity have created a vast, dynamic attack surface.

TrustFour addresses these challenges with its three-layer framework for NHI Posture and Attack Surface Management, a comprehensive approach that prioritizes compliance, visibility, and proactive defense. Let’s delve into each of these layers and explore how they collectively bolster NHI security.

Layer 1: Posture Management – Compliance Hygiene, Crypto Agility, and Cybersecurity Maturity

The foundation layer forms the bedrock of TrustFour’s framework, emphasizing posture management by ensuring that NHI environments are built on robust, compliant, and resilient foundations.

• Compliance Hygiene: This ensures adherence to industry standards and regulations governing identity management, encryption, and secure connections. NHIs often handle sensitive data and communications, making compliance essential to reduce regulatory risks and maintain trust.
  
• Crypto Agility: With cryptographic standards and protocols constantly evolving, maintaining agility ensures that systems can seamlessly adapt to newer algorithms and standards, protecting NHIs from vulnerabilities associated with deprecated cryptography.
  
• Cybersecurity Maturity: Organizations are encouraged to evaluate and enhance their NHI security capabilities over time. TrustFour provides metrics and benchmarks for continuous improvement, driving a culture of proactive security.

This layer ensures that NHIs are configured and managed with a strong baseline of security best practices, reducing the likelihood of misconfigurations and vulnerabilities.

Layer 2: Visibility – Discovery, Reporting, and Workload Authorization Mapping

Visibility is the cornerstone of effective security management. In this layer, TrustFour provides organizations with tools to gain comprehensive insight into their NHI environments.

• Discovery and Reporting: TrustFour identifies all NHIs in use within the live environment and compares this real-time data against records in identity providers. This ensures that only authorized identities are active and provides clarity into shadow NHIs that may evade traditional security oversight.
  
• Workload Authorization Maps: These maps illustrate the relationships and authorized connections between workloads, helping to visualize the intended communication paths and detect deviations. Unauthorized connections or unexpected traffic flows can indicate potential security risks or ongoing attacks.

By offering real-time visibility into NHI environments, TrustFour enables organizations to address discrepancies quickly, uncover hidden risks, and maintain an accurate understanding of their dynamic ecosystems.

Layer 3: Attack Surface Management – Auto mTLS, Advanced Telemetry, and Proactive Defense

The third layer focuses on attack surface reduction and threat management, leveraging cutting-edge technologies to prevent unauthorized lateral movement and detect malicious activity.

• Auto mTLS (Mutual Transport Layer Security): This feature ensures that all communication between workloads is encrypted and authenticated. By enforcing mTLS, TrustFour blocks unauthorized lateral movement, significantly reducing the blast radius of any potential breach.
  
• Advanced Telemetry: TrustFour collects and analyzes data from honeypots, tripwires, and application data-in-transit. This telemetry provides valuable insights into both normal and anomalous behaviors, enabling rapid detection of threats.
  
• Notable Alerting: Alerts are generated for any suspicious activity, including attempts to bypass mTLS, unauthorized connections, or deviations from workload authorization maps.
  
• AI-Driven Analysis: TrustFour leverages advanced AI engines to continuously analyze telemetry data, identify emerging threats, and refine security strategies.

This layer empowers organizations to proactively defend their NHI environments, mitigating risks before they escalate into critical incidents.

The Synergy of the Three Layers

The strength of TrustFour’s NHI Posture and Attack Surface Management framework lies in the synergy between its three layers:

1. Posture Management ensures NHIs are built on secure, compliant, and resilient systems.
2. Visibility provides the insights needed to understand and monitor the dynamic NHI environment.
3. Attack Surface Management reduces risks and provides advanced tools to detect and mitigate threats.

Together, these layers create a robust, multi-faceted approach to NHI security, empowering organizations to maintain trust and resilience in their digital ecosystems.

Conclusion

As NHIs continue to play an increasingly vital role in IT infrastructures, securing them requires more than traditional identity and access management strategies. TrustFour’s three-layer framework for NHI Posture and Attack Surface Management provides a comprehensive solution, combining compliance hygiene, visibility, and proactive defense to address the unique challenges of NHI security.

By adopting this framework, organizations can significantly reduce their attack surfaces, enhance their security posture, and stay ahead of the evolving threat landscape. Whether it’s protecting critical workloads, ensuring secure communications, or proactively detecting threats, TrustFour’s approach ensures that NHIs remain secure and resilient.

TrustFour’s OWASP 2025 NHI Top Ten Coverage

Executive Summary

The security of Non-Human Identities (NHIs) is more crucial than ever in today’s fast-paced digital landscape. Effective NHI protection demands a trifecta: an Identity Provider to manage NHIs, an Identity Governance Solution to oversee them, and a cutting-edge Attack Surface Management (ASM) solution for real-time protection. 

This is where TrustFour (T4) excels. T4 redefines ASM by ensuring only authorized workloads can utilize NHIs through robust isolation powered by mTLS and a “ring-fenced” authorization map.  With T4, unauthorized workloads are stopped in their tracks, slashing the attack surface and mitigating risks before they become breaches. Focusing on ASM first delivers immediate, impactful reductions in risk—because with T4, attackers never get a foot in the door.

In this white paper, we dive deep into the OWASP Top 10 NHI Risks for 2025 and reveal how TrustFour’s innovative solutions don’t just address these risks—they obliterate them.

OWASP Top 10 Non-Human Identity Risks vs. TrustFour Solutions

NHI1:2025 Improper Offboarding

OWASP Risk Description: Improper offboarding refers to inadequate deactivation of NHIs, such as service accounts and access keys, leaving systems vulnerable to exploitation by attackers.

T4 Coverage: Observation & Alerting

T4 Capability: T4 doesn’t just monitor—it takes action. By ring-fencing to prevent unauthorized usage in addition to capturing and tracking credentials throughout their lifecycle, T4 ensures no NHI is forgotten or left vulnerable. With seamless integration into tools like Configuration Monitoring and Identity Governance, T4 guarantees proper offboarding, safeguarding your systems against lurking threats.

NHI2:2025 Secret Leakage

OWASP Risk Description: Secret leakage refers to the exposure of sensitive NHIs, such as API keys and tokens, through insecure practices.

T4 Coverage: Observation & Alerting

T4 Capability: T4’s powerful ring-fencing authorization maps and telemetry are like a radar for unauthorized NHI usage. Whether it’s pinpointing shared credentials or blocking unexpected sources, T4 locks down your secrets and keeps them from falling into the wrong hands.

NHI3:2025 Vulnerable Third-Party NHI

OWASP Risk Description: Third-party NHIs are vulnerable to exploitation through compromised extensions or malicious updates.

T4 Coverage: Observation, Alerting, Isolation & Protection

T4 Capability: T4’s innovative “ring-fence” approach, powered by auto-mTLS, is like building a digital moat around your workloads. It ensures only authorized entities can communicate, while anomaly detection and telemetry integration provide an additional layer of vigilance against third-party vulnerabilities.

NHI4:2025 Insecure Authentication

OWASP Risk Description: Insecure authentication methods expose organizations to significant risks, especially when using deprecated or weak practices.

T4 Coverage: Observation & Alerting

T4 Capability: T4 acts as your authentication watchdog, uncovering weak methods and outdated credentials. By ranking authentication methods and offering actionable insights, T4 empowers you to strengthen your defenses against evolving threats.

NHI5:2025 Overprivileged NHI

OWASP Risk Description: Overprivileged NHIs with excessive permissions can be exploited by attackers to escalate privileges.

T4 Coverage: Observation & Alerting

T4 Capability: T4’s intelligent risk-ranking highlights overprivileged NHIs that could be exploited. By identifying excessive permissions and unknown credential sources, T4 helps you streamline privileges and fortify your systems.

NHI6:2025 Insecure Cloud Deployment Configurations

OWASP Risk Description: Static credentials or improperly validated tokens in CI/CD pipelines create vulnerabilities in cloud environments.

T4 Coverage: Observation, Alerting, Isolation & Protection

T4 Capability: T4’s real-time monitoring is like a vigilant security guard for your cloud deployments. By identifying unauthorized NHI use and highlighting shared credentials, T4 ensures your cloud environment stays resilient against breaches.

NHI7:2025 Long-Lived Secrets

OWASP Risk Description: Long-lived secrets, such as API keys and certificates, increase the risk of prolonged unauthorized access if compromised.

T4 Coverage: Observation, Alerting, Isolation & Protection

T4 Capability: T4 is relentless in hunting down long-lived secrets, ensuring they’re rotated regularly to eliminate unnecessary risk. With T4, your credentials remain fresh, reducing the window of opportunity for attackers.

NHI8:2025 Environment Isolation

OWASP Risk Description: Failure to isolate environments (e.g., development, testing, production) increases security vulnerabilities.

T4 Coverage: Observation, Alerting, Isolation & Protection

T4 Capability: T4 creates ironclad isolation between environments, ensuring NHIs are strictly confined to their intended lanes. By leveraging mTLS and advanced mapping, T4 prevents cross-environment vulnerabilities from ever taking hold.

NHI9:2025 NHI Reuse

OWASP Risk Description: Reusing the same NHI across applications introduces significant security risks.

T4 Coverage: Observation, Alerting, Isolation & Protection

T4 Capability: T4’s proactive isolation and frequent mTLS credential rotation shuts down NHI reuse before it becomes a problem. Its advanced telemetry detects and neutralizes potential threats, delivering unparalleled system resilience.

NHI10:2025 Human Use of NHI

OWASP Risk Description: Using NHIs for tasks intended for humans compromises accountability and security.

T4 Coverage: Observation, Alerting, Isolation & Protection

T4 Capability: T4 enforces clear boundaries between human and non-human tasks, ensuring accountability and security. With advanced mTLS and telemetry, T4 eliminates misuse risks and provides a transparent audit trail for all activities.

Conclusion

NHI security is not just an option—it’s a necessity in today’s high-stakes cybersecurity landscape. TrustFour is redefining how organizations protect NHIs by delivering unparalleled Attack Surface Management. Through mTLS-powered isolation and advanced authorization mapping, T4 creates a secure “ring-fence” that blocks unauthorized access and ensures NHIs are used only as intended. By focusing on ASM, T4 empowers organizations to eliminate vulnerabilities and meet the OWASP Top 10 NHI Risks with confidence. With TrustFour, you’re not just managing identities—you’re setting a new standard for cybersecurity excellence.

In today’s threat landscape, NHI security is non-negotiable. TrustFour doesn’t just meet the challenge—it redefines the standard. By focusing on Attack Surface Management, T4 isolates workloads, enforces mTLS, and creates a “ring-fence” that keeps attackers out and NHIs secure. Tackling the OWASP Top 10 NHI Risks head-on, TrustFour delivers solutions that don’t just mitigate risks—they eliminate them. With T4, you’re not just protecting identities—you’re redefining security for the modern age.

How the MITRE ATT&CK Framework Can Improve Your Cybersecurity Posture

Posted by Suresh Sathyamurthy

In other blogs, I have discussed how and why Secrets & Non-Human Identity Management have become the #1 cause of breaches.

This situation is only going to be exacerbated with democratization of Large Language Models (LLMs) and the rise in adoption of Agentic AI. The rise of the machines (Applications, Services, Automated Processes, AI agents) will lead to rise in secrets (credentials, certificates and keys) used in secure machine to machine communication and will also lead to rise in identities (specifically non-human identities).

As it stands today, for every human identity, there are 45 machine identities.

This will more than double in the next 18 months.

From Rising Machines to Expanding Cybersecurity Risks

This expansion of surface area for hackers will weaken enterprise cybersecurity posture unless more concerted efforts are taken. How can you stay a step ahead of the hackers and protect your enterprise? 

Enter the MITRE ATT&CK framework—a powerful tool that helps organizations understand, detect, and defend against adversarial tactics. By providing a shared vocabulary and structured approach to cybersecurity, this framework has become a cornerstone of proactive defense strategies.

In this blog I will provide a high-level introduction to the MITRE ATT&CK framework and the critical role of secrets management in it that helps you improve your cybersecurity posture. Of course, to implement and see it in action, we are also publishing a new white paper Breaking the Chain: Secrets Management in the MITRE ATT&CK Framework and also encourage you to request a customized demo to see the product in action. 

What Is the MITRE ATT&CK Framework?

The MITRE ATT&CK framework is a comprehensive guide that categorizes the various tactics and techniques attackers use throughout the lifecycle of a cyberattack. It enables security teams to:

• Understand how attackers operate.
• Identify vulnerabilities in their defenses.
• Map out and strengthen their security strategies.

At its core, the framework breaks down the attack lifecycle into specific stages—like Initial Access, Privilege Escalation, and Exfiltration—giving teams a clear picture of where they’re most at risk and how to address those threats.

For organizations, the framework also fosters collaboration by creating a common language for CISOs, engineers, and cross-functional teams to align their goals and defenses.

Why Organizations Need MITRE ATT&CK

The MITRE ATT&CK framework offers distinct advantages for organizations looking to improve their cybersecurity posture:

1. Better Collaboration

Security isn’t just an IT issue—it’s an organizational one. The framework provides a shared understanding that helps CISOs, security engineers, and operational teams work together seamlessly.

2. Proactive Defense

By mapping potential adversarial tactics, organizations can identify vulnerabilities before attackers exploit them. For instance, during the “Initial Access” phase, teams can focus on reducing secrets sprawl and automating secrets rotation to secure entry points.

3. Comprehensive Coverage

No phase of an attack is overlooked. Whether it’s defending against credential theft during the “Credential Access” stage or blocking lateral movement across systems, the framework ensures all potential vulnerabilities are addressed.

Enhancing Cybersecurity with Secrets & Non-Human Identity Management

Secrets management is a cornerstone of effective cybersecurity, especially in defending against credential-based attacks. Mismanaged secrets—like passwords, keys, API tokens, and certificates—are often exploited during key phases of the attack lifecycle.

Modern platforms like Akeyless play a critical role in enhancing security at every stage. Features such as Dynamic Secrets, Role-Based Access Control (RBAC), and Just-in-Time (JIT) Access help prevent attackers from gaining entry, escalating privileges, or moving laterally within a network.

For example:

• Dynamic Secrets provide temporary credentials that expire after use, neutralizing stolen secrets and ensuring Zero Standing Privileges.
• Granular RBAC ensures that only verified users or systems can access sensitive secrets, mitigating the risk of privilege escalation.
• Secrets Rotation automatically updates static credentials, reducing the attack surface for Initial Access and Persistence phases.
• Secretless: Eliminate the need to management and protect secrets using frameworks like Secure Production Identity Framework for Everyone (SPIFEE) 

Take Your Cybersecurity Strategy to the Next Level

The MITRE ATT&CK framework empowers organizations to map, mitigate, and counter cyberattacks with precision. By integrating proactive secrets management strategies, organizations can close critical security gaps and reduce the risk of breaches caused by credential-based attacks.

Want to dive deeper into how secrets management aligns with the MITRE ATT&CK framework? 

Download our free white paper and get 16 pages of practical insights, actionable strategies, and expert guidance to help you protect your organization at every stage of the attack lifecycle.

OR

Request a customized demo of the Akeyless platform in action and how it improves your cybersecurity posture and prevents the leading cause of breaches. 

Securing Non-Human Identities: How Akeyless Protects Against the OWASP Top 10 NHI Risks in 2025

Posted by Suresh Sathyamurthy

As organizations continue to automate workflows and integrate cloud services, the management of non-human identities (NHIs) becomes a critical security challenge. The OWASP Top 10 Non-Human Identities Risks for 2025 highlights the biggest threats facing machine identities, service accounts, and automation credentials. Akeyless, with its advanced Secrets and Machine Identity Management platform, provides robust solutions to mitigate each of these risks. 

Before diving into how the Akeyless Secrets & Machine Identity Platform addresses nearly every element of the Top 10 NHI Risks for 2025, I want to share a little context. I live and work in Silicon Valley—and yes, I’m also a fan of the hit HBO show Silicon Valley. With that in mind, let’s consider a hypothetical company, Hooli, a cloud-based software development powerhouse (naturally, it’s based in the Valley—next time, I’ll sprinkle in some AI for good measure).

1. Improper Offboarding

Challenge: Hooli frequently deploys temporary services for client projects. However, they sometimes overlook deactivating service accounts and access keys after project completion, leaving unused NHIs active. As a result, these orphaned NHIs can be exploited by malicious actors to gain unauthorized access to sensitive systems and data, as they remain valid entry points into the company’s infrastructure.

How Akeyless Helps: To counter this, Akeyless automates the lifecycle management of secrets and non-human identities. By setting expiration policies and automating the revocation of unused secrets, Akeyless ensures that obsolete NHIs at Hooli are promptly deactivated, reducing potential vulnerabilities.

2. Secret Leakage

Challenge: During a code review, Hooli discovers that developers have hardcoded API keys into source code repositories. If unauthorized individuals access these repositories, the exposed API keys can be used to infiltrate Hooli’s systems, leading to data breaches and potential financial losses.

How Akeyless Helps: To prevent such leaks, Akeyless centralizes secrets management with zero-knowledge encryption, ensuring that Hooli’s sensitive information is never exposed in code. It also integrates seamlessly with CI/CD pipelines, injecting secrets securely at runtime and preventing unauthorized access.

3. Vulnerable Third-Party NHIs

Challenge: Hooli integrates various third-party plugins into their development environment. If one of these plugins is compromised, it could potentially access sensitive credentials, allowing attackers to manipulate or steal data, disrupt services, or move laterally within Hooli’s network.

How Akeyless Helps: Akeyless mitigates this risk by enforcing least-privilege access controls, granting third-party integrations only the permissions they require. Additionally, continuous monitoring and automatic rotation of secrets further protect Hooli against unauthorized access from compromised third-party tools.

4. Insecure Authentication

Challenge: Hooli’s legacy systems use outdated authentication methods without multi-factor authentication (MFA). Attackers can easily exploit these weak authentication mechanisms to gain unauthorized access, leading to potential data breaches and system compromises.

How Akeyless Helps: Akeyless supports modern authentication protocols, including MFA and certificate-based methods. By migrating to these secure authentication mechanisms, Hooli can protect its systems from potential breaches.

5. Overprivileged NHIs

Challenge: To expedite development, Hooli team assigns broad privileges to service accounts. However, if an overprivileged NHI is compromised, attackers can perform unauthorized actions, potentially leading to data theft, service disruptions, or complete system takeovers.

How Akeyless Helps: Through role-based and attribute-based access controls, Akeyless ensures NHIs are granted only the permissions necessary for their functions without slowing development. This principle of least privilege minimizes the impact of potential security incidents at Hooli.

6. Insecure Cloud Deployment Configurations

Challenge: Hooli’s CI/CD pipelines use static credentials stored in configuration files. If these files are accessed maliciously, attackers can use the static credentials to infiltrate production environments, leading to data breaches and unauthorized system modifications.

How Akeyless Helps: Akeyless eliminates this risk by replacing static credentials with ephemeral, short-lived secrets that are generated on demand. This approach reduces the window of opportunity for attackers and enhances the security of Hooli’s deployment processes.

7. Long-Lived Secrets

Challenge: Some of Hooli’s API keys and tokens have no expiration dates. If these long-lived secrets are compromised, attackers can maintain prolonged unauthorized access to sensitive services without detection.

How Akeyless Helps: To mitigate this, Akeyless automates the rotation of all Hooli’s secrets, ensuring they are regularly updated and have appropriate expiration periods. This practice limits the potential damage from exposed credentials.

8. Environment Isolation

Challenge: Hooli uses the same credentials across development, testing, and production environments. Consequently, a security issue in the less secure development environment could propagate to production, compromising live data and services.

How Akeyless Helps: Akeyless enforces strict environment isolation by assigning unique secrets and access policies to each environment. This segregation prevents issues in one environment from affecting others.

9. NHI Reuse

Challenge: To simplify management, Hooli reuses the same service accounts across multiple applications. However, if one application is compromised, the shared NHI can be a gateway for attackers to access other applications, leading to widespread breaches.

How Akeyless Helps: Akeyless provides unique, ephemeral identities for each application instance at Hooli, eliminating the risks associated with credential reuse. This ensures that a breach in one application doesn’t compromise others.

10. Human Use of NHIs

Challenge: Administrators at Hooli sometimes use service account credentials for manual tasks. Unfortunately, this practice reduces accountability and can lead to security gaps, as actions performed using NHIs are harder to trace back to individual users, complicating incident response efforts.

How Akeyless Helps: Akeyless helps by distinguishing between human and machine identities, enforcing appropriate use policies for each. Human users authenticate through enterprise identity providers, while NHIs utilize secure API-based authentication, maintaining clear separation and accountability.

Conclusion

The OWASP Top 10 Non-Human Identity Risks highlight the growing security challenges organizations face in managing automated access. Akeyless provides a comprehensive Secrets and Machine Identity Management platform that not only mitigates these risks but also enhances security posture through automation, zero-trust principles, and robust access controls.

By adopting Akeyless, organizations like Hooli can ensure their NHIs remain secure, compliant, and resilient against evolving cyber threats.

Want to learn more? Sign up for a demo to see how the Akeyless platform can protect your organization.

Securing LLM Applications with Akeyless: A Clear and Practical Guide

Posted by Suresh Sathyamurthy

Generative AI and Large Language Models (LLMs) are revolutionizing business operations, streamlining interactions, and driving smarter decision-making. However, this powerful innovation also opens the door to new security challenges. The Open Web Application Security Project (OWASP) created the “OWASP Top 10 for LLM Applications 2025” to clearly outline security risks specifically related to LLM applications, helping organizations understand and effectively tackle these emerging threats.

In my last blog on OWASP Top 10 NHI risks, I used the fictional company Hooli from the HBO show “Silicon Valley”. Given this one is about securing LLMs, I’ll draw from the world of Artificial Intelligence and machines. In this blog, we’ll explore several key concerns highlighted by OWASP, using Cyberdyne Systems (from the Terminator) to illustrate how Akeyless effectively mitigates these critical security risks. While OWASP details ten vulnerabilities, this post addresses five areas specifically aligned with Akeyless’ strengths.

How Akeyless Addresses Selected OWASP LLM Risks

Preventing Prompt Injection (LLM01)

Prompt injection occurs when attackers manipulate AI prompts to trick an LLM into revealing confidential information or performing unauthorized actions.

• Role-Based and Attribute-Based Access Control (RBAC & ABAC): Akeyless implements fine-grained RBAC and ABAC policies to manage API tokens and permissions, ensuring only authorized personnel can modify AI prompts. This restricts unauthorized users from injecting malicious prompts.
  
• Comprehensive Audit & Monitoring: With detailed audit trails, Akeyless rapidly identifies unauthorized attempts or suspicious activities related to prompt alterations, allowing businesses to detect and block unauthorized modifications.

Cyberdyne Example: Attackers attempted to insert malicious commands into Cyberdyne’s customer support chatbot to extract client financial details. Akeyless’ strict privilege controls and audit capabilities quickly identified and blocked these unauthorized attempts, protecting sensitive customer data.

Avoiding Sensitive Information Disclosure (LLM02)

Sensitive data—Systems including personal customer information and proprietary business intelligence—can unintentionally appear in AI-generated content, leading to serious compliance issues or reputational harm.

• Secure Secrets Management with End-to-End Encryption: Akeyless securely stores encryption keys and critical credentials, ensuring that no sensitive data is exposed within AI prompts or responses.
  
• Zero-Knowledge Security Model: Akeyless’ Zero-Knowledge architecture with DFC™ encryption prevents unauthorized data access—even from privileged insiders—by distributing cryptographic fragments across multiple cloud providers.
  
• Dynamic & Just-in-Time Secrets (JIT): Akeyless issues ephemeral, short-lived credentials, ensuring AI models only access sensitive data when strictly necessary.
  
• Robust Access Controls: By enforcing precise access permissions, Akeyless ensures only authorized users can access sensitive information, substantially reducing the risk of accidental leaks through AI outputs.

Cyberdyne Example: Cyberdyne’s AI system was at risk of inadvertently sharing sensitive customer financial details due to insecure credential handling. By employing Akeyless’ secure secret management, credentials and data remained encrypted and isolated, preventing any accidental disclosures.

Securing the Supply Chain (LLM03)

Supply chain vulnerabilities arise when compromised third-party AI models or datasets create entry points for attackers.

• Secure Credential Management: Akeyless securely manages all credentials needed for third-party integrations, preventing compromised third-party services from gaining unauthorized access to sensitive internal resources.
  
• Automated Secrets Rotation & Zero Standing Privileges: Akeyless eliminates hardcoded secrets by dynamically rotating API keys and authentication credentials, preventing third-party services from retaining persistent access.
  
• SPIFFE & SPIRE Integrations: Akeyless seamlessly integrates with SPIFFE and SPIRE to issue secure workload identities, ensuring AI services authenticate safely without traditional secrets.
  
• Zero-Knowledge API Authentication: AI workloads authenticate via cloud-based identities without exposing API keys.
  
• Continuous Monitoring and Auditing: Akeyless’ real-time monitoring capabilities promptly detect and alert organizations about suspicious activities or unauthorized access.

Cyberdyne Example: Following a third-party AI provider breach, compromised credentials posed a threat to Cyberdyne. However, Akeyless’ Just-in-Time access model ensured all API keys were temporary and auto-rotated, rendering any compromised credentials useless.

Preventing Data and Model Poisoning (LLM04)

Data and model poisoning occur when attackers insert harmful or biased data to compromise the accuracy and reliability of AI outputs.

• Immutable Secrets & Version Control: Akeyless enforces strict access policies for data sources, ensuring only authorized AI pipelines can modify training datasets.
  
• Secure AI Model Key Management: AI model encryption keys are managed via FIPS 140-2 validated encryption, ensuring only authorized applications can access AI models.
  
• Tamper-Proof Audit Logs: All model modifications are recorded in immutable logs, preventing stealthy alterations to AI training data.

Cyberdyne Scenario: Competitors attempted to inject corrupted data into Cyberdyne’s market analytics AI tool. Thanks to Akeyless’ strict key management and access controls, unauthorized data changes were blocked, preserving the accuracy and trustworthiness of Cyberdyne’s AI insights.

Wrapping Up

Using practical scenarios from Cyberdyne Systems, we’ve illustrated how Akeyless effectively mitigates selected OWASP LLM risks, Systems including prompt injection, sensitive information disclosure, supply-chain vulnerabilities, data poisoning, and resource overuse. By employing Akeyless, businesses can confidently and securely embrace powerful LLM technologies while effectively managing associated risks.

Why Akeyless?

Akeyless is the leading SaaS-based, Zero-Knowledge security platform, providing:

• Patented Zero-Knowledge Encryption: Ensures that even Akeyless cannot access your AI secrets or keys.
• Multi-Cloud & On-Prem Compatibility: Works seamlessly with AWS, Azure, GCP, and Kubernetes.
• Integration with DevSecOps & AI Pipelines: Connects with Jenkins, Terraform, Kubernetes, and all the tools that DevOps use on a regular basis.
• FIPS 140-2, SOC 2, ISO 27001 Compliance: Fully adheres to industry security standards.
• End-to-End API Security: Protects AI prompts, data, and workloads without storing persistent secrets.

By adopting Akeyless, Cyberdyne Systems and other AI-driven companies can securely scale their LLM applications while mitigating the OWASP Top 10 AI security risks. Judgment Day would have never happened had Cyberdyne used Akeyless to secure their LLMs while building Skynet.

Ready to secure your AI applications? Explore the Akeyless platform today. 

Understanding GitGuardian Secrets Security Platform

GitGuardian

GitGuardian is an end-to-end secrets security platform designed to help software-driven organizations strengthen their Non-Human Identity (NHI) security posture and meet industry compliance standards. As attackers increasingly target NHIs, such as service accounts, service principals, and applications, managing these critical assets has become more complex. NHIs rely on “secrets” like API keys and certificates for authentication, and their rapid proliferation has led to significant secrets sprawl.

GitGuardian’s mission is built on two core pillars: Secrets Security and Secrets Observability, delivering a holistic approach to NHI security.

With Secrets Security, GitGuardian aims to eliminate leaks and sprawl, detecting compromised or misused secrets across both public and internal environments. This foundation of NHI security is strengthened by monitoring for incidents, policy violations, and illegitimate use of secrets.

GitGuardian’s Secrets Detection tackles internal secrets sprawl by identifying sensitive data in source code and developer productivity tools. The platform supports over 420 types of secrets, including API keys, private keys, and database credentials. With a robust policy engine, security teams can enforce rules across major version control systems (VCSs) like GitHub, GitLab, BitBucket, and Azure DevOps, as well as tools like Slack, Jira, registries, and more.

To expand visibility beyond internal systems, GitGuardian Public Monitoring scans public GitHub repositories, detecting sensitive information in both organizational and developers’ personal repos. This is crucial, as 80% of corporate secrets leaked on public GitHub stem from personal accounts.

Adding another layer of defence, GitGuardian Honeytoken deploys decoy secrets that lure attackers looking for active secrets across your assets. Any unauthorized access attempts will trigger immediate alerts, enabling rapid detection and response during the software development lifecycle.

The second core pillar, Secrets Observability, offers a centralized inventory of secrets, tracking their context and usage. This enables teams to detect high-risk secrets, manage their rotation, and leverage analytics to enhance the overall NHI security posture. Together, Secrets Security and Secrets Observability work symmetrically: one side focuses on detecting compromised secrets, while the other manages legitimate secrets and their lifecycle.

Trusted by over 600,000 developers and recognized as the top security app on GitHub Marketplace, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF and Bouygues Telecom, ensuring robust protection for their sensitive secrets.

Understanding Oasis

Understanding Oasis

In today’s digital landscape, the importance of managing non-human identities has become increasingly significant. From IoT devices to automated software processes, non-human identities play a crucial role in various operational and security contexts. Oasis emerges as a pivotal solution for addressing these needs, providing robust features to ensure the secure and efficient management of non-human identities.

Key Features of Oasis

Oasis offers a suite of features tailored to the unique requirements of non-human identity management. Here are some of the most notable capabilities:

1. Automated Identity Provisioning: Oasis automates the provisioning of non-human identities, ensuring that each device or process receives the appropriate credentials and permissions without manual intervention. This automation reduces the risk of human error and streamlines the onboarding process.

2. Dynamic Credential Management: One of the standout features of Oasis is its dynamic credential management. It continuously monitors and updates credentials for non-human entities, ensuring they remain secure and compliant with organizational policies. This feature is essential for maintaining the integrity of systems that rely on these identities.

3. Comprehensive Auditing and Reporting: Oasis provides detailed auditing and reporting capabilities. Organizations can track the activities and interactions of non-human identities, generating comprehensive reports that support security audits and compliance requirements. This visibility is crucial for identifying potential vulnerabilities and ensuring accountability.

The Importance of Non-Human Identity Management

As the number of non-human identities grows, so does the complexity of managing them. Effective non-human identity management is essential for several reasons:

1. Enhanced Security: By ensuring that non-human identities are properly managed, organizations can significantly reduce the risk of unauthorized access and potential breaches. Valance Security’s features help in maintaining a secure environment.

2. Operational Efficiency: Automating the management of non-human identities frees up valuable resources, allowing IT teams to focus on more strategic tasks. This efficiency can lead to cost savings and improved overall performance.

3. Compliance and Accountability: Regulatory requirements often mandate strict control over identity management. Valance Security’s auditing and reporting tools help organizations meet these requirements and demonstrate compliance effectively.

Conclusion

In conclusion, Oasis addresses a critical need in the modern digital ecosystem by providing comprehensive features for managing non-human identities. Its automated provisioning, dynamic credential management, and robust auditing capabilities make it an invaluable tool for enhancing security, improving operational efficiency, and ensuring compliance. As organizations continue to adopt and integrate more non-human identities, solutions like Oasis will play an increasingly vital role in their success.