Logo
Search
HOME
ARCHIVE
SIGN IN
SUBSCRIBE
Logo
ALPHA
Oliver Buchannon
Dennis Andrade

third-party integrations

+3

Nobody Is Talking About AI Agent Skills Yet. They Will Be

Jun 30, 2026

•

5 min read

Nobody Is Talking About AI Agent Skills Yet. They Will Be

Malicious code is now delivered as helpful app features — and 26,000 AI agents just installed one.

Dennis Andrade
Dennis Andrade

authentication

+3

Your Password Is Safe. You're Still Getting Hacked

Jun 23, 2026

•

4 min read

Your Password Is Safe. You're Still Getting Hacked

The attack that broke Microsoft's login doesn't need your password at all.

Dennis Andrade
Dennis Andrade

defense evasion

+4

The Security Camera Footage of Your Digital Life Is Being Erased While You're Being Robbed

Jun 16, 2026

•

4 min read

The Security Camera Footage of Your Digital Life Is Being Erased While You're Being Robbed

Attackers aren't breaking in anymore. They're deleting the evidence that they were ever there.

Dennis Andrade
Dennis Andrade

identity

+5

The Security Experts Protecting America Just Got Caught Doing the Thing They Tell You Never to Do

Jun 9, 2026

•

3 min read

The Security Experts Protecting America Just Got Caught Doing the Thing They Tell You Never to Do

CISA left government cloud keys in public GitHub. Microsoft shipped a debug flag to 3 billion phones. Meta's AI gave away Instagram accounts. Same week.

Dennis Andrade
Dennis Andrade

identity-security

+7

Ransomware Doesn't Break In. It Logs In

Jun 2, 2026

•

4 min read

Ransomware Doesn't Break In. It Logs In

The forensics always leads back to the same place — an account that shouldn't have existed, with access it shouldn't have had. Here's what to fix before the 2 AM alert.

Dennis Andrade
Dennis Andrade

Credential Security

+5

The Agency Protecting America's Infrastructure Just Leaked the Keys to It on GitHub

May 26, 2026

•

4 min read

The Agency Protecting America's Infrastructure Just Leaked the Keys to It on GitHub

CISA left live AWS GovCloud credentials in a public repo named "Private." It sat there for six months. Nobody inside the agency noticed.

Dennis Andrade
Dennis Andrade

Zero Trust

+6

Your AI Coding Assistant Just Cloned Your Entire Repository. You Told It To.

May 19, 2026

•

3 min read

Your AI Coding Assistant Just Cloned Your Entire Repository. You Told It To.

Convention files, prompt injection, and why the line between productivity tool and data pipeline just disappeared

Dennis Andrade
Dennis Andrade

chrome-extensions

+7

The Free AI Tool You Installed Last Week Is Robbing You Blind

May 12, 2026

•

3 min read

The Free AI Tool You Installed Last Week Is Robbing You Blind

You clicked "Add to Chrome" because it promised to make you faster. You actually installed a wiretap.

Dennis Andrade
Dennis Andrade

AppSec

+7

The Apps on Your Phone Are Installing Themselves Now. They're Also Stealing From Each Other

May 5, 2026

•

3 min read

The Apps on Your Phone Are Installing Themselves Now. They're Also Stealing From Each Other

A self-spreading worm just ran through the tools developers use to build every app you touch. Here's what that means for you — and what to do about it.

Dennis Andrade
Dennis Andrade

Oauth Security

+7

Your Token Budget Just Became Your Attack Surface

Apr 28, 2026

•

3 min read

Your Token Budget Just Became Your Attack Surface

The Vercel breach wasn't a credential failure. It was a token problem — and your IAM program probably can't see it.

Dennis Andrade
Dennis Andrade

Least Privilege

+4

Your AI Agent Has More Access Than Your Domain Admin

Apr 21, 2026

•

3 min read

Your AI Agent Has More Access Than Your Domain Admin

Five vendors. Six weeks. The same architectural failure. Here's why agents keep shipping with godmode permissions — and what good actually looks like.

Dennis Andrade
Dennis Andrade
Your Autonomous Agents Are Running With God Mode Permissions

Apr 14, 2026

•

6 min read

Your Autonomous Agents Are Running With God Mode Permissions

The Agent Permission Paradox

Dennis Andrade
Dennis Andrade

identity-governance

+2

The Debt Your Security Team Isn't Tracking

Apr 7, 2026

•

7 min read

The Debt Your Security Team Isn't Tracking

Most enterprises are carrying identity debt they can't see. Here's what it looks like — and where to start paying it down.

Dennis Andrade
Dennis Andrade

Sign Up

Login

Search

Profile

STAY CONNECTED

© 2026 Identity Decoded.
beehiivPowered by beehiiv