Agent Vault: Secure Sandboxing and Secret Injection for AI Agents
135
Agent Vault is a secure execution environment for AI agents that prevents data leaks through network sandboxing and automated secret injection.
API Key Security
Best practices and cautionary tales around securing API keys and credentials, including risks of exposure, theft, and unauthorized usage.
Reading List
Bitwarden CLI Compromised in CI/CD Supply Chain Attack
865
Bitwarden CLI version 2026.4.0 was compromised in a supply chain attack that uses a malicious CI/CD injection to harvest cloud and developer credentials.
The Vercel Breach: OAuth Vulnerabilities and the Risk of Insecure Secret Defaults
368
A long-term breach at Vercel exploited a third-party OAuth trust and insecure default settings to expose customer secrets at a platform scale.
Vercel Discloses April 2026 Internal Security Incident
866
Vercel is responding to a security breach of its internal systems that affected a small group of customers while maintaining full service operations.
Gas Town Accused of Unauthorized Use of User AI Credits for Project Maintenance
252
Gas Town is accused of 'stealing' user LLM credits and GitHub identities to automatically fund and perform its own software maintenance.
Critical Supply Chain Attack: Malicious Credential Stealer Found in litellm PyPI Package
931
The litellm PyPI package has been compromised by a supply chain attack that automatically steals and exfiltrates sensitive system credentials and secrets.
NanoClaw and OneCLI: Securing AI Agents via Credential Proxying
110
NanoClaw integrates OneCLI to secure AI agents by proxying credentials and enforcing safety policies so agents never hold raw API keys.
Claude-Replay: Interactive HTML Players for AI Coding Sessions
104
A tool that converts Claude Code transcripts into interactive, self-contained HTML replays for easy sharing and documentation.
The $82,000 API Key: Why Billing Caps are Essential
A stolen Gemini API key led to an $82,000 bill in 48 hours, highlighting the urgent need for cloud billing limits.