In this sponsored interview Casey Ellis chats with Truffle Security’s founder and CEO Dylan Ayrey about the recent CISA secrets leak. Days after Brian Krebs ran the story, plenty of the exposed credentials were still live, including an admin-level GitHub app key with full rights over CISA’s org. Dylan walks through why deleting the repo doesn’t fix anything, why most cloud vendors won’t hard-revoke exposed keys (OpenAI and Slack will; AWS, Google and friends mostly won’t), why Hugging Face datasets now hold more secrets than GitHub itself, and what the next generation of multi-provider credential-harvesting supply chain worms is going to look like.
Podzilla Summary coming soon
Sign up to get notified when the full AI-powered summary is ready.
Free forever for up to 3 podcasts. No credit card required.
Listen to This Episode
More from Risky Bulletin
Risky Bulletin: EU unveils digital sovereignty plan
Srsly Risky Biz: NATO's cyber approach needs to change
Risky Bulletin: FSB calls out Western spyware operation
Between Two Nerds: The intelligence cult
Get summaries like this every morning.
Free AI-powered recaps of Risky Bulletin and your other favorite podcasts, delivered to your inbox.
Free forever for up to 3 podcasts. No credit card required.