The Credential Crisis: How Stolen Credentials Defeat Modern Security

The basic problem remains: absence of proof is not proof of absence. “Credentials may be misused long before breach information is identified and communicated back to the affected individual. By the time a notification arrives, the attacker may already have exploited the access,” says Long.The first indication of credential compromise for most organizations is the discovery of a breach; but sometimes you can detect the attack before the actual breach. “Unauthorized password reset emails and ‘new login detected’ alerts are a clear signal that your credentials have been stolen,” warns Schiappa.MFA falls into a similar bracket, he continues. “MFA is a simple, effective access control that not only prevents a threat actor from gaining access via stolen credentials but can also serve as a mechanism to alert security teams that unusual login behavior is occurring.”But MFA is no longer perfect. George comments, “If you had asked me 18 months ago, I would have said it is a good deterrent. According to Microsoft, the bypass rate was 0.7% and therefore still within the limits. But today, the MFA bypass rate is in the low double-digit range, which poses a significant threat.”Stuart Sharp, VP of product atOne Identity, adds, “Phishing-resistant MFA methods, like WebAuthn and Passkeys, incorporate two levels of protection – validating that the target website address is already known and not a spoofed variation of a valid site, and verifying that the authentication request is coming from a known, registered device. When combined with on-device biometric checks like face ID or fingerprints, these phishing resistant forms of MFA greatly reduce the risk of unauthorized access.”Roy Katmor, CEO atOrchid Security, adds, “MFA is highly effective against simple password replay, but it’s less effective against session theft, token replay, and MFA fatigue/push bombing (where attackers bombard users with prompts until one gets approved) unless it’s properly hardened. Phishing-resistant MFA is a meaningful step up and materially raises the bar.”But at the end of the day, adds George, “The human will always be the weakest link in the cyber attack chain, and that’s what many attackers exploit.”Regardless, “In many cases, people only realize their credentials have been compromised after something goes wrong, such as an unexpected password reset, an account lockout, or fraudulent charges on a credit card. Unfortunately, by the time those warning signs appear, the stolen credentials may already have been circulating or actively used by threat actors,” says Burton.When a compromised credential breach occurs, the game changes to one of early detection and rapid containment. Is there any defense against the use of stolen credentials once the attacker has achieved access? “Yes,” says Meyers, “but the defense shifts from preventing login to containing and outpacing the attacker.” This includes both detecting and slowing the attacker, resetting credentials to prevent further misuse, revocation of active sessions, and enforcing least privilege everywhere.“Once an attacker authenticates, the focus shifts from blocking access to detecting misuse and limiting blast radius,” agrees Bee. “The faster misuse is detected and contained, the smaller the impact.”The two best known tools for detection and containment are behavioral anomaly detection and zero trust principles.Behavioral detectionBehavioral detection systems create a baseline of normal user behavior and are able to detect any deviation from that. That deviation is likely to indicate the presence of an intruder, even where access was enabled with valid credentials. “Once attackers authenticate, the giveaway becomes behavior,” says Meyers.Long describes it as continuous authentication. “Instead of trusting a user simply because they logged in successfully once, businesses can monitor behavior throughout the session. Techniques such as behavioral biometrics build a profile of how a customer normally interacts with a service. That can include where they typically are, the devices they use, how they handle that device, and their usual transaction patterns. If something falls outside that normal pattern, the system can step up security the next time the customer attempts an action.”Access, he says, should not be treated as a one-time decision. Bee agrees. “The real question is not whether the login was valid, but whether the behavior that follows aligns with expected identity patterns. If trust is granted once at login and maintained for the entire session, an attacker can operate freely within that window. That is why resilience depends on continuous validation, reassessing whether the user, device, and context remain consistent with what ‘normal’ looks like.”He continues, “Unusual access to new systems, privilege changes, or unfamiliar SaaS activity should trigger re-authentication, session isolation, or immediate revocation. In interconnected, SaaS-driven environments, speed is decisive. The faster misuse is detected and contained, the smaller the impact.”Zero trustZero trust can assist in credential breach containment, but zero trust is still widely misunderstood as a product or technology.“Zero trust is not a technology. It’s not a product that you can buy off the shelf,” says George. “It is really a concept, a way of thinking; and it simply says, ‘Never trust anything, but rather double check everything’. In today’s dynamic threatscape, that’s an approach that every organization should apply. If you trust credentials, and you believe that a legitimate identity is behind it, you’re in the 70 plus percent of cases where you’re mistaken.”It’s that automatic trust that the attackers leverage. “If you never trust anything, but you really ask further questions, if you don’t automatically assume a credential equals an identity, but check it against things like geolocation, timing of the action, behavioral biometrics – if you can do that in the context of identities, then you’re really minimizing your risk exposure tremendously.”Carlos Aguilar Melchor, principal research scientist atSandboxAQ, agrees. “Zero Trust is a way of operating, not a finish line. The goal is simple: keep shrinking blast radius wherever identity and cryptography are well governed and enforced.Carlos Aguilar Melchor, principal research scientist at SandboxAQ.“The old perimeter is gone,” he continues. “Keep moving to continuous verification across users, devices, services, data, and agents. Make every transaction check policy, and treat identity as the control plane for both people and machines.”While zero trust is neither a product nor a finish line, “Partial zero trust is still worth doing if you can measure it,” he suggests. “Start with phishing-resistant MFA, signed software and models, workload identity, and service-to-service mutual Transport Layer Security (mTLS). Keep crypto strong so machine identities stay trustworthy.”It is the continuous verification that is important, says Meyers. “Zero trust is strong against ‘credential = keys to the kingdom’ thinking, because it emphasizes continuous verification and conditional access. Most notably, zero trust shines when paired with enforcement that catches trust boundary violations and limits lateral movement after initial access.”Microsegmentation, often considered to be a key aspect in implementing the zero trust concept, is a strategy rather than a technology. It is useful in containing an intruder. “It limits the ‘blast radius’ by ensuring one compromised account cannot move freely across the entire network,” comments Parnes.‘Freely’ is the key word. It doesn’t prevent lateral movement, but it slows it down. That alone could be enough. Cybercriminals don’t like to hang around, which could lead to exposure and unintended consequences. If things get tough, they are quite likely to leave and move on to the next victim.The agility gap in actionOne thing we haven’t mentioned but really should, is the effect of stolen API keys for agentic AI systems. The speed of full compromise and the potential blast radius are both increased exponentially, and the threat surface (the use of agentic AI systems within and by business) is expanding dramatically. It is another example of AI expanding the agility gap.This API key isn’t simply capable of unlocking the data store, it is the key to an agent who is effectively a trusted employee able to talk to other similarly trusted employees, roam freely through the network and act autonomously. It has access beyond datasets into workflows. Since agents are necessarily trusted by the system, they are unlikely to trip any detection mechanism or be delayed by firewalls until after it or they act.Once into the agentic system, the attacker effectively has access to every system or platform (Jira, Slack, AWS, etcetera) the agentic system integrates with. Such an attacker, unlikely to be detected, could explore possibilities available through the agentic system, and then strike. This strike could include thousands of malicious actions at machine speed across the victim’s entire infrastructure before it is detected.With stolen API keys, possible detection and containment is low, and blast radius is high.The future“I think, quite frankly, as with any type of attack, the threat actors will always be a step ahead of us,” says George. “It is our task to reduce the agility gap between the attacker and defender as far as possible, but we will never eliminate it. We will never be able to completely protect against any attack, including against identity-based attacks. And to any vendor or professional that claims 100% protection… you should laugh at them.”Related:Autonomous AI Agents Provide New Class of Supply Chain AttackRelated:Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark ForumsRelated:The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to IgnoreRelated:Cyber Insights 2026: Zero Trust and Following the PathRelated:136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

The first indication of credential compromise for most organizations is the discovery of a breach; but sometimes you can detect the attack before the actual breach. “Unauthorized password reset emails and ‘new login detected’ alerts are a clear signal that your credentials have been stolen,” warns Schiappa.MFA falls into a similar bracket, he continues. “MFA is a simple, effective access control that not only prevents a threat actor from gaining access via stolen credentials but can also serve as a mechanism to alert security teams that unusual login behavior is occurring.”But MFA is no longer perfect. George comments, “If you had asked me 18 months ago, I would have said it is a good deterrent. According to Microsoft, the bypass rate was 0.7% and therefore still within the limits. But today, the MFA bypass rate is in the low double-digit range, which poses a significant threat.”Stuart Sharp, VP of product atOne Identity, adds, “Phishing-resistant MFA methods, like WebAuthn and Passkeys, incorporate two levels of protection – validating that the target website address is already known and not a spoofed variation of a valid site, and verifying that the authentication request is coming from a known, registered device. When combined with on-device biometric checks like face ID or fingerprints, these phishing resistant forms of MFA greatly reduce the risk of unauthorized access.”Roy Katmor, CEO atOrchid Security, adds, “MFA is highly effective against simple password replay, but it’s less effective against session theft, token replay, and MFA fatigue/push bombing (where attackers bombard users with prompts until one gets approved) unless it’s properly hardened. Phishing-resistant MFA is a meaningful step up and materially raises the bar.”But at the end of the day, adds George, “The human will always be the weakest link in the cyber attack chain, and that’s what many attackers exploit.”Regardless, “In many cases, people only realize their credentials have been compromised after something goes wrong, such as an unexpected password reset, an account lockout, or fraudulent charges on a credit card. Unfortunately, by the time those warning signs appear, the stolen credentials may already have been circulating or actively used by threat actors,” says Burton.When a compromised credential breach occurs, the game changes to one of early detection and rapid containment. Is there any defense against the use of stolen credentials once the attacker has achieved access? “Yes,” says Meyers, “but the defense shifts from preventing login to containing and outpacing the attacker.” This includes both detecting and slowing the attacker, resetting credentials to prevent further misuse, revocation of active sessions, and enforcing least privilege everywhere.“Once an attacker authenticates, the focus shifts from blocking access to detecting misuse and limiting blast radius,” agrees Bee. “The faster misuse is detected and contained, the smaller the impact.”The two best known tools for detection and containment are behavioral anomaly detection and zero trust principles.Behavioral detectionBehavioral detection systems create a baseline of normal user behavior and are able to detect any deviation from that. That deviation is likely to indicate the presence of an intruder, even where access was enabled with valid credentials. “Once attackers authenticate, the giveaway becomes behavior,” says Meyers.Long describes it as continuous authentication. “Instead of trusting a user simply because they logged in successfully once, businesses can monitor behavior throughout the session. Techniques such as behavioral biometrics build a profile of how a customer normally interacts with a service. That can include where they typically are, the devices they use, how they handle that device, and their usual transaction patterns. If something falls outside that normal pattern, the system can step up security the next time the customer attempts an action.”Access, he says, should not be treated as a one-time decision. Bee agrees. “The real question is not whether the login was valid, but whether the behavior that follows aligns with expected identity patterns. If trust is granted once at login and maintained for the entire session, an attacker can operate freely within that window. That is why resilience depends on continuous validation, reassessing whether the user, device, and context remain consistent with what ‘normal’ looks like.”He continues, “Unusual access to new systems, privilege changes, or unfamiliar SaaS activity should trigger re-authentication, session isolation, or immediate revocation. In interconnected, SaaS-driven environments, speed is decisive. The faster misuse is detected and contained, the smaller the impact.”Zero trustZero trust can assist in credential breach containment, but zero trust is still widely misunderstood as a product or technology.“Zero trust is not a technology. It’s not a product that you can buy off the shelf,” says George. “It is really a concept, a way of thinking; and it simply says, ‘Never trust anything, but rather double check everything’. In today’s dynamic threatscape, that’s an approach that every organization should apply. If you trust credentials, and you believe that a legitimate identity is behind it, you’re in the 70 plus percent of cases where you’re mistaken.”It’s that automatic trust that the attackers leverage. “If you never trust anything, but you really ask further questions, if you don’t automatically assume a credential equals an identity, but check it against things like geolocation, timing of the action, behavioral biometrics – if you can do that in the context of identities, then you’re really minimizing your risk exposure tremendously.”Carlos Aguilar Melchor, principal research scientist atSandboxAQ, agrees. “Zero Trust is a way of operating, not a finish line. The goal is simple: keep shrinking blast radius wherever identity and cryptography are well governed and enforced.Carlos Aguilar Melchor, principal research scientist at SandboxAQ.“The old perimeter is gone,” he continues. “Keep moving to continuous verification across users, devices, services, data, and agents. Make every transaction check policy, and treat identity as the control plane for both people and machines.”While zero trust is neither a product nor a finish line, “Partial zero trust is still worth doing if you can measure it,” he suggests. “Start with phishing-resistant MFA, signed software and models, workload identity, and service-to-service mutual Transport Layer Security (mTLS). Keep crypto strong so machine identities stay trustworthy.”It is the continuous verification that is important, says Meyers. “Zero trust is strong against ‘credential = keys to the kingdom’ thinking, because it emphasizes continuous verification and conditional access. Most notably, zero trust shines when paired with enforcement that catches trust boundary violations and limits lateral movement after initial access.”Microsegmentation, often considered to be a key aspect in implementing the zero trust concept, is a strategy rather than a technology. It is useful in containing an intruder. “It limits the ‘blast radius’ by ensuring one compromised account cannot move freely across the entire network,” comments Parnes.‘Freely’ is the key word. It doesn’t prevent lateral movement, but it slows it down. That alone could be enough. Cybercriminals don’t like to hang around, which could lead to exposure and unintended consequences. If things get tough, they are quite likely to leave and move on to the next victim.The agility gap in actionOne thing we haven’t mentioned but really should, is the effect of stolen API keys for agentic AI systems. The speed of full compromise and the potential blast radius are both increased exponentially, and the threat surface (the use of agentic AI systems within and by business) is expanding dramatically. It is another example of AI expanding the agility gap.This API key isn’t simply capable of unlocking the data store, it is the key to an agent who is effectively a trusted employee able to talk to other similarly trusted employees, roam freely through the network and act autonomously. It has access beyond datasets into workflows. Since agents are necessarily trusted by the system, they are unlikely to trip any detection mechanism or be delayed by firewalls until after it or they act.Once into the agentic system, the attacker effectively has access to every system or platform (Jira, Slack, AWS, etcetera) the agentic system integrates with. Such an attacker, unlikely to be detected, could explore possibilities available through the agentic system, and then strike. This strike could include thousands of malicious actions at machine speed across the victim’s entire infrastructure before it is detected.With stolen API keys, possible detection and containment is low, and blast radius is high.The future“I think, quite frankly, as with any type of attack, the threat actors will always be a step ahead of us,” says George. “It is our task to reduce the agility gap between the attacker and defender as far as possible, but we will never eliminate it. We will never be able to completely protect against any attack, including against identity-based attacks. And to any vendor or professional that claims 100% protection… you should laugh at them.”Related:Autonomous AI Agents Provide New Class of Supply Chain AttackRelated:Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark ForumsRelated:The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to IgnoreRelated:Cyber Insights 2026: Zero Trust and Following the PathRelated:136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

MFA falls into a similar bracket, he continues. “MFA is a simple, effective access control that not only prevents a threat actor from gaining access via stolen credentials but can also serve as a mechanism to alert security teams that unusual login behavior is occurring.”But MFA is no longer perfect. George comments, “If you had asked me 18 months ago, I would have said it is a good deterrent. According to Microsoft, the bypass rate was 0.7% and therefore still within the limits. But today, the MFA bypass rate is in the low double-digit range, which poses a significant threat.”Stuart Sharp, VP of product atOne Identity, adds, “Phishing-resistant MFA methods, like WebAuthn and Passkeys, incorporate two levels of protection – validating that the target website address is already known and not a spoofed variation of a valid site, and verifying that the authentication request is coming from a known, registered device. When combined with on-device biometric checks like face ID or fingerprints, these phishing resistant forms of MFA greatly reduce the risk of unauthorized access.”Roy Katmor, CEO atOrchid Security, adds, “MFA is highly effective against simple password replay, but it’s less effective against session theft, token replay, and MFA fatigue/push bombing (where attackers bombard users with prompts until one gets approved) unless it’s properly hardened. Phishing-resistant MFA is a meaningful step up and materially raises the bar.”But at the end of the day, adds George, “The human will always be the weakest link in the cyber attack chain, and that’s what many attackers exploit.”Regardless, “In many cases, people only realize their credentials have been compromised after something goes wrong, such as an unexpected password reset, an account lockout, or fraudulent charges on a credit card. Unfortunately, by the time those warning signs appear, the stolen credentials may already have been circulating or actively used by threat actors,” says Burton.When a compromised credential breach occurs, the game changes to one of early detection and rapid containment. Is there any defense against the use of stolen credentials once the attacker has achieved access? “Yes,” says Meyers, “but the defense shifts from preventing login to containing and outpacing the attacker.” This includes both detecting and slowing the attacker, resetting credentials to prevent further misuse, revocation of active sessions, and enforcing least privilege everywhere.“Once an attacker authenticates, the focus shifts from blocking access to detecting misuse and limiting blast radius,” agrees Bee. “The faster misuse is detected and contained, the smaller the impact.”The two best known tools for detection and containment are behavioral anomaly detection and zero trust principles.Behavioral detectionBehavioral detection systems create a baseline of normal user behavior and are able to detect any deviation from that. That deviation is likely to indicate the presence of an intruder, even where access was enabled with valid credentials. “Once attackers authenticate, the giveaway becomes behavior,” says Meyers.Long describes it as continuous authentication. “Instead of trusting a user simply because they logged in successfully once, businesses can monitor behavior throughout the session. Techniques such as behavioral biometrics build a profile of how a customer normally interacts with a service. That can include where they typically are, the devices they use, how they handle that device, and their usual transaction patterns. If something falls outside that normal pattern, the system can step up security the next time the customer attempts an action.”Access, he says, should not be treated as a one-time decision. Bee agrees. “The real question is not whether the login was valid, but whether the behavior that follows aligns with expected identity patterns. If trust is granted once at login and maintained for the entire session, an attacker can operate freely within that window. That is why resilience depends on continuous validation, reassessing whether the user, device, and context remain consistent with what ‘normal’ looks like.”He continues, “Unusual access to new systems, privilege changes, or unfamiliar SaaS activity should trigger re-authentication, session isolation, or immediate revocation. In interconnected, SaaS-driven environments, speed is decisive. The faster misuse is detected and contained, the smaller the impact.”Zero trustZero trust can assist in credential breach containment, but zero trust is still widely misunderstood as a product or technology.“Zero trust is not a technology. It’s not a product that you can buy off the shelf,” says George. “It is really a concept, a way of thinking; and it simply says, ‘Never trust anything, but rather double check everything’. In today’s dynamic threatscape, that’s an approach that every organization should apply. If you trust credentials, and you believe that a legitimate identity is behind it, you’re in the 70 plus percent of cases where you’re mistaken.”It’s that automatic trust that the attackers leverage. “If you never trust anything, but you really ask further questions, if you don’t automatically assume a credential equals an identity, but check it against things like geolocation, timing of the action, behavioral biometrics – if you can do that in the context of identities, then you’re really minimizing your risk exposure tremendously.”Carlos Aguilar Melchor, principal research scientist atSandboxAQ, agrees. “Zero Trust is a way of operating, not a finish line. The goal is simple: keep shrinking blast radius wherever identity and cryptography are well governed and enforced.Carlos Aguilar Melchor, principal research scientist at SandboxAQ.“The old perimeter is gone,” he continues. “Keep moving to continuous verification across users, devices, services, data, and agents. Make every transaction check policy, and treat identity as the control plane for both people and machines.”While zero trust is neither a product nor a finish line, “Partial zero trust is still worth doing if you can measure it,” he suggests. “Start with phishing-resistant MFA, signed software and models, workload identity, and service-to-service mutual Transport Layer Security (mTLS). Keep crypto strong so machine identities stay trustworthy.”It is the continuous verification that is important, says Meyers. “Zero trust is strong against ‘credential = keys to the kingdom’ thinking, because it emphasizes continuous verification and conditional access. Most notably, zero trust shines when paired with enforcement that catches trust boundary violations and limits lateral movement after initial access.”Microsegmentation, often considered to be a key aspect in implementing the zero trust concept, is a strategy rather than a technology. It is useful in containing an intruder. “It limits the ‘blast radius’ by ensuring one compromised account cannot move freely across the entire network,” comments Parnes.‘Freely’ is the key word. It doesn’t prevent lateral movement, but it slows it down. That alone could be enough. Cybercriminals don’t like to hang around, which could lead to exposure and unintended consequences. If things get tough, they are quite likely to leave and move on to the next victim.The agility gap in actionOne thing we haven’t mentioned but really should, is the effect of stolen API keys for agentic AI systems. The speed of full compromise and the potential blast radius are both increased exponentially, and the threat surface (the use of agentic AI systems within and by business) is expanding dramatically. It is another example of AI expanding the agility gap.This API key isn’t simply capable of unlocking the data store, it is the key to an agent who is effectively a trusted employee able to talk to other similarly trusted employees, roam freely through the network and act autonomously. It has access beyond datasets into workflows. Since agents are necessarily trusted by the system, they are unlikely to trip any detection mechanism or be delayed by firewalls until after it or they act.Once into the agentic system, the attacker effectively has access to every system or platform (Jira, Slack, AWS, etcetera) the agentic system integrates with. Such an attacker, unlikely to be detected, could explore possibilities available through the agentic system, and then strike. This strike could include thousands of malicious actions at machine speed across the victim’s entire infrastructure before it is detected.With stolen API keys, possible detection and containment is low, and blast radius is high.The future“I think, quite frankly, as with any type of attack, the threat actors will always be a step ahead of us,” says George. “It is our task to reduce the agility gap between the attacker and defender as far as possible, but we will never eliminate it. We will never be able to completely protect against any attack, including against identity-based attacks. And to any vendor or professional that claims 100% protection… you should laugh at them.”Related:Autonomous AI Agents Provide New Class of Supply Chain AttackRelated:Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark ForumsRelated:The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to IgnoreRelated:Cyber Insights 2026: Zero Trust and Following the PathRelated:136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

But MFA is no longer perfect. George comments, “If you had asked me 18 months ago, I would have said it is a good deterrent. According to Microsoft, the bypass rate was 0.7% and therefore still within the limits. But today, the MFA bypass rate is in the low double-digit range, which poses a significant threat.”Stuart Sharp, VP of product atOne Identity, adds, “Phishing-resistant MFA methods, like WebAuthn and Passkeys, incorporate two levels of protection – validating that the target website address is already known and not a spoofed variation of a valid site, and verifying that the authentication request is coming from a known, registered device. When combined with on-device biometric checks like face ID or fingerprints, these phishing resistant forms of MFA greatly reduce the risk of unauthorized access.”Roy Katmor, CEO atOrchid Security, adds, “MFA is highly effective against simple password replay, but it’s less effective against session theft, token replay, and MFA fatigue/push bombing (where attackers bombard users with prompts until one gets approved) unless it’s properly hardened. Phishing-resistant MFA is a meaningful step up and materially raises the bar.”But at the end of the day, adds George, “The human will always be the weakest link in the cyber attack chain, and that’s what many attackers exploit.”Regardless, “In many cases, people only realize their credentials have been compromised after something goes wrong, such as an unexpected password reset, an account lockout, or fraudulent charges on a credit card. Unfortunately, by the time those warning signs appear, the stolen credentials may already have been circulating or actively used by threat actors,” says Burton.When a compromised credential breach occurs, the game changes to one of early detection and rapid containment. Is there any defense against the use of stolen credentials once the attacker has achieved access? “Yes,” says Meyers, “but the defense shifts from preventing login to containing and outpacing the attacker.” This includes both detecting and slowing the attacker, resetting credentials to prevent further misuse, revocation of active sessions, and enforcing least privilege everywhere.“Once an attacker authenticates, the focus shifts from blocking access to detecting misuse and limiting blast radius,” agrees Bee. “The faster misuse is detected and contained, the smaller the impact.”The two best known tools for detection and containment are behavioral anomaly detection and zero trust principles.Behavioral detectionBehavioral detection systems create a baseline of normal user behavior and are able to detect any deviation from that. That deviation is likely to indicate the presence of an intruder, even where access was enabled with valid credentials. “Once attackers authenticate, the giveaway becomes behavior,” says Meyers.Long describes it as continuous authentication. “Instead of trusting a user simply because they logged in successfully once, businesses can monitor behavior throughout the session. Techniques such as behavioral biometrics build a profile of how a customer normally interacts with a service. That can include where they typically are, the devices they use, how they handle that device, and their usual transaction patterns. If something falls outside that normal pattern, the system can step up security the next time the customer attempts an action.”Access, he says, should not be treated as a one-time decision. Bee agrees. “The real question is not whether the login was valid, but whether the behavior that follows aligns with expected identity patterns. If trust is granted once at login and maintained for the entire session, an attacker can operate freely within that window. That is why resilience depends on continuous validation, reassessing whether the user, device, and context remain consistent with what ‘normal’ looks like.”He continues, “Unusual access to new systems, privilege changes, or unfamiliar SaaS activity should trigger re-authentication, session isolation, or immediate revocation. In interconnected, SaaS-driven environments, speed is decisive. The faster misuse is detected and contained, the smaller the impact.”Zero trustZero trust can assist in credential breach containment, but zero trust is still widely misunderstood as a product or technology.“Zero trust is not a technology. It’s not a product that you can buy off the shelf,” says George. “It is really a concept, a way of thinking; and it simply says, ‘Never trust anything, but rather double check everything’. In today’s dynamic threatscape, that’s an approach that every organization should apply. If you trust credentials, and you believe that a legitimate identity is behind it, you’re in the 70 plus percent of cases where you’re mistaken.”It’s that automatic trust that the attackers leverage. “If you never trust anything, but you really ask further questions, if you don’t automatically assume a credential equals an identity, but check it against things like geolocation, timing of the action, behavioral biometrics – if you can do that in the context of identities, then you’re really minimizing your risk exposure tremendously.”Carlos Aguilar Melchor, principal research scientist atSandboxAQ, agrees. “Zero Trust is a way of operating, not a finish line. The goal is simple: keep shrinking blast radius wherever identity and cryptography are well governed and enforced.Carlos Aguilar Melchor, principal research scientist at SandboxAQ.“The old perimeter is gone,” he continues. “Keep moving to continuous verification across users, devices, services, data, and agents. Make every transaction check policy, and treat identity as the control plane for both people and machines.”While zero trust is neither a product nor a finish line, “Partial zero trust is still worth doing if you can measure it,” he suggests. “Start with phishing-resistant MFA, signed software and models, workload identity, and service-to-service mutual Transport Layer Security (mTLS). Keep crypto strong so machine identities stay trustworthy.”It is the continuous verification that is important, says Meyers. “Zero trust is strong against ‘credential = keys to the kingdom’ thinking, because it emphasizes continuous verification and conditional access. Most notably, zero trust shines when paired with enforcement that catches trust boundary violations and limits lateral movement after initial access.”Microsegmentation, often considered to be a key aspect in implementing the zero trust concept, is a strategy rather than a technology. It is useful in containing an intruder. “It limits the ‘blast radius’ by ensuring one compromised account cannot move freely across the entire network,” comments Parnes.‘Freely’ is the key word. It doesn’t prevent lateral movement, but it slows it down. That alone could be enough. Cybercriminals don’t like to hang around, which could lead to exposure and unintended consequences. If things get tough, they are quite likely to leave and move on to the next victim.The agility gap in actionOne thing we haven’t mentioned but really should, is the effect of stolen API keys for agentic AI systems. The speed of full compromise and the potential blast radius are both increased exponentially, and the threat surface (the use of agentic AI systems within and by business) is expanding dramatically. It is another example of AI expanding the agility gap.This API key isn’t simply capable of unlocking the data store, it is the key to an agent who is effectively a trusted employee able to talk to other similarly trusted employees, roam freely through the network and act autonomously. It has access beyond datasets into workflows. Since agents are necessarily trusted by the system, they are unlikely to trip any detection mechanism or be delayed by firewalls until after it or they act.Once into the agentic system, the attacker effectively has access to every system or platform (Jira, Slack, AWS, etcetera) the agentic system integrates with. Such an attacker, unlikely to be detected, could explore possibilities available through the agentic system, and then strike. This strike could include thousands of malicious actions at machine speed across the victim’s entire infrastructure before it is detected.With stolen API keys, possible detection and containment is low, and blast radius is high.The future“I think, quite frankly, as with any type of attack, the threat actors will always be a step ahead of us,” says George. “It is our task to reduce the agility gap between the attacker and defender as far as possible, but we will never eliminate it. We will never be able to completely protect against any attack, including against identity-based attacks. And to any vendor or professional that claims 100% protection… you should laugh at them.”Related:Autonomous AI Agents Provide New Class of Supply Chain AttackRelated:Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark ForumsRelated:The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to IgnoreRelated:Cyber Insights 2026: Zero Trust and Following the PathRelated:136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

Stuart Sharp, VP of product atOne Identity, adds, “Phishing-resistant MFA methods, like WebAuthn and Passkeys, incorporate two levels of protection – validating that the target website address is already known and not a spoofed variation of a valid site, and verifying that the authentication request is coming from a known, registered device. When combined with on-device biometric checks like face ID or fingerprints, these phishing resistant forms of MFA greatly reduce the risk of unauthorized access.”Roy Katmor, CEO atOrchid Security, adds, “MFA is highly effective against simple password replay, but it’s less effective against session theft, token replay, and MFA fatigue/push bombing (where attackers bombard users with prompts until one gets approved) unless it’s properly hardened. Phishing-resistant MFA is a meaningful step up and materially raises the bar.”But at the end of the day, adds George, “The human will always be the weakest link in the cyber attack chain, and that’s what many attackers exploit.”Regardless, “In many cases, people only realize their credentials have been compromised after something goes wrong, such as an unexpected password reset, an account lockout, or fraudulent charges on a credit card. Unfortunately, by the time those warning signs appear, the stolen credentials may already have been circulating or actively used by threat actors,” says Burton.When a compromised credential breach occurs, the game changes to one of early detection and rapid containment. Is there any defense against the use of stolen credentials once the attacker has achieved access? “Yes,” says Meyers, “but the defense shifts from preventing login to containing and outpacing the attacker.” This includes both detecting and slowing the attacker, resetting credentials to prevent further misuse, revocation of active sessions, and enforcing least privilege everywhere.“Once an attacker authenticates, the focus shifts from blocking access to detecting misuse and limiting blast radius,” agrees Bee. “The faster misuse is detected and contained, the smaller the impact.”The two best known tools for detection and containment are behavioral anomaly detection and zero trust principles.Behavioral detectionBehavioral detection systems create a baseline of normal user behavior and are able to detect any deviation from that. That deviation is likely to indicate the presence of an intruder, even where access was enabled with valid credentials. “Once attackers authenticate, the giveaway becomes behavior,” says Meyers.Long describes it as continuous authentication. “Instead of trusting a user simply because they logged in successfully once, businesses can monitor behavior throughout the session. Techniques such as behavioral biometrics build a profile of how a customer normally interacts with a service. That can include where they typically are, the devices they use, how they handle that device, and their usual transaction patterns. If something falls outside that normal pattern, the system can step up security the next time the customer attempts an action.”Access, he says, should not be treated as a one-time decision. Bee agrees. “The real question is not whether the login was valid, but whether the behavior that follows aligns with expected identity patterns. If trust is granted once at login and maintained for the entire session, an attacker can operate freely within that window. That is why resilience depends on continuous validation, reassessing whether the user, device, and context remain consistent with what ‘normal’ looks like.”He continues, “Unusual access to new systems, privilege changes, or unfamiliar SaaS activity should trigger re-authentication, session isolation, or immediate revocation. In interconnected, SaaS-driven environments, speed is decisive. The faster misuse is detected and contained, the smaller the impact.”Zero trustZero trust can assist in credential breach containment, but zero trust is still widely misunderstood as a product or technology.“Zero trust is not a technology. It’s not a product that you can buy off the shelf,” says George. “It is really a concept, a way of thinking; and it simply says, ‘Never trust anything, but rather double check everything’. In today’s dynamic threatscape, that’s an approach that every organization should apply. If you trust credentials, and you believe that a legitimate identity is behind it, you’re in the 70 plus percent of cases where you’re mistaken.”It’s that automatic trust that the attackers leverage. “If you never trust anything, but you really ask further questions, if you don’t automatically assume a credential equals an identity, but check it against things like geolocation, timing of the action, behavioral biometrics – if you can do that in the context of identities, then you’re really minimizing your risk exposure tremendously.”Carlos Aguilar Melchor, principal research scientist atSandboxAQ, agrees. “Zero Trust is a way of operating, not a finish line. The goal is simple: keep shrinking blast radius wherever identity and cryptography are well governed and enforced.Carlos Aguilar Melchor, principal research scientist at SandboxAQ.“The old perimeter is gone,” he continues. “Keep moving to continuous verification across users, devices, services, data, and agents. Make every transaction check policy, and treat identity as the control plane for both people and machines.”While zero trust is neither a product nor a finish line, “Partial zero trust is still worth doing if you can measure it,” he suggests. “Start with phishing-resistant MFA, signed software and models, workload identity, and service-to-service mutual Transport Layer Security (mTLS). Keep crypto strong so machine identities stay trustworthy.”It is the continuous verification that is important, says Meyers. “Zero trust is strong against ‘credential = keys to the kingdom’ thinking, because it emphasizes continuous verification and conditional access. Most notably, zero trust shines when paired with enforcement that catches trust boundary violations and limits lateral movement after initial access.”Microsegmentation, often considered to be a key aspect in implementing the zero trust concept, is a strategy rather than a technology. It is useful in containing an intruder. “It limits the ‘blast radius’ by ensuring one compromised account cannot move freely across the entire network,” comments Parnes.‘Freely’ is the key word. It doesn’t prevent lateral movement, but it slows it down. That alone could be enough. Cybercriminals don’t like to hang around, which could lead to exposure and unintended consequences. If things get tough, they are quite likely to leave and move on to the next victim.The agility gap in actionOne thing we haven’t mentioned but really should, is the effect of stolen API keys for agentic AI systems. The speed of full compromise and the potential blast radius are both increased exponentially, and the threat surface (the use of agentic AI systems within and by business) is expanding dramatically. It is another example of AI expanding the agility gap.This API key isn’t simply capable of unlocking the data store, it is the key to an agent who is effectively a trusted employee able to talk to other similarly trusted employees, roam freely through the network and act autonomously. It has access beyond datasets into workflows. Since agents are necessarily trusted by the system, they are unlikely to trip any detection mechanism or be delayed by firewalls until after it or they act.Once into the agentic system, the attacker effectively has access to every system or platform (Jira, Slack, AWS, etcetera) the agentic system integrates with. Such an attacker, unlikely to be detected, could explore possibilities available through the agentic system, and then strike. This strike could include thousands of malicious actions at machine speed across the victim’s entire infrastructure before it is detected.With stolen API keys, possible detection and containment is low, and blast radius is high.The future“I think, quite frankly, as with any type of attack, the threat actors will always be a step ahead of us,” says George. “It is our task to reduce the agility gap between the attacker and defender as far as possible, but we will never eliminate it. We will never be able to completely protect against any attack, including against identity-based attacks. And to any vendor or professional that claims 100% protection… you should laugh at them.”Related:Autonomous AI Agents Provide New Class of Supply Chain AttackRelated:Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark ForumsRelated:The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to IgnoreRelated:Cyber Insights 2026: Zero Trust and Following the PathRelated:136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

Roy Katmor, CEO atOrchid Security, adds, “MFA is highly effective against simple password replay, but it’s less effective against session theft, token replay, and MFA fatigue/push bombing (where attackers bombard users with prompts until one gets approved) unless it’s properly hardened. Phishing-resistant MFA is a meaningful step up and materially raises the bar.”But at the end of the day, adds George, “The human will always be the weakest link in the cyber attack chain, and that’s what many attackers exploit.”Regardless, “In many cases, people only realize their credentials have been compromised after something goes wrong, such as an unexpected password reset, an account lockout, or fraudulent charges on a credit card. Unfortunately, by the time those warning signs appear, the stolen credentials may already have been circulating or actively used by threat actors,” says Burton.When a compromised credential breach occurs, the game changes to one of early detection and rapid containment. Is there any defense against the use of stolen credentials once the attacker has achieved access? “Yes,” says Meyers, “but the defense shifts from preventing login to containing and outpacing the attacker.” This includes both detecting and slowing the attacker, resetting credentials to prevent further misuse, revocation of active sessions, and enforcing least privilege everywhere.“Once an attacker authenticates, the focus shifts from blocking access to detecting misuse and limiting blast radius,” agrees Bee. “The faster misuse is detected and contained, the smaller the impact.”The two best known tools for detection and containment are behavioral anomaly detection and zero trust principles.Behavioral detectionBehavioral detection systems create a baseline of normal user behavior and are able to detect any deviation from that. That deviation is likely to indicate the presence of an intruder, even where access was enabled with valid credentials. “Once attackers authenticate, the giveaway becomes behavior,” says Meyers.Long describes it as continuous authentication. “Instead of trusting a user simply because they logged in successfully once, businesses can monitor behavior throughout the session. Techniques such as behavioral biometrics build a profile of how a customer normally interacts with a service. That can include where they typically are, the devices they use, how they handle that device, and their usual transaction patterns. If something falls outside that normal pattern, the system can step up security the next time the customer attempts an action.”Access, he says, should not be treated as a one-time decision. Bee agrees. “The real question is not whether the login was valid, but whether the behavior that follows aligns with expected identity patterns. If trust is granted once at login and maintained for the entire session, an attacker can operate freely within that window. That is why resilience depends on continuous validation, reassessing whether the user, device, and context remain consistent with what ‘normal’ looks like.”He continues, “Unusual access to new systems, privilege changes, or unfamiliar SaaS activity should trigger re-authentication, session isolation, or immediate revocation. In interconnected, SaaS-driven environments, speed is decisive. The faster misuse is detected and contained, the smaller the impact.”Zero trustZero trust can assist in credential breach containment, but zero trust is still widely misunderstood as a product or technology.“Zero trust is not a technology. It’s not a product that you can buy off the shelf,” says George. “It is really a concept, a way of thinking; and it simply says, ‘Never trust anything, but rather double check everything’. In today’s dynamic threatscape, that’s an approach that every organization should apply. If you trust credentials, and you believe that a legitimate identity is behind it, you’re in the 70 plus percent of cases where you’re mistaken.”It’s that automatic trust that the attackers leverage. “If you never trust anything, but you really ask further questions, if you don’t automatically assume a credential equals an identity, but check it against things like geolocation, timing of the action, behavioral biometrics – if you can do that in the context of identities, then you’re really minimizing your risk exposure tremendously.”Carlos Aguilar Melchor, principal research scientist atSandboxAQ, agrees. “Zero Trust is a way of operating, not a finish line. The goal is simple: keep shrinking blast radius wherever identity and cryptography are well governed and enforced.Carlos Aguilar Melchor, principal research scientist at SandboxAQ.“The old perimeter is gone,” he continues. “Keep moving to continuous verification across users, devices, services, data, and agents. Make every transaction check policy, and treat identity as the control plane for both people and machines.”While zero trust is neither a product nor a finish line, “Partial zero trust is still worth doing if you can measure it,” he suggests. “Start with phishing-resistant MFA, signed software and models, workload identity, and service-to-service mutual Transport Layer Security (mTLS). Keep crypto strong so machine identities stay trustworthy.”It is the continuous verification that is important, says Meyers. “Zero trust is strong against ‘credential = keys to the kingdom’ thinking, because it emphasizes continuous verification and conditional access. Most notably, zero trust shines when paired with enforcement that catches trust boundary violations and limits lateral movement after initial access.”Microsegmentation, often considered to be a key aspect in implementing the zero trust concept, is a strategy rather than a technology. It is useful in containing an intruder. “It limits the ‘blast radius’ by ensuring one compromised account cannot move freely across the entire network,” comments Parnes.‘Freely’ is the key word. It doesn’t prevent lateral movement, but it slows it down. That alone could be enough. Cybercriminals don’t like to hang around, which could lead to exposure and unintended consequences. If things get tough, they are quite likely to leave and move on to the next victim.The agility gap in actionOne thing we haven’t mentioned but really should, is the effect of stolen API keys for agentic AI systems. The speed of full compromise and the potential blast radius are both increased exponentially, and the threat surface (the use of agentic AI systems within and by business) is expanding dramatically. It is another example of AI expanding the agility gap.This API key isn’t simply capable of unlocking the data store, it is the key to an agent who is effectively a trusted employee able to talk to other similarly trusted employees, roam freely through the network and act autonomously. It has access beyond datasets into workflows. Since agents are necessarily trusted by the system, they are unlikely to trip any detection mechanism or be delayed by firewalls until after it or they act.Once into the agentic system, the attacker effectively has access to every system or platform (Jira, Slack, AWS, etcetera) the agentic system integrates with. Such an attacker, unlikely to be detected, could explore possibilities available through the agentic system, and then strike. This strike could include thousands of malicious actions at machine speed across the victim’s entire infrastructure before it is detected.With stolen API keys, possible detection and containment is low, and blast radius is high.The future“I think, quite frankly, as with any type of attack, the threat actors will always be a step ahead of us,” says George. “It is our task to reduce the agility gap between the attacker and defender as far as possible, but we will never eliminate it. We will never be able to completely protect against any attack, including against identity-based attacks. And to any vendor or professional that claims 100% protection… you should laugh at them.”Related:Autonomous AI Agents Provide New Class of Supply Chain AttackRelated:Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark ForumsRelated:The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to IgnoreRelated:Cyber Insights 2026: Zero Trust and Following the PathRelated:136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

But at the end of the day, adds George, “The human will always be the weakest link in the cyber attack chain, and that’s what many attackers exploit.”Regardless, “In many cases, people only realize their credentials have been compromised after something goes wrong, such as an unexpected password reset, an account lockout, or fraudulent charges on a credit card. Unfortunately, by the time those warning signs appear, the stolen credentials may already have been circulating or actively used by threat actors,” says Burton.When a compromised credential breach occurs, the game changes to one of early detection and rapid containment. Is there any defense against the use of stolen credentials once the attacker has achieved access? “Yes,” says Meyers, “but the defense shifts from preventing login to containing and outpacing the attacker.” This includes both detecting and slowing the attacker, resetting credentials to prevent further misuse, revocation of active sessions, and enforcing least privilege everywhere.“Once an attacker authenticates, the focus shifts from blocking access to detecting misuse and limiting blast radius,” agrees Bee. “The faster misuse is detected and contained, the smaller the impact.”The two best known tools for detection and containment are behavioral anomaly detection and zero trust principles.Behavioral detectionBehavioral detection systems create a baseline of normal user behavior and are able to detect any deviation from that. That deviation is likely to indicate the presence of an intruder, even where access was enabled with valid credentials. “Once attackers authenticate, the giveaway becomes behavior,” says Meyers.Long describes it as continuous authentication. “Instead of trusting a user simply because they logged in successfully once, businesses can monitor behavior throughout the session. Techniques such as behavioral biometrics build a profile of how a customer normally interacts with a service. That can include where they typically are, the devices they use, how they handle that device, and their usual transaction patterns. If something falls outside that normal pattern, the system can step up security the next time the customer attempts an action.”Access, he says, should not be treated as a one-time decision. Bee agrees. “The real question is not whether the login was valid, but whether the behavior that follows aligns with expected identity patterns. If trust is granted once at login and maintained for the entire session, an attacker can operate freely within that window. That is why resilience depends on continuous validation, reassessing whether the user, device, and context remain consistent with what ‘normal’ looks like.”He continues, “Unusual access to new systems, privilege changes, or unfamiliar SaaS activity should trigger re-authentication, session isolation, or immediate revocation. In interconnected, SaaS-driven environments, speed is decisive. The faster misuse is detected and contained, the smaller the impact.”Zero trustZero trust can assist in credential breach containment, but zero trust is still widely misunderstood as a product or technology.“Zero trust is not a technology. It’s not a product that you can buy off the shelf,” says George. “It is really a concept, a way of thinking; and it simply says, ‘Never trust anything, but rather double check everything’. In today’s dynamic threatscape, that’s an approach that every organization should apply. If you trust credentials, and you believe that a legitimate identity is behind it, you’re in the 70 plus percent of cases where you’re mistaken.”It’s that automatic trust that the attackers leverage. “If you never trust anything, but you really ask further questions, if you don’t automatically assume a credential equals an identity, but check it against things like geolocation, timing of the action, behavioral biometrics – if you can do that in the context of identities, then you’re really minimizing your risk exposure tremendously.”Carlos Aguilar Melchor, principal research scientist atSandboxAQ, agrees. “Zero Trust is a way of operating, not a finish line. The goal is simple: keep shrinking blast radius wherever identity and cryptography are well governed and enforced.Carlos Aguilar Melchor, principal research scientist at SandboxAQ.“The old perimeter is gone,” he continues. “Keep moving to continuous verification across users, devices, services, data, and agents. Make every transaction check policy, and treat identity as the control plane for both people and machines.”While zero trust is neither a product nor a finish line, “Partial zero trust is still worth doing if you can measure it,” he suggests. “Start with phishing-resistant MFA, signed software and models, workload identity, and service-to-service mutual Transport Layer Security (mTLS). Keep crypto strong so machine identities stay trustworthy.”It is the continuous verification that is important, says Meyers. “Zero trust is strong against ‘credential = keys to the kingdom’ thinking, because it emphasizes continuous verification and conditional access. Most notably, zero trust shines when paired with enforcement that catches trust boundary violations and limits lateral movement after initial access.”Microsegmentation, often considered to be a key aspect in implementing the zero trust concept, is a strategy rather than a technology. It is useful in containing an intruder. “It limits the ‘blast radius’ by ensuring one compromised account cannot move freely across the entire network,” comments Parnes.‘Freely’ is the key word. It doesn’t prevent lateral movement, but it slows it down. That alone could be enough. Cybercriminals don’t like to hang around, which could lead to exposure and unintended consequences. If things get tough, they are quite likely to leave and move on to the next victim.The agility gap in actionOne thing we haven’t mentioned but really should, is the effect of stolen API keys for agentic AI systems. The speed of full compromise and the potential blast radius are both increased exponentially, and the threat surface (the use of agentic AI systems within and by business) is expanding dramatically. It is another example of AI expanding the agility gap.This API key isn’t simply capable of unlocking the data store, it is the key to an agent who is effectively a trusted employee able to talk to other similarly trusted employees, roam freely through the network and act autonomously. It has access beyond datasets into workflows. Since agents are necessarily trusted by the system, they are unlikely to trip any detection mechanism or be delayed by firewalls until after it or they act.Once into the agentic system, the attacker effectively has access to every system or platform (Jira, Slack, AWS, etcetera) the agentic system integrates with. Such an attacker, unlikely to be detected, could explore possibilities available through the agentic system, and then strike. This strike could include thousands of malicious actions at machine speed across the victim’s entire infrastructure before it is detected.With stolen API keys, possible detection and containment is low, and blast radius is high.The future“I think, quite frankly, as with any type of attack, the threat actors will always be a step ahead of us,” says George. “It is our task to reduce the agility gap between the attacker and defender as far as possible, but we will never eliminate it. We will never be able to completely protect against any attack, including against identity-based attacks. And to any vendor or professional that claims 100% protection… you should laugh at them.”Related:Autonomous AI Agents Provide New Class of Supply Chain AttackRelated:Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark ForumsRelated:The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to IgnoreRelated:Cyber Insights 2026: Zero Trust and Following the PathRelated:136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

Regardless, “In many cases, people only realize their credentials have been compromised after something goes wrong, such as an unexpected password reset, an account lockout, or fraudulent charges on a credit card. Unfortunately, by the time those warning signs appear, the stolen credentials may already have been circulating or actively used by threat actors,” says Burton.When a compromised credential breach occurs, the game changes to one of early detection and rapid containment. Is there any defense against the use of stolen credentials once the attacker has achieved access? “Yes,” says Meyers, “but the defense shifts from preventing login to containing and outpacing the attacker.” This includes both detecting and slowing the attacker, resetting credentials to prevent further misuse, revocation of active sessions, and enforcing least privilege everywhere.“Once an attacker authenticates, the focus shifts from blocking access to detecting misuse and limiting blast radius,” agrees Bee. “The faster misuse is detected and contained, the smaller the impact.”The two best known tools for detection and containment are behavioral anomaly detection and zero trust principles.Behavioral detectionBehavioral detection systems create a baseline of normal user behavior and are able to detect any deviation from that. That deviation is likely to indicate the presence of an intruder, even where access was enabled with valid credentials. “Once attackers authenticate, the giveaway becomes behavior,” says Meyers.Long describes it as continuous authentication. “Instead of trusting a user simply because they logged in successfully once, businesses can monitor behavior throughout the session. Techniques such as behavioral biometrics build a profile of how a customer normally interacts with a service. That can include where they typically are, the devices they use, how they handle that device, and their usual transaction patterns. If something falls outside that normal pattern, the system can step up security the next time the customer attempts an action.”Access, he says, should not be treated as a one-time decision. Bee agrees. “The real question is not whether the login was valid, but whether the behavior that follows aligns with expected identity patterns. If trust is granted once at login and maintained for the entire session, an attacker can operate freely within that window. That is why resilience depends on continuous validation, reassessing whether the user, device, and context remain consistent with what ‘normal’ looks like.”He continues, “Unusual access to new systems, privilege changes, or unfamiliar SaaS activity should trigger re-authentication, session isolation, or immediate revocation. In interconnected, SaaS-driven environments, speed is decisive. The faster misuse is detected and contained, the smaller the impact.”Zero trustZero trust can assist in credential breach containment, but zero trust is still widely misunderstood as a product or technology.“Zero trust is not a technology. It’s not a product that you can buy off the shelf,” says George. “It is really a concept, a way of thinking; and it simply says, ‘Never trust anything, but rather double check everything’. In today’s dynamic threatscape, that’s an approach that every organization should apply. If you trust credentials, and you believe that a legitimate identity is behind it, you’re in the 70 plus percent of cases where you’re mistaken.”It’s that automatic trust that the attackers leverage. “If you never trust anything, but you really ask further questions, if you don’t automatically assume a credential equals an identity, but check it against things like geolocation, timing of the action, behavioral biometrics – if you can do that in the context of identities, then you’re really minimizing your risk exposure tremendously.”Carlos Aguilar Melchor, principal research scientist atSandboxAQ, agrees. “Zero Trust is a way of operating, not a finish line. The goal is simple: keep shrinking blast radius wherever identity and cryptography are well governed and enforced.Carlos Aguilar Melchor, principal research scientist at SandboxAQ.“The old perimeter is gone,” he continues. “Keep moving to continuous verification across users, devices, services, data, and agents. Make every transaction check policy, and treat identity as the control plane for both people and machines.”While zero trust is neither a product nor a finish line, “Partial zero trust is still worth doing if you can measure it,” he suggests. “Start with phishing-resistant MFA, signed software and models, workload identity, and service-to-service mutual Transport Layer Security (mTLS). Keep crypto strong so machine identities stay trustworthy.”It is the continuous verification that is important, says Meyers. “Zero trust is strong against ‘credential = keys to the kingdom’ thinking, because it emphasizes continuous verification and conditional access. Most notably, zero trust shines when paired with enforcement that catches trust boundary violations and limits lateral movement after initial access.”Microsegmentation, often considered to be a key aspect in implementing the zero trust concept, is a strategy rather than a technology. It is useful in containing an intruder. “It limits the ‘blast radius’ by ensuring one compromised account cannot move freely across the entire network,” comments Parnes.‘Freely’ is the key word. It doesn’t prevent lateral movement, but it slows it down. That alone could be enough. Cybercriminals don’t like to hang around, which could lead to exposure and unintended consequences. If things get tough, they are quite likely to leave and move on to the next victim.The agility gap in actionOne thing we haven’t mentioned but really should, is the effect of stolen API keys for agentic AI systems. The speed of full compromise and the potential blast radius are both increased exponentially, and the threat surface (the use of agentic AI systems within and by business) is expanding dramatically. It is another example of AI expanding the agility gap.This API key isn’t simply capable of unlocking the data store, it is the key to an agent who is effectively a trusted employee able to talk to other similarly trusted employees, roam freely through the network and act autonomously. It has access beyond datasets into workflows. Since agents are necessarily trusted by the system, they are unlikely to trip any detection mechanism or be delayed by firewalls until after it or they act.Once into the agentic system, the attacker effectively has access to every system or platform (Jira, Slack, AWS, etcetera) the agentic system integrates with. Such an attacker, unlikely to be detected, could explore possibilities available through the agentic system, and then strike. This strike could include thousands of malicious actions at machine speed across the victim’s entire infrastructure before it is detected.With stolen API keys, possible detection and containment is low, and blast radius is high.The future“I think, quite frankly, as with any type of attack, the threat actors will always be a step ahead of us,” says George. “It is our task to reduce the agility gap between the attacker and defender as far as possible, but we will never eliminate it. We will never be able to completely protect against any attack, including against identity-based attacks. And to any vendor or professional that claims 100% protection… you should laugh at them.”Related:Autonomous AI Agents Provide New Class of Supply Chain AttackRelated:Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark ForumsRelated:The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to IgnoreRelated:Cyber Insights 2026: Zero Trust and Following the PathRelated:136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

When a compromised credential breach occurs, the game changes to one of early detection and rapid containment. Is there any defense against the use of stolen credentials once the attacker has achieved access? “Yes,” says Meyers, “but the defense shifts from preventing login to containing and outpacing the attacker.” This includes both detecting and slowing the attacker, resetting credentials to prevent further misuse, revocation of active sessions, and enforcing least privilege everywhere.“Once an attacker authenticates, the focus shifts from blocking access to detecting misuse and limiting blast radius,” agrees Bee. “The faster misuse is detected and contained, the smaller the impact.”The two best known tools for detection and containment are behavioral anomaly detection and zero trust principles.Behavioral detectionBehavioral detection systems create a baseline of normal user behavior and are able to detect any deviation from that. That deviation is likely to indicate the presence of an intruder, even where access was enabled with valid credentials. “Once attackers authenticate, the giveaway becomes behavior,” says Meyers.Long describes it as continuous authentication. “Instead of trusting a user simply because they logged in successfully once, businesses can monitor behavior throughout the session. Techniques such as behavioral biometrics build a profile of how a customer normally interacts with a service. That can include where they typically are, the devices they use, how they handle that device, and their usual transaction patterns. If something falls outside that normal pattern, the system can step up security the next time the customer attempts an action.”Access, he says, should not be treated as a one-time decision. Bee agrees. “The real question is not whether the login was valid, but whether the behavior that follows aligns with expected identity patterns. If trust is granted once at login and maintained for the entire session, an attacker can operate freely within that window. That is why resilience depends on continuous validation, reassessing whether the user, device, and context remain consistent with what ‘normal’ looks like.”He continues, “Unusual access to new systems, privilege changes, or unfamiliar SaaS activity should trigger re-authentication, session isolation, or immediate revocation. In interconnected, SaaS-driven environments, speed is decisive. The faster misuse is detected and contained, the smaller the impact.”Zero trustZero trust can assist in credential breach containment, but zero trust is still widely misunderstood as a product or technology.“Zero trust is not a technology. It’s not a product that you can buy off the shelf,” says George. “It is really a concept, a way of thinking; and it simply says, ‘Never trust anything, but rather double check everything’. In today’s dynamic threatscape, that’s an approach that every organization should apply. If you trust credentials, and you believe that a legitimate identity is behind it, you’re in the 70 plus percent of cases where you’re mistaken.”It’s that automatic trust that the attackers leverage. “If you never trust anything, but you really ask further questions, if you don’t automatically assume a credential equals an identity, but check it against things like geolocation, timing of the action, behavioral biometrics – if you can do that in the context of identities, then you’re really minimizing your risk exposure tremendously.”Carlos Aguilar Melchor, principal research scientist atSandboxAQ, agrees. “Zero Trust is a way of operating, not a finish line. The goal is simple: keep shrinking blast radius wherever identity and cryptography are well governed and enforced.Carlos Aguilar Melchor, principal research scientist at SandboxAQ.“The old perimeter is gone,” he continues. “Keep moving to continuous verification across users, devices, services, data, and agents. Make every transaction check policy, and treat identity as the control plane for both people and machines.”While zero trust is neither a product nor a finish line, “Partial zero trust is still worth doing if you can measure it,” he suggests. “Start with phishing-resistant MFA, signed software and models, workload identity, and service-to-service mutual Transport Layer Security (mTLS). Keep crypto strong so machine identities stay trustworthy.”It is the continuous verification that is important, says Meyers. “Zero trust is strong against ‘credential = keys to the kingdom’ thinking, because it emphasizes continuous verification and conditional access. Most notably, zero trust shines when paired with enforcement that catches trust boundary violations and limits lateral movement after initial access.”Microsegmentation, often considered to be a key aspect in implementing the zero trust concept, is a strategy rather than a technology. It is useful in containing an intruder. “It limits the ‘blast radius’ by ensuring one compromised account cannot move freely across the entire network,” comments Parnes.‘Freely’ is the key word. It doesn’t prevent lateral movement, but it slows it down. That alone could be enough. Cybercriminals don’t like to hang around, which could lead to exposure and unintended consequences. If things get tough, they are quite likely to leave and move on to the next victim.The agility gap in actionOne thing we haven’t mentioned but really should, is the effect of stolen API keys for agentic AI systems. The speed of full compromise and the potential blast radius are both increased exponentially, and the threat surface (the use of agentic AI systems within and by business) is expanding dramatically. It is another example of AI expanding the agility gap.This API key isn’t simply capable of unlocking the data store, it is the key to an agent who is effectively a trusted employee able to talk to other similarly trusted employees, roam freely through the network and act autonomously. It has access beyond datasets into workflows. Since agents are necessarily trusted by the system, they are unlikely to trip any detection mechanism or be delayed by firewalls until after it or they act.Once into the agentic system, the attacker effectively has access to every system or platform (Jira, Slack, AWS, etcetera) the agentic system integrates with. Such an attacker, unlikely to be detected, could explore possibilities available through the agentic system, and then strike. This strike could include thousands of malicious actions at machine speed across the victim’s entire infrastructure before it is detected.With stolen API keys, possible detection and containment is low, and blast radius is high.The future“I think, quite frankly, as with any type of attack, the threat actors will always be a step ahead of us,” says George. “It is our task to reduce the agility gap between the attacker and defender as far as possible, but we will never eliminate it. We will never be able to completely protect against any attack, including against identity-based attacks. And to any vendor or professional that claims 100% protection… you should laugh at them.”Related:Autonomous AI Agents Provide New Class of Supply Chain AttackRelated:Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark ForumsRelated:The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to IgnoreRelated:Cyber Insights 2026: Zero Trust and Following the PathRelated:136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

“Once an attacker authenticates, the focus shifts from blocking access to detecting misuse and limiting blast radius,” agrees Bee. “The faster misuse is detected and contained, the smaller the impact.”The two best known tools for detection and containment are behavioral anomaly detection and zero trust principles.Behavioral detectionBehavioral detection systems create a baseline of normal user behavior and are able to detect any deviation from that. That deviation is likely to indicate the presence of an intruder, even where access was enabled with valid credentials. “Once attackers authenticate, the giveaway becomes behavior,” says Meyers.Long describes it as continuous authentication. “Instead of trusting a user simply because they logged in successfully once, businesses can monitor behavior throughout the session. Techniques such as behavioral biometrics build a profile of how a customer normally interacts with a service. That can include where they typically are, the devices they use, how they handle that device, and their usual transaction patterns. If something falls outside that normal pattern, the system can step up security the next time the customer attempts an action.”Access, he says, should not be treated as a one-time decision. Bee agrees. “The real question is not whether the login was valid, but whether the behavior that follows aligns with expected identity patterns. If trust is granted once at login and maintained for the entire session, an attacker can operate freely within that window. That is why resilience depends on continuous validation, reassessing whether the user, device, and context remain consistent with what ‘normal’ looks like.”He continues, “Unusual access to new systems, privilege changes, or unfamiliar SaaS activity should trigger re-authentication, session isolation, or immediate revocation. In interconnected, SaaS-driven environments, speed is decisive. The faster misuse is detected and contained, the smaller the impact.”Zero trustZero trust can assist in credential breach containment, but zero trust is still widely misunderstood as a product or technology.“Zero trust is not a technology. It’s not a product that you can buy off the shelf,” says George. “It is really a concept, a way of thinking; and it simply says, ‘Never trust anything, but rather double check everything’. In today’s dynamic threatscape, that’s an approach that every organization should apply. If you trust credentials, and you believe that a legitimate identity is behind it, you’re in the 70 plus percent of cases where you’re mistaken.”It’s that automatic trust that the attackers leverage. “If you never trust anything, but you really ask further questions, if you don’t automatically assume a credential equals an identity, but check it against things like geolocation, timing of the action, behavioral biometrics – if you can do that in the context of identities, then you’re really minimizing your risk exposure tremendously.”Carlos Aguilar Melchor, principal research scientist atSandboxAQ, agrees. “Zero Trust is a way of operating, not a finish line. The goal is simple: keep shrinking blast radius wherever identity and cryptography are well governed and enforced.Carlos Aguilar Melchor, principal research scientist at SandboxAQ.“The old perimeter is gone,” he continues. “Keep moving to continuous verification across users, devices, services, data, and agents. Make every transaction check policy, and treat identity as the control plane for both people and machines.”While zero trust is neither a product nor a finish line, “Partial zero trust is still worth doing if you can measure it,” he suggests. “Start with phishing-resistant MFA, signed software and models, workload identity, and service-to-service mutual Transport Layer Security (mTLS). Keep crypto strong so machine identities stay trustworthy.”It is the continuous verification that is important, says Meyers. “Zero trust is strong against ‘credential = keys to the kingdom’ thinking, because it emphasizes continuous verification and conditional access. Most notably, zero trust shines when paired with enforcement that catches trust boundary violations and limits lateral movement after initial access.”Microsegmentation, often considered to be a key aspect in implementing the zero trust concept, is a strategy rather than a technology. It is useful in containing an intruder. “It limits the ‘blast radius’ by ensuring one compromised account cannot move freely across the entire network,” comments Parnes.‘Freely’ is the key word. It doesn’t prevent lateral movement, but it slows it down. That alone could be enough. Cybercriminals don’t like to hang around, which could lead to exposure and unintended consequences. If things get tough, they are quite likely to leave and move on to the next victim.The agility gap in actionOne thing we haven’t mentioned but really should, is the effect of stolen API keys for agentic AI systems. The speed of full compromise and the potential blast radius are both increased exponentially, and the threat surface (the use of agentic AI systems within and by business) is expanding dramatically. It is another example of AI expanding the agility gap.This API key isn’t simply capable of unlocking the data store, it is the key to an agent who is effectively a trusted employee able to talk to other similarly trusted employees, roam freely through the network and act autonomously. It has access beyond datasets into workflows. Since agents are necessarily trusted by the system, they are unlikely to trip any detection mechanism or be delayed by firewalls until after it or they act.Once into the agentic system, the attacker effectively has access to every system or platform (Jira, Slack, AWS, etcetera) the agentic system integrates with. Such an attacker, unlikely to be detected, could explore possibilities available through the agentic system, and then strike. This strike could include thousands of malicious actions at machine speed across the victim’s entire infrastructure before it is detected.With stolen API keys, possible detection and containment is low, and blast radius is high.The future“I think, quite frankly, as with any type of attack, the threat actors will always be a step ahead of us,” says George. “It is our task to reduce the agility gap between the attacker and defender as far as possible, but we will never eliminate it. We will never be able to completely protect against any attack, including against identity-based attacks. And to any vendor or professional that claims 100% protection… you should laugh at them.”Related:Autonomous AI Agents Provide New Class of Supply Chain AttackRelated:Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark ForumsRelated:The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to IgnoreRelated:Cyber Insights 2026: Zero Trust and Following the PathRelated:136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

Source: SecurityWeek