All I Want for Christmas is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664)
Cyata Research: LangGrinch Vulnerability in LangChain Yesterday, LangChain published a critical advisory for a vulnerability…
Insights on security, identity, and innovation
All insights
Cyata Research: Breaking Anthropic’s Official MCP Server
How We Found Code Execution in Anthropic’s Official Git MCP Server TL;DR What happened: Cyata…
Cyata Research: Critical Flaw in Cursor MCP Installation
As originally published at SiliconANGLE, a new report out today from artificial intelligence security startup Cyata Security…
Speed Kills: Why Your AI Agents Are Exposing IAM Vulnerabilities
Security and IAM teams have spent the last decade building real-time Identity and Access Management…
Google Antigravity Lands. Cyata Already Has It On The Map.
Supported now in Cyata for discovery and active posture management. Yes, it took us less…
Cyata Joins OWASP to Advance AI Agent Security
Cyata becomes OWASP Corporate Supporter, reinforcing commitment to open security practices as AI agents reshape…
Why AISPM Isn’t Enough: Introducing Agentic SPM
Agents Are Acting. Security Isn’t Watching. Right now, across your organization, an AI agent is…
Cyata Joins Cloud Security Alliance to Advance Responsible Agentic Identity Governance
Cyata becomes CSA member and signs AI Trustworthy Pledge, reinforcing commitment to industry-leading security standards…
The Drift breach was not about malware. It was about agentic identity.
On August 8, 2025, a threat actor used stolen OAuth tokens from the Salesloft Drift…
Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault
Introduction: when the trust model can’t be trusted Secrets vaults are the backbone of digital…
