Mitiga
@mitiga.bsky.social
Let Them Come. Mitiga is the leader in AI-Native Zero-Impact Breach Mitigation – the only approach that ensures cyberattacks cause no business impact.
Proactive hunting is a must for resilience.
Attackers use AI to move more rapidly and quietly and get closer to your crown jewels. Anyone who has worked a cloud investigation knows how fast that early activity can disappear into normal noise.
More AIDR best practices: https://loom.ly/SkfW9Mc
Attackers use AI to move more rapidly and quietly and get closer to your crown jewels. Anyone who has worked a cloud investigation knows how fast that early activity can disappear into normal noise.
More AIDR best practices: https://loom.ly/SkfW9Mc
December 10, 2025 at 7:33 PM
Proactive hunting is a must for resilience.
Attackers use AI to move more rapidly and quietly and get closer to your crown jewels. Anyone who has worked a cloud investigation knows how fast that early activity can disappear into normal noise.
More AIDR best practices: https://loom.ly/SkfW9Mc
Attackers use AI to move more rapidly and quietly and get closer to your crown jewels. Anyone who has worked a cloud investigation knows how fast that early activity can disappear into normal noise.
More AIDR best practices: https://loom.ly/SkfW9Mc
We looked at 10,000 open-source AI/ML repos.
70% had critical or high-severity vulnerabilities in GitHub Actions workflows.
This research breaks down the most prevalent vulnerabilities, how attackers exploit them, and what to fix before it matters.
🔗 https://loom.ly/4EF7bPs
70% had critical or high-severity vulnerabilities in GitHub Actions workflows.
This research breaks down the most prevalent vulnerabilities, how attackers exploit them, and what to fix before it matters.
🔗 https://loom.ly/4EF7bPs
Inside the AI Supply Chain: Security Lessons from 10,000 Open-Source ML Projects
Analysis of 10,000 open-source AI/ML repositories reveals 70% have critical or high-severity vulnerabilities in GitHub Actions workflows, making them prone to attacks like code injection, credential theft, or repo takeover via malicious PRs.
www.mitiga.io
December 9, 2025 at 3:06 PM
We looked at 10,000 open-source AI/ML repos.
70% had critical or high-severity vulnerabilities in GitHub Actions workflows.
This research breaks down the most prevalent vulnerabilities, how attackers exploit them, and what to fix before it matters.
🔗 https://loom.ly/4EF7bPs
70% had critical or high-severity vulnerabilities in GitHub Actions workflows.
This research breaks down the most prevalent vulnerabilities, how attackers exploit them, and what to fix before it matters.
🔗 https://loom.ly/4EF7bPs
The call is coming from inside the Salesforce ecosystem.
Attackers are entering through connected apps. Once inside, they move fast.
See the offer. Read the breakdowns. Start preventing.
https://loom.ly/YHHGQ-A
Attackers are entering through connected apps. Once inside, they move fast.
See the offer. Read the breakdowns. Start preventing.
https://loom.ly/YHHGQ-A
December 8, 2025 at 9:26 PM
The call is coming from inside the Salesforce ecosystem.
Attackers are entering through connected apps. Once inside, they move fast.
See the offer. Read the breakdowns. Start preventing.
https://loom.ly/YHHGQ-A
Attackers are entering through connected apps. Once inside, they move fast.
See the offer. Read the breakdowns. Start preventing.
https://loom.ly/YHHGQ-A
Mitiga has been named one of CRN’s 10 Hottest Cybersecurity Startups of 2025. It’s a powerful recognition, but not a surprise to the people building with us.
To every employee pushing the limits. To every partner extending our reach. This is your win.
Let them come.
https://loom.ly/X795lbc
To every employee pushing the limits. To every partner extending our reach. This is your win.
Let them come.
https://loom.ly/X795lbc
December 5, 2025 at 3:24 PM
Mitiga has been named one of CRN’s 10 Hottest Cybersecurity Startups of 2025. It’s a powerful recognition, but not a surprise to the people building with us.
To every employee pushing the limits. To every partner extending our reach. This is your win.
Let them come.
https://loom.ly/X795lbc
To every employee pushing the limits. To every partner extending our reach. This is your win.
Let them come.
https://loom.ly/X795lbc
Pop quiz: what's a gargoyle? There's a good chance you are either thinking of a 90s cartoon or a different kind of stone structure entirely.
December 4, 2025 at 5:42 PM
Pop quiz: what's a gargoyle? There's a good chance you are either thinking of a 90s cartoon or a different kind of stone structure entirely.
What do medieval gargoyles have to do with cloud security? A lot, actually. Dr. Janetta Benton joins Mitiga Mic to discuss these ancient defenders who inspired our modern one: Argus. https://loom.ly/R5Bfbo0
December 2, 2025 at 3:46 PM
What do medieval gargoyles have to do with cloud security? A lot, actually. Dr. Janetta Benton joins Mitiga Mic to discuss these ancient defenders who inspired our modern one: Argus. https://loom.ly/R5Bfbo0
Attackers get in.
With Mitiga, they get nothing.
That's Zero-Impact Breach Prevention across Cloud, SaaS, AI, and Identity.
Real containment. No impact.
Let them come.
With Mitiga, they get nothing.
That's Zero-Impact Breach Prevention across Cloud, SaaS, AI, and Identity.
Real containment. No impact.
Let them come.
December 1, 2025 at 4:45 PM
Attackers get in.
With Mitiga, they get nothing.
That's Zero-Impact Breach Prevention across Cloud, SaaS, AI, and Identity.
Real containment. No impact.
Let them come.
With Mitiga, they get nothing.
That's Zero-Impact Breach Prevention across Cloud, SaaS, AI, and Identity.
Real containment. No impact.
Let them come.
This week, we’re especially thankful for the defenders.
The ones who keep watch when others wind down.
The ones who ask the hard questions.
The ones who act before it’s too late.
We built Mitiga for you.
For resilience, not reaction.
For action, not aftermath.
Let them come.
The ones who keep watch when others wind down.
The ones who ask the hard questions.
The ones who act before it’s too late.
We built Mitiga for you.
For resilience, not reaction.
For action, not aftermath.
Let them come.
November 26, 2025 at 8:35 PM
This week, we’re especially thankful for the defenders.
The ones who keep watch when others wind down.
The ones who ask the hard questions.
The ones who act before it’s too late.
We built Mitiga for you.
For resilience, not reaction.
For action, not aftermath.
Let them come.
The ones who keep watch when others wind down.
The ones who ask the hard questions.
The ones who act before it’s too late.
We built Mitiga for you.
For resilience, not reaction.
For action, not aftermath.
Let them come.
The European Union’s Cyber Resilience Act (CRA) sets a useful framework for SaaS vendors. But—yes, there is a but—compliance alone won't stop the next breach. https://loom.ly/d3sNt3I
The Cyber Resilience Act and SaaS: Why Compliance is Only Half the Battle
The EU’s Cyber Resilience Act is reshaping global software security expectations, especially for SaaS, where shared responsibility, lifecycle security and strong identity protections are essential as attackers increasingly “log in” instead of breaking in.
securityboulevard.com
November 26, 2025 at 4:05 PM
The European Union’s Cyber Resilience Act (CRA) sets a useful framework for SaaS vendors. But—yes, there is a but—compliance alone won't stop the next breach. https://loom.ly/d3sNt3I
When we talk about a Salesforce breach, that's not really accurate, is it? But it is the blast radius.
Attackers are stealing OAuth tokens from connected applications, like those from #Salesloft and #Gainsight, then walking in with full access. https://loom.ly/FRI71Eo
Attackers are stealing OAuth tokens from connected applications, like those from #Salesloft and #Gainsight, then walking in with full access. https://loom.ly/FRI71Eo
November 25, 2025 at 5:20 PM
When we talk about a Salesforce breach, that's not really accurate, is it? But it is the blast radius.
Attackers are stealing OAuth tokens from connected applications, like those from #Salesloft and #Gainsight, then walking in with full access. https://loom.ly/FRI71Eo
Attackers are stealing OAuth tokens from connected applications, like those from #Salesloft and #Gainsight, then walking in with full access. https://loom.ly/FRI71Eo
Apparently, Scattered Lapsus$ Shiny Hunters (SLSH) has returned to a target they know well: Salesforce data. They know where organizations overlook risk. https://loom.ly/5mnu13E
November 24, 2025 at 10:09 PM
Apparently, Scattered Lapsus$ Shiny Hunters (SLSH) has returned to a target they know well: Salesforce data. They know where organizations overlook risk. https://loom.ly/5mnu13E
Well, that's an unusual password change. What else is going on, and why is it important?
Brian Contos takes us inside cloud threat detection with behavioral analytics across AWS, GCP, and more. https://loom.ly/6qDt5kE
Brian Contos takes us inside cloud threat detection with behavioral analytics across AWS, GCP, and more. https://loom.ly/6qDt5kE
November 21, 2025 at 7:02 PM
Well, that's an unusual password change. What else is going on, and why is it important?
Brian Contos takes us inside cloud threat detection with behavioral analytics across AWS, GCP, and more. https://loom.ly/6qDt5kE
Brian Contos takes us inside cloud threat detection with behavioral analytics across AWS, GCP, and more. https://loom.ly/6qDt5kE
AI’s not a threat to my team. It’s our teammate.
In this new episode of Mitiga Mic, Arif Khan, senior director leading services at Mitiga, breaks down how his team stops what legacy tools miss — before attackers do damage.
🎧 Watch now → https://loom.ly/QlQNdpU
In this new episode of Mitiga Mic, Arif Khan, senior director leading services at Mitiga, breaks down how his team stops what legacy tools miss — before attackers do damage.
🎧 Watch now → https://loom.ly/QlQNdpU
November 18, 2025 at 3:26 PM
AI’s not a threat to my team. It’s our teammate.
In this new episode of Mitiga Mic, Arif Khan, senior director leading services at Mitiga, breaks down how his team stops what legacy tools miss — before attackers do damage.
🎧 Watch now → https://loom.ly/QlQNdpU
In this new episode of Mitiga Mic, Arif Khan, senior director leading services at Mitiga, breaks down how his team stops what legacy tools miss — before attackers do damage.
🎧 Watch now → https://loom.ly/QlQNdpU
Cloud resilience starts with observability.
Gopal Padinjaruveetil, CISO at AAA, explains why SaaS, identity, and multi-cloud visibility define modern defense. And why every CISO is racing to connect the dots across their environments.
Gopal Padinjaruveetil, CISO at AAA, explains why SaaS, identity, and multi-cloud visibility define modern defense. And why every CISO is racing to connect the dots across their environments.
November 17, 2025 at 4:26 PM
Cloud resilience starts with observability.
Gopal Padinjaruveetil, CISO at AAA, explains why SaaS, identity, and multi-cloud visibility define modern defense. And why every CISO is racing to connect the dots across their environments.
Gopal Padinjaruveetil, CISO at AAA, explains why SaaS, identity, and multi-cloud visibility define modern defense. And why every CISO is racing to connect the dots across their environments.
Workday logs are easy to ignore — until attackers use them against you.
In our new “Now You See Me” series, Mitiga Labs breaks down the logs, risks, and detection tips SaaS defenders can’t afford to miss. https://loom.ly/imueWOs
In our new “Now You See Me” series, Mitiga Labs breaks down the logs, risks, and detection tips SaaS defenders can’t afford to miss. https://loom.ly/imueWOs
November 13, 2025 at 4:50 PM
Workday logs are easy to ignore — until attackers use them against you.
In our new “Now You See Me” series, Mitiga Labs breaks down the logs, risks, and detection tips SaaS defenders can’t afford to miss. https://loom.ly/imueWOs
In our new “Now You See Me” series, Mitiga Labs breaks down the logs, risks, and detection tips SaaS defenders can’t afford to miss. https://loom.ly/imueWOs
Most people don't wake up, decide that they're going to become an elite hacker, and wham.
Often, it takes curiosity and persistence. Roei Sherman had his own interesting path. Now he's the head of research for Mitiga Labs. Hear his story on #MitigaMic. https://loom.ly/Ak0YXIs
Often, it takes curiosity and persistence. Roei Sherman had his own interesting path. Now he's the head of research for Mitiga Labs. Hear his story on #MitigaMic. https://loom.ly/Ak0YXIs
November 12, 2025 at 3:17 PM
Most people don't wake up, decide that they're going to become an elite hacker, and wham.
Often, it takes curiosity and persistence. Roei Sherman had his own interesting path. Now he's the head of research for Mitiga Labs. Hear his story on #MitigaMic. https://loom.ly/Ak0YXIs
Often, it takes curiosity and persistence. Roei Sherman had his own interesting path. Now he's the head of research for Mitiga Labs. Hear his story on #MitigaMic. https://loom.ly/Ak0YXIs
Attackers need less than an hour to start turning access into impact. You don't have time to waste.
Best Practice number 4 in John Vecchi's blog focuses on speed of response: automate cloud investigations and root cause analysis at scale. https://loom.ly/SkfW9Mc
Best Practice number 4 in John Vecchi's blog focuses on speed of response: automate cloud investigations and root cause analysis at scale. https://loom.ly/SkfW9Mc
November 10, 2025 at 4:21 PM
Attackers need less than an hour to start turning access into impact. You don't have time to waste.
Best Practice number 4 in John Vecchi's blog focuses on speed of response: automate cloud investigations and root cause analysis at scale. https://loom.ly/SkfW9Mc
Best Practice number 4 in John Vecchi's blog focuses on speed of response: automate cloud investigations and root cause analysis at scale. https://loom.ly/SkfW9Mc
Who's being held accountable for the rise in cybercrime?
CISOs like Gopal Padinjaruveetil (AAA) know that keeping up with this velocity takes more than posture-based prevention. It takes real-time detection, response, and genuine cyber resilience.
CISOs like Gopal Padinjaruveetil (AAA) know that keeping up with this velocity takes more than posture-based prevention. It takes real-time detection, response, and genuine cyber resilience.
November 7, 2025 at 4:16 PM
Who's being held accountable for the rise in cybercrime?
CISOs like Gopal Padinjaruveetil (AAA) know that keeping up with this velocity takes more than posture-based prevention. It takes real-time detection, response, and genuine cyber resilience.
CISOs like Gopal Padinjaruveetil (AAA) know that keeping up with this velocity takes more than posture-based prevention. It takes real-time detection, response, and genuine cyber resilience.
All it takes is one.
One user. One token.
That’s how attackers breached Nikkei’s Slack and exposed 17,000+ records.
SaaS is the soft underbelly: minimal visibility, direct access.
Let them come — but make sure they get nothing. https://loom.ly/iNw5iQQ
One user. One token.
That’s how attackers breached Nikkei’s Slack and exposed 17,000+ records.
SaaS is the soft underbelly: minimal visibility, direct access.
Let them come — but make sure they get nothing. https://loom.ly/iNw5iQQ
November 6, 2025 at 6:44 PM
All it takes is one.
One user. One token.
That’s how attackers breached Nikkei’s Slack and exposed 17,000+ records.
SaaS is the soft underbelly: minimal visibility, direct access.
Let them come — but make sure they get nothing. https://loom.ly/iNw5iQQ
One user. One token.
That’s how attackers breached Nikkei’s Slack and exposed 17,000+ records.
SaaS is the soft underbelly: minimal visibility, direct access.
Let them come — but make sure they get nothing. https://loom.ly/iNw5iQQ
The threat landscape has changed. So have the jobs that matter.
If you’re ready to fight smarter — and make sure attackers walk away with nothing — let’s talk.
At Mitiga, we’re building a world where breaches don’t matter.
https://loom.ly/BIMiBuc
If you’re ready to fight smarter — and make sure attackers walk away with nothing — let’s talk.
At Mitiga, we’re building a world where breaches don’t matter.
https://loom.ly/BIMiBuc
November 6, 2025 at 3:28 PM
The threat landscape has changed. So have the jobs that matter.
If you’re ready to fight smarter — and make sure attackers walk away with nothing — let’s talk.
At Mitiga, we’re building a world where breaches don’t matter.
https://loom.ly/BIMiBuc
If you’re ready to fight smarter — and make sure attackers walk away with nothing — let’s talk.
At Mitiga, we’re building a world where breaches don’t matter.
https://loom.ly/BIMiBuc
Don't blink. Cloud incidents move fast.
By the time an alert lands, the attack is already spreading across systems, identities, and SaaS apps.
Read "Top 5 Best Practices for AI-Powered Cloud Detection and Response": https://loom.ly/SkfW9Mc
By the time an alert lands, the attack is already spreading across systems, identities, and SaaS apps.
Read "Top 5 Best Practices for AI-Powered Cloud Detection and Response": https://loom.ly/SkfW9Mc
November 5, 2025 at 4:17 PM
Don't blink. Cloud incidents move fast.
By the time an alert lands, the attack is already spreading across systems, identities, and SaaS apps.
Read "Top 5 Best Practices for AI-Powered Cloud Detection and Response": https://loom.ly/SkfW9Mc
By the time an alert lands, the attack is already spreading across systems, identities, and SaaS apps.
Read "Top 5 Best Practices for AI-Powered Cloud Detection and Response": https://loom.ly/SkfW9Mc
"Security doesn’t have to be perfect. Nothing will be able to stop all the attacks all the time in every place. However, we can increase friction for attackers when they go into an environment."
📺 loom.ly/Ak0YXIs
📺 loom.ly/Ak0YXIs
November 4, 2025 at 9:31 PM
"Security doesn’t have to be perfect. Nothing will be able to stop all the attacks all the time in every place. However, we can increase friction for attackers when they go into an environment."
📺 loom.ly/Ak0YXIs
📺 loom.ly/Ak0YXIs
Preventing is failing. The ShinyHunters campaign proved it.
Attackers get in through SaaS and move fast across cloud and identity.
Mitiga delivers Zero-Impact Breach Prevention detecting and responding before attacks cause impact. https://loom.ly/AZMTQ8s
Attackers get in through SaaS and move fast across cloud and identity.
Mitiga delivers Zero-Impact Breach Prevention detecting and responding before attacks cause impact. https://loom.ly/AZMTQ8s
November 3, 2025 at 5:35 PM
Preventing is failing. The ShinyHunters campaign proved it.
Attackers get in through SaaS and move fast across cloud and identity.
Mitiga delivers Zero-Impact Breach Prevention detecting and responding before attacks cause impact. https://loom.ly/AZMTQ8s
Attackers get in through SaaS and move fast across cloud and identity.
Mitiga delivers Zero-Impact Breach Prevention detecting and responding before attacks cause impact. https://loom.ly/AZMTQ8s
Threats don’t knock anymore. They walk in, hoping no one sees them.
Good. We're watching.
When attackers try to blend in, our AI-native platform already knows that something isn't quite right.
Let them come.
Good. We're watching.
When attackers try to blend in, our AI-native platform already knows that something isn't quite right.
Let them come.
October 31, 2025 at 2:12 PM
Threats don’t knock anymore. They walk in, hoping no one sees them.
Good. We're watching.
When attackers try to blend in, our AI-native platform already knows that something isn't quite right.
Let them come.
Good. We're watching.
When attackers try to blend in, our AI-native platform already knows that something isn't quite right.
Let them come.
The attack surface is dynamic. You can lock down known vulnerabilities and deploy your cloud security tools, but the truth is that posture-based prevention will never be enough.
October 30, 2025 at 6:54 PM
The attack surface is dynamic. You can lock down known vulnerabilities and deploy your cloud security tools, but the truth is that posture-based prevention will never be enough.