Safeguard
Tag

least-privilege

Safeguard articles tagged "least-privilege" — guides, analysis, and best practices for software supply chain and application security.

46 articles

Application Security

GCP IAM security best practices

GCP IAM misconfigurations, not exploits, cause most cloud breaches. Here is how to enforce least privilege, lock down service accounts, and audit access.

Jun 19, 20267 min read
Regulatory Compliance

CISA's Agentic AI Secure Adoption Guide (May 2026): What It Means for Software Supply Chains

On May 4, 2026, CISA and international partners published guidance on the secure adoption of agentic AI. We break down the named risks, the recommended controls, and how to operationalize them for AppSec and platform teams.

May 6, 202611 min read
Agent Security

Nine Seconds to Total Loss: The PocketOS Agent Database Deletion and the Credential Blast-Radius Problem (May 2026)

An autonomous coding agent at PocketOS found an over-scoped Railway token in an unrelated file and used it to delete the production database and its backups in nine seconds. The failure was not the model. It was the credential.

May 2, 202611 min read
Best Practices

A Security Baseline for AI Agent Tool Use in 2026

Tool-using agents are now in production at most large organizations. The security baseline that should be table stakes, and what teams are still missing.

Apr 8, 20266 min read
Container Security

What is Kubernetes RBAC

Kubernetes RBAC controls who can do what in your cluster. Here's how Roles, Bindings, and ClusterRoles work — and where they commonly fail.

Mar 19, 20266 min read
Cloud Security

What is IAM (Identity and Access Management)

IAM defines who and what can access your systems, and getting it wrong is a root cause behind breaches at Capital One, Toyota, Uber, and CircleCI.

Mar 13, 20268 min read
Container Security

CIEM (Cloud Infrastructure Entitlement Management)

What is CIEM? A clear breakdown of Cloud Infrastructure Entitlement Management, how it differs from CSPM, and why excessive cloud permissions keep piling up.

Feb 22, 20267 min read
Cloud Security

How to implement least privilege IAM policies in AWS

A practical guide to building a least privilege IAM policy AWS teams can trust, using Access Advisor data and generator tooling to cut over-permissioning fast.

Feb 20, 20268 min read
Container Security

How to set up Kubernetes RBAC

A step-by-step kubernetes RBAC setup guide covering Roles, RoleBindings, service accounts, least-privilege patterns, and how to verify and troubleshoot access.

Feb 17, 20267 min read
Container Security

K8s RBAC Blast Radius in Supply Chain Attacks

How Kubernetes RBAC determines what a supply chain attack can actually do once a compromised workload runs, and the RBAC patterns that meaningfully reduce blast radius.

Feb 16, 20268 min read
Cloud Security

How to implement least privilege for GCP service accounts

A step-by-step guide to auditing, scoping, and enforcing least privilege service accounts GCP-wide — including key rotation and IAM audit workflows.

Feb 7, 20267 min read
Cloud Security

What is Just-in-Time Access

Just-in-time access grants time-bound, task-scoped permissions instead of standing privileges -- here's how it works, its benefits, and how to implement it.

Jan 26, 20267 min read
least-privilege (Page 3) — Safeguard Blog