least-privilege
Safeguard articles tagged "least-privilege" — guides, analysis, and best practices for software supply chain and application security.
46 articles
GCP IAM security best practices
GCP IAM misconfigurations, not exploits, cause most cloud breaches. Here is how to enforce least privilege, lock down service accounts, and audit access.
CISA's Agentic AI Secure Adoption Guide (May 2026): What It Means for Software Supply Chains
On May 4, 2026, CISA and international partners published guidance on the secure adoption of agentic AI. We break down the named risks, the recommended controls, and how to operationalize them for AppSec and platform teams.
Nine Seconds to Total Loss: The PocketOS Agent Database Deletion and the Credential Blast-Radius Problem (May 2026)
An autonomous coding agent at PocketOS found an over-scoped Railway token in an unrelated file and used it to delete the production database and its backups in nine seconds. The failure was not the model. It was the credential.
A Security Baseline for AI Agent Tool Use in 2026
Tool-using agents are now in production at most large organizations. The security baseline that should be table stakes, and what teams are still missing.
What is Kubernetes RBAC
Kubernetes RBAC controls who can do what in your cluster. Here's how Roles, Bindings, and ClusterRoles work — and where they commonly fail.
What is IAM (Identity and Access Management)
IAM defines who and what can access your systems, and getting it wrong is a root cause behind breaches at Capital One, Toyota, Uber, and CircleCI.
CIEM (Cloud Infrastructure Entitlement Management)
What is CIEM? A clear breakdown of Cloud Infrastructure Entitlement Management, how it differs from CSPM, and why excessive cloud permissions keep piling up.
How to implement least privilege IAM policies in AWS
A practical guide to building a least privilege IAM policy AWS teams can trust, using Access Advisor data and generator tooling to cut over-permissioning fast.
How to set up Kubernetes RBAC
A step-by-step kubernetes RBAC setup guide covering Roles, RoleBindings, service accounts, least-privilege patterns, and how to verify and troubleshoot access.
K8s RBAC Blast Radius in Supply Chain Attacks
How Kubernetes RBAC determines what a supply chain attack can actually do once a compromised workload runs, and the RBAC patterns that meaningfully reduce blast radius.
How to implement least privilege for GCP service accounts
A step-by-step guide to auditing, scoping, and enforcing least privilege service accounts GCP-wide — including key rotation and IAM audit workflows.
What is Just-in-Time Access
Just-in-time access grants time-bound, task-scoped permissions instead of standing privileges -- here's how it works, its benefits, and how to implement it.