Olivia
Online
Daniel
@daniel_0241
Joined February 2016
93 Following
393 Followers
577 Posts
Why do we still give AI agents raw credentials?
Prompt injection leading to credential exfiltration is a huge threat to agentic systems. Agents follow instructions in whatever text they ingest, and that makes them trivially exploitable.
The fix is credential brokering. A broker sits between the agent and the APIs it needs, holds the real credentials, and swaps them in at the network layer. The agent only ever sees a placeholder.
We built an open source credential broker called Agent Vault. Full video breakdown below 👇
https://t.co/cbzEGZWJy2
My virus, called Hantavirus, just wiped out the world in 1478 days! https://t.co/NJOHalEYIY
@HackingLZ @dangtony98 @infisical No, users configure their own AWS account so there's no predictable account ID's. You can read more on our blog! https://t.co/T0quoMIWd5
Agent Vault is gonna be game-changing!
We've been going deep cooking up new security infra for agents at @infisical. Dropping a little sneak peek for what's ahead for anyone curious.
Excited to show everyone what we've been working on!
This is a much-needed security measure in the age of constant supply chain attacks and breaches. Read my blog post for a deeper dive https://t.co/T0quoMIWd5
An attacker compromises your secrets manager. They pull a list of AWS credentials. They start trying them. One of them is a Honey Token. The moment they touch it, you know.
That's Honey Tokens, a new feature live in Infisical today:
> Generate decoys in the dashboard
> Indistinguishable from real AWS IAM credentials
> Real-time alerts to org admins
> One-time setup per org
First external contribution to Agent Vault (AV) has been merged!
@opencode is now a supported agent in AV. You can now run:
agent-vault run -- opencode
This will have the agent proxy requests through AV from which you can broker credentials. Stay tuned for better security guarantees around the agent's operating environment soon.
For a while, we've been grappling with one big question: How do we give agents secure access to services without them reading any secrets? Today, we provide an early answer: Agent Vault, an open source, HTTP credential proxy and vault.
Agents like OpenClaw or Claude Code can proxy requests through Agent Vault regardless of the method an agent uses to interact with any target service: API, CLI, SDK, MCP.
With Agent Vault, we’re rethinking how secrets should be consumed by agents. We believe that vaults and/or secret stores are here to stay but the way in which secrets are delivered to fit the ergonomics of how agents operate will change drastically.
In the current state, agents cannot be trusted with holding secrets directly and so there has to be a dedicated credential broker beside each agent, be it through a dedicated service, sidecar, or egress layer; to securely attach credentials onto every request to the outside world. With this proxy in place, you can inspect proxied requests and, in the future, apply firewall rules to apply restrictions to traffic flowing through the proxy.
The Agent Vault project by @infisical is an early peek into a trend that we believe many folks including Anthropic, Brex, Browser Use and others have caught onto which is the separation of the agent from its credentials.
Check it out.
https://t.co/pZEzh2WjlI
https://t.co/futuAAvN2x
@JoelTheDane Best of luck to the IT force having to learn how to use MacOS (US based), or Linux (also US based/funded). This is purely symbolic politics, makes no sense
@deildo_jr @infisical hey @deildo_jr, thank you for raising the pr! i've just merged it in, and it's now live in the latest version!
https://t.co/kbGyuQi3vP
If you’re a Vercel user acting on today’s security incident, here are some best next steps:
> Rotate all secrets in your Vercel dashboard immediately
> Bulk-migrate env vars to sensitive variables (@infisical has a Vercel sync you can use to quickly mark all secrets as sensitive)
> Set up automations to rotate DB creds and API keys on a schedule
> Use dynamic secrets, so DB credentials are short-lived
> Pull secrets at runtime through our SDKs instead of storing them in Vercel
> Make sure you have audit logs to see what was accessed
I had to urgently switch our hosting from @Railway to @Render
In the past, doing so would've been a huge pain....
Migrating env vars, reconfiguring services, setting up internal networking, fixing broken builds etc.
Instead, I installed the Railway, Render, and @infisical MCPs and asked Codex to migrate us.
In a few hours it had unified our env management, configured all our Render instances, fixed broken builds.
All we had to do was update our DNS.
Exciting times!
being an engineer by trade vs being an engineer by heart makes such a big difference in work ethic
Announcing Infisical for Kids, the enterprise-grade household secrets management platform:
> Real-time secret interception
> Privileged access management (per room)
> Just-in-Time kitchen access via Slack
> Automated permission slip lifecycle management
With Infisical for Kids, your kid submits a formal access request for the pantry at 9 PM. Denied. Full audit trail included.
Build infrastructure, not punishments.
https://t.co/ijlL2V0xcZ
@infisical groundbreaking, infisical is now a household name
@bidhanxcode you shouldn't need to share .env files, ever. @infisical takes care of all that for you :)
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers