CustomersPricingResearchAboutCareersContact
Company
  • About
  • Careers
  • Contact
Book a demo
Book a demo

Book a demo

See how canaries can enhance your security

Photo of Andy Smith

Andy Smith

CEO, Tracebit

Photo of Sam Cox

Sam Cox

CTO, Tracebit

Schedule a 45 minute personalised demo of Tracebit with one of our co-founders to:

  • Discuss your specific security challenges
  • Cover the range of canaries Tracebit can deploy for your use case
  • Walk through a simple Tracebit deployment

One of our co-founders will reply to you directly as soon as they see your request. No bots here! So please be patient if it takes us a few hours to get back to you.

Thank you for contacting us; a member of our team will be in touch shortly.
Oops! Something went wrong while submitting the form.
Blog

News, Research & Articles

The latest research and product updates from the Tracebit team.

Tracebit and Kubernetes
Product

Announcing Security Canaries in Kubernetes

We’re excited to share our latest canary module: Kubernetes - this now available for all Tracebit customers
Andy Smith
Andy Smith
April 14, 2025
April 14, 2025
•
2
min read
Planning a security canary program
Product

The full costs of building your own Canary Program

We explore why there can be a bias to build canaries and what's actually involved for a successful security canary program.
Andy Smith
Andy Smith
February 27, 2025
February 24, 2025
•
5
min read
Why Tracebit is written in C#
Product

Why Tracebit is written in C#

A retro on some of the reasons we chose to build Tracebit in C#.
Sam Cox
Sam Cox
January 31, 2025
•
10
min read
Tracebit/Panther
Product

Announcing Tracebit’s partnership with Panther

We announce Tracebit’s partnership with Panther, a leading cloud-native SIEM
Niall Gallagher
Niall Gallagher
January 8, 2025
January 6, 2025
•
5
min read
Announcing Azure Canaries General Availability
Product

Announcing Azure Canaries General Availability

Tracebit announces the general availability of Tracebit Canaries for Microsoft Azure
Andy Smith
Andy Smith
December 9, 2024
•
2
min read
Azure Activity Logs
Research

Azure Detection Engineering: Log idiosyncrasies you should know about

We share a few inconsistencies found in Azure logs which make detection engineering more challenging.
Michael Aldridge
Michael Aldridge
November 15, 2024
•
5
min read
Breaching the Data Perimeter: CloudTrail as a mechanism for Data Exfiltration
Research

Breaching the Data Perimeter: CloudTrail as a mechanism for Data Exfiltration

We share a - now fixed - AWS vulnerability that would have enabled potentially undetectable data exfiltration from even the most locked down of AWS accounts by leveraging the audit trail itself to stealthily leak data.
Sam Cox
Sam Cox
October 15, 2024
October 15, 2024
•
5
min read
The Security Canary Maturity Model
Research

The Security Canary Maturity Model

We layout the different levels of maturity your organization may be at in their Security Canary Maturity, as well as discussing the value in maturity models themselves.
Rami McCarthy
Rami McCarthy
September 10, 2024
September 7, 2024
•
5
min read
Canary Infrastructure vs. Real World TTPs - Scattered Spider / LUCR-3
Research

Canary Infrastructure vs. Real World TTPs

We investigate three recent AWS security incidents and discuss how canaries could help you detect these early, and throughout the attack lifecycle.
Rami McCarthy
Rami McCarthy
August 13, 2024
August 13, 2024
•
4
min read
Diagram showing VPC Endpoint Policies being used to find Organization ID of an arbitrary AWS account
Research

NO_WILDCARD: How I discovered the Organization ID of any AWS Account

Our latest research into VPC Endpoint Policy causes AWS to introduce significant changes!
Sam Cox
Sam Cox
July 22, 2024
July 22, 2024
•
10
min read
A hard look at GuardDuty shortcomings
Research

A hard look at GuardDuty shortcomings

Is GuardDuty all you need for AWS threat detection? We’ve asked our friend Rami McCarthy to dive into GuardDuty’s performance and consider the potential place for Canary Infrastructure.
Rami McCarthy
Rami McCarthy
July 16, 2024
July 12, 2024
•
6
min read
Tracebit announces $5m fundraise to bring intrusion detection canaries to the world
Product

Tracebit announces $5m fundraise to bring intrusion detection canaries to the world

We're delighted to announce our seed funding round, we're partnering with Accel, Tapestry VC and an incredible set of angel investors to bring Tracebit to the world.
Andy Smith
Andy Smith
July 9, 2024
June 24, 2024
•
2
min read
Sam Cox presenting "Discover the AWS Account ID of any S3 bucket"
Research

fwd:cloudsec Talk: Discover the AWS Account ID of any S3 Bucket

Our Co-Founder and CTO Sam Cox presented his research into discovering the AWS Account ID of any S3 Bucket and how you might make similar discoveries yourself.
Sam Cox
Sam Cox
June 24, 2024
June 24, 2024
•
2
min read
Canary Program Communication
Product

Canary Program Communication: Secrecy vs. Discretion

We share the lessons learned from deploying canaries at scale - how to be thoughtful but pragmatic about some of the tradeoffs necessary.
Andy Smith
Andy Smith
May 31, 2024
May 31, 2024
•
3
min read
AI generated image of a red cartoon key, with halo, sitting on a cloud
Research

Canary AWS credentials: Beyond a token effort

What to think about when implementing canary AWS credentials in 2024 and beyond
Sam Cox
Sam Cox
May 3, 2024
May 15, 2024
•
5
min read
Cartoon image of canaries organising and conducting the construction of a building site with cranes in the background
Product

Canary Infra: Bringing Honeypots towards general adoption

Laying out why we think 'Canary Infra' is a game changer for honeypots and intrusion detection.
Andy Smith
Andy Smith
March 14, 2024
May 15, 2024
•
4
min read
Technical diagram showing modifications made to a VPC endpoint to make an Account ID search of an S3 bucket faster.
Research

How to find the AWS Account ID of any S3 Bucket

A technique to find the Account ID of a private S3 bucket.
Sam Cox
Sam Cox
February 22, 2024
May 15, 2024
•
8
min read
Graph showing the CloudTrail delay delivering to S3
Research

How fast is CloudTrail today? Investigating CloudTrail delays using Athena

Investigating how long CloudTrail takes to deliver events in 2023.
Sam Cox
Sam Cox
November 27, 2023
May 15, 2024
•
7
min read
Cartoon image of a threat actor about to interact with a honeypot, lasers and alarm systems surround it.
Research

Honeypots for Intrusion Detection

A deepdive into what Honeypots are, why they're useful and how they're used for intrusion detection.
Andy Smith
Andy Smith
November 13, 2023
May 15, 2024
•
5
min read

The latest security research straight to your inbox

Subscribe to your newsletter to receive regular updates from our research and product teams

By clicking Sign Up you're confirming that you agree with our Privacy policy
Thank you! Check your inbox for your first edition.
Oops! Something went wrong while submitting the form.
AboutBlogContactCareersStatusTrust & Security
Subscribe for research and product updates
By subscribing you agree to our Privacy Policy
Thank you! Check your inbox for your first edition
Oops! Something went wrong while submitting the form.
Subscribe
By subscribing you agree to our Privacy Policy
Thank you! Check your inbox for your first edition
Oops! Something went wrong while submitting the form.
© 2025 Tracebit. All rights reserved.
Privacy PolicyTerms of Service
AWS Qualified SoftwareSOC 2 Type 2