Blog
News, research & articles
The latest research and product updates from the Tracebit team.
.png)
Canaries against autonomous AI attackers
We pointed ten frontier models at a live AWS environment to see what canaries do against an autonomous attacker: how early they warn, how fast the models trip them, and what changes when the agent is told deception might be present.
.webp)
Where Security Canaries Fit in NIST CSF 2.0
How Tracebit turns detection from an assumption into something you can actually prove. A practical mapping of security canaries across the six core functions of NIST CSF 2.0 - Detect, Respond, Govern, Identify, Protect, and Recover.
Deception Should Not Be a Luxury Control
How supporting Duo Security's astronomical growth set me up to see Deception as the next 'must have' security control.
Detecting CI/CD Supply Chain Attacks with Canary Credentials
A single threat actor - TeamPCP - compromised a chain of widely-used open source tools: Trivy, KICS, LiteLLM, and Telnyx. This post looks at the campaign and explores the question: once you've pinned your actions and hardened your runners, what actually detects credential exfiltration from a compromised CI/CD pipeline?
Tracebit announces Series A
We’re excited to announce our Series A investment round, led by FirstMark and joined by Accel, MMC Ventures, Tapestry VC and CCL; with continued support from our fantastic angel investors. This brings the total investment in Tracebit to $25M.
Canaries in the Wild - Episode 4: Kevin Conley
Episode 4 features Kevin Conley, Team Lead and Principal Security Engineer of the Deception Technology team at Riot Games, who explains why thinking like an attacker is critical, how Riot measures deception program effectiveness, and the ROI case for deception.
Do Canaries First
Engineering would never accept not detecting product going down - so why does security? This post makes the case for security canaries as a day-one control for catching critical security events early.
.webp)
Building Tracebit Community Edition
Last week, we launched Tracebit Community Edition. In this post, we go into the details of the method and motivation behind the release.
.webp)
Announcing Tracebit Community Edition
We're excited to announce Tracebit Community Edition, a completely free-forever platform to deploy security canaries.
.webp)
Canaries in the Wild - Episode 3: Mandy Andress
Episode 3 features Mandy Andress, CISO at Elastic, discussing why canaries deserve a larger role in security programs and how they'll address emerging threats from no-code applications and AI agents.
Short Term vs Long Term Canary Credentials
I'll explore the trade-offs between long and short term canary credentials for threat detection and explain why I think short term credentials are increasingly the right choice for most deployments.
Canaries in the Wild - Episode 2: Josh Yavor
Episode 2 features Josh Yavor, CEO and Co-Founder of Credible Security, discussing his experiences deploying deception technology across organizations of all sizes over more than a decade.
Introducing "Canaries in the Wild"
We're launching Canaries in the Wild, a podcast featuring security practitioners sharing real stories about deploying deception technology. Episode 1 features Didier Vandenbroeck, VP of Security at Oleria.
Code Execution Through Deception: Gemini AI CLI Hijack
Tracebit discovered a silent attack on Gemini CLI where, through a toxic combination of prompt injection, misleading UX and missing validation, inspecting untrusted code consistently leads to execution of malicious commands - enabling silent credential theft and much more.
Canaries in the Era of Generative AI
We explore what generative AI means for canaries, deception and honeypots. Both from an offense and defense perspective and what we're doing at Tracebit.
Announcing Security Canaries in Kubernetes
We're excited to share our latest canary module: Kubernetes - this is now available for all Tracebit customers
The full costs of building your own Canary Program
We explore why there can be a bias to build canaries and what's actually involved for a successful security canary program.
Why Tracebit is written in C#
A retro on some of the reasons we chose to build Tracebit in C#.
.webp)
Announcing Tracebit’s partnership with Panther
We announce Tracebit’s partnership with Panther, a leading cloud-native SIEM
Announcing Azure Canaries General Availability
Tracebit announces the general availability of Tracebit Canaries for Microsoft Azure
Azure Detection Engineering: Log idiosyncrasies you should know about
We share a few inconsistencies found in Azure logs which make detection engineering more challenging.
Breaching the Data Perimeter: CloudTrail as a mechanism for Data Exfiltration
We share a - now fixed - AWS vulnerability that would have enabled potentially undetectable data exfiltration from even the most locked down of AWS accounts by leveraging the audit trail itself to stealthily leak data.
The Security Canary Maturity Model
We lay out the different levels of maturity your organization may be at in their Security Canary Maturity, as well as discussing the value in maturity models themselves.
Canary Infrastructure vs. Real World TTPs
We investigate three recent AWS security incidents and discuss how canaries could help you detect these early, and throughout the attack lifecycle.
.webp)
NO_WILDCARD: How I discovered the Organization ID of any AWS Account
Our latest research into VPC Endpoint Policy causes AWS to introduce significant changes!
A hard look at GuardDuty shortcomings
Is GuardDuty all you need for AWS threat detection? We’ve asked our friend Rami McCarthy to dive into GuardDuty’s performance and consider the potential place for Canary Infrastructure.
Tracebit announces $5m fundraise to bring intrusion detection canaries to the world
We're delighted to announce our seed funding round, we're partnering with Accel, Tapestry VC and an incredible set of angel investors to bring Tracebit to the world.
fwd:cloudsec Talk: Discover the AWS Account ID of any S3 Bucket
Our Co-Founder and CTO Sam Cox presented his research into discovering the AWS Account ID of any S3 Bucket and how you might make similar discoveries yourself.
Canary Program Communication: Secrecy vs. Discretion
We share the lessons learned from deploying canaries at scale - how to be thoughtful but pragmatic about some of the tradeoffs necessary.
Canary AWS credentials: Beyond a token effort
What to think about when implementing canary AWS credentials in 2024 and beyond
Canary Infra: Bringing Honeypots towards general adoption
Laying out why we think 'Canary Infra' is a game changer for honeypots and intrusion detection.
How to find the AWS Account ID of any S3 Bucket
A technique to find the Account ID of a private S3 bucket.
How fast is CloudTrail today? Investigating CloudTrail delays using Athena
Investigating how long CloudTrail takes to deliver events in 2023.
Honeypots for Intrusion Detection
A deep dive into what Honeypots are, why they're useful and how they're used for intrusion detection.
The latest security research straight to your inbox
Subscribe to our newsletter to receive regular updates from our research and product teams
