Synthesia Builds High Confidence Alerting with Tracebit
Synthesia's security team operates under a clear assumption: prevention will eventually fail. They deploy Tracebit canaries as part of their Assume Breach strategy, to give them a high-confidence detection layer, so that they can act with speed.
Highlights
“Tracebit's platform enables high fidelity alerts, is quick to deploy, easy to maintain and secure by design. Their solution delivers actual value and is getting better by the day.”
Martin Tschammer
Head of Security
Case study
About Synthesia
Synthesia is an AI video generation platform that enables users to create professional videos from text, with capabilities including custom avatars and multilingual support.
Challenge
Synthesia's security team had adopted an Assume Breach mindset, recognising that no combination of perimeter and endpoint controls can guarantee prevention. The challenge Synthesia faced is that in a multi-cloud environment with complex CI/CD pipelines, traditional detection tools generate more noise than signal. Acting with confidence on any individual alert was proving difficult. The team needed an early detection layer that could produce high-confidence alerts.
Solution
Synthesia deployed Tracebit canaries across their cloud environments and endpoints. The rollout was fast and efficient, covering multiple cloud environments within a week and requiring minimal engineering effort.
"The majority of the deployment process was very straightforward and the documentation is designed in a very efficient way. Within a week you can have very big coverage across multiple environments."
Zhel Petrov, Security Operations Engineer, Synthesia
Outcome
High-Fidelity Alerts
The core value Tracebit delivers for Synthesia is not faster detection in isolation - it is faster certainty that immediate investigation is warranted. In a complex environment where multiple tools generate overlapping signals, canary alerts differentiate by their high-fidelity.
"We can deploy credentials in such a way that if they are ever used, this would warrant an immediate investigation."
Zhel Petrov, Security Operations Engineer, Synthesia
Near Zero Ongoing Maintenance
With the deployment in place, ongoing overhead has been minimal. Static canaries follow a deploy-and-forget model, while dynamic canaries rotate automatically. The team monitors alerts and reviews configuration periodically, but Tracebit handles the rest, freeing the team to focus on higher-priority work.
"The canaries are basically deployed and forget. Everything is automated and super simple. It has been pretty amazing."
Zhel Petrov, Security Operations Engineer, Synthesia
Low False Positive Rate
Synthesia's experience with false positives has been notably different from their traditional detection stack. The team reports a very low false positive rate, which they attribute to how canaries are designed and placed within each environment.
Realism in Design
The team have seen significant value from the realism of Tracebit canaries, as they blend into real infrastructure convincingly and are indistinguishable from product assets.
Providing Guardrails and Assurance for AI Agent Adoption
Synthesia embraces AI across the organization, allowing engineers to experiment with various coding agents and LLMs on their endpoints. Tracebit canaries provide the guardrails, ensuring any agent that accesses secrets beyond its intended scope will trigger an alert. The absence of alerts then gives the team confidence that agents are operating as expected.
"The lack of alerts being generated specifically on those environments gives us the confidence that the variety of agents that we have across our environments do not just go ahead and start to use any secret that they've discovered."
Zhel Petrov, Security Operations Engineer, Synthesia
Looking Forward
Synthesia has observed that attackers leveraging AI move faster through reconnaissance and exploitation, compressing the window between initial access and serious damage. The team sees Assume Breach as a necessary response to that reality.
