Mitiga
@mitiga.bsky.social
Let Them Come. Mitiga is the leader in AI-Native Zero-Impact Breach Mitigation – the only approach that ensures cyberattacks cause no business impact.
Why wouldn't you have a CDR? PO spells out why you need Cloud Detection & Response clear as day.
Finding real cloud expertise inside a SOC is tough. Even strong teams struggle to make sense of cloud logs, identity patterns, and SaaS behavior. That gap gives attackers room to move.
Finding real cloud expertise inside a SOC is tough. Even strong teams struggle to make sense of cloud logs, identity patterns, and SaaS behavior. That gap gives attackers room to move.
December 22, 2025 at 3:06 PM
Why wouldn't you have a CDR? PO spells out why you need Cloud Detection & Response clear as day.
Finding real cloud expertise inside a SOC is tough. Even strong teams struggle to make sense of cloud logs, identity patterns, and SaaS behavior. That gap gives attackers room to move.
Finding real cloud expertise inside a SOC is tough. Even strong teams struggle to make sense of cloud logs, identity patterns, and SaaS behavior. That gap gives attackers room to move.
AI is removing the barrier to entry for targeted phishing. Tim Chase explains that a simple prompt can do the heavy lifting.
This shift changes the game for attackers and raises the stakes for cloud and identity security.
This shift changes the game for attackers and raises the stakes for cloud and identity security.
December 19, 2025 at 3:07 PM
AI is removing the barrier to entry for targeted phishing. Tim Chase explains that a simple prompt can do the heavy lifting.
This shift changes the game for attackers and raises the stakes for cloud and identity security.
This shift changes the game for attackers and raises the stakes for cloud and identity security.
GitHub is a goldmine for developers and attackers.
Our second Now You See Me post breaks down what GitHub logs reveal, where blind spots hide, and how to hunt smarter.
Catch what others miss. https://loom.ly/Nt6uABY
Our second Now You See Me post breaks down what GitHub logs reveal, where blind spots hide, and how to hunt smarter.
Catch what others miss. https://loom.ly/Nt6uABY
December 18, 2025 at 7:03 PM
GitHub is a goldmine for developers and attackers.
Our second Now You See Me post breaks down what GitHub logs reveal, where blind spots hide, and how to hunt smarter.
Catch what others miss. https://loom.ly/Nt6uABY
Our second Now You See Me post breaks down what GitHub logs reveal, where blind spots hide, and how to hunt smarter.
Catch what others miss. https://loom.ly/Nt6uABY
Doing some New Year's shopping? Listen up: We broke down the ten capabilities that define the CDR you actually need.
Let them come. Just select a CDR platform that makes sure they get nothing. www.mitiga.io/blog/cloud-detection-response-buyers-guide-10-capabilities
Let them come. Just select a CDR platform that makes sure they get nothing. www.mitiga.io/blog/cloud-detection-response-buyers-guide-10-capabilities
December 17, 2025 at 6:15 PM
Doing some New Year's shopping? Listen up: We broke down the ten capabilities that define the CDR you actually need.
Let them come. Just select a CDR platform that makes sure they get nothing. www.mitiga.io/blog/cloud-detection-response-buyers-guide-10-capabilities
Let them come. Just select a CDR platform that makes sure they get nothing. www.mitiga.io/blog/cloud-detection-response-buyers-guide-10-capabilities
Cloud attacks are changing faster than most SOCs can react. Multi-cloud complexity, identity abuse, and AI-driven threat velocity are raising the stakes for everyone.
On Mitiga Mic, these folks share how AI-driven processes help teams stay ahead. https://loom.ly/uUzY7a8
On Mitiga Mic, these folks share how AI-driven processes help teams stay ahead. https://loom.ly/uUzY7a8
December 16, 2025 at 5:47 PM
Cloud attacks are changing faster than most SOCs can react. Multi-cloud complexity, identity abuse, and AI-driven threat velocity are raising the stakes for everyone.
On Mitiga Mic, these folks share how AI-driven processes help teams stay ahead. https://loom.ly/uUzY7a8
On Mitiga Mic, these folks share how AI-driven processes help teams stay ahead. https://loom.ly/uUzY7a8
Attackers are already using misconfigured integrations, over-permissive roles, and stolen tokens to move laterally through your SaaS environment. Most teams don’t see it until the damage is done.
Mitiga is your SaaS safety net. Starting with Salesforce. https://loom.ly/YHHGQ-A
Mitiga is your SaaS safety net. Starting with Salesforce. https://loom.ly/YHHGQ-A
December 15, 2025 at 5:05 PM
Attackers are already using misconfigured integrations, over-permissive roles, and stolen tokens to move laterally through your SaaS environment. Most teams don’t see it until the damage is done.
Mitiga is your SaaS safety net. Starting with Salesforce. https://loom.ly/YHHGQ-A
Mitiga is your SaaS safety net. Starting with Salesforce. https://loom.ly/YHHGQ-A
Attackers keep getting in. Noise keeps rising.
And SOC teams are asked to somehow move faster with less clarity.
Brian Contos takes a walk with Patrick “PO” Orzechowski to discuss what is actually happening inside modern SOCs and why AI isn't optional these days. https://loom.ly/SIAoxaU
And SOC teams are asked to somehow move faster with less clarity.
Brian Contos takes a walk with Patrick “PO” Orzechowski to discuss what is actually happening inside modern SOCs and why AI isn't optional these days. https://loom.ly/SIAoxaU
December 11, 2025 at 6:23 PM
Attackers keep getting in. Noise keeps rising.
And SOC teams are asked to somehow move faster with less clarity.
Brian Contos takes a walk with Patrick “PO” Orzechowski to discuss what is actually happening inside modern SOCs and why AI isn't optional these days. https://loom.ly/SIAoxaU
And SOC teams are asked to somehow move faster with less clarity.
Brian Contos takes a walk with Patrick “PO” Orzechowski to discuss what is actually happening inside modern SOCs and why AI isn't optional these days. https://loom.ly/SIAoxaU
Proactive hunting is a must for resilience.
Attackers use AI to move more rapidly and quietly and get closer to your crown jewels. Anyone who has worked a cloud investigation knows how fast that early activity can disappear into normal noise.
More AIDR best practices: https://loom.ly/SkfW9Mc
Attackers use AI to move more rapidly and quietly and get closer to your crown jewels. Anyone who has worked a cloud investigation knows how fast that early activity can disappear into normal noise.
More AIDR best practices: https://loom.ly/SkfW9Mc
December 10, 2025 at 7:33 PM
Proactive hunting is a must for resilience.
Attackers use AI to move more rapidly and quietly and get closer to your crown jewels. Anyone who has worked a cloud investigation knows how fast that early activity can disappear into normal noise.
More AIDR best practices: https://loom.ly/SkfW9Mc
Attackers use AI to move more rapidly and quietly and get closer to your crown jewels. Anyone who has worked a cloud investigation knows how fast that early activity can disappear into normal noise.
More AIDR best practices: https://loom.ly/SkfW9Mc
We looked at 10,000 open-source AI/ML repos.
70% had critical or high-severity vulnerabilities in GitHub Actions workflows.
This research breaks down the most prevalent vulnerabilities, how attackers exploit them, and what to fix before it matters.
🔗 https://loom.ly/4EF7bPs
70% had critical or high-severity vulnerabilities in GitHub Actions workflows.
This research breaks down the most prevalent vulnerabilities, how attackers exploit them, and what to fix before it matters.
🔗 https://loom.ly/4EF7bPs
Inside the AI Supply Chain: Security Lessons from 10,000 Open-Source ML Projects
Analysis of 10,000 open-source AI/ML repositories reveals 70% have critical or high-severity vulnerabilities in GitHub Actions workflows, making them prone to attacks like code injection, credential theft, or repo takeover via malicious PRs.
www.mitiga.io
December 9, 2025 at 3:06 PM
We looked at 10,000 open-source AI/ML repos.
70% had critical or high-severity vulnerabilities in GitHub Actions workflows.
This research breaks down the most prevalent vulnerabilities, how attackers exploit them, and what to fix before it matters.
🔗 https://loom.ly/4EF7bPs
70% had critical or high-severity vulnerabilities in GitHub Actions workflows.
This research breaks down the most prevalent vulnerabilities, how attackers exploit them, and what to fix before it matters.
🔗 https://loom.ly/4EF7bPs
The call is coming from inside the Salesforce ecosystem.
Attackers are entering through connected apps. Once inside, they move fast.
See the offer. Read the breakdowns. Start preventing.
https://loom.ly/YHHGQ-A
Attackers are entering through connected apps. Once inside, they move fast.
See the offer. Read the breakdowns. Start preventing.
https://loom.ly/YHHGQ-A
December 8, 2025 at 9:26 PM
The call is coming from inside the Salesforce ecosystem.
Attackers are entering through connected apps. Once inside, they move fast.
See the offer. Read the breakdowns. Start preventing.
https://loom.ly/YHHGQ-A
Attackers are entering through connected apps. Once inside, they move fast.
See the offer. Read the breakdowns. Start preventing.
https://loom.ly/YHHGQ-A
Mitiga has been named one of CRN’s 10 Hottest Cybersecurity Startups of 2025. It’s a powerful recognition, but not a surprise to the people building with us.
To every employee pushing the limits. To every partner extending our reach. This is your win.
Let them come.
https://loom.ly/X795lbc
To every employee pushing the limits. To every partner extending our reach. This is your win.
Let them come.
https://loom.ly/X795lbc
December 5, 2025 at 3:24 PM
Mitiga has been named one of CRN’s 10 Hottest Cybersecurity Startups of 2025. It’s a powerful recognition, but not a surprise to the people building with us.
To every employee pushing the limits. To every partner extending our reach. This is your win.
Let them come.
https://loom.ly/X795lbc
To every employee pushing the limits. To every partner extending our reach. This is your win.
Let them come.
https://loom.ly/X795lbc
Pop quiz: what's a gargoyle? There's a good chance you are either thinking of a 90s cartoon or a different kind of stone structure entirely.
December 4, 2025 at 5:42 PM
Pop quiz: what's a gargoyle? There's a good chance you are either thinking of a 90s cartoon or a different kind of stone structure entirely.
What do medieval gargoyles have to do with cloud security? A lot, actually. Dr. Janetta Benton joins Mitiga Mic to discuss these ancient defenders who inspired our modern one: Argus. https://loom.ly/R5Bfbo0
December 2, 2025 at 3:46 PM
What do medieval gargoyles have to do with cloud security? A lot, actually. Dr. Janetta Benton joins Mitiga Mic to discuss these ancient defenders who inspired our modern one: Argus. https://loom.ly/R5Bfbo0
Attackers get in.
With Mitiga, they get nothing.
That's Zero-Impact Breach Prevention across Cloud, SaaS, AI, and Identity.
Real containment. No impact.
Let them come.
With Mitiga, they get nothing.
That's Zero-Impact Breach Prevention across Cloud, SaaS, AI, and Identity.
Real containment. No impact.
Let them come.
December 1, 2025 at 4:45 PM
Attackers get in.
With Mitiga, they get nothing.
That's Zero-Impact Breach Prevention across Cloud, SaaS, AI, and Identity.
Real containment. No impact.
Let them come.
With Mitiga, they get nothing.
That's Zero-Impact Breach Prevention across Cloud, SaaS, AI, and Identity.
Real containment. No impact.
Let them come.
This week, we’re especially thankful for the defenders.
The ones who keep watch when others wind down.
The ones who ask the hard questions.
The ones who act before it’s too late.
We built Mitiga for you.
For resilience, not reaction.
For action, not aftermath.
Let them come.
The ones who keep watch when others wind down.
The ones who ask the hard questions.
The ones who act before it’s too late.
We built Mitiga for you.
For resilience, not reaction.
For action, not aftermath.
Let them come.
November 26, 2025 at 8:35 PM
This week, we’re especially thankful for the defenders.
The ones who keep watch when others wind down.
The ones who ask the hard questions.
The ones who act before it’s too late.
We built Mitiga for you.
For resilience, not reaction.
For action, not aftermath.
Let them come.
The ones who keep watch when others wind down.
The ones who ask the hard questions.
The ones who act before it’s too late.
We built Mitiga for you.
For resilience, not reaction.
For action, not aftermath.
Let them come.
The European Union’s Cyber Resilience Act (CRA) sets a useful framework for SaaS vendors. But—yes, there is a but—compliance alone won't stop the next breach. https://loom.ly/d3sNt3I
The Cyber Resilience Act and SaaS: Why Compliance is Only Half the Battle
The EU’s Cyber Resilience Act is reshaping global software security expectations, especially for SaaS, where shared responsibility, lifecycle security and strong identity protections are essential as attackers increasingly “log in” instead of breaking in.
securityboulevard.com
November 26, 2025 at 4:05 PM
The European Union’s Cyber Resilience Act (CRA) sets a useful framework for SaaS vendors. But—yes, there is a but—compliance alone won't stop the next breach. https://loom.ly/d3sNt3I
When we talk about a Salesforce breach, that's not really accurate, is it? But it is the blast radius.
Attackers are stealing OAuth tokens from connected applications, like those from #Salesloft and #Gainsight, then walking in with full access. https://loom.ly/FRI71Eo
Attackers are stealing OAuth tokens from connected applications, like those from #Salesloft and #Gainsight, then walking in with full access. https://loom.ly/FRI71Eo
November 25, 2025 at 5:20 PM
When we talk about a Salesforce breach, that's not really accurate, is it? But it is the blast radius.
Attackers are stealing OAuth tokens from connected applications, like those from #Salesloft and #Gainsight, then walking in with full access. https://loom.ly/FRI71Eo
Attackers are stealing OAuth tokens from connected applications, like those from #Salesloft and #Gainsight, then walking in with full access. https://loom.ly/FRI71Eo
Apparently, Scattered Lapsus$ Shiny Hunters (SLSH) has returned to a target they know well: Salesforce data. They know where organizations overlook risk. https://loom.ly/5mnu13E
November 24, 2025 at 10:09 PM
Apparently, Scattered Lapsus$ Shiny Hunters (SLSH) has returned to a target they know well: Salesforce data. They know where organizations overlook risk. https://loom.ly/5mnu13E
Well, that's an unusual password change. What else is going on, and why is it important?
Brian Contos takes us inside cloud threat detection with behavioral analytics across AWS, GCP, and more. https://loom.ly/6qDt5kE
Brian Contos takes us inside cloud threat detection with behavioral analytics across AWS, GCP, and more. https://loom.ly/6qDt5kE
November 21, 2025 at 7:02 PM
Well, that's an unusual password change. What else is going on, and why is it important?
Brian Contos takes us inside cloud threat detection with behavioral analytics across AWS, GCP, and more. https://loom.ly/6qDt5kE
Brian Contos takes us inside cloud threat detection with behavioral analytics across AWS, GCP, and more. https://loom.ly/6qDt5kE
AI’s not a threat to my team. It’s our teammate.
In this new episode of Mitiga Mic, Arif Khan, senior director leading services at Mitiga, breaks down how his team stops what legacy tools miss — before attackers do damage.
🎧 Watch now → https://loom.ly/QlQNdpU
In this new episode of Mitiga Mic, Arif Khan, senior director leading services at Mitiga, breaks down how his team stops what legacy tools miss — before attackers do damage.
🎧 Watch now → https://loom.ly/QlQNdpU
November 18, 2025 at 3:26 PM
AI’s not a threat to my team. It’s our teammate.
In this new episode of Mitiga Mic, Arif Khan, senior director leading services at Mitiga, breaks down how his team stops what legacy tools miss — before attackers do damage.
🎧 Watch now → https://loom.ly/QlQNdpU
In this new episode of Mitiga Mic, Arif Khan, senior director leading services at Mitiga, breaks down how his team stops what legacy tools miss — before attackers do damage.
🎧 Watch now → https://loom.ly/QlQNdpU
Cloud resilience starts with observability.
Gopal Padinjaruveetil, CISO at AAA, explains why SaaS, identity, and multi-cloud visibility define modern defense. And why every CISO is racing to connect the dots across their environments.
Gopal Padinjaruveetil, CISO at AAA, explains why SaaS, identity, and multi-cloud visibility define modern defense. And why every CISO is racing to connect the dots across their environments.
November 17, 2025 at 4:26 PM
Cloud resilience starts with observability.
Gopal Padinjaruveetil, CISO at AAA, explains why SaaS, identity, and multi-cloud visibility define modern defense. And why every CISO is racing to connect the dots across their environments.
Gopal Padinjaruveetil, CISO at AAA, explains why SaaS, identity, and multi-cloud visibility define modern defense. And why every CISO is racing to connect the dots across their environments.
Workday logs are easy to ignore — until attackers use them against you.
In our new “Now You See Me” series, Mitiga Labs breaks down the logs, risks, and detection tips SaaS defenders can’t afford to miss. https://loom.ly/imueWOs
In our new “Now You See Me” series, Mitiga Labs breaks down the logs, risks, and detection tips SaaS defenders can’t afford to miss. https://loom.ly/imueWOs
November 13, 2025 at 4:50 PM
Workday logs are easy to ignore — until attackers use them against you.
In our new “Now You See Me” series, Mitiga Labs breaks down the logs, risks, and detection tips SaaS defenders can’t afford to miss. https://loom.ly/imueWOs
In our new “Now You See Me” series, Mitiga Labs breaks down the logs, risks, and detection tips SaaS defenders can’t afford to miss. https://loom.ly/imueWOs
Most people don't wake up, decide that they're going to become an elite hacker, and wham.
Often, it takes curiosity and persistence. Roei Sherman had his own interesting path. Now he's the head of research for Mitiga Labs. Hear his story on #MitigaMic. https://loom.ly/Ak0YXIs
Often, it takes curiosity and persistence. Roei Sherman had his own interesting path. Now he's the head of research for Mitiga Labs. Hear his story on #MitigaMic. https://loom.ly/Ak0YXIs
November 12, 2025 at 3:17 PM
Most people don't wake up, decide that they're going to become an elite hacker, and wham.
Often, it takes curiosity and persistence. Roei Sherman had his own interesting path. Now he's the head of research for Mitiga Labs. Hear his story on #MitigaMic. https://loom.ly/Ak0YXIs
Often, it takes curiosity and persistence. Roei Sherman had his own interesting path. Now he's the head of research for Mitiga Labs. Hear his story on #MitigaMic. https://loom.ly/Ak0YXIs
Attackers need less than an hour to start turning access into impact. You don't have time to waste.
Best Practice number 4 in John Vecchi's blog focuses on speed of response: automate cloud investigations and root cause analysis at scale. https://loom.ly/SkfW9Mc
Best Practice number 4 in John Vecchi's blog focuses on speed of response: automate cloud investigations and root cause analysis at scale. https://loom.ly/SkfW9Mc
November 10, 2025 at 4:21 PM
Attackers need less than an hour to start turning access into impact. You don't have time to waste.
Best Practice number 4 in John Vecchi's blog focuses on speed of response: automate cloud investigations and root cause analysis at scale. https://loom.ly/SkfW9Mc
Best Practice number 4 in John Vecchi's blog focuses on speed of response: automate cloud investigations and root cause analysis at scale. https://loom.ly/SkfW9Mc
Who's being held accountable for the rise in cybercrime?
CISOs like Gopal Padinjaruveetil (AAA) know that keeping up with this velocity takes more than posture-based prevention. It takes real-time detection, response, and genuine cyber resilience.
CISOs like Gopal Padinjaruveetil (AAA) know that keeping up with this velocity takes more than posture-based prevention. It takes real-time detection, response, and genuine cyber resilience.
November 7, 2025 at 4:16 PM
Who's being held accountable for the rise in cybercrime?
CISOs like Gopal Padinjaruveetil (AAA) know that keeping up with this velocity takes more than posture-based prevention. It takes real-time detection, response, and genuine cyber resilience.
CISOs like Gopal Padinjaruveetil (AAA) know that keeping up with this velocity takes more than posture-based prevention. It takes real-time detection, response, and genuine cyber resilience.