Skip to content
Sentyn
Platform
Sentyn console · acme-prod
Owner coverage89.1%
Open findings174
Connectors4 active
IdentitySourceOwnerRisk
prod-ci-deployerAWS IAMunknowncritical
gha-release-tokenGitHubassignedhigh
lambda-audit-roleAWS IAMconfirmedmedium
evidence: redactedblast_radius: computedsync: read-only
Control plane

Tenant isolation, encrypted credentials, redaction pipeline, read-only connectors, append-only audit.

Learn more
Platform
Pillars
Pillars overview
Machine identity security
Discovery and inventory
Governance and proof
Integrations
Connectors
AWS IAM
GitHub
Azure Entra
Kubernetes
Start
Guided review
Demo walkthrough
Validate sync
Owner queue
Export audit
Book walkthrough
The checklist we use before design-partner demos.
Product
Sentyn console · acme-prod
Owner coverage89.1%
Open findings174
Connectors4 active
IdentitySourceOwnerRisk
prod-ci-deployerAWS IAMunknowncritical
gha-release-tokenGitHubassignedhigh
lambda-audit-roleAWS IAMconfirmedmedium
evidence: redactedblast_radius: computedsync: read-only
Product console

Inventory, ownership, findings, graph, remediation preview, reports, and audit in one evidence model.

Learn more
Capabilities
Console
Overview
Inventory
Ownership
Findings
Access reviews
Capabilities
Workflow
Discover
Assign owner
Triage finding
Preview fix
Export proof
Services
Assessments
Cloud assessment
Infra and CI/CD review
AI agent review
Audit evidence package
Talk to us
Scoped session on your cloud and GitHub footprint.
Use cases
Teams
Cloud security
Privileged review
Multi-account visibility
Blast radius
Teams
Identity
Unknown owner cleanup
Owner conflicts
Attestation
Teams
Audit / GRC
Board prep
Compliance evidence
Connector review
Lifecycle
Five-step loop
Discover
Assign
Prioritize
Preview
Prove
Book a walkthrough
See unknown owners in your first session.
Knowledge
Learn
Knowledge center
Resources
Documentation
Use cases
Docs
Documentation
Security model
Connectors
Deployment
Trust packs
Company
About
Principles
What we are not
Enterprise teams
Contact
Contact
Get started
Book demo
Security review
Assessment inquiry
Book a walkthrough
30 minutes to your first evidence-backed finding.
Contact
Book a walkthrough
Sentyn

Evidence before alerts. Machine identity security for teams that need names, owners, and audit proof.

Book a walkthrough

Product

OverviewConsole tourPlatformPricing

Services

Cloud assessmentInfra reviewAI agentsAudit package

Use cases

Cloud securityIdentityAudit / GRCLifecycle

Knowledge

ResourcesDocumentationSecurity modelAboutContact
© 2026 Sentyn. All rights reserved.
SecurityPricingsentyn.io
← Knowledge center

Incidents

Public incidents involving machine identities

Documented breaches tied to service accounts, CI secrets, tokens, and automation credentials from official postmortems.

Research narrative by Het Mehta, Research and product narrative. Sources are public competitor reports, vendor documentation, and official incident disclosures.

2023 · Okta

Support system service account compromise

Attackers used a compromised service account tied to Okta customer support. Stolen session artifacts in support files enabled downstream customer session hijacking attempts.

Service accounts with broad support access require the same ownership, rotation, and evidence discipline as production IAM roles.

Okta Security blog, November 2023

2023 · CircleCI

Engineer session led to customer secret exfiltration

A compromised engineer laptop session allowed access to databases holding customer environment variables, tokens, and API keys used in CI.

CI/CD platforms concentrate machine credentials. Inventory and blast radius mapping must include pipeline secrets, not only Git commits.

CircleCI official incident report, January 2023

2022 · Slack

Employee token misuse against GitHub

Stolen employee tokens were used to access external GitHub repositories and download private code.

Developer tokens bridge human and machine identity boundaries. Owner attribution and scope review must cover employee-issued automation credentials.

Slack security blog, January 2023

2023 · Microsoft

Over-permissive Azure SAS token exposure

A researcher-shared URL contained an overly broad shared access signature, exposing internal backup and collaboration data.

Cloud storage tokens are machine identities with implicit blast radius. Least privilege and expiry enforcement need continuous inventory.

Microsoft MSRC blog, September 2023

2021 · Codecov

Supply chain script modification

Attackers altered a Bash uploader script for months, exporting CI environment variables that often contained customer API keys and tokens.

Third-party CI tools inherit secrets from every customer pipeline. Supply chain identity risk extends beyond your own repositories.

Codecov security update, April 2021

2023 · Cloudflare

Okta support breach session reuse

Session material from Okta support system exposure was used in an attempt to access Cloudflare administrative accounts.

Downstream identity providers amplify single machine identity failures across the vendor graph.

Cloudflare engineering blog, October 2023

2022 · Uber

Contractor compromise to internal tools

After MFA fatigue on a contractor account, attackers accessed internal SSO and cloud tooling, forcing broad key rotation across services.

Contractor and workforce-adjacent identities often hold paths to service accounts and automation keys with unclear owners.

Uber newsroom security update, September 2022

2022 · LastPass

DevOps secrets in cloud backups

Follow-on access to cloud storage backups exposed DevOps secrets, integration keys, and customer vault material.

Secrets managers do not replace governance. Backup paths and break-glass credentials are machine identities requiring owners and evidence.

LastPass security blog, March 2023

Run the checklist on your footprint

Read-only connect, owner queue, one finding with evidence, audit export sample.

Book a walkthrough