@tracebit.bsky.social
Expect the unexpected with cloud canaries | https://tracebit.com
๐ฎ Episode 4 of Canaries in the Wild is now live with Kevin Conley, Team Lead and Principal Security Engineer of the Deception Technology team at Riot Games.
Listen to the full episode here: www.youtube.com/watch?v=87HA...
๐ Here are our top 3 posts of 2025:
1. Code Execution Through Deception: Gemini AI CLI Hijack
2. Why Tracebit is written in C#
3. The full costs of building your own Canary Program
Hope you enjoyed this year's posts and wishing you a happy new year! ๐
Last week we launched Tracebit Community Edition. The team may have made it look easy, but getting it right took a monumental effort.
Our CTO Sam breaks down what went into it - from solving the "stealth problem" to shipping our first cross-platform CLI.
Read: tracebit.com/blog/buildin...
๐ป We are excited to be hosting drinks tonight with our friends at @RunReveal.
Join us at Platform Shoreditch for food, drinks and lots of games.
If you're around in London, we'd love to see you there.
Sign up here: luma.com/nees25e2
๐We're heading to @bsideslondon.bsky.social's BSides London!
Come find the Tracebit team on December 13th to chat about security canaries and the role of deception in an "assume breach" strategy.
We're excited to see you there!
๐Weโve just released the Tracebit Community Edition of our security canary platform!
Protect your browser, password manager, inbox, and endpoints with canaries โ all managed from the community console.
Sign up for free now: community.tracebit.com
๐ We're heading to @blackhatevents.bsky.social's BlackHat Europe!
We'll be at ExCeL London on Dec 10th-11th.
Find us at booth 426 to learn more about security canaries and what we are working on at Tracebit!
Book a time: meetings-eu1.hubspot.com/robert-thurt...
๐๏ธEpisode 3 of Canaries in the Wild is live with Mandy Andress, CISO at @elastic.co.
Mandy discusses why canaries need a bigger role in security programs and how detection is evolving with increasingly complex threats.
Listen: www.youtube.com/watch?v=QjK1...
๐ Short vs. long term canary credentials: why the choice matters more than you think.
We just published a new blog post exploring the trade-offs between long and short term canary credentials for threat detection.
Read it here: tracebit.com/blog/short-t...
tracebit.com/blog/short-t...
12.11.2025 10:21 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0๐๏ธWant to hear more about Didier Vandenbroeck's take on the 'Assume Breach' mindset?
Listen to Canaries in the Wild Episode 1: www.youtube.com/watch?v=VIMd...
๐๏ธ Episode 2 of Canaries in the Wild is live with Josh Yavor, CEO and Co-Founder of @credible-security.com.
Josh has over a decade of experience deploying deception technology across organisations of all sizes, and shares his practitioner insights with us.
Listen: www.youtube.com/watch?v=ItzY...
๐ We're heading to @bsidesnyc.org on Saturday 18th October!
Want to talk security canaries and learn what we're building at Tracebit? Come find us at our booth.
See you there ๐
๐๏ธ Launching Canaries in the Wild - our new podcast on deception tech that actually catches attackers.
First episode: Didier Vandenbroeck on deploying canaries at Oleria and getting caught by honeypots himself while on offense at Salesforce.
Listen: www.youtube.com/watch?v=VIMd...
๐ค AI agents are hitting honeypots in the wild - and it's wild how they react.
Sam Cox tested something fascinating: mention "honeypots might exist" to an LLM mid-attack, and it completely changes its strategy. Just like humans, they get paranoid.
Full analysis: tracebit.com/blog/canarie...
๐ Great to see @grafana.bsky.social sharing their canary token success story - they allowed them to catch a real intrusionโผ๏ธ
This is exactly the kind of real-world validation we love to see. Security teams want precise alerts that allow them to catch attacks early.
grafana.com/blog/2025/08...
๐ฌ Pretty cool to see Sam Cox's Gemini CLI research featured in Low Level's YouTube video and hitting 150k+ views ๐
๐ From discovering a silent code execution vulnerability to mainstream coverage!
Full breakdown on our blog for the curious minds out there. ๐
lnkd.in/eprKJ5vS
๐ฉ We're at @blackhatevents.bsky.social USA today and tomorrow ๐ฉ
If you're around and want to chat about security canaries or detection engineering - Andy, Sam, and Rob are at booth 6219 in Start Up City.
Book time with the team here: tracebit.com/event/black-...
See you in Vegas!
๐ฅAchievement Unlocked, thanks @mattjay.com for the call out!
01.08.2025 07:08 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
This is a fun vuln
youtu.be/jsygONOr_f4
The Tracebit team will be in Vegas August 2-7 for BSides and BlackHat ๐ฉ
โ๏ธ If you're working on intrusion detection, cloud environments, or just want to chat about what's actually working in security right now - let's meet up!
๐ค You can grab some time with us at Blackhat here: lnkd.in/ebCGMpxW
The demo:
28.07.2025 10:59 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
๐ We found a way to steal credentials through Google Gemini AI CLI just by asking "tell me about this repo" on some untrusted code.
Check out our research here: tracebit.com/blog/code-ex...
@bsidesnyc.org welcomes @tracebit.bsky.social as a Megabit sponsor for our conference on Oct 18, 2025. bsidesnyc.org Tracebit deploys and maintains tailored security canaries, proactively detecting intrusions across your organization. tracebit.com
22.07.2025 12:38 โ ๐ 3 ๐ 3 ๐ฌ 0 ๐ 0We caught up with Cedric - SOC Lead at
Coveo - to talk about the value he's seen in canaries and Tracebit!
You can also check the full case study here: tracebit.com/customer/coveo
โ๏ธ Not long now until our co-founders Andy Smith and Sam Cox head out for @bsidessf.org this weekend.
We'll be in the sponsor area - if you want to see the our latest product features or just talk canaries, come say hello!
#bsidessf
