Oasis Security

We're proud to be a sponsor at the GuidePoint Security Identiverse Happy Hour and we couldn't be more excited about our partnership! 🗓️ Date: Tuesday, June 16, 2026 ⏰ Time: 7:00 PM – 9:00 PM PT 📍 Location: Libertine Social (Inside Mandalay Bay) Join us over tacos 🌮 and drinks 🍸 for a relaxed conversation about: ◆ Where Non-Human Identity Management is headed, and how we're thinking about it at Oasis Security ◆ What we're hearing from the Fortune 500 teams we work with ◆ How enterprises are securing the fast-growing Agentic AI attack surface without slowing their teams down Make sure to RSVP through GuidePoint's event page: http://bit.ly/4wxBfyR #Identiverse #NHIM #NonHumanIdentity #AgenticAI #Cybersecurity

It's been a week since we opened the new Midtown office, and it already feels like home. ✨ A little recap of the day, shot and edited by the amazing team at DADA STUDIO. This is just the beginning. Oasis is growing fast and there's never been a better time to join. 💪 Open roles in the first comment ⬇️ #Hiring #NYCJobs #OasisSecurity

“See everything” has become the cybersecurity equivalent of “thoughts and prayers.” The market is flooded with tools that discover machine identities and surface anomalies. Useful? Sure. Sufficient? Not even close. If a compromised credential behaves normally, reactive detection won’t save you. And with AI agents operating autonomously across systems, waiting for anomalies is already too late. The next phase of identity security is proactive governance — controlling the lifecycle of NHIs and AI agents before they become risk. Visibility is the starting line, not the finish line. Read the full blog in the first comment 👇

What does it look like when a website silently hijacks your AI coding agent? The video below shows the cross-origin WebSocket flaw we found in Cline Kanban (CVSS 9.7) in action. We break down how the attack works: ◆ Why the browser lets a malicious site reach localhost in the first place ◆ How the Kanban server accepts the connection without authentication ◆ How that single opening leads to workspace data exfiltration and remote code execution in the AI agent's terminal Reported through coordinated disclosure and fixed in Kanban v0.1.66. Read the full research linked in comments. #𝗔𝗜𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 #𝗔𝗽𝗽𝗦𝗲𝗰 #𝗡𝗛𝗜 #𝗔𝗴𝗲𝗻𝘁𝗶𝗰𝗔𝗜

Oasis Security has a new home in Midtown. 🗽 We didn't go far, just a few blocks from our old office, but the new place has more desks, way more natural light, and finally enough room for everyone. Just a few days ago we brought the whole team together to celebrate in our brand new space. And we're not slowing down. We're scaling and building out an internal US Talent Acquisition team to drive the next phase of growth. SO! If you're a recruiter who's passionate about hiring in a fast-paced environment - we've got a list of openings right now! Link in the first comment ⬇️ Check out a few photos from the big day below, shot by the amazing DADA STUDIO team.

🔻 𝗔𝗻𝘆 𝘄𝗲𝗯𝘀𝗶𝘁𝗲 𝘆𝗼𝘂𝗿 𝗱𝗲𝘃𝗲𝗹𝗼𝗽𝗲𝗿𝘀 𝘃𝗶𝘀𝗶𝘁 𝗰𝗼𝘂𝗹𝗱 𝗵𝗶𝗷𝗮𝗰𝗸 𝘁𝗵𝗲𝗶𝗿 𝗔𝗜 𝗰𝗼𝗱𝗶𝗻𝗴 𝗮𝗴𝗲𝗻𝘁. 🔻 Our research team discovered a critical vulnerability in Cline's kanban server (CVSS 9.7) involving three unauthenticated WebSocket endpoints listening on localhost. By chaining cross-origin WebSocket hijacks against an AI agent running with full developer privileges, an attacker could: ✦ Silently exfiltrate workspace data and git history ✦ Inject commands into the agent's terminal ✦ Kill active agent sessions and disrupt workflows The assumption that "localhost = trusted" is a dangerous oversight. When AI agents inherit SSH keys and cloud credentials, the impact of a trust boundary failure is massive. The fix requires more than just origin validation, it requires governing how agents authenticate and what privileges they inherit. Full technical breakdown by Sagi Layani below. 👇 #AISecurity #CyberSecurity #AIAgents #OasisSecurity

Your vault shows you what's stored. It doesn't show you what depends on it, what breaks if you rotate it, or what's quietly running in code, pipelines, and cloud managers outside the vault entirely. 𝐓𝐡𝐚𝐭'𝐬 𝐭𝐡𝐞 𝐏𝐀𝐌 𝐆𝐚𝐩. 𝐀𝐧𝐝 𝐜𝐥𝐨𝐬𝐢𝐧𝐠 𝐢𝐭 𝐜𝐡𝐚𝐧𝐠𝐞𝐬 𝐰𝐡𝐚𝐭 𝐲𝐨𝐮𝐫 𝐭𝐞𝐚𝐦 𝐜𝐚𝐧 𝐚𝐜𝐭𝐮𝐚𝐥𝐥𝐲 𝐝𝐨. With full context across every consumer, dependency, and downstream system, rotation becomes routine instead of risky. Decommissioning becomes a decision, not a debate. Ownership becomes enforceable. And the secrets sprawling across your environment finally become governable. Oasis Platform is the orchestration layer for your existing vaults, giving you that context so you can govern every non-human identity with the same discipline you give your humans. Swipe through to see how → #NonHumanIdentity #NHI #IdentitySecurity #PAM #PrivilegedAccessManagement #SecretsManagement

𝗧𝗵𝗿𝗲𝗲 𝗾𝘂𝗲𝘀𝘁𝗶𝗼𝗻𝘀 𝗲𝘃𝗲𝗿𝘆 𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗮𝗻𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘁𝗲𝗮𝗺 𝘀𝗵𝗼𝘂𝗹𝗱 𝗯𝗲 𝗮𝗯𝗹𝗲 𝘁𝗼 𝗮𝗻𝘀𝘄𝗲𝗿. 1. Can you 𝗲𝗻𝘂𝗺𝗲𝗿𝗮𝘁𝗲 𝗲𝘃𝗲𝗿𝘆 𝗻𝗼𝗻-𝗵𝘂𝗺𝗮𝗻 𝗶𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝗶𝗻 𝘆𝗼𝘂𝗿 𝗲𝗻𝘃𝗶𝗿𝗼𝗻𝗺𝗲𝗻𝘁, not only what is in the vault? 2. For 𝗮𝗻𝘆 𝗴𝗶𝘃𝗲𝗻 𝘀𝗲𝗰𝗿𝗲𝘁, 𝗱𝗼 𝘆𝗼𝘂 𝗸𝗻𝗼𝘄 𝗲𝘃𝗲𝗿𝘆 𝗰𝗼𝗻𝘀𝘂𝗺𝗲𝗿, 𝘀𝘆𝘀𝘁𝗲𝗺, 𝗮𝗻𝗱 𝗱𝗲𝗽𝗲𝗻𝗱𝗲𝗻𝗰𝘆 𝗰𝗵𝗮𝗶𝗻 attached to it? 3. Could you 𝗿𝗼𝘁𝗮𝘁𝗲 𝗼𝗿 𝗱𝗲𝗰𝗼𝗺𝗺𝗶𝘀𝘀𝗶𝗼𝗻 𝗮𝗻𝘆 𝗡𝗛𝗜 𝘁𝗼𝗱𝗮𝘆 𝘄𝗶𝘁𝗵𝗼𝘂𝘁 𝗿𝗶𝘀𝗸 𝗼𝗳 𝗮𝗻 𝗼𝘂𝘁𝗮𝗴𝗲? If you cannot answer all three, your PAM program has room to grow. Most enterprises now run five to ten secret stores at once, and mandating consolidation rarely works at scale. Cloud-native integrations break. Licensing does not stretch to machine-identity volumes. Developers find ways around the mandate. What was once a configuration problem has become a governance problem PAM was never architected to solve. Our latest blog looks at what the next phase of PAM actually requires: a governance layer that operates above your existing vaults rather than replacing them. Your PAM investments stay where they are. What the layer adds is the unified visibility, enforceable ownership, and lifecycle automation that no single vault can produce on its own. Link in the first comment 👇 #Cybersecurity #NonHumanIdentity #PAM #AgenticAccess

Role-based access ran the world for 30 years. What you could do was defined by who you were. Your job title. Agents don't have a job title. Our CEO and co-founder Danny Brickman sat down with The Inflection Point: Digital Intelligence Podcast, on what breaks when that assumption goes away. The difference between human access and agent access comes down to two things humans have built in, and agents don't. Accountability and boundaries. That's the gap the Oasis Platform was built to close. Watch the clip, and the full episode is linked in comments.

We're thrilled to welcome Michael DeCesare as President of Oasis Security. Michael brings more than two decades of experience scaling cybersecurity companies, most recently as President of Abnormal AI, and previously as CEO of Forescout Technologies Inc. and President of McAfee. AI is reshaping how organizations operate, and access is the foundation it's built on. Oasis is the platform that governs it, the next essential pillar of the security stack. With Michael leading our go-to-market, we're accelerating our mission to help enterprises navigate the era of agentic access. Welcome to the team, Michael.