Enclave | Blog

An ornate golden gate opening wide as tiny figures with lanterns spread out across a vast teal landscape, representing expanding security work

Jevons Paradox for Cybersecurity

When powerful tools get cheaper, people do more work, not less. The same dynamic that grew marketing jobs fivefold is about to hit cybersecurity, and the field is going to get bigger, not smaller.

Tal HoffmanApril 15, 2026

A shadowy figure holds a glowing golden key and walks through an open arch while two others remain sealed — representing stolen integration tokens granting access

Your Data Warehouse Is Only as Secure as the Analytics Tool Connected to It

ShinyHunters breached Anodot and used stolen integration tokens to access dozens of Snowflake environments. No Snowflake vulnerability required. The trust architecture that connects modern SaaS stacks is fundamentally fragile.

EnclaveApril 13, 2026

A golden lantern illuminates hidden cracks in dark stone walls, representing AI revealing unknown vulnerabilities

What Project Glasswing Signals for Cybersecurity, Even If You're Skeptical

Anthropic's Project Glasswing and Claude Mythos raise real questions about what AI-powered vulnerability research means for defenders, attackers, and the organizations caught in between.

Tal HoffmanApril 12, 2026

Reversed telescope leaking data representing observability tools weaponized for exfiltration

Your Observability Stack Just Became an Attack Surface

GrafanaGhost chains three bypasses to silently exfiltrate enterprise data through Grafana's AI assistant. No credentials, no trace, no SIEM alerts. Here's why traditional tools miss it entirely.

EnclaveApril 8, 2026

Dissolving chain-link fence representing security rules that stop enforcing

Claude Code's Deny Rules Stop Working After 50 Commands. The Fix Was Already Written.

Anthropic hard-coded a 50-subcommand analysis cap in Claude Code's security engine. Above that threshold, deny rules stop firing silently. The fix was already written and tested in their codebase. It was never shipped to customers.

EnclaveApril 7, 2026

Parasitic vine strangling its host representing social engineering trust exploitation

North Korea Stole $285M From a DeFi Protocol. The Attack Started With a Handshake.

Drift Protocol lost $285 million to a North Korean state group that spent six months building trust in person. Here is how the operation worked and what it means for every company that takes meetings with external partners.

EnclaveApril 6, 2026

Grand curtained archway with thousands of portals representing cosmetic security controls

Microsoft Says It's "By Design." 25,000 Azure API Portals Say It's a Problem.

Azure APIM's "disable signup" toggle is cosmetic. The API endpoint stays open. 97.9% of 25,000+ portals are still exploitable. Microsoft says it's by design.

EnclaveApril 6, 2026

Fortified door with exposed hinges representing SSO misconfiguration

Your SSO Is Only as Secure as the Endpoint That Configures It

CVE-2026-30823 shows how enterprise SSO can be bypassed by attacking the unauthenticated API endpoint that controls login configuration, not the login protocol itself.

EnclaveApril 6, 2026

Security's Blindspot & The Last Mile of Shipping Software

Software security is solving the wrong problem. Enclave is launching from stealth with $6M to build the independent reviewer for the AI era of software.

Tal Hoffman, Dvir Segev, Yanir TsarimiMarch 26, 2026