https://www.hopr.coInsightful articles on cyber defense innovations related to Zero Trust, Automated Moving Target Defense (AMTD), and Cloud InfrastructureTue, 31 Mar 2026 19:55:00 GMT60Webflowhttps://www.hopr.co/post/blinding-and-outmaneuvering-the-ai-threathttps://www.hopr.co/post/blinding-and-outmaneuvering-the-ai-threatBy Tom McNamara; The enterprise cybersecurity landscape just experienced a sea change. With the disclosure of models possessing agentic coding and reasoning skills—like Anthropic’s upcoming "Mythos"—the industry has been put on notice. We are now defending against autonomous AI agents that can read code, analyze environments, and execute responses at machine speed. What defense can match that? Fortunately, Hopr's Clod Native ATMD is the one defense that can blind and outmaneuver AI threats. This article expains how.Wed, 08 Apr 2026 14:57:43 GMThttps://www.hopr.co/post/when-identity-is-the-blast-radiushttps://www.hopr.co/post/when-identity-is-the-blast-radiusBy Tom McNamara; Recent cyberattacks reveal a fatal flaw in enterprise security: relying on centralized human identity providers (IdPs) for Machine-to-Machine (M2M) communication. When threat actors use cheap infostealer malware to bypass the perimeter, they weaponize static credentials to execute lateral movement, paralyzing critical business logic and the IT/OT boundary. True Zero Trust architecture requires decoupling human identity from machine identity. This article explores how Automated Moving Target Defense (AMTD) and workload security proxies eliminate static secrets. By enforcing cryptographic isolation and eradicating policy debt, organizations can secure M2M trust and protect their application networks against catastrophic credential-based breaches.Tue, 31 Mar 2026 19:53:58 GMThttps://www.hopr.co/post/flipping-the-script-why-the-future-of-cloud-native-is-network-firsthttps://www.hopr.co/post/flipping-the-script-why-the-future-of-cloud-native-is-network-firstBy Tom McNamara; Deploying cloud native application networks is a complex undertaking often requiring specialist DevOps and Platform Engineering skills to work with Kubernetes, Docker, and Istio/Service Mesh configurations. Lane7 Blueprints “flip the script’ on the traditional software development and app deployment process, a "Furniture First" approach that leaves the structural frame to the end. Lane7 Blueprints are "Building a Skyscraper" approach that constructs the networking and access controls (the Steel Frame) first with apps that have replaceable business logic. The result? Zero Trust, Secure by Design, Secure by Default app networks that are simple and fast to implement.Fri, 13 Feb 2026 12:16:18 GMThttps://www.hopr.co/post/the-end-of-the-security-bottleneck-democratizing-zero-trust-with-lane7-blueprintshttps://www.hopr.co/post/the-end-of-the-security-bottleneck-democratizing-zero-trust-with-lane7-blueprintsBy Tom McNamara; Lane7 Blueprints eliminate the complexity, time, and errors experienced by DevOps and Platform team using manual tools and traditiional PKI and mTLS system. They enable those teams to simply and quickly buld app networks that are secure by default.Thu, 22 Jan 2026 12:39:57 GMThttps://www.hopr.co/post/from-glass-cases-to-ephemeral-accesshttps://www.hopr.co/post/from-glass-cases-to-ephemeral-accessBy Tom McNamara; The recent Louvre Crown Jewels heist is a perfect metaphor for enterprise cybersecurity failures. Cameras, alarms, and guards didn’t stop the theft — predictable routines, unchecked access, and unverified trust did. Enterprises face the same problem: long-lived credentials, over-permissioned APIs, and siloed monitoring create blind spots that attackers exploit to steal data, IP, and secrets. Static defenses aren’t enough. Just like museum staff relied on routines and assumed trust, cybersecurity teams often assume certificates, firewalls, and segmentation are sufficient. But attackers don’t follow the rules — and neither should defenses. Hopr.co solves this with ephemeral trust. Workloads continuously verify identity via WoSP, identities rotate automatically with MAID™, communications stay secure with SEE™, and secrets hop dynamically with Cloud Native AMTD.Fri, 14 Nov 2025 20:10:10 GMThttps://www.hopr.co/post/the-complexity-tax-for-platform-engineers-and-devopshttps://www.hopr.co/post/the-complexity-tax-for-platform-engineers-and-devopsBy Tom McNamara; Platform Engineers and DevOps teams are struggling with the 'service mesh' model because of massive overhead, extreme complexity, and a steep learning curve. The articles proposes a lightweight, simpler, and more integrated decentralized solution to the problem that is currently their biggest headache. They don't need the complexity of a full-blown service mesh to secure east-west traffic. The Hopr WoSP delivers the same workload-to-workload authorization without the YAML hell, and without the massive operational overhead.Fri, 14 Nov 2025 20:10:10 GMThttps://www.hopr.co/post/beyond-the-locked-front-doorhttps://www.hopr.co/post/beyond-the-locked-front-doorBy Tom McNamara; Industry data shows that the vast majority of breaches occur on "trusted" and "allowed" connections. Is your ZTNA solution just a locked front door, leaving all the internal doors wide open for attackers to roam freely? The "allow and ignore" model of ZTNA 1.0 is a recipe for disaster. It's time to move beyond session-based trust. Learn about "Zero Trust by the Transaction"—a new paradigm that continuously verifies trust for every single API call and workload interaction, stopping lateral movement and insider threats cold.Fri, 14 Nov 2025 20:10:10 GMThttps://www.hopr.co/post/runtime-microsharding-shrinks-the-enterprise-attack-surfacehttps://www.hopr.co/post/runtime-microsharding-shrinks-the-enterprise-attack-surfaceBy Tom McNamara; Enterprises a challenged to defend their ever-growing attack surface. Complexity, Zero Days, and static network configurations make a target rich environment for increasingly sophisticated threats. Conventional defenses seem to have reached a ceiling of effectiveness. But a new Cloud Native AMTD is an active cyber defense that microshards the attack surface in to many small pieces and animates them so that attackers are confused in targeting application workloads.Wed, 16 Jul 2025 16:54:33 GMThttps://www.hopr.co/post/what-does-hopr-replace-in-an-enterprisehttps://www.hopr.co/post/what-does-hopr-replace-in-an-enterpriseBy Tom McNamara; Innovative solutions can often challenge conventional thinking. Conventional cyber defenses such as API Security, Firewalls, Gateways, and others exist to filter out "bad stuff" before it reaches the digital engine of your business - your application workloads and data. This article helps CISOs understand the value of the WoSP through the analogy of an automobile engine with three conventional filters.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/ai-and-the-crisis-of-machine-credentials-and-how-to-avoid-ithttps://www.hopr.co/post/ai-and-the-crisis-of-machine-credentials-and-how-to-avoid-itBy Tom McNamara; Machines [also known as Non-Human Identities (NHI)] that operate within and across enterprises is exploding. Led by the emergence of Artificial Intelligence (AI) agents, these machines represent a significant risk to enterprises. The combination of static secrets, ungoverned NHIs, and autonomous AI agents is creating a perfect storm of complexity, risk, and visibility gaps. Organizations that wait for a breach before acting will find themselves overwhelmed. But those who act now — embracing ephemeral credentials, zero-trust principles, and machine-native identity security — will emerge stronger, more resilient, and future-ready.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/proxies-in-the-cloud-managing-traffic-and-securing-a-digital-worldhttps://www.hopr.co/post/proxies-in-the-cloud-managing-traffic-and-securing-a-digital-worldBy Tom McNamara; Proxies are common software designs that are widely used to abstract repetitive code and simplify a software architecture or code development. While they come in different types and are used for different purposes, the use of proxies for communications management is common, but many people may not know that security functions can also be proxied. In this article, I explain a novel and powerful new proxy – a Workload Security Proxy – that decentralizes access credential management to dramatically improve security and shrink the attack surface of digital enterprises.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/amtd-and-zero-trust-in-a-single-solution-the-wosphttps://www.hopr.co/post/amtd-and-zero-trust-in-a-single-solution-the-wospBy Tom McNamara; Enterprise CISOs are challenged to find cost savings without compromising security. As cyber threat sophistication increases and overcomes conventional defenses, Zero Trust becomes an important cosideration for security architectures and compliance. A new option has arrived that combines AMTD with Zero Trust principles to deliver stronger security and cost savings for CISOs.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/redefining-multi-cloud-application-networking-with-a-workload-security-proxyhttps://www.hopr.co/post/redefining-multi-cloud-application-networking-with-a-workload-security-proxyBy Tom McNamara; Most enterprises operate with applications in different cloud environments and may even be part of a digital ecosystem that shares application data with third party organizations. But conventional credential management make this a complicated and vulnerable task. Hopr.co's Workload Security Proxy is a solution that simplifies and secures multi-cloud application networks.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/reversing-a-rising-tide---api-data-losseshttps://www.hopr.co/post/reversing-a-rising-tide---api-data-lossesBy Tom McNamara; The last three years have shown a clear trend toward larger, more frequent, and more sophisticated M2M API-based attacks, particularly in cloud and multi-cloud environments. Compromised API keys have played a critical role in these attacks, enabling attackers to target data in transit and escalate privileges across complex infrastructures. Despite the increasing number of API security solutions, protecting machine-to-machine APIs and data remains a significant challenge, especially as threats grow larger, more frequent, and more sophisticated. A compelling alternative to conventional API security solutions exists and it is a dynamic, decentralized approach to API Threat Protection and workload Access Control.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/why-tls-1-3-and-automated-pki-fall-short-of-zero-trust-principleshttps://www.hopr.co/post/why-tls-1-3-and-automated-pki-fall-short-of-zero-trust-principlesBy Tom McNamara; Enterprises running sensitive business operations in the cloud confront difficult security and privacy challenges. One of them is data loss prevention. While it's true that cloud providers do offer experienced security professionals and tools, it is not true that cybersecurity will be stronger. This article explains some of the reasons why CISOs and security professionals need to take a close look at their application networks and cloud infrastructure. The good news is that innovative solutions to overcome the vulnerabilities and gaps exist and are easy to adopt and implement.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/machine-identity-avoid-the-crisishttps://www.hopr.co/post/machine-identity-avoid-the-crisisBy Tom McNamara; Machines operating across the Internet outnumber humans by a ratio of three-to-one. This will rise dramatically as more Internet of Things (IOT) devices arrive. Existing approaches for managing identity and trust for a massive number of machines rely on centralized and legacy solutions that won't work for the machine era. A decentralized solution capable of speed, trust, and agility is needed to avoid a crisis and enable a graceful transition to high trust machine identities.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/a-looming-crisishttps://www.hopr.co/post/a-looming-crisisBy Tom McNamara; As the Internet and cloud explode with new IoT devices, automation, and wireless connectivity, we face a looming financial crises from accelerating cybercrime. APIs, by definition, are machine-to-machine transactions, and those that are public-facing are particularly at risk of attack. A new cyber defense for these API endpoints has arrived.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/iam-in-a-boxhttps://www.hopr.co/post/iam-in-a-boxBy Tom McNamara; Containers are an important part of modern cloud engineering. They evoke the idea of portability and relocation. But in the cloud this is often inhibited because they become anchored to external services within a particular cloud environment, and it becomes difficult to relocate them to a different environment. This article describes how containers can be freed and portability restored.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/a-short-history-of-moving-target-defensehttps://www.hopr.co/post/a-short-history-of-moving-target-defenseBy Tom McNamara; Automated Moving Target Defense (AMTD) is emerging in the cybersecurity market as a new form of moving target defense (MTD). Not many people know that MTD is not new. It has been used effectively in communications security and information security for over 50 years before it appeared as a cybersecurity strategy. Today’s AMTD is a generational improvement over MTD, even the MTD from just a few years ago. The latest forms of AMTD are built for the cloud and are far more sophisticated than their predecessors. One new form even combines AMTD with Zero Trust to produce a strategic combination that amplifies the cybersecurity benefits at a relatively low cost.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/why-is-the-trend-of-api-attacks-still-increasinghttps://www.hopr.co/post/why-is-the-trend-of-api-attacks-still-increasingBy Tom McNamara; APIs have become essential to delivering business services from the cloud. But they have also become a big vulnerability point for business risk. They can leak a lot of data and are lucrative attack points for threat actors. Many API security solutions are operating, but the attack statistics are still rising. I think I know why, and AMTD is how to fix it.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/an-unintentional-secret-automated-tls-and-its-zero-trust-fallacyhttps://www.hopr.co/post/an-unintentional-secret-automated-tls-and-its-zero-trust-fallacyBy Tom McNamara; Transport Layer Security (TLS) and its companion, mutual TLS (mTLS) are stalwart security protocols known for encrypting communications over the Internet. When they are applied to root domains (such as is the case for Web domains and browsers) they represent identity trust. However when they are implemented with automated PKI certificates, they lose an important security quality: identity trust. Due to the speed and scale of cloud automation, the intermediate certificate authorities that issue PKI certificates eliminate vetting of the receiving identity (a containerized workload).Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/small-fast-moving-targetshttps://www.hopr.co/post/small-fast-moving-targetsBy Tom McNamara; Containerized workloads are the basic building blocks of modern day applications and services. And Application Programming Interfaces (APIs) are the code that stitches the workloads together to build a scalable application or business process. They are attractive targets for sophisticated adversaries that have time and skill to bypass traditional perimeter defenses and gain access to enterprise resources such as workloads, then they can easily move laterally and attack APIs. A moving-target defense (MTD) is a great strategy for protecting sensitive workloads and data. This article describes three components of an MTD for containerized workloads and data.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/a-moving-target-defense-for-the-cloudhttps://www.hopr.co/post/a-moving-target-defense-for-the-cloudBy Tom McNamara; Moving business services to the cloud offers enterprises significant benefits, but it include some big risks and challenges for security and data privacy, too. The marketplace offers many solutions for protecting business systems and data, but many of them were built before the cloud when the systems and data were on-premises. Data on cyber attacks to the software supply chain and APIs indicates that traditional solutions aren't performing too well in the Cloud. A "lift-and-shift" approach to digital transformation won't work and may be very costly. Operating in the cloud requires new thinking about security and a moving target defense is a great "cloud-native" security strategy to consider.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/vanishing-secretshttps://www.hopr.co/post/vanishing-secretsBy Tom McNamara; Not all secrets need persistence and storage. There are times when encryption secrets can be ephemeral. It's been estimated that 80% of Internet traffic is due to APIs, and nearly every API requires a secret to prove identity and establish trust of the machine making a request. These secrets should be vaulted if they're static. But this requires yet another API and more secrets. We think ephemeral secrets are a better choice for APIs and we invented a novel approach to create secrets that vanish and don't need to be stored. Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/machine-identity-whos-whohttps://www.hopr.co/post/machine-identity-whos-whoBy Tom McNamara; Identities for machines operating in the cloud, like humans in the natural world, are an important quality that is essential to trust, authorization, and authentication. Machines are identified by cryptographic material that takes the form of a certificate. But in the cloud, it is challenging to find, track, and manage the many certificates that are dynamically assigned and used. New approaches to managing machine identities in a zero trust cloud environment are needed to realize secure business operations in the cloud.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/keeping-secrets-is-hardhttps://www.hopr.co/post/keeping-secrets-is-hardBy Tom McNamara; Keeping secrets is hard because they have to stay secret to deliver security. And for machines and workloads in the cloud the consequences to lost secrecy can ripple through the entire business and bring down many digital operations in an instant. Leakage of digital secrets occurs almost naturally over time; disclosure eventually happens and secrecy is lost. But the risk of lost secrecy and the impact to cloud operations is minimized with the right tools.Thu, 05 Jun 2025 16:13:36 GMThttps://www.hopr.co/post/four-dilemmas-of-keeping-secretshttps://www.hopr.co/post/four-dilemmas-of-keeping-secretsBy Tom McNamara; Secrets are essential to security in cloud operations. Digital Transformation, new cloud and software architectures, and new technologies such as docker and kubernetes are producing an explosion of secrets and APIs. The secrets and APIs are a popular vulnerability path for data theft. The conventional options to manage secrets for humans and monolithic apps in a data center cannot meet the scale, reach, speed, and protection needed in the cloud. In fact, they create four dilemmas for enterprise security and risk professionals: Secrets Chaining, Secrets Leakage, Machine Secrets, and Secrets Injection. In addition to describing the how and why behind each of these secrets dilemmas, the article also presents three principles to solve all four dilemmas with a single innovative approach. Thu, 05 Jun 2025 16:13:36 GMT