Dashlane

At Dashlane, we rolled out Claude Code and MCP to our 100+ engineers. We needed to move fast, and as a security company, we wanted to keep credentials, secrets, and production systems locked down. We built our setup inside containers to isolate AI tools, with the principle of least privilege, and that gave us a strong environment that was easily adopted by our engineers. This blog post covers our full architecture, tradeoffs, and a checklist for teams going through the same process: https://lnkd.in/eTQBYCWa Co-written with Quentin B.

Work has moved to the browser, but security hasn't kept up. Traditional approaches are failing because they don’t account for where employees actually spend their time. Our CEO, John Bennett, sat down with Information Security Media Group (ISMG) at #RSAC2026 to discuss this critical gap. He explains how AI has transformed phishing from a simple nuisance into a sophisticated, pervasive threat. To thrive in this new era, organizations need proactive intelligence that protects credentials at the point of engagement. Watch the full interview and read the blog for a deep dive into the future of credential protection: https://bit.ly/4tZQtKJ

𝗠𝘆𝘁𝗵𝗼𝘀 𝗰𝗵𝗮𝗻𝗴𝗲𝘀 𝘁𝗵𝗲 𝘀𝗽𝗲𝗲𝗱 𝗼𝗳 𝗮𝘁𝘁𝗮𝗰𝗸𝘀, 𝗻𝗼𝘁 𝘁𝗵𝗲 𝗳𝘂𝗻𝗱𝗮𝗺𝗲𝗻𝘁𝗮𝗹𝘀 On April 7, Anthropic announced Claude Mythos Preview. In internal testing, it found thousands of zero-day vulnerabilities across every major OS and browser, achieved a 72% exploit success rate, and uncovered a 27-year-old OpenBSD vulnerability. We did not yet get access to Mythos, but if we look at what's already happening today: 131 new CVEs disclosed per day in 2025, with an average time-to-exploit of negative one day. Attackers weaponizing vulnerabilities before patches ship. Mythos will accelerate that curve, but did not create it. The attack targets remain the same: credentials, access, and data. What Mythos does is raise the cost of executing your security fundamentals poorly. At Dashlane, our zero-knowledge architecture starts from one premise: assume we will be targeted. All our technical choices have been designed because motivated, well-resourced attackers were always the assumed threat. We did not design this way because of Mythos. I wrote up my perspective on Mythos, including five concrete recommendations for engineering and security team in the following article. https://lnkd.in/eueJXey9

AI and security leaders are currently caught in a high-stakes race to adopt AI without compromising credential integrity. At Staypineapple, VP of IT Robin Koetje is navigating this shift by treating security as the foundation for innovation rather than a barrier to it. From managing high-turnover hospitality staff to defending against AI-driven phishing attacks, the strategy is clear: centralized access management is what allows a team to experiment with AI safely. By pairing Dashlane’s guardrails with a forward-thinking tech stack, Staypineapple is hyper-personalizing the guest experience while ensuring sensitive data stays behind the vault. See how they do it: https://bit.ly/4895WzF

There's no doubt that the role of the CISO has evolved. With the role being increasingly recognized as one that touches every part of the business, the profiles we see today are very different from years past. And that's a good thing! For aspiring CISOs, especially those who cut their teeth in a more technical role, this shift does have implications for what it takes to be successful. Here are a few things to consider: 1. A CISO's core competency is no longer “just” security, it's the business. Your performance is judged not just by how well you secure the business, but by whether you enable it to succeed. 2. Not all CISO gigs are equal. Industry, customer type, geography, product and more can heavily shape what the day to day looks like in the role. 3. Your soft skills are hard skills. Your EQ and communications skills will determine your success more than your ability to break code. I had a blast chatting about this with Matt Alderman, Ben Carr and Jason Albuquerque. Thank you Security Weekly Productions for such a fun discussion and having me on with this dynamic group of hosts! Check out the podcast here: https://lnkd.in/e_ZwkAQr 

Security leaders are weighing in. Dashlane’s new integration with KnowBe4 is closing a critical gap in the modern tech stack: employee credential habits. By pairing Dashlane’s real-time risk detection with KnowBe4’s security training content, you can measurably improve your org’s security posture.

In this interview with TechnoPlanet (Publisher of eChannelNEWS) at #RSAC2026, Dashlane’s CTO Frédéric R. shares how we’re approaching AI in cybersecurity without compromising user privacy. From on-device phishing detection to a stronger partner ecosystem, it’s all about protecting users while staying ahead of emerging risks. ➡️ https://bit.ly/4t9C0M6

𝗪𝗵𝗮𝘁 𝗺𝗮𝗸𝗲𝘀 𝗮 𝘄𝗲𝗯 𝗽𝗮𝗴𝗲 𝘁𝗿𝘂𝘀𝘁𝘄𝗼𝗿𝘁𝗵𝘆? 𝗢𝘂𝗿 𝗔𝗜 𝗽𝗵𝗶𝘀𝗵𝗶𝗻𝗴 𝗱𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗺𝗼𝗱𝗲𝗹 𝗮𝗻𝘀𝘄𝗲𝗿𝘀 𝘁𝗵𝗮𝘁 𝗮𝗰𝗿𝗼𝘀𝘀 𝟳𝟱+ 𝘀𝗶𝗴𝗻𝗮𝗹𝘀 𝗶𝗻 𝘂𝗻𝗱𝗲𝗿 𝗵𝗮𝗹𝗳 𝗮 𝘀𝗲𝗰𝗼𝗻𝗱. Phishing pages have gotten good. AI lets attackers generate convincing sites in minutes. Blacklists and spam filters are not longer enough to catch threats. 🎣 Dashlane's AI anti-phishing model analyzes the structure and behavior of web pages directly in the browser, looking for signals that attackers consistently leave behind even when the visual design looks polished. We built our own proprietary model that runs in the Dashlane extension, maintaining full privacy and never exposing our customer's data or browsing activity. The interesting part is that the model is interpretable. As we train it, we can ask "what gave that phishing site away?" We can audit the model, learn from real attacks, and explain decisions rather than just surface a score. Alisa BARKAR, one of our ML engineers who contributed to the system and recently defended her PhD in AI, published a breakdown of the five strongest signals the model relies on in practice:   1. CSS footprint,   2. page completeness,   3. functional props (fake navigation, empty form actions),   4. stitched-together external resources,   5. and hostname structure.  Each one reflects a corner attackers cut, while building malicious pages at high velocity and scale. A great read for anyone who is interested in applied ML, browser security, or how phishing actually works under the hood. 🧠 👉 https://lnkd.in/et96DHdV #Cybersecurity #MachineLearning #PhishingDetection #SecurityEngineering #Dashlane #AI

Security is only as strong as your weakest link and usually, that link is the employee who hasn't logged into their password manager yet. Dashlane Omnix™ closes that gap. It provides automatic, browser-based protection for every employee, whether they have a Dashlane account or not. No more "unprotected" pockets in your org. 🛡️

🚀 𝐈’𝐦 𝐡𝐢𝐫𝐢𝐧𝐠 𝐚 𝐃𝐢𝐫𝐞𝐜𝐭𝐨𝐫 𝐨𝐟 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐭𝐨 𝐣𝐨𝐢𝐧 𝐨𝐮𝐫 𝐥𝐞𝐚𝐝𝐞𝐫𝐬𝐡𝐢𝐩 𝐭𝐞𝐚𝐦 𝐢𝐧 𝐋𝐢𝐬𝐛𝐨𝐧! We are aggressively expanding our B2B footprint and tackling the complex, high-stakes challenges of enterprise cybersecurity. A massive part of this evolution is Dashlane Omnix, our AI-accelerated intelligent credential security platform. We’re moving beyond traditional password vaults to proactively protect entire organizations against credential breaches, phishing, and human risk. You’ll be at the forefront of our B2B transition. As our product architecture evolves to support enterprise scale, I'm searching for a technical leader to actively driving architectural decisions, mitigating technical risks, shaping roadmaps for products like Omnix, and elevating the stability and security of our core platform. You won't just be managing, you’ll be building a high performance Engineering culture across multiple time zones, while acting as an ambassador for Dashlane, helping us leaving a strong mark on Portugal’s vibrant tech community. If you have a proven track record of managing managers in a fast-scaling distributed environment, and you're excited by the challenge of enterprise scale and B2B security, let's talk. Check out the details and apply below, or drop me a DM if you'd like to chat! 👇 🔗 https://lnkd.in/eddexJuj