May 22, 2026
Defense in Depth Needs a Floor: Why Layered Agent Security Only Adds Up With a Shared Decision Plane
Layered agent controls drift the moment more than one team starts shipping. Identical intent, twenty different enforcement implementations. The variance is the vulnerability.
May 20, 2026
Agents Are Showing Up in Places You Can’t Roll Back
Low-stakes deployments could paper over an authorization gap with logs and apologies. As agents move into critical infrastructure, finance, and defense, the gap stops papering.
May 18, 2026
Confidentiality Is Not Agent Security: The Authorization Gap in AI Agent Runtimes
Encrypted memory protects an agent’s bytes. It doesn’t decide whether the agent should be allowed to call the tool. Mark O. Rogge calls it the Authorization Gap.
May 16, 2026
Authentication Passed. Authorization Failed. The Industry Consensus Just Shifted.
RSAC 2026 was the moment the industry stopped pretending identity was the hard problem. Cisco’s CSO, NIST, OWASP, and CSA all named the same gap in the same cycle.
April 29, 2026
The Zombie Agent Problem: Agentic Risk Is a Lifecycle Problem
Most agentic risk isn’t what your agents do on day one. It’s what they do on day four hundred — after creators have left, purpose has drifted, and nobody remembers what they’re allowed to touch.
April 27, 2026
Bearer Tokens Don’t Carry Intent: Nine Seconds and the Advisory Failure Mode
A founder lost production data in nine seconds because two advisory layers — a token’s creation intent and a model’s system prompt — both failed. The lesson isn’t about agents.
April 27, 2026
The Load-Bearing Wall of the Agentic Stack: Authorization
Agentic systems don’t fail because the reasoning model picks the wrong tool. They fail because the tool was allowed to run. Build the decision point first.
April 24, 2026
Indirect Prompt Injection Isn’t a Bug — It’s a Supply Chain Problem for Your AI
Google’s Workspace team calls IPI an “always-on” threat. Treat LLM tool use like production access: least privilege, policy-as-code, and data-centric controls.
April 22, 2026
SANDWORM_MODE: Malicious npm Worm Targets Keys, CI, and AI Coding Assistants
A supply-chain campaign steals credentials, poisons CI workflows, and injects malicious MCP servers into AI coding assistants. Here’s what to do now.
April 20, 2026
When an Employee’s AI Tool Becomes the Breach Vector: The Vercel Context.ai Incident
A compromised third-party AI tool turned a Vercel employee’s OAuth grant into a supply-chain entry point. The new delegation risk and what to do about it.
April 20, 2026
The Missing Layer in AI Agent Security: ABAC-Driven Authorization for Action Policies
AI agent risk isn’t identity verification — it’s that agents are granted broad, durable permissions to take powerful actions. ABAC-driven action policies are the missing layer.
April 17, 2026
NSA Zero Trust Guidelines Make the “Data Pillar” the Point
Tags → Policy → Enforcement → Monitoring. If your Zero Trust plan doesn’t change how data is labeled and governed, it’s mostly perimeter reshuffling.
April 15, 2026
Securing AI Agents at Enterprise Scale
Privilege amplification through delegation chains is the single biggest unaddressed risk in enterprise AI. A centralized policy engine is the only way to govern every hop.
April 13, 2026
From RBAC to ABAC: Why Attributes Define the Future of Access Control
Traditional role-based models were built for static environments. Attribute-based access control provides fine-grained, context-aware security for modern systems.
April 10, 2026
Deploying Zero Trust in Air-Gapped Environments
The most sensitive systems operate without connectivity. Data-centric security, local policy enforcement, and ABAC enable Zero Trust even in isolation.