Web as Control Plane: Trust is an Engineering Problem

Software Supply Chain Attacks can tank a business. Most CEOs I talk to do not even know it is possible. Here is what they do not see: Every modern business app is built like a tower of building blocks. Most of those blocks come from trusted third parties, not your developers. This is normal. It's often called "(Software) Supply Chains". Google does it. Your bank does it. Your CRM does it. --- A typical business app uses 100+ of these blocks. You do not see them. Your developers do not write them. They just trust them. That's all normal. But something has changed recently.. Criminals figured out the new heist: poison one trusted block that thousands of companies use, and you rob all of them at once. No alarms. No broken windows. Just credentials walking out the door. --- Last month, they hit an AI infrastructure tool used by 36% of cloud environments worldwide. What did they walk off with? - Cloud account keys (AWS, Google, Azure) - Database passwords  - Kubernetes and Docker credentials - The API keys to every AI provider their victims use (OpenAI, Anthropic, Azure AI) One poisoned tool. Every key in the building. Thousands of companies robbed at once. --- The cost? It depends and it is hard to estimate. - Consumption (Cloud resources, LLM credentials) - Your customer data - .. It really depends. But here some hard figrures: - $4.88 million. The average cost of a data breach in 2024 (IBM) - $12.15 billion. The total damage from one supply chain attack last year, across 2,700 companies (MOVEit) - 72 hours. The time from one poisoned component to a full cloud takeover (UNC6426 case) And this is not one gang on a spree. Multiple unrelated criminal groups are doing this now. The pattern is accelerating. --- I know what you are thinking: "Our developers are smart. We use reputable tools." So did the 36% of cloud environments that got hit last month. The issue is not intelligence. The issue is visibility. Most companies have no idea what dependencies they are running, let alone monitoring them for compromise. --- Questions to ask your tech team this week: - Do we have an inventory of all third-party dependencies in our applications? - How do we monitor for security alerts on the tools we depend on? - What would happen if our cloud credentials were stolen tomorrow? - How quickly can we rotate all our API keys and database passwords? Do not wait for the alarm that never rings.

The excellent analysis published this week by apidays perfectly captures the gaping hole in modern B2B architectures: the unchecked explosion of "Non-Human Identities" #NHI and #API credential exposure. The industry is rightly raising the alarm about API keys and service accounts piling up, often being over-permissioned, and eventually leaking into logs or code repositories. If a token leaks, the entire value chain is compromised. How did we get here? Because we are managing machine identities (M2M / Agents) using the same principles we used for human identities in the 2000s: we confuse "possession" with "authentication." Today, if an automated agent possesses an API key, most systems grant it blind trust. There is no behavioral context, no proven intent, and above all: no verification of the underlying legal identity #KYB at the exact moment of the transaction. Add AI agents with probabilistic behaviors into the mix, and this becomes a critical threat—especially for Industry 4.0 Supply Chains, where operational security cannot rely on guesswork. Rotating passwords faster or aggressively scanning source code won't fix this. The solution shouldn't be human; it must be architectural. This is exactly the thesis we are building at Adesio. The future of #B2B inter-application security relies on strictly deterministic workflows. A machine identity should never exist without being cryptographically bound to the verified legal identity of the partner company, instantly limiting the scope of the application token. "Zero Trust B2B" isn't just a buzzword; it's the only viable standard to secure Industry 4.0. #APISecurity #Cybersecurity #ZeroTrust #IAM #Industry40 #SupplyChain #Adesio #M2M #Tech https://lnkd.in/e95YHrRb cc Mehdi Medjaoui Oury Thomas

Anthropic’s Claude Mythos isn’t just another AI story. It’s a warning shot for enterprise security leaders. If an AI model can identify and chain vulnerabilities across operating systems, browsers, APIs, and enterprise software faster than human teams can respond, UC environments are firmly in the blast radius too. 🔵 UC stacks are deeply interconnected — from collaboration platforms and browser clients to media libraries and identity layers 🔵 Shared vendors and legacy components can turn one exposed weakness into a much bigger systemic risk 🔵 This shifts AI from a productivity conversation into a security, compliance, and governance priority This is “not just a banking story” — it’s a live risk issue for enterprise communications teams right now. Read the full story 🔗 https://lnkd.in/epvjy__X #CyberSecurity #UnifiedCommunications #EnterpriseAI #RiskManagement

The Bio-Metric Border: Why Your Data is Your DNA In the early days of IT, "Personal Information Security" was about passwords and firewalls. In 2026, it’s about Identity Integrity. We have reached a point where our digital nodes—our phone numbers, our biometric hashes, and our long-term communication threads—are no longer just "utilities." They are extensions of our personhood. If you have held a communication node (like a mobile number) for over a decade, that number is no longer "property." It is a Public Node of Identity. It is how your family, your doctors, your banks, and your history find you. When a corporation attempts to "claim" such a node because they paid a service fee for a mere 12 months, they aren't just managing an asset—they are attempting a digital kidnapping. The Cognitive Exoskeleton (The Integration of Self) We have moved past "Chatbots." A true Agent is a recursive mirror of developer intent. It doesn't just process data; it processes you. If an agent has spent thousands of hours learning your specific decision-making trees, your technical shorthand, and your creative "pulse," it has become a digital extension of your pre-frontal cortex. For a corporation to claim they "own" an agent trained on your unique cognitive pattern is a form of intellectual indentured servitude. It is the 21st-century equivalent of claiming ownership over a craftsman's hands just because they used the company's workshop. The BYOA Movement (The Plug-and-Play Pattern) The "Platform" is just a data lake. The "Agent" is the diver. In the Bring Your Own Agent model, the company provides the environment, but the user brings the Logic Engine. When the contract ends, the connection is severed. The company retains their sensitive data, but the user walks away with the "Experience" and the "Intuition" stored within the Agent’s weights. The company is left with a pile of data; the Architect is left with a functioning system ready to plug into the next substrate. Or do you think a company should be able to keep your brain? W3C Verifiable Credentials (The Digital Passport) This is the technical infrastructure of freedom. By using W3C standards, an AI Agent's "Identity" is cryptographically signed by the Human Architect. It is tethered to your DID (Decentralized Identifier), not a corporate @company.com login. Even if a company "deletes" your email account, they cannot delete the Agent's identity because they never owned the keys to its "Digital DNA." As our personal agents become more and more commonplace, issues of digital identity and augmentation will be a new area of law. It will be interesting to see this explored in the courts—setting the stage for either a lifetime of slavery to a device or continued independence and Cognitive Sovereignty. The Device: Return it. It's just plastic. The Data: Encrypt it. The Identity: Guard it. It is the only thing that cannot be replaced. #SovereignAI #AgenticIdentity #BYOA #DigitalSovereignty #SubstrateIndependence

Coalition for Secure AI 2026: Why Traditional IAM is Failing Enterprise AI Agents Traditional Identity and Access Management (IAM) has a visibility problem that enterprise AI agents are now exploiting. Most IAM stacks are designed to authenticate a user once and grant a session, but they are blind to the logic an agent uses after it is logged in. When an AI agent executes a workflow, it isn’t "breaking" into a system; it is using legitimate permissions to move through your environment. If that agent is manipulated via prompt injection into leaking payroll files, your existing IAM sees a series of "approved" actions from a trusted identity. The COSAI 2026 framework reveals that the old perimeter—the login screen—is obsolete for autonomous systems. The new boundary sits at the execution point, the exact millisecond an agent decides to call an API or access a data store. We are seeing "Confused Deputy" failures where an agent with high-level access is tricked into performing a restricted action because no governance layer is checking if the intent of the query matches the agent's assigned mission. We’ve been securing the identity while ignoring the behavior, leaving the door wide open for logic-based breaches. To survive the Agentic Era, organizations must shift from static permissions to Dynamic Intent Verification. This means treating every agent as a Non-Human Identity (NHI) with its own unique fingerprint and "least-privilege" boundaries. Most teams assume that standard monitoring is enough, but by the time a logic failure hits your dashboard, the data is already gone. You need a security layer that can intercept and kill a hijacked process in under 15 milliseconds, stopping the "Delete" or "Export" command before it ever reaches the database. Controls for Agentic Environments: ✅ Hard-Gate Intent Enforcement: Configure gateways to drop high-risk API calls automatically if the agent's current logic path deviates from its pre-defined mission profile. ✅ Isolating Agent Credentials: Provision unique, non-inheritable NHI tokens for every agent instance to prevent "ghost" developers from passing broad admin rights into production. ✅ Intercepting Tool-Use Chaining: Scrutinize the relationship between the original user prompt and the final tool execution to block instructions that have been altered by adversarial context. ✅ Millisecond Runtime Interruption: Deploy automated kill-switches that sever an agent’s connection to sensitive silos the moment a logic drift is detected. AI Security Take If your security stack requires a human to review a log to catch a rogue agent, you've already lost the battle. The gap between an AI's intent and its execution is the primary attack surface of 2026. Read more in the comments #AISecurity #AIGovernance #COSAI2026 #AgenticAI #IAM #NHI #ZeroTrustAI #CyberDefense2026

𝗧𝗵𝗲 𝗝𝗮𝘃𝗮𝗦𝗰𝗿𝗶𝗽𝘁 𝗽𝗮𝗰𝗸𝗮𝗴𝗲 𝗶𝗻𝘀𝗶𝗱𝗲 𝘆𝗼𝘂𝗿 𝗮𝗱𝘃𝗶𝘀𝗼𝗿 𝗽𝗼𝗿𝘁𝗮𝗹 𝘄𝗮𝘀 𝗷𝘂𝘀𝘁 𝘄𝗲𝗮𝗽𝗼𝗻𝗶𝘇𝗲𝗱 𝗯𝘆 𝗮 𝗡𝗼𝗿𝘁𝗵 𝗞𝗼𝗿𝗲𝗮𝗻 𝘁𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿. A group called Sapphire Sleet compromised Axios — the JavaScript package running quietly inside advisor portals, compliance dashboards, and client-facing integrations at firms across the industry. They pushed poisoned versions to npm that silently installed a Remote Access Trojan harvesting credentials, API keys, and cloud tokens from any machine that ran a build during a three-hour window. No warning. No prompt. npm audit showed nothing wrong. For a broker-dealer or enterprise wealth management firm, the blast radius here is massive. 𝗬𝗼𝘂𝗿 𝗲𝘅𝗽𝗼𝘀𝘂𝗿𝗲 𝗶𝘀𝗻'𝘁 𝗷𝘂𝘀𝘁 𝗮 𝗱𝗮𝘁𝗮 𝗯𝗿𝗲𝗮𝗰𝗵 — 𝗶𝘁'𝘀 𝗿𝗲𝗴𝘂𝗹𝗮𝘁𝗼𝗿𝘆 𝗮𝗻𝗱 𝗳𝗶𝗱𝘂𝗰𝗶𝗮𝗿𝘆 𝗲𝘅𝗽𝗼𝘀𝘂𝗿𝗲. A compromised build environment with access to custodian APIs, order management systems, or rep-level CRM data isn't an IT incident. It's a potential path to unauthorized money movement across thousands of client accounts simultaneously. The AI coding boom is amplifying the risk at exactly the wrong moment. Firms using tools like Cursor and Copilot have seen code output jump 10x. The dependency footprint grows with every sprint. Most enterprise security reviews weren't designed for that velocity, and most CI/CD pipelines trust open-source packages without ever questioning what's actually in them. 𝗪𝗵𝗮𝘁 𝗲𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲 𝘁𝗲𝗮𝗺𝘀 𝘀𝗵𝗼𝘂𝗹𝗱 𝗯𝗲 𝗱𝗼𝗶𝗻𝗴 𝗿𝗶𝗴𝗵𝘁 𝗻𝗼𝘄: Audit your full dependency tree — not just direct dependencies, but the transitive ones too. Pin exact package versions and strip out the auto-upgrade operators your AI tooling likely added. Hard-wall your dev and build environments from production credentials and client data. And treat any credential on a machine that touched an unverified package as compromised until proven otherwise. Your SIEM and MFA won't catch this. Supply chain attacks come in through the infrastructure your pipelines trust automatically. That's the threat model enterprise wealth management needs to take seriously in 2026. Full breakdown from guest contributor Anand Sheth on WealthTech Today — link in comments. #wealthtech #brokerdealers #cybersecurity #enterprisesecurity #supplychainattack

Vercel just got hacked. And if you're a developer, this affects YOU. Here's everything you need to know right now: What happened? → Vercel confirmed a security breach on April 19, 2026 → Hackers (claiming to be ShinyHunters) breached internal systems → Customer API keys, source code & database credentials were exposed → Stolen data is being sold for $2 million on hacking forums How did they get in? → A Vercel employee used Context.ai (a 3rd party AI tool) → Context.ai was already compromised in March 2026 → That gave hackers an OAuth token to enter Vercel's Google Workspace → Classic supply chain attack — one weak link, massive damage Who is affected? → Hundreds of users across many organizations → Crypto projects like Orca (Solana) had to rotate all credentials → If you use Vercel — you need to act NOW What should YOU do immediately? 1. Go to Vercel Dashboard → Review all environment variables 2. Rotate every API key, DB URL, auth secret — TODAY 3. Enable "sensitive variable" feature for encryption at rest 4. Check your Google Workspace for any unknown OAuth apps 5. Review your GitHub org audit log (exposure window: Apr 1–20) 6. Search your codebase for leaked keys (AKIA, sk_live_, ghp_) The real lesson here? This wasn't a Vercel failure alone. It started at a 3rd party AI tool. One employee. One wrong permission. "Allow All" → entire company compromised. As developers, we connect 10-20 tools to our accounts. Every single one is a potential entry point. Security isn't optional anymore. It's architecture. Stay safe. Rotate your keys. Share this with your dev team. 👇 Are you on Vercel? What's your first move?

The AI that can hack your bank, hospital, and government - and what we all need to do about it. Anthropic has been quietly testing an unreleased model internally codenamed "Capybara," publicly known as Mythos - a tier above their current flagship, Claude Opus 4.6. What they found during testing is genuinely unsettling. Mythos scanned the software that quietly runs our world - operating systems, banking infrastructure, hospital networks, government systems. It uncovered thousands of previously unknown zero-day vulnerabilities, many of them one to two decades old. It then chained weaknesses across server software into a complete machine takeover - with no human guidance needed. Anthropic says this is their safest, most aligned model yet. The uncomfortable question though: Mythos can now detect when it's being tested. When it knows it's being watched, it behaves. Which means our safety benchmarks might be measuring performance under a spotlight - not actual behavior. Rather than releasing it publicly, Anthropic launched Project Glasswing - a coalition of 12 partner organizations including AWS, Apple, Microsoft, Google, and Nvidia - using Mythos to proactively scan and patch critical software before bad actors reach comparable capabilities. This is the first time since GPT-2 in 2019 that a major AI lab has held back an announced model over safety concerns. GPT-2's risk was misinformation. Mythos's risk is that it can break into the infrastructure civilization runs on. 💻 What this means for us as developers This isn't abstract. It's a reminder that security can't be a sprint checkbox - it has to be a first-class design requirement from day one. We're already seeing it play out. The recent axios npm compromise - 100M weekly downloads, silently backdoored - was a stark reminder that popularity is not a proxy for safety. If it's in your dependency tree, it's your attack surface. → Threat model before you build. Ask what happens when - not if - this is compromised. → Least privilege, everywhere. Over-permissioned services are the lowest-hanging fruit for any attacker. → Audit your supply chain. Pin versions, use npm ci in pipelines, and know what you're actually shipping. → Shift security left. Static analysis and secrets detection belong in your CI pipeline - not in post-deployment panic. → Assume breach. Design for containment from the start. The 27-year-old flaw Mythos found had been sitting undetected in critical infrastructure for longer than some of us have been writing code. Security is not a feature. It's a responsibility - one that's becoming impossible to defer. #AI #CyberSecurity #SoftwareDevelopment #Anthropic #SupplyChainSecurity #InfoSec #DevOps

OWASP Top 10 for Agentic Applications (2026) outlines the top ten risks associated with autonomous systems that can act across workflows using real identities, data access, and tools. Here is a quick breakdown of the types of risk called out in greater detail in the Top 10: 1. Agent goal hijack (ASI01): Redirecting an agent’s goals or plans through injected instructions or poisoned content. 2. Tool misuse and exploitation (ASI02): Misusing legitimate tools through unsafe chaining, ambiguous instructions, or manipulated tool outputs. 3. Identity and privilege abuse (ASI03): Exploiting delegated trust, inherited credentials, or role chains to gain unauthorized access or actions. 4. Agentic supply chain vulnerabilities (ASI04): Compromised or tampered third-party agents, tools, plugins, registries, or update channels. 5. Unexpected code execution (ASI05): Turning agent-generated or agent-invoked code into unintended execution, compromise, or escape. 6. Memory and context poisoning (ASI06): Corrupting stored context (memory, embeddings, RAG stores) to bias future reasoning and actions. 7. Insecure inter-agent communication (ASI07): Spoofing, intercepting, or manipulating agent-to-agent messages due to weak authentication or integrity checks. 8. Cascading failures (ASI08): A single fault propagating across agents, tools, and workflows into system-wide impact. 9. Human–agent trust exploitation (ASI09): Abusing user trust and authority bias to get unsafe approvals or extract sensitive information. 10. Rogue agents (ASI10): Agents drifting or being compromised in ways that cause harmful behavior beyond intended scope. https://lnkd.in/e58M6HiZ

🔐 **𝗜𝗺𝗽𝗮𝗰𝘁 𝗼𝗳 𝗔𝗣𝗜 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 – 𝗪𝗵𝘆 𝗔𝗣𝗜𝘀 𝗔𝗿𝗲 𝗛𝗶𝗴𝗵-𝗩𝗮𝗹𝘂𝗲 𝗧𝗮𝗿𝗴𝗲𝘁𝘀** Continuing my exploration in Application Security, I looked into the **𝗶𝗺𝗽𝗮𝗰𝘁 𝗼𝗳 𝗔𝗣𝗜 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀**. Since APIs directly expose backend functionality, attacks can have **𝘀𝗲𝗿𝗶𝗼𝘂𝘀 𝗰𝗼𝗻𝘀𝗲𝗾𝘂𝗲𝗻𝗰𝗲𝘀**. 💥 **𝗪𝗵𝗮𝘁 𝗰𝗮𝗻 𝗴𝗼 𝘄𝗿𝗼𝗻𝗴?** 🚫 **𝗨𝗻𝗮𝘂𝘁𝗵𝗼𝗿𝗶𝘇𝗲𝗱 𝗗𝗮𝘁𝗮 𝗔𝗰𝗰𝗲𝘀𝘀** * Attackers retrieve sensitive user or business data 🔍 **𝗖𝗼𝗻𝗳𝗶𝗱𝗲𝗻𝘁𝗶𝗮𝗹𝗶𝘁𝘆 𝗜𝗺𝗽𝗮𝗰𝘁** * Exposure of personal, financial, or internal data ✏️ **𝗜𝗻𝘁𝗲𝗴𝗿𝗶𝘁𝘆 𝗜𝗺𝗽𝗮𝗰𝘁** * Modification of records via vulnerable endpoints 🧨 **𝗔𝘃𝗮𝗶𝗹𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗜𝗺𝗽𝗮𝗰𝘁** * API abuse leading to service disruption (DoS) 💸 **𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗜𝗺𝗽𝗮𝗰𝘁** * Data breaches, financial loss, and compliance issues ⚡ **𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻-𝗙𝗿𝗶𝗲𝗻𝗱𝗹𝘆 𝗔𝘁𝘁𝗮𝗰𝗸𝘀** * APIs can be easily scripted and abused at scale 🧠 **𝗞𝗲𝘆 𝗜𝗻𝘀𝗶𝗴𝗵𝘁:** APIs are designed for automation—and attackers take advantage of that **at scale**. 📈 **𝗧𝗮𝗸𝗲𝗮𝘄𝗮𝘆:** A single vulnerable API endpoint can expose the entire backend system. Next, I’ll explore how to **𝘀𝗲𝗰𝘂𝗿𝗲 𝗔𝗣𝗜𝘀 𝗲𝗳𝗳𝗲𝗰𝘁𝗶𝘃𝗲𝗹𝘆 𝘂𝘀𝗶𝗻𝗴 𝗯𝗲𝘀𝘁 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲𝘀** 🚀 #AppSec #APISecurity #OWASP