This week's articles
An Introduction to AI Coding Agent Security
NCC Group whitepaper covering security of AI coding agents (Claude Code, Cursor, Codex) as of May 2026. Analyzes permission models, OS-level sandboxing, agent tool attack surfaces, and common vuln classes: workspace trust bypasses, sandbox escapes, permission prompt bypasses, sensitive file overwrites, and indirect prompt injection.
CloudTrail in CloudWatch isn't very good
After CloudTrail Lake's deprecation, AWS recommends CloudWatch as a replacement. Aidan found the setup confusing, poorly documented, slow (8h+ latency), non-centralised by default, missing key enrichment features (resource tags/global condition keys), and plagued by API errors.
Enterprise-Managed Authorization: Zero-touch OAuth for MCP
The Enterprise-Managed Authorization extension to the Model Context Protocol is now stable, enabling organizations to centrally provision MCP server access through their identity provider so users get connected servers on first login without per-app OAuth.
Some notes on Lambda MicroVMs
Lambda MicroVMs run isolated VMs in seconds (up to 8 hours), support Docker, shell access via CreateMicrovmShellAuthToken, SnapStart-style memory snapshots, VPC network connectors, authenticated inbound HTTP/gRPC/WebSocket, and ~2-second cold starts.
Entra Agent ID: Inside a cross-tenant agent compromise
This article shows how a compromised third-party Entra agent blueprint enables cross-tenant agent identity takeover. An attacker controlling a blueprint can authenticate as any associated agent, escalating to full tenant compromise, mirroring the Midnight Blizzard attack pattern.
|