Release Date: 28/06/2026 | Issue: 344
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

SANS Cloud Security Exchange Summit | Aug. 17-18 | San Francisco & Free Live Online
AI is rewriting the cloud security playbook. Join leaders from Anthropic, AWS, Google, Microsoft, SANS, and the cloud security community to explore:
  • Agentic AI and autonomous systems
  • Zero Trust for AI
  • Machine identities and AI governance
  • Autonomous detection and response
Plus a featured discussion bringing AWS, Google Cloud, and Microsoft together on stage.

Save your spot. Free online or in person, Aug. 17โ€“18.

This week's articles


An Introduction to AI Coding Agent Security
NCC Group whitepaper covering security of AI coding agents (Claude Code, Cursor, Codex) as of May 2026. Analyzes permission models, OS-level sandboxing, agent tool attack surfaces, and common vuln classes: workspace trust bypasses, sandbox escapes, permission prompt bypasses, sensitive file overwrites, and indirect prompt injection.


LLMjacking evolved: Attackers are using stolen AI compute to build offensive agentic tools
Sysdig TRT caught a threat actor using a stolen Ollama server to power an autonomous, multi-stage offensive hacking tool.


CloudTrail in CloudWatch isn't very good
After CloudTrail Lake's deprecation, AWS recommends CloudWatch as a replacement. Aidan found the setup confusing, poorly documented, slow (8h+ latency), non-centralised by default, missing key enrichment features (resource tags/global condition keys), and plagued by API errors.


Enterprise-Managed Authorization: Zero-touch OAuth for MCP
The Enterprise-Managed Authorization extension to the Model Context Protocol is now stable, enabling organizations to centrally provision MCP server access through their identity provider so users get connected servers on first login without per-app OAuth.


Some notes on Lambda MicroVMs
Lambda MicroVMs run isolated VMs in seconds (up to 8 hours), support Docker, shell access via CreateMicrovmShellAuthToken, SnapStart-style memory snapshots, VPC network connectors, authenticated inbound HTTP/gRPC/WebSocket, and ~2-second cold starts.


Entra Agent ID: Inside a cross-tenant agent compromise
This article shows how a compromised third-party Entra agent blueprint enables cross-tenant agent identity takeover. An attacker controlling a blueprint can authenticate as any associated agent, escalating to full tenant compromise, mirroring the Midnight Blizzard attack pattern.

Tools


geiger
Detection tells you a key is real; geiger tells you whether it's dangerous.


datadog-saist
Unlike traditional SAST tools that rely solely on parsing and analysis rules, this project uses LLM (e.g. Claude from Anthropic, GPT from OpenAI or Gemini from Google) to find vulnerabilities.


microvm-fun
A sample repo showing Kubernetes running on a fleet of AWS Lambda MicroVMs, and the ability to SSH into MicroVMs.

From the cloud providers


#AWS   Run isolated sandboxes with full lifecycle control: AWS Lambda introduces MicroVM
AWS launches a new serverless compute primitive, AWS Lambda MicroVMs. VM-level, isolated sandboxes with no shared kernel or resources between sessions. Rapid launch and resume, full lifecycle control, state preservation up to 8 hours, no infrastructure to manage.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini