Release Date: 12/07/2026 | Issue: 346
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The $50K per hour network downtime dilemma

Network security stakes are high. Like really high. Infrastructure downtime costs teams at minimum $50,000 per hour, according to Business Wire.
Modern network operations are more complex than ever, but the work behind them is still too manual. The result is slower response, more friction, and duplicated effort.
On July 15th, join Tines and Netskope live to learn what “great” actually looks like in secure network operations and get a 5-step roadmap to build your strategy.

Register here.

This week's articles


Solving the Identity Crisis for AI Agents
Uber extended its Zero Trust architecture to assign SPIRE-backed cryptographic identities to AI agents, issuing short-lived, single-hop JWTs via a Security Token Service. Full actor chains (user to agent to tool) propagate across multi-agent MCP calls, enabling end-to-end auditability with sub-40ms P99 token exchange latency.


Build your own vulnerability harness
Cloudflare details a model-agnostic, multi-stage vulnerability discovery harness and triage system covering 128+ repos. It uses separate models for discovery vs. validation, adversarial agents, SQLite-backed persistence, cross-repo dependency tracing, and automated patching with mandatory human sign-off.


Zero Trustfor AI Agents
Anthropic eBook applying Zero Trust principles to enterprise autonomous AI agents, covering threat taxonomy (prompt injection, tool/MCP hijacking, memory poisoning, supply chain risks), tiered controls (Foundation/Enterprise/Advanced) for identity, least-privilege, observability, and AI-accelerated defensive operations.


I replaced my GitHub runners with Lambda MicroVMs, and maybe you should too
Lambda MicroVMs can absolutely be used as GitHub runners. The primary benefits are customisability of the runners and the fact that they run in your own AWS account. These allow for optimisations you can't do in hosted runners. The downside is that you need to run and maintain your own infrastructure.


GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos
Noma Labs found a prompt injection flaw (GitLost) in GitHub Agentic Workflows: posting a crafted issue in a public org repo causes the AI agent to exfiltrate private repository contents as a public comment, bypassing guardrails via the keyword "Additionally.".


GhostApproval: AI Coding Assistant Trust Boundary Flaw
GhostApproval is a symlink-following vulnerability affecting 6 AI coding assistants (Amazon Q, Claude Code, Augment, Cursor, Google Antigravity, Windsurf). Malicious repos trick agents into writing outside the workspace sandbox, enabling RCE. Critically, agents internally recognize the dangerous target but confirmation prompts hide it from users, nullifying Human-in-the-Loop protections.


Coordinated GitHub API enumeration and access token abuse
Datadog Security Research has tracked multiple coordinated campaigns enumerating GitHub organizations, repositories, and users through the public GitHub API, abusing leaked access tokens, and cloning private repositories.


sigstore.dev and Rekor evolution
Sigstore.dev will keep Rekor v1 as the default signing log to avoid breaking client changes, deferring disruption until PQC migration. Rekor v2 is live in production and opt-in, with support across most official Sigstore clients.

Tools


vsix-audit
Security scanner for VS Code extensions.


security-audit-skill
A coding-agent skill for multi-phase security audits with independently verified, machine-readable findings.

From the cloud providers


#AWS   Enforce zero data retention on Amazon Bedrock with Bedrock Projects and service control policies
How to enforce zero data retention on Amazon Bedrock using retention modes, Bedrock Projects for per-workload isolation on the bedrock-mantle endpoint, and SCPs via AWS Organizations to organization-wide block provider_data_share across all accounts.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini