This week's articles
Solving the Identity Crisis for AI Agents
Uber extended its Zero Trust architecture to assign SPIRE-backed cryptographic identities to AI agents, issuing short-lived, single-hop JWTs via a Security Token Service. Full actor chains (user to agent to tool) propagate across multi-agent MCP calls, enabling end-to-end auditability with sub-40ms P99 token exchange latency.
Build your own vulnerability harness
Cloudflare details a model-agnostic, multi-stage vulnerability discovery harness and triage system covering 128+ repos. It uses separate models for discovery vs. validation, adversarial agents, SQLite-backed persistence, cross-repo dependency tracing, and automated patching with mandatory human sign-off.
Zero Trustfor AI Agents
Anthropic eBook applying Zero Trust principles to enterprise autonomous AI agents, covering threat taxonomy (prompt injection, tool/MCP hijacking, memory poisoning, supply chain risks), tiered controls (Foundation/Enterprise/Advanced) for identity, least-privilege, observability, and AI-accelerated defensive operations.
I replaced my GitHub runners with Lambda MicroVMs, and maybe you should too
Lambda MicroVMs can absolutely be used as GitHub runners. The primary benefits are customisability of the runners and the fact that they run in your own AWS account. These allow for optimisations you can't do in hosted runners. The downside is that you need to run and maintain your own infrastructure.
GhostApproval: AI Coding Assistant Trust Boundary Flaw
GhostApproval is a symlink-following vulnerability affecting 6 AI coding assistants (Amazon Q, Claude Code, Augment, Cursor, Google Antigravity, Windsurf). Malicious repos trick agents into writing outside the workspace sandbox, enabling RCE. Critically, agents internally recognize the dangerous target but confirmation prompts hide it from users, nullifying Human-in-the-Loop protections.
sigstore.dev and Rekor evolution
Sigstore.dev will keep Rekor v1 as the default signing log to avoid breaking client changes, deferring disruption until PQC migration. Rekor v2 is live in production and opt-in, with support across most official Sigstore clients.
|