Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows.
https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case
#ClaudeCode
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3❤1🔥1
Entra Agent ID is an extension of Entra's application model that provides identities for AI agents. Unlike applications, the agent identity model allows linking a single app registration (blueprint) to multiple identities and their associated privileges, increasing the potential blast radius of a compromised agent.
https://securitylabs.datadoghq.com/articles/agent-id-blueprint-blast-radius
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 local-cloud-browser
Mac-Native AWS GUI, enables you to perform some fundamental actions without a CLI mess.
https://github.com/milan0x/local-cloud-browser
#aws
Mac-Native AWS GUI, enables you to perform some fundamental actions without a CLI mess.
https://github.com/milan0x/local-cloud-browser
#aws
❤1👍1🔥1
Mitiga Labs scanned 50,000+ AI instruction files across 7,000+ repos, finding prompt-exfiltration malware, ANTHROPIC_BASE_URL MITM overrides, YOLO-mode permission bypasses, and 1,230+ hardcoded API keys. They released Skillgate, a free scanner, to detect these techniques.
https://www.mitiga.io/blog/malware-in-ai-instruction-files-skillgate
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
This post explores four vectors for threat actors to abuse Azure Storage to maliciously encrypt victim blobs, including step-by-step explanations and event codes for detection.
https://securitylabs.datadoghq.com/articles/azure-blob-storage-ransomware-four-methods
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔴 Mind the Gap: GCP serviceData in Logs Explorer vs. Exported Logs
GCP's deprecated serviceData field gets silently stripped when audit logs reach your SIEM, leaving detection rules blind to disabled logging. Here's the gap.
https://permiso.io/blog/gcp-servicedata-officially-deprecated-actively-dangerous
#gcp
GCP's deprecated serviceData field gets silently stripped when audit logs reach your SIEM, leaving detection rules blind to disabled logging. Here's the gap.
https://permiso.io/blog/gcp-servicedata-officially-deprecated-actively-dangerous
#gcp
❤1👍1🔥1
🔶 Governing AI Assets at Scale with MCP Gateway and Registry
Open source MCP Gateway and Registry (Apache 2.0) provides enterprise governance for AI assets (MCP servers, agents, skills) via centralized discovery, fine-grained RBAC, supply-chain security scanning, hybrid semantic/keyword search, OpenTelemetry observability, federation with external registries, and deployable on EKS/ECS/EC2.
https://aws.amazon.com/ru/blogs/opensource/governing-ai-assets-at-scale-with-mcp-gateway-and-registry
#aws
Open source MCP Gateway and Registry (Apache 2.0) provides enterprise governance for AI assets (MCP servers, agents, skills) via centralized discovery, fine-grained RBAC, supply-chain security scanning, hybrid semantic/keyword search, OpenTelemetry observability, federation with external registries, and deployable on EKS/ECS/EC2.
https://aws.amazon.com/ru/blogs/opensource/governing-ai-assets-at-scale-with-mcp-gateway-and-registry
#aws
❤2👍1🔥1
🔶 Amazon S3 annotations: attach rich, queryable context directly to your object
Amazon S3 now lets you attach up to 1 GB of rich, mutable, and queryable context directly to your objects using annotations, purpose-built for AI agents and autonomous workflows that need to discover, understand, and act on data at scale without maintaining separate metadata systems.
https://aws.amazon.com/ru/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects
#aws
Amazon S3 now lets you attach up to 1 GB of rich, mutable, and queryable context directly to your objects using annotations, purpose-built for AI agents and autonomous workflows that need to discover, understand, and act on data at scale without maintaining separate metadata systems.
https://aws.amazon.com/ru/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects
#aws
❤1👍1🔥1
NCC Group whitepaper covering security of AI coding agents (Claude Code, Cursor, Codex) as of May 2026. Analyzes permission models, OS-level sandboxing, agent tool attack surfaces, and common vuln classes: workspace trust bypasses, sandbox escapes, permission prompt bypasses, sensitive file overwrites, and indirect prompt injection.
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍2🔥2
🔶 Run isolated sandboxes with full lifecycle control: AWS Lambda introduces MicroVM
AWS launches a new serverless compute primitive, AWS Lambda MicroVMs. VM-level, isolated sandboxes with no shared kernel or resources between sessions. Rapid launch and resume, full lifecycle control, state preservation up to 8 hours, no infrastructure to manage.
https://aws.amazon.com/ru/blogs/aws/run-isolated-sandboxes-with-full-lifecycle-control-aws-lambda-introduces-microvms
#aws
AWS launches a new serverless compute primitive, AWS Lambda MicroVMs. VM-level, isolated sandboxes with no shared kernel or resources between sessions. Rapid launch and resume, full lifecycle control, state preservation up to 8 hours, no infrastructure to manage.
https://aws.amazon.com/ru/blogs/aws/run-isolated-sandboxes-with-full-lifecycle-control-aws-lambda-introduces-microvms
#aws
❤1👍1🔥1
Sysdig TRT caught a threat actor using a stolen Ollama server to power an autonomous, multi-stage offensive hacking tool.
https://www.sysdig.com/blog/llmjacking-evolved-attackers-are-using-stolen-ai-compute-to-build-offensive-agentic-tools
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1
Unlike traditional SAST tools that rely solely on parsing and analysis rules, this project uses LLM (e.g. Claude from Anthropic, GPT from OpenAI or Gemini from Google) to find vulnerabilities.
https://github.com/DataDog/datadog-saist
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
The Enterprise-Managed Authorization extension to the Model Context Protocol is now stable, enabling organizations to centrally provision MCP server access through their identity provider so users get connected servers on first login without per-app OAuth.
https://blog.modelcontextprotocol.io/posts/enterprise-managed-auth
#AIM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
Designed for agentic workloads, new capabilities in VPC Service Controls can help establish a network-level, destination-based perimeter.
https://cloud.google.com/blog/products/identity-security/securing-agentic-ai-whats-new-in-vpc-service-controls
#gcp
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
Threat actors impersonate AI brands (ChatGPT, Claude, DeepSeek, Copilot) in phishing, malvertising, and SEO-poisoning campaigns to steal credentials, credit card data, and deliver infostealers like Vidar. Storm-3075 and Fox Tempest are attributed actors using signed malware.
https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
This post compares three AI agent identity models: acting as the user (simple but single-player), service account tokens (common in production but insecure), and SPIFFE-based workload identity (best but costly to implement). Covers governance plumbing like Okta XAA and cloud-provider managed options.
https://kanenarraway.com/posts/agent-identity-models
#AI
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1