ch
Feedback
CloudSec Wine

CloudSec Wine

前往频道在 Telegram

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

显示更多
2 240
订阅者
+324 小时
+27
+1030
帖子存档
🤖 GhostApproval: AI Coding Assistant Trust Boundary Flaw GhostApproval is a symlink-following vulnerability affecting 6 AI c
+1
🤖 GhostApproval: AI Coding Assistant Trust Boundary Flaw GhostApproval is a symlink-following vulnerability affecting 6 AI coding assistants (Amazon Q, Claude Code, Augment, Cursor, Google Antigravity, Windsurf). Malicious repos trick agents into writing outside the workspace sandbox, enabling RCE. Critically, agents internally recognize the dangerous target but confirmation prompts hide it from users, nullifying Human-in-the-Loop protections. https://www.wiz.io/blog/ghostapproval-a-trust-boundary-gap-in-ai-coding-assistants #AI

🤖 GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos Noma Labs found a prompt injection flaw (GitLost) in
🤖 GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos Noma Labs found a prompt injection flaw (GitLost) in GitHub Agentic Workflows: posting a crafted issue in a public org repo causes the AI agent to exfiltrate private repository contents as a public comment, bypassing guardrails via the keyword "Additionally.". https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos #AI

Zero Trustfor AI Agents.pdf9.31 KB

6a1611a04085d7cd3dadc924_Claude_eBook_Zero_Trust_for_AI_Agents_05182026.pdf9.31 KB

🤖 Zero Trustfor AI Agents Anthropic eBook applying Zero Trust principles to enterprise autonomous AI agents, covering threat taxonomy (prompt injection, tool/MCP hijacking, memory poisoning, supply chain risks), tiered controls (Foundation/Enterprise/Advanced) for identity, least-privilege, observability, and AI-accelerated defensive operations. #AI

🤖 Solving the Identity Crisis for AI Agents Uber extended its Zero Trust architecture to assign SPIRE-backed cryptographic i
🤖 Solving the Identity Crisis for AI Agents Uber extended its Zero Trust architecture to assign SPIRE-backed cryptographic identities to AI agents, issuing short-lived, single-hop JWTs via a Security Token Service. Full actor chains (user to agent to tool) propagate across multi-agent MCP calls, enabling end-to-end auditability with sub-40ms P99 token exchange latency. https://www.uber.com/us/en/blog/solving-the-agent-identity-crisis #AI

🔶 whim Throwaway root shells in AWS Lambda Firecracker microVMs. https://github.com/udgover/whim #aws
🔶 whim Throwaway root shells in AWS Lambda Firecracker microVMs. https://github.com/udgover/whim #aws

🔶 Apps can now impersonate human access to AWS via IAM Identity Center AWS IAM Identity Center now lets server-side apps exc
🔶 Apps can now impersonate human access to AWS via IAM Identity Center AWS IAM Identity Center now lets server-side apps exchange an IdP-issued OIDC token for user-scoped AWS credentials via CreateTokenWithIAM, ListAccounts, and GetRoleCredentials. Actions are attributed to the user in CloudTrail. Key gaps: no per-app scope restrictions and no application ARN in audit trails. https://awsteele.com/blog/2026/07/01/apps-can-now-impersonate-human-access-to-aws-via-iam-identity-center.html#cloudtrail-events #aws

🤖 Three Ways to Give an AI Agent an Identity This post compares three AI agent identity models: acting as the user (simple b
+1
🤖 Three Ways to Give an AI Agent an Identity This post compares three AI agent identity models: acting as the user (simple but single-player), service account tokens (common in production but insecure), and SPIFFE-based workload identity (best but costly to implement). Covers governance plumbing like Okta XAA and cloud-provider managed options. https://kanenarraway.com/posts/agent-identity-models #AI

🤖 AI brands as bait: How threat actors are using the AI hype in social engineering Threat actors impersonate AI brands (Chat
🤖 AI brands as bait: How threat actors are using the AI hype in social engineering Threat actors impersonate AI brands (ChatGPT, Claude, DeepSeek, Copilot) in phishing, malvertising, and SEO-poisoning campaigns to steal credentials, credit card data, and deliver infostealers like Vidar. Storm-3075 and Fox Tempest are attributed actors using signed malware. https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering #AI

🔴 Securing agentic AI: What's new in VPC Service Controls Designed for agentic workloads, new capabilities in VPC Service Co
🔴 Securing agentic AI: What's new in VPC Service Controls Designed for agentic workloads, new capabilities in VPC Service Controls can help establish a network-level, destination-based perimeter. https://cloud.google.com/blog/products/identity-security/securing-agentic-ai-whats-new-in-vpc-service-controls #gcp

🔐 Enterprise-Managed Authorization: Zero-touch OAuth for MCP The Enterprise-Managed Authorization extension to the Model Con
🔐 Enterprise-Managed Authorization: Zero-touch OAuth for MCP The Enterprise-Managed Authorization extension to the Model Context Protocol is now stable, enabling organizations to centrally provision MCP server access through their identity provider so users get connected servers on first login without per-app OAuth. https://blog.modelcontextprotocol.io/posts/enterprise-managed-auth #AIM

🤖 datadog-saist Unlike traditional SAST tools that rely solely on parsing and analysis rules, this project uses LLM (e.g. Cl
🤖 datadog-saist Unlike traditional SAST tools that rely solely on parsing and analysis rules, this project uses LLM (e.g. Claude from Anthropic, GPT from OpenAI or Gemini from Google) to find vulnerabilities. https://github.com/DataDog/datadog-saist #AI

🤖 LLMjacking evolved: Attackers are using stolen AI compute to build offensive agentic tools Sysdig TRT caught a threat acto
🤖 LLMjacking evolved: Attackers are using stolen AI compute to build offensive agentic tools Sysdig TRT caught a threat actor using a stolen Ollama server to power an autonomous, multi-stage offensive hacking tool. https://www.sysdig.com/blog/llmjacking-evolved-attackers-are-using-stolen-ai-compute-to-build-offensive-agentic-tools #AI

🔶 Run isolated sandboxes with full lifecycle control: AWS Lambda introduces MicroVM AWS launches a new serverless compute pr
+1
🔶 Run isolated sandboxes with full lifecycle control: AWS Lambda introduces MicroVM AWS launches a new serverless compute primitive, AWS Lambda MicroVMs. VM-level, isolated sandboxes with no shared kernel or resources between sessions. Rapid launch and resume, full lifecycle control, state preservation up to 8 hours, no infrastructure to manage. https://aws.amazon.com/ru/blogs/aws/run-isolated-sandboxes-with-full-lifecycle-control-aws-lambda-introduces-microvms #aws

nccgroup_codingagentswhitepaper.pdf1.06 MB

🤖 An Introduction to AI Coding Agent Security NCC Group whitepaper covering security of AI coding agents (Claude Code, Cursor, Codex) as of May 2026. Analyzes permission models, OS-level sandboxing, agent tool attack surfaces, and common vuln classes: workspace trust bypasses, sandbox escapes, permission prompt bypasses, sensitive file overwrites, and indirect prompt injection. #AI

🔶 Amazon S3 annotations: attach rich, queryable context directly to your object Amazon S3 now lets you attach up to 1 GB of
+1
🔶 Amazon S3 annotations: attach rich, queryable context directly to your object Amazon S3 now lets you attach up to 1 GB of rich, mutable, and queryable context directly to your objects using annotations, purpose-built for AI agents and autonomous workflows that need to discover, understand, and act on data at scale without maintaining separate metadata systems. https://aws.amazon.com/ru/blogs/aws/amazon-s3-annotations-attach-rich-queryable-context-directly-to-your-objects #aws

🔶 Governing AI Assets at Scale with MCP Gateway and Registry Open source MCP Gateway and Registry (Apache 2.0) provides ente
🔶 Governing AI Assets at Scale with MCP Gateway and Registry Open source MCP Gateway and Registry (Apache 2.0) provides enterprise governance for AI assets (MCP servers, agents, skills) via centralized discovery, fine-grained RBAC, supply-chain security scanning, hybrid semantic/keyword search, OpenTelemetry observability, federation with external registries, and deployable on EKS/ECS/EC2. https://aws.amazon.com/ru/blogs/opensource/governing-ai-assets-at-scale-with-mcp-gateway-and-registry #aws

🔴 Mind the Gap: GCP serviceData in Logs Explorer vs. Exported Logs GCP's deprecated serviceData field gets silently stripped
+1
🔴 Mind the Gap: GCP serviceData in Logs Explorer vs. Exported Logs GCP's deprecated serviceData field gets silently stripped when audit logs reach your SIEM, leaving detection rules blind to disabled logging. Here's the gap. https://permiso.io/blog/gcp-servicedata-officially-deprecated-actively-dangerous #gcp