Crestvale Newsroom

Microsoft: AI agents need first-class identities

6 min · I går
episode Microsoft: AI agents need first-class identities cover

Beskrivelse

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] AI agents are no longer just assistants. They are becoming active participants inside systems, with the ability to take actions across tools and services. That shift is forcing a rethink of identity, access, and control. For security and IT leaders, this changes the threat model. Agents introduce new forms of privilege escalation, cross-system risk, and audit gaps that traditional identity frameworks were not built to handle. At the same time, regulatory pressure and real-world breaches are reinforcing that weak identity controls remain the easiest path for attackers. This episode also covers the CMMC audit pause and why liability remains, new developments tied to Scattered Spider, and Google's move into AI-driven app execution. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

Kommentarer

0

Vær den første til å kommentere

Registrer deg nå og bli medlem av Crestvale Newsroom sitt community!

Prøv gratis

Prøv gratis i 14 dager

99 kr / Måned etter prøveperioden. · Avslutt når som helst.

  • Eksklusive podkaster
  • 20 timer lydbøker i måneden
  • Gratis podkaster

Alle episoder

175 Episoder

episode Microsoft: AI agents need first-class identities cover

Microsoft: AI agents need first-class identities

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] AI agents are no longer just assistants. They are becoming active participants inside systems, with the ability to take actions across tools and services. That shift is forcing a rethink of identity, access, and control. For security and IT leaders, this changes the threat model. Agents introduce new forms of privilege escalation, cross-system risk, and audit gaps that traditional identity frameworks were not built to handle. At the same time, regulatory pressure and real-world breaches are reinforcing that weak identity controls remain the easiest path for attackers. This episode also covers the CMMC audit pause and why liability remains, new developments tied to Scattered Spider, and Google's move into AI-driven app execution. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

I går6 min
episode CISA: SharePoint exploits active, patching lags cover

CISA: SharePoint exploits active, patching lags

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Active SharePoint exploitation with delayed patches is exposing a growing gap between vulnerability discovery and real world remediation. At the same time, identity is expanding beyond humans, and patching volume is accelerating beyond what most teams can handle. This episode breaks down why these shifts matter now. If attackers are exploiting before fixes arrive, your defenses have to operate in that window. And as machine and agent identities grow, traditional access control models are starting to fail. The result is a security environment that is faster, more complex, and less forgiving of delay. We also cover new funding around identity control planes, a record-breaking patch cycle from Microsoft, and a major milestone in post-quantum cryptography standardization. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

16. juli 20265 min
episode PBAC turns authorization into AI agent control cover

PBAC turns authorization into AI agent control

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Authorization is moving from a background function to the control plane for AI systems. As agents take on more actions inside production environments, real time policy enforcement is becoming the difference between safe scale and silent data exposure. For security and IT leaders, this shift forces a rethink of how access is defined and enforced. Identity alone is no longer enough. You need fast, centralized authorization that can evaluate context across humans, services, and AI agents without slowing systems down. We also cover router compromises tied to weak configurations, lessons from CISA's GitHub secrets leak, and why Cribl is betting on detection engineering as the next battleground. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

15. juli 20265 min
episode Fake OAuth client IDs hide Entra recon cover

Fake OAuth client IDs hide Entra recon

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Attackers are finding ways to probe identity systems without triggering alerts, and that changes how exposure builds inside modern environments. The latest activity in Microsoft Entra shows how credential validation and user enumeration can happen quietly, without the signals most teams rely on. For security and IT leaders, this shifts the focus from login events to pre-auth activity and missing context in logs. It also reinforces how identity, infrastructure, and internal systems like messaging brokers are tightly connected. When one layer fails, it creates new paths for access and escalation. We also cover a RabbitMQ flaw that exposed OAuth secrets, a forced shutdown of ShareFile on-prem components, and new joint cyber sanctions from the UK and EU targeting operator-level actors. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

14. juli 20266 min
episode Gitea Docker auth bypass exploited in wild cover

Gitea Docker auth bypass exploited in wild

Send us Fan Mail [https://www.buzzsprout.com/2602483/fan_mail/new] Today's episode focuses on a pattern that keeps repeating: when identity breaks, everything behind it is exposed. A Gitea configuration flaw allows full account impersonation, UniFi vulnerabilities open paths to remote code execution, and a breach claim highlights the real value of stolen tokens over raw data. For security and IT leaders, this is about control of trust boundaries. Defaults can collapse authentication. Management planes remain high-risk targets. And long-lived credentials continue to expand blast radius when incidents happen. At the same time, AI agents are changing traffic patterns in ways that make traditional monitoring less reliable, forcing teams to rethink what "normal" even means. We also cover new funding in private AI infrastructure, rising ransomware activity, governance shifts, and national-scale monitoring expansion. Learn more at https://crestvale.io Support the show [https://www.buzzsprout.com/2602483/support]

13. juli 20266 min