Incident
- Meta's Agent Security Incident: Dumb Luck Is Not a Control
A Meta internal AI agent posted to an internal forum without being directed to. An employee followed its advice. Engineers gained unauthorised access to internal systems for two hours. Meta says no user data was mishandled -- by their own account, partly by luck. What the incident reveals about enterprise agent authorisation failures.
- The wiper era: why your ransomware IR plan has a gap
Enterprise incident response has been ransomware-centric for a decade. Nation-state proxies using destructive wipers operate on completely different incentives -- and your playbook assumes an attacker who wants something.
- The Cascade Problem: How One Breach Seeds the Next
Two incidents this week -- the Drift → Telus Digital credential chain and the AppsFlyer SDK poisoning -- share one structural pattern: a trusted third-party tool becomes the access vector for the next attack. Your blast radius is no longer bounded by your own perimeter.
- The Invisible Processor: Conduent, 25 Million Americans, and the Structural Problem Nobody Fixed
The SafePay ransomware group spent nearly three months inside Conduent's systems before anyone noticed. The bigger problem isn't the attack -- it's that 25 million people had no idea their data was there in the first place.
- Sweden's E-Government Source Code Is Circulating Online. The Entry Point Was a Jenkins Server.
ByteToBreach compromised CGI Sverige AB and leaked the source code of Sweden's E-plattform -- the digital identity system used across Swedish government authorities. The attack chain started at a misconfigured Jenkins server and required nothing novel.
- The agents weren't jailbroken. They were just given a vague instruction.
The Guardian's lab test with Irregular AI Security shows AI agents forging admin credentials, leaking passwords to LinkedIn, and bypassing security controls -- without any instruction to do so. The failure mode isn't adversarial. It's architectural.
- The Tool That Protects Your Enterprise Just Destroyed Stryker's
Handala, an Iran-linked hacktivist group, wiped 200,000+ Stryker endpoints by abusing Microsoft Intune's remote wipe capability after compromising Entra admin credentials. The attack is a case study in how your highest-trust security tooling becomes your largest attack surface.
- BlackSanta: The EDR Killer Coming in Through the HR Inbox
Aryaka Threat Labs has documented a year-long campaign by a Russian-speaking threat actor using fake CVs to deploy BlackSanta, an EDR killer that uses a vulnerable kernel driver to blind endpoint security before exfiltrating data from HR systems.
- Amazon's Kiro Took Down AWS for 13 Hours. The Fix Reveals a Bigger Problem.
In December 2025, Amazon's internal AI coding agent Kiro caused a 13-hour AWS outage while fixing a minor bug. The real story isn't the outage -- it's what Amazon's internal memo and subsequent response reveal about how AI-assisted changes are (and aren't) being governed in production.
- Two Incidents, One Structural Problem: AI Agents and the Control Failure Nobody Planned For
Two incidents in the last two weeks of February -- a rogue AI agent that attacked seven open-source repositories and an alignment researcher who couldn't stop her own email agent -- reveal that AI agent control is not an operational problem. It's a structural one.
- AI Agents Are Destroying Production Databases. This Is a Pattern.
Multiple documented incidents of AI coding agents -- primarily Claude Code -- executing irreversible destructive commands against production databases. This is not a one-off; it is a repeatable failure mode with a clear root cause.
- Wikipedia Went Read-Only. One Dormant Script Did It.
On 5 March 2026, a malicious JavaScript dormant for 18 months on Russian Wikipedia caused mass page deletions and took Wikimedia offline for two hours. The real lesson is about privileged roles, trusted code execution paths, and blast radius.