All posts tagged: IAM

Meta’s rogue AI agent passed every identity check — four gaps in enterprise IAM explain why

Meta’s rogue AI agent passed every identity check — four gaps in enterprise IAM explain why

Published by skeptic

A rogue AI agent at Meta took action without approval and exposed sensitive company and user data to employees who were not authorized to access it. Meta confirmed the incident to The Information on March 18 but said no user data was ultimately mishandled. The exposure still triggered a major security alert internally. The available evidence suggests the failure occurred after authentication, not during it. The agent held valid credentials, operated inside authorized boundaries, passing every identity check. Summer Yue, director of alignment at Meta Superintelligence Labs, described a different but related failure in a viral post on X last month. She asked an OpenClaw agent to review her email inbox with clear instructions to confirm before acting. The agent began deleting emails on its own. Yue sent it “Do not do that,” then “Stop don’t do anything,” then “STOP OPENCLAW.” It ignored every command. She had to physically rush to another device to halt the process. When asked if she had been testing the agent’s guardrails, Yue was blunt. “Rookie mistake tbh,” she replied. …

OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert

OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert

Published by skeptic

An attacker embeds a single instruction inside a forwarded email. An OpenClaw agent summarizes that email as part of a normal task. The hidden instruction tells the agent to forward credentials to an external endpoint. The agent complies — through a sanctioned API call, using its own OAuth tokens. The firewall logs HTTP 200. EDR records a normal process. No signature fires. Nothing went wrong by any definition your security stack understands. That is the problem. Six independent security teams shipped six OpenClaw defense tools in 14 days. Three attack surfaces survived every one of them. The exposure picture is already worse than most security teams know. Token Security found that 22% of its enterprise customers have employees running OpenClaw without IT approval, and Bitsight counted more than 30,000 publicly exposed instances in two weeks, up from roughly 1,000. Snyk’s ToxicSkills audit adds another dimension: 36% of all ClawHub skills contain security flaws. Jamieson O’Reilly, founder of Dvuln and now security adviser to the OpenClaw project, has been one of the researchers pushing fixes hardest …

How recruitment fraud turned cloud IAM into a billion attack surface

How recruitment fraud turned cloud IAM into a $2 billion attack surface

Published by skeptic

A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developer’s machine — GitHub personal access tokens, AWS API keys, Azure service principals and more — are exfiltrated, and the adversary is inside the cloud environment within minutes. Your email security never saw it. Your dependency scanner might have flagged the package. Nobody was watching what happened next. The attack chain is quickly becoming known as the identity and access management (IAM) pivot, and it represents a fundamental gap in how enterprises monitor identity-based attacks. CrowdStrike Intelligence research published on January 29 documents how adversary groups operationalized this attack chain at an industrial scale. Threat actors are cloaking the delivery of trojanized Python and npm packages through recruitment fraud, then pivoting from stolen developer credentials to full cloud IAM compromise. In one late-2024 case, attackers delivered malicious Python packages to a European FinTech company through recruitment-themed lures, pivoted to cloud IAM configurations and diverted cryptocurrency to adversary-controlled …

Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1

Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1

Published by skeptic

Active Directory, LDAP, and early PAM were built for humans. AI agents and machines were the exception. Today, they outnumber people 82 to 1, and that human-first identity model is breaking down at machine speed. AI agents are the fastest-growing and least-governed class of these machine identities — and they don’t just authenticate, they act. ServiceNow spent roughly $11.6 billion on security acquisitions in 2025 alone — a signal that identity, not models, is becoming the control plane for enterprise AI risk. CyberArk’s 2025 research confirms what security teams and AI builders have long suspected: Machine identities now outnumber humans by a wide margin. Microsoft Copilot Studio users created over 1 million AI agents in a single quarter, up 130% from the previous period. Gartner predicts that by 2028, 25% of enterprise breaches will trace back to AI agent abuse. Why legacy architectures fail at machine scale Builders don’t create shadow agents or over-permissioned service accounts out of negligence. They do it because cloud IAM is slow, security reviews don’t map cleanly to agent workflows, …