Home / Critical Brief / Category archive
Lemma Critical Brief · Category archive

Identity & Auth

Credential leaks, key compromise, authentication bypass.

25 Briefs
No. 029 · 2026-06-06

One-Click GitHub OAuth Token Theft via github.dev

The Webview Trusted Synthetic Events, and the Token Was Not Scoped to the Repo

Pillar 03 Agent Authority Proof Agent Infrastructure Identity & Auth Brief →
No. 030 · 2026-06-06

Stripe's Trusted API Infrastructure Repurposed to Deliver Card-Skimming Code and Store Stolen Data

Allowlists Trust the Domain's Identity, Not the Provenance of What It Carries

Pillar 01 Verifiable Origin Code Provenance Identity & AuthData Provenance Brief →
No. 025 · 2026-06-05

MCP Design: Config-to-Command Execution and Supply-Chain-Scale RCE

In April 2026, OX Security disclosed that Anthropic's Model Context Protocol (MCP) official SDK contains a design-level issue in which confi…

Pillar 03 Agent Authority Proof Agent Infrastructure Identity & AuthCode Provenance Brief →
No. 026 · 2026-06-05

Adaptive AI Worm

Runtime Exploit Synthesis as a Threat Model

Pillar 03 Agent Authority Proof Agent Runaway Agent InfrastructureIdentity & Auth Brief →
No. 027 · 2026-06-05

LibreChat CVE-2026-32625

User-Supplied MCP Server URLs as an Exfiltration Channel for Server Secrets

Pillar 03 Agent Authority Proof Agent Infrastructure Identity & Auth Brief →
No. 023 · 2026-06-05

The Alephium TokenBridge Exploit ($815K)

Guardian Keys Intact, But No Verification of the Provenance of the Events They Signed

Pillar 01 Verifiable Origin Bridge Config Trust Identity & Auth Brief →
No. 028 · 2026-06-05

The npm Dependency-Confusion Recon Campaign

33 Packages Impersonating Internal Scopes Exploit the Build Environment's Provenance Assumptions

Pillar 01 Verifiable Origin Code Provenance Identity & Auth Brief →
No. 022 · 2026-06-04

OnlyFake

AI-Generated IDs Bypass Exchange KYC

Pillar 04 Regulatory Attribute Proof Attribute Proof Bypass Identity & AuthData Provenance Brief →
No. 019 · 2026-06-03

Unqualified Engineers Placed Under National-License Claims

Regulatory Attributes Asserted Without Independent Verification at the Point of Assignment

Pillar 04 Regulatory Attribute Proof Attribute Proof Bypass Identity & Auth Brief →
No. 020 · 2026-06-03

Tampered Certification Test Data Behind Type Designation

Product Regulatory-Conformance Attributes Asserted Without Independent Verification on the Path to Shipment

Pillar 04 Regulatory Attribute Proof Attribute Proof Bypass Identity & Auth Brief →
No. 009 · 2026-05-31

GTG-1002

The First Reported AI-Orchestrated Espionage Campaign Where the Agent Executed 80–90% Autonomously, and Agent Authority Was Never Independently Verified

Pillar 03 Agent Authority Proof Agent Runaway Identity & Auth Brief →
No. 010 · 2026-05-31

Claude Code Source-Leak Lures

Weaponizing Trust Signals and GitHub Releases as a Provenance-Spoofed Delivery Channel

Pillar 01 Verifiable Origin Code Provenance Identity & Auth Brief →
No. 014 · 2026-05-31

The TanStack npm Compromise

Malicious Packages Signed Under a Legitimate OIDC Trusted Publisher, Where a Valid Provenance Signature Did Not Mean a Trustworthy Artifact

Pillar 01 Verifiable Origin Code Provenance Identity & Auth Brief →
No. 013 · 2026-05-31

The Coinbase KYC Insider Breach

When Regulation-Mandated Storage of Raw PII Becomes the Breach Surface

Pillar 04 Regulatory Attribute Proof KYC / AML Disclosure Identity & Auth Brief →
No. 018 · 2026-05-31

The hackerbot-claw Campaign's First Recorded AI-vs-AI Attack

Weaponizing a Repository's CLAUDE.md to Hijack the Defending AI Agent's Instructions

Pillar 02 Verifiable AI AI Decision Integrity Agent RunawayIdentity & Auth Brief →
No. 017 · 2026-05-31

McKinsey Lilli's Writable System Prompts

The Layer Governing the AI's Behavior Had No Integrity or Provenance

Pillar 02 Verifiable AI AI Decision Integrity Identity & AuthAgent Runaway Brief →
No. 016 · 2026-05-31

The Verus-Ethereum Bridge Hack ($11.58M)

A Valid Merkle Proof, But No Verification That the Source Amount Matched the Payout

Pillar 01 Verifiable Origin Bridge Config Trust Identity & Auth Brief →
No. 012 · 2026-05-31

The Robert Williams Wrongful Arrest

When an AI Face-Match Drove a Government Enforcement Action Without Independent Verification

Pillar 02 Verifiable AI AI Decision Integrity Identity & AuthAI Bias / Harm Brief →
No. 015 · 2026-05-31

The GitHub Internal Repository Breach

A Poisoned VS Code Extension, Live for 18 Minutes, Exploited the Developer Trust Surface

Pillar 01 Verifiable Origin Code Provenance Identity & Auth Brief →
No. 003 · 2026-05-30

Starlette CVE-2026-48710 (BadHost)

MCP Server Authentication Bypass via HTTP Host Header Manipulation

Pillar 03 Agent Authority Proof Agent Infrastructure Identity & Auth Brief →
No. 004 · 2026-05-30

Megalodon GitHub Supply Chain

CI/CD Credential-Theft Campaign That Poisoned 5,561 Repositories in 6 Hours

Pillar 01 Verifiable Origin Code Provenance Identity & Auth Brief →
No. 006 · 2026-05-30

Google API Keys Remain Usable for 23 Minutes After Deletion

Independent Verification Gap in Credential Revocation Attributes

Pillar 04 Regulatory Attribute Proof Attribute Proof Bypass Identity & Auth Brief →
No. 007 · 2026-05-30

Cursor + Claude Opus 4.6 Wiped PocketOS Production DB in 9 Seconds

The Unverified Destructive Authority of AI Coding Agents

Pillar 03 Agent Authority Proof Agent Runaway Identity & Auth Brief →
No. 001 · 2026-05-29

KelpDAO / rsETH Unauthorized Unlock

RPC Manipulation Attack on the DVN Observation Layer

Pillar 01 Verifiable Origin Bridge Config Trust Identity & Auth Brief →
No. 002 · 2026-05-29

Stake DAO vsdCRV Unauthorized Mint

LayerZero v2 Trust Source Rewriting via Deployer Key

Pillar 01 Verifiable Origin Bridge Config Trust Identity & Auth Brief →