Pillar 03 Agent Authority Proof
The layer that records and proves the delegation relationships of agents.
ServiceNow Scripted REST Endpoint Served Customer Data Without Authentication
It is ordinary for a business system to have an "API that returns data." But in June 2026, it was disclosed that some ServiceNow REST endpoi…
When the Assistant Becomes the Trigger
AI Coding Agents Auto-Execute Project-Local Config (SymJack / TrustFall + Miasma)
AI Agents Drove Intrusions From Initial Access to Exfiltration
Signature-Based Detection Cannot Track Tooling the AI Generates Per Target (SHADOW-AETHER-040 / 064)
One Edge Appliance Compromise Cascaded to Full Domain Takeover
An Implicitly Trusted F5 BIG-IP Became the Pivot, Along With the Credentials It Stored
One-Click GitHub OAuth Token Theft via github.dev
The Webview Trusted Synthetic Events, and the Token Was Not Scoped to the Repo
MCP Design: Config-to-Command Execution and Supply-Chain-Scale RCE
Not a single-language implementation bug but inherent in the reference SDK design across supported languages
Adaptive AI Worm
Runtime Exploit Synthesis as a Threat Model
LibreChat CVE-2026-32625
User-Supplied MCP Server URLs as an Exfiltration Channel for Server Secrets
GTG-1002
The First Reported AI-Orchestrated Espionage Campaign Where the Agent Executed 80–90% Autonomously, and Agent Authority Was Never Independently Verified
Starlette CVE-2026-48710 (BadHost)
MCP Server Authentication Bypass via HTTP Host Header Manipulation
Cursor + Claude Opus 4.6 Wiped PocketOS Production DB in 9 Seconds
The Unverified Destructive Authority of AI Coding Agents