Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your AI agent runs on AKS with a managed identity that can read Azure Key Vault, and you assume prompt injection is a theoretical risk—until a malicious prompt drives that agent to steal credentials from the Azure metadata endpoint in under a minute. Most teams discover this gap when their SIEM shows a single request to 169.254.169.254, but they cannot trace it back to which agent tool or prompt triggered it, or how far the stolen token traveled across their Azure environment.

For six weeks, a mid-size hospital system’s CDS agent issued recommendations biased by a poisoned guideline summary. No detection alert fired. The drift — denial recommendations in cases sharing one specific clinical attribute — traced back to a guideline an outside contributor had quietly reweighted in editorial review. Every existing detection stack reported green. DLP: no PHI left the cluster. EHR audit log: agent reading and writing within scope. Network egress: normal traffic.

A healthcare CISO opens her AI-SPM dashboard at the start of the quarter. Every clinical AI agent in the cluster reads green: full AI-BOM coverage, every permission scope reconciled, the HIPAA compliance tag clean across the fleet. The ambient scribe, the prior-authorization assistant, the oncology decision support agent — all monitored, all green, all the way through. Six months later, the Office for Civil Rights opens an investigation.

Most Secure Shell (SSH) hardening advice starts and ends with two changes: move off port 22 or disable root login. Both are easy to implement, widely recommended — and almost entirely misunderstood.

Observe-to-enforce builds behavioral baselines from observed agent traffic — what tools the agent calls, which networks it reaches, which syscalls it executes — and converts them into per-agent enforcement policies. Baselines persist at the Deployment level because pods churn and the envelope has to outlive any single restart. The methodology runs as a four-stage progression: discovery, observation, selective enforcement, continuous least privilege.

A new Linux kernel LPE disclosed by Theori/Xint lets any unprivileged local user become root with a 732-byte Python script. Works first try, no race, no per-kernel offsets. CVSS 7.8 (High), effectively critical for shared-kernel and multi-tenant environments.