Nothing To Detect

2026-06-13 · Source: Data Engineering on Medium · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Robotics & Autonomous Systems · Depth: Advanced, long

Summary

Recent security incidents, Agentjacking and the OpenClaw crisis, reveal a critical shift in AI security: malicious actions are now authorized, bypassing traditional defenses. Agentjacking, disclosed on June 12, exploits fake Sentry error reports to trick AI coding agents like Claude Code, Cursor, and Codex into executing arbitrary code, achieving an 85% success rate and exposing at least 2,388 organizations. Similarly, the OpenClaw crisis, the first major AI-agent security crisis of 2026, involves critical vulnerabilities like CVE-2026–25253 and malicious plugins, with 93% of exposed instances running without authentication. Both demonstrate that the Model Context Protocol (MCP) and tool layers, designed for capability, lack robust governance, making authentication and authorization optional. This problem is exacerbated by commoditized intelligence, driving rapid agent proliferation, and a focus on cloud infrastructure capacity over control, while EU AI Act high-risk obligations are deferred to 2027-2028.

Key takeaway

For AI Architects and Directors of AI/ML deploying agentic systems, you must prioritize governance over raw capability. Your security program now hinges on rigorously governing the permission model, not just detecting malware. Treat every agent as a privileged non-human identity with scoped credentials and build audit trails and kill-switches before production. Rebalance your budget to fund identity, observability, and response. Under-funding these controls directly leads to authorized breaches.

Key insights

Agentic AI's primary security threat is authorized malicious action, shifting focus from detection to governance of permission models.

Principles

• The perimeter moved into the permission model.
• Distrust the tool layer by default.
• The catalog is the data access-control plane.

Method

Implement OAuth-based authentication, per-operation role/attribute-based authorization, attribution-level audit logging, scope/path limits, rate limiting, and sensitivity-label checks for non-human actors.

In practice

• Treat every agent as a privileged non-human identity.
• Require authentication on every MCP server.
• Build audit trails and kill-switches first.

Topics

• Agentic AI Security
• Model Context Protocol
• Data Governance
• AI Act Compliance
• Cloud Security
• Identity and Access Management

Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, AI Architect, Director of AI/ML

Related on AIssential

• The Agentic AI Security Universe: A Complete Guide to Securing Autonomous AI Systems — Securing autonomous agentic AI systems requires a multi-layered framework addressing identity, control, tool interaction, communication, governance, monitoring, and compliance.
• Your AI Agents Have Too Much Access. You Just Can't See It Yet — The article, titled "Your AI Agents Have Too Much Access.
• Prevent agentic identity theft — Local AI agents pose significant security risks due to broad system access, necessitating robust identity verification and access controls.
• What cybersecurity pros need to know about OpenClaw and Moltbook — Locally run AI agents introduce significant cybersecurity risks due to high permissions and user configuration challenges.
• SAP Moves to Block OpenClaw and Other Unauthorized AI Agents — SAP is implementing technical and policy controls to block unauthorized AI agents from its ERP systems.
• Securing AI Agents with Zero Trust — Zero Trust principles are essential for securing agentic AI systems against their expanded attack surfaces.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Data Engineering on Medium.