Please turn JavaScript on
Find more feeds
Sonrai | Enterprise Cloud Security Platform icon

Sonrai | Enterprise Cloud Security Platform

Is this your feed? Claim it!

Publisher:  Unclaimed!
Message frequency:  0.17 / day

Message History

How AI Agents Accumulate Permissions Over Time and the Associated Security Risks

Every AI agent deployed in AWS, GCP or Azure becomes a cloud identity the moment it goes live. It gets an IAM role. That role carries permissions, sometimes very privileged ones. And unless there is an automat...


Read full story
Why AI Agents Need Least Privilege Too, and How to Enforce It Automatically

AI agents are cloud identities. They don’t get a badge or a login. They get a service account, an IAM role, or an API key, just like any other non-human identity running in your environment. Mechanically, there’s nothing new.

What’s new is how many of them are being deployed, how fast, and with how much access. Most AI agents are running with far more permissions th...


Read full story
Global S3: Another C2 Channel for AgentCore Code Interpreters
Introduction

Building on recent research identifying DNS-based exfiltration risks in Sandbox mode AgentCore Code Interpreters, I identified global S3 access as another Command & Control channel for sandboxed code interpreters. Unlike DNS-based exfiltration, which has since been fully mitigated, S3 access is a useful and fully-documented feature of Agen...


Read full story
Cloud PAM for AI Agents: Why Traditional PAM Can't Protect Agentic Workloads

AI agents are cloud identities. They receive IAM roles at deployment, hold credentials, and access cloud resources to execute tasks. But unlike human users, they do this without session-based checkpoints, without manual approval steps, and sometimes with minimal human involvement. Traditional PAM was built around the assumption that a person initiates access.


Read full story
The Conversation No one is Having About Claude Mythos
Read full story