63% of organizations having at least one AI-related security incident in 12 months, rising 50% year-over-year - that's not a future risk, it's a current crisis most organizations haven't formally named yet. The LPCI attack vector (malicious payload embedded in agent memory or data sources, hijacking reasoning internally rather than at the input layer) is the one that concerns me most for overnight automation. When an agent has broad tool access, that attack surface expands in ways you won't track until something breaks: https://thoughts.jock.pl/p/building-ai-agent-night-shifts-ep1
kind of perplexed that Rubrik and its new Agent Cloud go unmentioned, after heavy coverage of competing DSPMs-into-AI protection players Cyera (utilized by Cohesity) and Securiti (acquired by Veeam).
I like the UADP concept, but it’s missing core data encryption. More specifically, advanced encryption of data in use that is built for advancing AI utilization/threat. The amount of plaintext critical data supporting expanded use cases is growing. Encryption in use must be part of the strategy. For more information: www.paperclip.com/safe
Kimi.com is a live test case for everything this report describes. Someone found DarkWallet (a Bitcoin wallet application) in their production agent container last month. No SOC 2, no ISO 27001, prompts feeding their training data by default. The UADP framing makes sense when you see how unexamined the internals of these third-party agentic systems actually are. Wrote about the Kimi incident here: https://reading.sh/kimi-com-shipped-darkwallet-code-in-production-stop-using-them-95e9bba35c58
63% of organizations having at least one AI-related security incident in 12 months, rising 50% year-over-year - that's not a future risk, it's a current crisis most organizations haven't formally named yet. The LPCI attack vector (malicious payload embedded in agent memory or data sources, hijacking reasoning internally rather than at the input layer) is the one that concerns me most for overnight automation. When an agent has broad tool access, that attack surface expands in ways you won't track until something breaks: https://thoughts.jock.pl/p/building-ai-agent-night-shifts-ep1
kind of perplexed that Rubrik and its new Agent Cloud go unmentioned, after heavy coverage of competing DSPMs-into-AI protection players Cyera (utilized by Cohesity) and Securiti (acquired by Veeam).
I like the UADP concept, but it’s missing core data encryption. More specifically, advanced encryption of data in use that is built for advancing AI utilization/threat. The amount of plaintext critical data supporting expanded use cases is growing. Encryption in use must be part of the strategy. For more information: www.paperclip.com/safe
Kimi.com is a live test case for everything this report describes. Someone found DarkWallet (a Bitcoin wallet application) in their production agent container last month. No SOC 2, no ISO 27001, prompts feeding their training data by default. The UADP framing makes sense when you see how unexamined the internals of these third-party agentic systems actually are. Wrote about the Kimi incident here: https://reading.sh/kimi-com-shipped-darkwallet-code-in-production-stop-using-them-95e9bba35c58