🔍 New blog post published — “The Unseen Variable: Identity, Agentic AI and the Path of Least Resistance”
📅 Published 20 Nov 2025
👉 Read here: https://cirriustech.co.uk/blog/the-unseen-variable/

In brief:
In an age of human-centric identity defence and vendor promises of agentic AI doing “everything for you”, we’re overlooking something critical: workload identities and the brittle tokens they carry. While we focus on secure control planes for people and agents, attackers will take the path of least resistance - and that path often runs straight through identities we barely govern.

Key themes I explore:
• Why agentic workloads are being added as “first-class citizens” in identity - and why that’s not the full story.
• How workloads multiply identity surfaces, each with its own defaults, audit gaps and licence SKUs.
• How a semi-autonomous agent can sidestep the “agent control plane” entirely by using a service principal, hidden secret or long-lived token - essentially an escape hatch.
• Why token protection (proof of possession, crypto-binding, avoiding tokens in URL query params) remains profoundly weak industry-wide.
• Why the next wave of identity risk will not come from the human plane, but from machine identity exploitation at scale.

If you’re working in cloud security, identity architecture, devsecops or adversarial-AI defense, I hope this resonates and gives you a sharper mental model. I’d love to hear your thoughts on how your organisation is handling workload identities and how you’re bridging the human/agent/workload identity gap.

🔗 Feel free to share, comment or reach out for a deeper conversation on these themes.

#cloudsecurity #identity #agenticAI #workloadidentities #cybersecurity #defenseevasion #automation #AIsecurity

Level up your hacking knowledge and defensive skills with today’s cyber playlist. 🚀 https://rootshell.online

#CyberSecurity #ZeroTrust #Hacking #CloudSecurity #CyberDefense

Why run AI tools on cluttered setups? 🐳🤔

ClaudeBox offers a fully containerized dev environment for Claude AI. Each project gets isolated Docker images, persistent data (auth, shell history), and pre-configured profiles for languages like Python or Rust. Perfect for reproducibility and multi-instance workflows. #Docker #AI #DevTools

🔗 Project link on #GitHub 👉 https://github.com/RchGrav/claudebox

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

ShadowRay 2.0 demonstrates how attackers are now leveraging AI-generated tooling to exploit exposed Ray clusters and create a globally distributed botnet.

Highlights:
• CVE-2023-48022 exploited across thousands of Ray servers
• LLM-generated scripts tailored to victim environments
• Region-aware updates via GitLab + GitHub
• Hidden GPU mining (A100 clusters)
• Competing cryptominers battling for compute
Thoughts on the broader implications for AI security?

Boost, reply, and follow @technadu for more deep-dive threat research.

#Infosec #CyberSecurity #ShadowRay #AIThreats #RayFramework #Botnet #ThreatHunting #CloudSecurity

Microsoft just mitigated a record 5.72 Tbps DDoS attack — scale is redefining the battlefield. Volumetric defense must evolve as fast as the floods. 🌊⚡️ #DDoS #CloudSecurity

https://thehackernews.com/2025/11/microsoft-mitigates-record-572-tbps.html