Ian Campbell 🏴i love that we went from "zero trust" as a fundamental buzzword to "trust autonomous nondeterministic agents everywhere in your stack"
David Chisnall (*Now with 50% more sarcasm!*)The original Zero Trust paper said, basically: assume endpoints are compromised. Design your system such that a compromised endpoint won't doesn't impact your global security. It rapidly became: massively increase your attack surface by running a load of privileged code on every client that doesn't actually have the ability to make strong security claims and, if that code claims the device is compliant, treat it as completely trusted.
There's a reason I assume TRUST in Zero TRUST is an acronym for 'Thinking Rationally, Understanding Security and Threats'.