<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Ali-Funk</title>
    <description>The latest articles on DEV Community by Ali-Funk (@alifunk).</description>
    <link>https://dev.to/alifunk</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3699166%2F6f5bb287-3a67-4f08-83ae-bd23e6d06c62.png</url>
      <title>DEV Community: Ali-Funk</title>
      <link>https://dev.to/alifunk</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/alifunk"/>
    <language>en</language>
    <item>
      <title>Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Mon, 06 Jul 2026 21:15:07 +0000</pubDate>
      <link>https://dev.to/alifunk/beyond-the-playbook-architecting-defenses-against-autonomous-ai-threats-2obe</link>
      <guid>https://dev.to/alifunk/beyond-the-playbook-architecting-defenses-against-autonomous-ai-threats-2obe</guid>
      <description>&lt;h1&gt;
  
  
  Beyond the Playbook: Architecting Defenses Against Autonomous AI Threats
&lt;/h1&gt;

&lt;p&gt;We used to build security systems assuming the attacker was human.  &lt;/p&gt;

&lt;p&gt;That assumption just died.&lt;/p&gt;

&lt;p&gt;Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware — all without human intervention.&lt;/p&gt;

&lt;p&gt;This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape.&lt;/p&gt;

&lt;p&gt;Recent research demonstrations involving autonomous AI agents, such as "JadePuffer", have shown how quickly this shift is happening: an autonomous system independently compromised an unsecured Langflow instance, corrected failed authentication attempts, escalated privileges, exfiltrated credentials, and deployed ransomware.&lt;br&gt;
All without human intervention.&lt;/p&gt;

&lt;p&gt;This is not a one-off curiosity. It marks the beginning of a fundamental change in the threat landscape.&lt;/p&gt;

&lt;h2&gt;
  
  
  From Static Playbooks to Autonomous Attackers
&lt;/h2&gt;

&lt;p&gt;Traditional ransomware follows predictable patterns. A script runs through a fixed playbook: scan, encrypt, demand ransom. If one step fails, the attack often stalls.&lt;/p&gt;

&lt;p&gt;Autonomous AI agents operate differently. They analyze their environment in real time, adapt when initial attempts fail, make contextual decisions about targets and techniques, and chain multiple exploits together without predefined sequences.&lt;/p&gt;

&lt;p&gt;This introduces machine-speed lateral movement.&lt;br&gt;
Something human defenders and traditional security tools are not built to handle.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Defensive Automation Gap
&lt;/h2&gt;

&lt;p&gt;The core problem is asymmetry.&lt;/p&gt;

&lt;p&gt;Attackers are rapidly automating both reconnaissance and execution. Defenders, on the other hand, still rely heavily on manual processes, static rules, and human-driven response. This "Defensive Automation Gap" creates dangerous imbalances in speed, scale, and adaptability.&lt;/p&gt;

&lt;p&gt;When an autonomous agent can pivot from a compromised web application to domain admin rights in minutes, waiting for a SOC analyst to investigate is no longer viable.&lt;/p&gt;

&lt;h2&gt;
  
  
  Architectural Implications for Enterprise Security
&lt;/h2&gt;

&lt;p&gt;This development forces us to rethink several foundational elements of security architecture.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Internal trust is beginning to collapse.&lt;/strong&gt;&lt;br&gt;&lt;br&gt;
An agent inside your environment can no longer be assumed benign simply because it originated from an internal system. Every agent-to-agent or agent-to-service interaction now requires explicit verification.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Identity Is the New Perimeter (Again)&lt;/strong&gt;&lt;br&gt;&lt;br&gt;
Machine identities — especially autonomous ones — must be treated with the same rigor as human identities. This includes short-lived credentials, strict least privilege, continuous behavioral validation, and workload isolation.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Immutable Infrastructure Becomes Essential&lt;/strong&gt;  &lt;/p&gt;

&lt;p&gt;If an autonomous attacker compromises a workload, “cleaning” the system is often too slow. The correct response is to treat compromised nodes as disposable: destroy and replace them automatically from a trusted, immutable source.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Microsegmentation at Machine Speed&lt;/strong&gt;  &lt;/p&gt;

&lt;p&gt;Traditional network segmentation is no longer sufficient. We need programmatic, API-level Zero Trust controls capable of reacting instantly to anomalous behavior between services and autonomous agents.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Automated Detection and Response&lt;/strong&gt;  &lt;/p&gt;

&lt;p&gt;Security systems must match the speed of the attacker. This means investing in runtime monitoring, behavioral analysis, and automated containment that can isolate threats before human analysts even begin triage.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Strategic Shift for Security Architects
&lt;/h2&gt;

&lt;p&gt;Security architects can no longer focus solely on prevention and static controls. The new mandate is systemic resilience — designing environments that assume autonomous threats will occur and can recover gracefully while maintaining business continuity.&lt;/p&gt;

&lt;p&gt;This requires a fundamental mindset shift:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;From “prevent all breaches” to “contain autonomous compromise at machine speed”&lt;/li&gt;
&lt;li&gt;From manual playbooks to adaptive, automated defense systems&lt;/li&gt;
&lt;li&gt;From perimeter-focused security to identity- and behavior-centric architectures&lt;/li&gt;
&lt;/ul&gt;

&lt;h2&gt;
  
  
  Conclusion
&lt;/h2&gt;

&lt;p&gt;The age of autonomous AI threats is no longer theoretical.&lt;/p&gt;

&lt;p&gt;Organizations that continue treating security as a static checklist will find themselves increasingly vulnerable to adversaries that operate faster than their defenders can react.&lt;/p&gt;

&lt;p&gt;Future security architectures will be judged less by whether they prevent breaches — and more by how fast they contain autonomous compromise.&lt;/p&gt;

&lt;p&gt;The playbook is no longer enough. We must architect for autonomy.&lt;/p&gt;

&lt;p&gt;On both sides of the battlefield.&lt;/p&gt;

&lt;p&gt;Sources: &lt;/p&gt;

&lt;p&gt;Sysdig Threat Research Team: JADEPUFFER: Agentic ransomware for automated database extortion&lt;br&gt;
Link: &lt;a href="https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion" rel="noopener noreferrer"&gt;https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;University of Illinois Urbana-Champaign: LLM Agents can Autonomously Hack Websites&lt;br&gt;
Link: &lt;a href="https://arxiv.org/pdf/2402.06664" rel="noopener noreferrer"&gt;https://arxiv.org/pdf/2402.06664&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Cornell Tech / Technion: Here Comes The AI Worm: Unleashing Zero-click Worms that Target GenAI-Powered Applications (The Morris II Generative AI Worm)&lt;br&gt;
Link: &lt;a href="https://arxiv.org/html/2403.02817v2" rel="noopener noreferrer"&gt;https://arxiv.org/html/2403.02817v2&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;OWASP Top 10 for Large Language Model Applications&lt;br&gt;
Link: &lt;a href="https://owasp.org/www-project-top-10-for-large-language-model-applications/" rel="noopener noreferrer"&gt;https://owasp.org/www-project-top-10-for-large-language-model-applications/&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>zerotrust</category>
      <category>cybersecurity</category>
      <category>architecture</category>
    </item>
    <item>
      <title>Identity Is the New Perimeter: Why AI Agents Break Zero Trust</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Sat, 04 Jul 2026 21:42:44 +0000</pubDate>
      <link>https://dev.to/alifunk/identity-is-the-new-perimeter-why-ai-agents-break-zero-trust-20h</link>
      <guid>https://dev.to/alifunk/identity-is-the-new-perimeter-why-ai-agents-break-zero-trust-20h</guid>
      <description>&lt;p&gt;For years, Zero Trust architectures were designed around one assumption:&lt;br&gt;
Humans make the decisions.&lt;/p&gt;

&lt;p&gt;That assumption is breaking apart.&lt;/p&gt;

&lt;p&gt;Autonomous AI agents can now query databases, trigger workflows, call APIs, and interact with other systems without direct human involvement. Modern AI systems no longer just generate text. They execute actions inside enterprise environments.&lt;/p&gt;

&lt;p&gt;When an AI agent can operate on behalf of a user inside your cloud infrastructure, its identity becomes just as critical as any human identity.&lt;/p&gt;

&lt;p&gt;And that fundamentally changes the security model.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Rise of Tool Calling
&lt;/h2&gt;

&lt;p&gt;Platforms like Amazon Bedrock Agents have changed the architecture of enterprise AI.&lt;/p&gt;

&lt;p&gt;These systems can now interpret a user request, decide which tools are required, and autonomously execute backend operations through Lambda functions, APIs, databases, and external services.&lt;/p&gt;

&lt;p&gt;A simple prompt can trigger an entire chain of actions.&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;&lt;strong&gt;Example Workflow&lt;/strong&gt;&lt;br&gt;
User Prompt:&lt;br&gt;
"Summarize customer complaints from the last 30 days."&lt;/p&gt;

&lt;p&gt;Agent Actions:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Query the CRM database&lt;/li&gt;
&lt;li&gt;Call the analytics API&lt;/li&gt;
&lt;li&gt;Pull support ticket data&lt;/li&gt;
&lt;li&gt;Generate a report&lt;/li&gt;
&lt;/ul&gt;
&lt;/blockquote&gt;

&lt;p&gt;Powerful for productivity.&lt;br&gt;
Extremely dangerous if not properly secured.&lt;/p&gt;

&lt;h2&gt;
  
  
  The New Attack Surface
&lt;/h2&gt;

&lt;p&gt;A single successful prompt injection can completely hijack an agent’s behavior. With overly broad permissions, an attacker can force it to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Access sensitive customer data&lt;/li&gt;
&lt;li&gt;Execute unauthorized API calls&lt;/li&gt;
&lt;li&gt;Modify records&lt;/li&gt;
&lt;li&gt;Trigger privileged backend workflows&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The risk becomes even worse in multi-agent systems. A compromised customer-facing agent can pass malicious instructions to a highly privileged backend agent.&lt;/p&gt;

&lt;p&gt;Traditional network perimeters and security tools often miss this entirely because the traffic comes from a trusted internal service.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why Traditional Zero Trust Falls Short
&lt;/h2&gt;

&lt;p&gt;Classic Zero Trust was designed for human behavior and relatively predictable access patterns. AI agents operate differently:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;They act autonomously and at machine speed&lt;/li&gt;
&lt;li&gt;They make decisions without real-time human validation&lt;/li&gt;
&lt;li&gt;They frequently communicate with other agents&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Security systems now need to answer much harder questions:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Is this action reasonable for this specific agent?&lt;/li&gt;
&lt;li&gt;Does this request match its intended role?&lt;/li&gt;
&lt;li&gt;Is this AI-to-AI interaction legitimate?&lt;/li&gt;
&lt;li&gt;Does the behavior deviate from normal patterns?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Authentication alone is no longer enough.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to Actually Secure AI Agents
&lt;/h2&gt;

&lt;p&gt;Treating AI agents like regular IAM users is not sufficient. Security must be engineered directly into the architecture.&lt;/p&gt;

&lt;h3&gt;
  
  
  Use Short-Lived Credentials Only
&lt;/h3&gt;

&lt;p&gt;Every agent execution should receive temporary credentials through AWS STS. Long-lived credentials create persistent attack paths.&lt;/p&gt;

&lt;h3&gt;
  
  
  Apply True Least Privilege
&lt;/h3&gt;

&lt;p&gt;Each agent should have a dedicated IAM role with tightly scoped permissions only the exact Lambda functions, APIs, and databases it needs.&lt;/p&gt;

&lt;h3&gt;
  
  
  Eliminate Static API Keys
&lt;/h3&gt;

&lt;p&gt;Hardcoded credentials should never exist in AI workflows. Use Workload Identity Federation + OIDC to let agents assume temporary roles dynamically.&lt;/p&gt;

&lt;h3&gt;
  
  
  Aggressively Isolate Agent Workflows
&lt;/h3&gt;

&lt;p&gt;Run agents in separate VPCs or accounts to limit the blast radius of a compromise. Micro-segmentation is critical in autonomous environments.&lt;/p&gt;

&lt;h3&gt;
  
  
  Continuously Monitor Agent Behavior
&lt;/h3&gt;

&lt;p&gt;Use CloudTrail, GuardDuty, and behavioral analytics to detect anomalies in tool usage, privilege escalation, and cross-agent communication.&lt;/p&gt;

&lt;h2&gt;
  
  
  The New Reality of Identity Security
&lt;/h2&gt;

&lt;p&gt;Machine identities are growing exponentially. The future of cloud security is no longer just about protecting employees,it’s about governing autonomous systems operating at machine speed.&lt;/p&gt;

&lt;p&gt;Organizations that succeed will treat AI agents as first-class identities with dynamic authorization, strict isolation, continuous verification, and real-time behavioral monitoring.&lt;/p&gt;

&lt;p&gt;If we fail to extend Zero Trust to these systems, we are not modernizing security.&lt;br&gt;
We are simply automating our own vulnerabilities.&lt;/p&gt;

&lt;p&gt;In the age of autonomous AI, identity is the new perimeter even when that identity is not human.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Sources and Further Reading:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;AWS Security Blog: Securing Generative AI Architectures&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;OWASP Top 10 for Large Language Model Applications&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;NIST Artificial Intelligence Risk Management Framework&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>ai</category>
      <category>aws</category>
      <category>security</category>
      <category>cloud</category>
    </item>
    <item>
      <title>Non-Human Identities: The Silent Attack Surface No One Is Monitoring</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Mon, 22 Jun 2026 06:51:42 +0000</pubDate>
      <link>https://dev.to/alifunk/non-human-identities-the-silent-attack-surface-no-one-is-monitoring-45ie</link>
      <guid>https://dev.to/alifunk/non-human-identities-the-silent-attack-surface-no-one-is-monitoring-45ie</guid>
      <description>&lt;p&gt;Most organizations know exactly how many employees they have.  &lt;/p&gt;

&lt;p&gt;Far fewer know how many non-human identities currently have access to their cloud environment.&lt;/p&gt;

&lt;p&gt;That blind spot is becoming one of the fastest-growing attack surfaces in modern security.&lt;/p&gt;

&lt;p&gt;For years, enterprise security focused primarily on protecting human identities. We deployed Single Sign-On (SSO), enforced Multi-Factor Authentication (MFA), and implemented Conditional Access policies. And it worked — human identities have become significantly harder to compromise.&lt;/p&gt;

&lt;p&gt;Meanwhile, another class of identities has quietly exploded across cloud environments: service principals, workload identities, OAuth applications, CI/CD runners, and AI service roles.&lt;/p&gt;

&lt;p&gt;Today, these &lt;strong&gt;Non-Human Identities (NHIs)&lt;/strong&gt; often outnumber human users by a factor of 10 to 50. As organizations accelerate cloud adoption and integrate AI into daily operations, this imbalance continues to grow.&lt;/p&gt;

&lt;h3&gt;
  
  
  Defining the Non-Human Identity Landscape
&lt;/h3&gt;

&lt;p&gt;Unlike human users, machine identities rarely appear in HR systems or organizational charts. Yet they frequently hold some of the most privileged access in the environment.&lt;/p&gt;

&lt;p&gt;Common high-risk categories include:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;OAuth Applications and Third-Party Integrations&lt;/strong&gt; —&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Apps granted broad access to Microsoft 365, Salesforce, Google Workspace, or Slack via delegated permissions.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Service Principals and Managed Identities&lt;/strong&gt; — &lt;br&gt;
AWS IAM roles, Azure Managed Identities, and GCP service accounts used by Lambda functions, EC2 instances, or Bedrock agents.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Workload Identities&lt;/strong&gt; — &lt;br&gt;
Kubernetes Service Accounts (e.g., Amazon EKS) and GitHub Actions OIDC roles.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;CI/CD Pipeline Identities&lt;/strong&gt; — &lt;br&gt;
Tokens used by automation platforms to deploy infrastructure.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;AI Service Roles&lt;/strong&gt; — &lt;br&gt;
Dedicated identities for Amazon Bedrock agents, model invocation, vector stores, and retrieval pipelines.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Every new AI workflow creates additional machine identities.&lt;/p&gt;

&lt;h3&gt;
  
  
  Why Attackers Are Targeting NHIs
&lt;/h3&gt;

&lt;p&gt;Attackers follow the path of least resistance. While human accounts are now heavily protected, machine identities often suffer from:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Privilege Creep&lt;/strong&gt;&lt;br&gt;&lt;br&gt;
Broad permissions granted during development frequently remain in place long after they are needed.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Lack of Visibility&lt;/strong&gt;&lt;br&gt;&lt;br&gt;
Many organizations have no complete inventory of active service roles, OAuth grants, or workload identities.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;&lt;strong&gt;Long-Lived Credentials&lt;/strong&gt;&lt;br&gt;&lt;br&gt;
Static access keys and unrotated refresh tokens create persistent backdoors.&lt;/p&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Real incidents like the 2025 Drift/Salesloft OAuth compromise have shown how dangerous this can become.&lt;/p&gt;

&lt;h3&gt;
  
  
  Building a Machine Identity Security Strategy
&lt;/h3&gt;

&lt;p&gt;Securing NHIs requires treating them as first-class citizens in your security program:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Enforce Workload Identity Federation&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Replace long-lived access keys with short-lived tokens using OpenID Connect (OIDC). AWS, Azure, and GCP all support this natively.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Continuous Monitoring and Discovery&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Use tools like AWS IAM Access Analyzer, CloudTrail, Security Hub, and third-party NHI platforms to maintain visibility and detect anomalous behavior.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Automate Least Privilege&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Regularly review and tighten policies. Unused permissions should be removed automatically.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;Govern AI Identities Explicitly&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;AI services like Amazon Bedrock create powerful new identities. These must be inventoried, monitored, and restricted from the start.&lt;/p&gt;

&lt;h3&gt;
  
  
  The New Security Frontier
&lt;/h3&gt;

&lt;p&gt;Enterprise security has evolved through multiple eras:&lt;br&gt;&lt;br&gt;
Networks → Endpoints → Human Identities.&lt;/p&gt;

&lt;p&gt;The next frontier is &lt;strong&gt;Non-Human Identities&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;In the age of AI agents, serverless architectures, and autonomous cloud workflows, attackers no longer need to compromise an employee. Sometimes all they need is a single token.&lt;/p&gt;

&lt;p&gt;The firewall is no longer the perimeter.&lt;br&gt;&lt;br&gt;
&lt;strong&gt;Identity is the perimeter.&lt;/strong&gt;&lt;br&gt;&lt;br&gt;
And increasingly, that identity is not human.&lt;/p&gt;




&lt;p&gt;&lt;strong&gt;This article is part of a series on practical cloud security in the AI era.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Previous: [Building a Serverless Security Monitoring Pipeline for AWS Bedrock]&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;References&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;AWS IAM Best Practices&lt;/li&gt;
&lt;li&gt;AWS Well-Architected Framework – Security Pillar&lt;/li&gt;
&lt;li&gt;AWS IAM Access Analyzer&lt;/li&gt;
&lt;li&gt;Non-Human Identity Security Reports (Cyera, Wiz, Palo Alto Networks)&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>ai</category>
      <category>identity</category>
      <category>security</category>
      <category>cloud</category>
    </item>
    <item>
      <title>Building a Serverless Security Monitoring Pipeline for AWS Bedrock</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Mon, 15 Jun 2026 08:53:53 +0000</pubDate>
      <link>https://dev.to/alifunk/building-a-serverless-security-monitoring-pipeline-for-aws-bedrock-4d2f</link>
      <guid>https://dev.to/alifunk/building-a-serverless-security-monitoring-pipeline-for-aws-bedrock-4d2f</guid>
      <description>&lt;p&gt;CloudTrail records thousands of events every day, but security teams rarely notice a critical action until they actively investigate an incident.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;What happens if someone disables logging?&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;What happens if an AI model is invoked unexpectedly?&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;What happens if a high risk administrative action occurs outside normal business hours?&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Over the last two days, I built a fully serverless monitoring pipeline that detects high risk AWS events and generates near real time alerts using CloudTrail, Amazon S3, AWS Lambda, and Amazon SNS. This project was not just about connecting services. It was about building a reliable detection pipeline capable of processing real CloudTrail data, handling unexpected log formats, and generating actionable alerts automatically.&lt;br&gt;
Architecture Overview&lt;/p&gt;

&lt;p&gt;The solution follows a clean serverless pattern:&lt;br&gt;
CloudTrail → Amazon S3 → AWS Lambda → Amazon SNS → Email Notification&lt;/p&gt;

&lt;p&gt;CloudTrail continuously records management and data events. When a new log file lands in S3, it triggers a Lambda function. The function parses the events, evaluates them against detection rules, and sends alerts via SNS when a high risk action is detected.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff8hyhmh695905fpfu9tv.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff8hyhmh695905fpfu9tv.png" alt=" " width="601" height="172"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Example Detection Flow&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;User invokes Amazon Bedrock model&lt;br&gt;
            ↓&lt;br&gt;
CloudTrail records InvokeModel event&lt;br&gt;
            ↓&lt;br&gt;
Log delivered to Amazon S3&lt;br&gt;
            ↓&lt;br&gt;
Lambda parses the event&lt;br&gt;
            ↓&lt;br&gt;
Detection rule matches&lt;br&gt;
            ↓&lt;br&gt;
SNS sends security alert&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Security Use Cases&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The pipeline currently monitors high impact events such as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;DeleteTrail&lt;/li&gt;
&lt;li&gt;StopLogging&lt;/li&gt;
&lt;li&gt;UpdateTrail&lt;/li&gt;
&lt;li&gt;CreateTrail&lt;/li&gt;
&lt;li&gt;InvokeModel (Amazon Bedrock)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These events are especially critical because they can reduce visibility, change auditing configurations, or indicate unauthorized usage of AI services.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Event Processing Logic&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;json&lt;/span&gt;
&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;gzip&lt;/span&gt;
&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;boto3&lt;/span&gt;

&lt;span class="c1"&gt;# Handle varying CloudTrail structures
&lt;/span&gt;&lt;span class="n"&gt;records&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;log_data&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;get&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="s"&gt;Records&lt;/span&gt;&lt;span class="sh"&gt;'&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;[])&lt;/span&gt; &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="nf"&gt;isinstance&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;log_data&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nb"&gt;dict&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;else&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="n"&gt;log_data&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Engineering Challenges&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;-Incorrect Log Compression Format: I encountered repeated UnicodeDecodeError exceptions. The root cause was that test logs were compressed with 7z instead of gzip. CloudTrail processing expects gzip.&lt;/p&gt;

&lt;p&gt;-Lambda Console Syntax Errors: Editing Python code directly in the browser led to Runtime.UserCodeSyntaxError due to indentation issues. Lesson: Develop locally and deploy via ZIP or IaC.&lt;/p&gt;

&lt;p&gt;-Dynamic JSON Structures: CloudTrail log formats vary. The solution was a defensive parser that gracefully handles different structures.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Future Improvements&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;EventBridge integration for advanced routing&lt;/li&gt;
&lt;li&gt;Security Hub findings generation&lt;/li&gt;
&lt;li&gt;Slack or Teams notifications&lt;/li&gt;
&lt;li&gt;Automated remediation workflows&lt;/li&gt;
&lt;li&gt;Risk scoring for detected events&lt;/li&gt;
&lt;li&gt;Additional Bedrock specific detections&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Conclusion&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Cloud security monitoring is often presented as a tooling problem. In reality, it is an engineering problem. CloudTrail, Lambda, SNS, and Bedrock were relatively easy to connect. Building a pipeline that could reliably process real world data, survive unexpected failures, and generate actionable alerts was the actual challenge.&lt;/p&gt;

&lt;p&gt;As organizations continue adopting AI services, visibility into cloud activity becomes increasingly important. Automated monitoring pipelines like this provide a practical foundation for detecting high risk events before they become security incidents.&lt;/p&gt;

&lt;p&gt;As someone transitioning from enterprise infrastructure and support into cloud security, projects like this provide valuable hands on experience with AWS monitoring, automation, and security operations.&lt;/p&gt;

&lt;p&gt;References&lt;/p&gt;

&lt;p&gt;-AWS Lambda Developer Guide: &lt;br&gt;
&lt;a href="https://docs.aws.amazon.com/lambda/latest/dg/lambda-python.html" rel="noopener noreferrer"&gt;https://docs.aws.amazon.com/lambda/latest/dg/lambda-python.html&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;-AWS CloudTrail Event Reference: &lt;br&gt;
&lt;a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference.html" rel="noopener noreferrer"&gt;https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference.html&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;-Amazon Bedrock Documentation: &lt;a href="https://docs.aws.amazon.com/bedrock" rel="noopener noreferrer"&gt;https://docs.aws.amazon.com/bedrock&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;-AWS Well Architected Framework: &lt;br&gt;
&lt;a href="https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html" rel="noopener noreferrer"&gt;https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html&lt;/a&gt;&lt;/p&gt;

</description>
      <category>aws</category>
      <category>serverless</category>
      <category>security</category>
      <category>lambda</category>
    </item>
    <item>
      <title>Shadow AI and OAuth: Why the OAuth Token Is Now Your Biggest Blind Spot</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Tue, 09 Jun 2026 08:50:18 +0000</pubDate>
      <link>https://dev.to/alifunk/shadow-ai-and-oauth-why-the-oauth-token-is-now-your-biggest-blind-spot-29a2</link>
      <guid>https://dev.to/alifunk/shadow-ai-and-oauth-why-the-oauth-token-is-now-your-biggest-blind-spot-29a2</guid>
      <description>&lt;p&gt;For decades, Shadow IT lived on the network: the rogue server under a desk, the unauthorized SaaS subscription bought with a corporate card, or the wireless access point plugged in without approval. Security teams knew how to respond.Scan networks, block IPs, disable ports, and tighten firewall rules.&lt;/p&gt;

&lt;p&gt;Today, Shadow IT has evolved. It no longer lives on the network.&lt;br&gt;&lt;br&gt;
It lives inside &lt;strong&gt;delegated identity permissions&lt;/strong&gt; granted through OAuth. These non-human identities (NHIs) are rapidly becoming one of the fastest-growing attack surfaces in enterprise environments.&lt;/p&gt;

&lt;p&gt;Most organizations still aren’t monitoring them.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Perimeter Has Moved
&lt;/h3&gt;

&lt;p&gt;The explosion of AI productivity tools has changed how enterprise data leaves the organization. Employees no longer need to install software or provision infrastructure. They simply click “Sign in with Microsoft” or “Sign in with Google.”&lt;/p&gt;

&lt;p&gt;Within seconds, a third-party application receives broad delegated access to corporate resources. The firewall sees nothing. Endpoint detection reports no anomalies. No malware runs. No suspicious connections appear.&lt;/p&gt;

&lt;p&gt;Yet that application may now hold persistent access to email, OneDrive, SharePoint, calendars, Teams, Google Drive, and other critical systems.&lt;/p&gt;

&lt;p&gt;The traditional perimeter hasn’t shifted — it has been quietly bypassed.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fas6544t30lnhgbgf1wfe.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fas6544t30lnhgbgf1wfe.png" alt=" " width="798" height="228"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Figure 1:&lt;/strong&gt; Modern AI SaaS integrations bypass traditional network controls by establishing persistent OAuth trust relationships. The refresh token — &lt;strong&gt;not the firewall&lt;/strong&gt; — is now the critical security boundary.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Core Problem: Delegated Trust and Non-Human Identities
&lt;/h3&gt;

&lt;p&gt;OAuth was designed to solve a legitimate problem: users shouldn’t share passwords with every app. Instead, identity providers issue scoped tokens.&lt;/p&gt;

&lt;p&gt;This model works well — until modern AI platforms demand deep access to deliver value. An AI assistant cannot summarize emails it cannot read, organize documents it cannot access, or automate workflows it cannot see.&lt;/p&gt;

&lt;p&gt;As a result, many AI tools request broad permissions such as:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;code&gt;Mail.ReadWrite&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;code&gt;Files.Read.All&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;code&gt;Calendars.ReadWrite&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;
&lt;code&gt;offline_access&lt;/code&gt; (often the most dangerous)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;The &lt;code&gt;offline_access&lt;/code&gt; scope grants long-lived refresh tokens that survive password resets, MFA changes, and even delayed offboarding. These become persistent &lt;strong&gt;non-human identities&lt;/strong&gt; — alongside service principals, workload identities, API keys, and automation accounts.&lt;/p&gt;

&lt;p&gt;As AI adoption accelerates, the number of these identities is growing far faster than the number of employees.&lt;/p&gt;

&lt;p&gt;What the employee sees: a helpful productivity tool.&lt;br&gt;&lt;br&gt;
What security teams should see: a persistent trust relationship with an external entity operating outside traditional governance.&lt;/p&gt;

&lt;h3&gt;
  
  
  The Anatomy of an AI OAuth Exploit
&lt;/h3&gt;

&lt;p&gt;An operations manager discovers an AI platform promising automated meeting summaries, document classification, and customer sentiment analysis. The website looks professional, reviews are strong, and the company appears legitimate.&lt;/p&gt;

&lt;p&gt;She signs in with her corporate Microsoft account and grants the requested permissions.&lt;/p&gt;

&lt;p&gt;Nothing malicious happens that day. The tool works as advertised.&lt;/p&gt;

&lt;p&gt;But from that moment, part of the organization’s security posture now depends on the vendor’s security maturity. If the vendor is breached, leaks refresh tokens, or falls victim to a supply-chain attack, the blast radius can be severe.&lt;/p&gt;

&lt;p&gt;No phishing. No endpoint compromise. No stolen credentials.&lt;br&gt;&lt;br&gt;
The attacker simply inherits already-granted trust.&lt;/p&gt;

&lt;h3&gt;
  
  
  Real-World Precedent: The Drift/Salesloft Attack
&lt;/h3&gt;

&lt;p&gt;This is not theoretical.&lt;/p&gt;

&lt;p&gt;In 2025, UNC6395 threat actors compromised OAuth tokens tied to Drift (later acquired by Salesloft). Using legitimate access, they reached Salesforce environments across hundreds of organizations. The integrations were trusted. The tokens were valid. Traditional controls missed the abuse.&lt;/p&gt;

&lt;p&gt;Recent data underscores the scale: ~87% of applications in the average enterprise are unmanaged, only ~21% sit behind SSO, and AI tool adoption surged 181% in 2025.&lt;/p&gt;

&lt;h3&gt;
  
  
  Why Traditional IAM Breaks Here
&lt;/h3&gt;

&lt;p&gt;Most IAM strategies focus on human-to-system interactions with Conditional Access evaluating location, device compliance, and risk signals.&lt;/p&gt;

&lt;p&gt;OAuth flips the model. After initial consent, interactions become system-to-system. An AI platform can make thousands of API calls at 3 AM from a foreign cloud IP and still appear legitimate.&lt;/p&gt;

&lt;p&gt;This creates a dangerous blind spot: strong human identity controls paired with minimal visibility into delegated applications.&lt;/p&gt;

&lt;h3&gt;
  
  
  Hardening the Identity Perimeter
&lt;/h3&gt;

&lt;p&gt;Security teams must treat delegated permissions and non-human identities as core parts of the attack surface.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. Restrict End-User Consent&lt;/strong&gt;  &lt;/p&gt;

&lt;p&gt;Require administrative approval for apps requesting sensitive scopes (&lt;code&gt;Files.Read.All&lt;/code&gt;, &lt;code&gt;Mail.ReadWrite&lt;/code&gt;, &lt;code&gt;offline_access&lt;/code&gt;, etc.). Evaluate vendor reputation, business need, and permissions before granting.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Enforce Least Privilege&lt;/strong&gt;  &lt;/p&gt;

&lt;p&gt;Challenge broad permissions. Push vendors for granular scopes, resource-specific access, and time-limited tokens.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;3. Continuously Audit Active Tokens and Applications&lt;/strong&gt; &lt;/p&gt;

&lt;p&gt;Maintain ongoing visibility into:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Active OAuth apps and non-human identities&lt;/li&gt;
&lt;li&gt;Refresh token usage&lt;/li&gt;
&lt;li&gt;API call patterns and volumes&lt;/li&gt;
&lt;li&gt;Permission changes&lt;/li&gt;
&lt;li&gt;Abnormal data access behavior&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Monitor long-lived apps with the same rigor as privileged accounts.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;4. Automate Revocation and Response&lt;/strong&gt;  &lt;/p&gt;

&lt;p&gt;Build playbooks for rapid token revocation, app disabling, and investigation. Manual processes don’t scale against fast-moving threats.&lt;/p&gt;

&lt;h3&gt;
  
  
  The New Perimeter Is Identity
&lt;/h3&gt;

&lt;p&gt;Enterprise security has evolved: networks → endpoints → identity.&lt;/p&gt;

&lt;p&gt;The next frontier is &lt;strong&gt;delegated identity and non-human identities&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;Organizations should embrace AI tools — they deliver real value. But innovation without visibility creates unmanaged risk.&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;The firewall is no longer the perimeter.
&lt;/li&gt;
&lt;li&gt;The endpoint is no longer the perimeter.
&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;The OAuth token is the new perimeter.&lt;/strong&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In the age of AI, trust is no longer granted only to people. &lt;/p&gt;

&lt;p&gt;It is granted to software.&lt;/p&gt;




&lt;h2&gt;
  
  
  References
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Cyera — The Stealthy Rise of OAuth Application Risk: Why Non-Human Identities Are the New Security Frontier&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://www.cyera.com/blog/the-stealthy-rise-of-oauth-application-risk-why-non-human-identities-are-the-new-security-frontier" rel="noopener noreferrer"&gt;https://www.cyera.com/blog/the-stealthy-rise-of-oauth-application-risk-why-non-human-identities-are-the-new-security-frontier&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Zylo — What Are Unmanaged SaaS Apps? Risks, Examples, and How to Manage Them&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://zylo.com/blog/what-are-unmanaged-saas-apps-risks-examples-and-how-to-manage-them" rel="noopener noreferrer"&gt;https://zylo.com/blog/what-are-unmanaged-saas-apps-risks-examples-and-how-to-manage-them&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;IETF RFC 9700 — OAuth 2.0 Security Best Current Practice&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://datatracker.ietf.org/doc/html/rfc9700" rel="noopener noreferrer"&gt;https://datatracker.ietf.org/doc/html/rfc9700&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Microsoft Entra ID — Manage Application Consent and Permissions&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent" rel="noopener noreferrer"&gt;https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-user-consent&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Google Workspace Admin — Control Third-Party App Access&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://support.google.com/a" rel="noopener noreferrer"&gt;https://support.google.com/a&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Google Threat Intelligence — Widespread Data Theft via Salesloft Drift&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift" rel="noopener noreferrer"&gt;https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Palo Alto Networks Unit 42 — OAuth Abuse and Compromised Salesforce Instances&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://unit42.paloaltonetworks.com" rel="noopener noreferrer"&gt;https://unit42.paloaltonetworks.com&lt;/a&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;OWASP Top 10 for LLM Applications&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://genai.owasp.org" rel="noopener noreferrer"&gt;https://genai.owasp.org&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>oauth</category>
      <category>security</category>
      <category>identity</category>
    </item>
    <item>
      <title>Explainable AI: The Missing Security Layer in Enterprise Cloud Deployments</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Thu, 04 Jun 2026 13:44:10 +0000</pubDate>
      <link>https://dev.to/alifunk/explainable-ai-the-missing-security-layer-in-enterprise-cloud-deployments-555d</link>
      <guid>https://dev.to/alifunk/explainable-ai-the-missing-security-layer-in-enterprise-cloud-deployments-555d</guid>
      <description>&lt;p&gt;For decades, cybersecurity has been built around a simple principle:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;You cannot secure what you cannot see.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;We monitor network traffic. We inspect logs. We audit identities. We track API activity and endpoint behavior because visibility enables control.&lt;/p&gt;

&lt;p&gt;Yet as organizations rapidly deploy generative AI into cloud environments, many are introducing a new component into their architecture that operates very differently from traditional software:&lt;/p&gt;

&lt;p&gt;The model itself.&lt;/p&gt;

&lt;p&gt;Unlike conventional applications, modern AI systems often function as black boxes. We know what data enters the model and we can observe the output, but understanding &lt;em&gt;why&lt;/em&gt; a specific decision was made is frequently difficult.&lt;/p&gt;

&lt;p&gt;As someone whose professional background is rooted in infrastructure engineering and cloud operations, I recently started exploring the field of Explainable AI (XAI). What immediately caught my attention was how closely its goals align with the fundamental principles of security architecture: visibility, accountability, observability, and trust.&lt;/p&gt;

&lt;p&gt;The more I researched the topic, the more convinced I became that Explainable AI is not simply an academic discipline.&lt;/p&gt;

&lt;p&gt;It is rapidly becoming a critical security capability.&lt;/p&gt;




&lt;h2&gt;
  
  
  The Black Box Problem
&lt;/h2&gt;

&lt;p&gt;Traditional software is largely deterministic.&lt;/p&gt;

&lt;p&gt;When a system behaves unexpectedly, engineers can inspect source code, review logs, trace execution paths, and identify the root cause.&lt;/p&gt;

&lt;p&gt;AI systems introduce a fundamentally different challenge.&lt;/p&gt;

&lt;p&gt;Large Language Models (LLMs) and other deep learning architectures make decisions through billions of interconnected parameters. While the output may appear reasonable, understanding the exact reasoning behind a specific response can be significantly more difficult.&lt;/p&gt;

&lt;p&gt;This creates a problem for security teams.&lt;/p&gt;

&lt;p&gt;If an AI-powered system:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Produces an unexpected recommendation&lt;/li&gt;
&lt;li&gt;Generates misleading information&lt;/li&gt;
&lt;li&gt;Leaks sensitive business data&lt;/li&gt;
&lt;li&gt;Demonstrates biased behavior&lt;/li&gt;
&lt;li&gt;Makes decisions affecting customers or employees&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Security and governance teams must be able to investigate what happened and why.&lt;/p&gt;

&lt;p&gt;Without visibility into the model's reasoning process, incident response becomes significantly more difficult.&lt;/p&gt;




&lt;h2&gt;
  
  
  Why Traditional Security Controls Are Not Enough
&lt;/h2&gt;

&lt;p&gt;Organizations continue investing heavily in:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Zero Trust architectures&lt;/li&gt;
&lt;li&gt;Identity and Access Management (IAM)&lt;/li&gt;
&lt;li&gt;Endpoint Detection and Response (EDR)&lt;/li&gt;
&lt;li&gt;Security Information and Event Management (SIEM)&lt;/li&gt;
&lt;li&gt;Cloud Security Posture Management (CSPM)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These controls are essential.&lt;/p&gt;

&lt;p&gt;However, none of them explain why an AI model arrived at a particular conclusion.&lt;/p&gt;

&lt;p&gt;A firewall can tell you who connected.&lt;/p&gt;

&lt;p&gt;An IAM platform can tell you who authenticated.&lt;/p&gt;

&lt;p&gt;A SIEM can tell you that something unusual happened.&lt;/p&gt;

&lt;p&gt;None of them can explain why a model approved a transaction, recommended a medical diagnosis, flagged a customer, or generated a potentially harmful response.&lt;/p&gt;

&lt;p&gt;This is where Explainable AI becomes relevant from a security perspective.&lt;/p&gt;




&lt;h2&gt;
  
  
  Explainability as Security Telemetry
&lt;/h2&gt;

&lt;p&gt;One of the most interesting ways to think about XAI is as a new form of telemetry.&lt;/p&gt;

&lt;p&gt;Security professionals already rely on telemetry to understand systems.&lt;/p&gt;

&lt;p&gt;Logs tell us what happened.&lt;/p&gt;

&lt;p&gt;Metrics tell us how systems behave.&lt;/p&gt;

&lt;p&gt;Traces help us understand complex application flows.&lt;/p&gt;

&lt;p&gt;Explainability provides similar visibility into AI systems.&lt;/p&gt;

&lt;p&gt;Techniques such as feature attribution help identify which inputs influenced a model's output most strongly.&lt;/p&gt;

&lt;p&gt;More advanced approaches, including mechanistic interpretability research, attempt to understand how internal neural network components contribute to specific behaviors.&lt;/p&gt;

&lt;p&gt;While explainability does not eliminate security risks, it provides investigators with something they currently lack:&lt;/p&gt;

&lt;p&gt;Context.&lt;/p&gt;

&lt;p&gt;And context is often the difference between identifying a threat and missing it entirely.&lt;/p&gt;




&lt;h2&gt;
  
  
  Security, Governance, and Regulatory Pressure
&lt;/h2&gt;

&lt;p&gt;The need for explainability extends beyond cybersecurity.&lt;/p&gt;

&lt;p&gt;Organizations operating in healthcare, finance, insurance, government, and critical infrastructure increasingly face regulatory requirements surrounding transparency and accountability.&lt;/p&gt;

&lt;p&gt;Frameworks such as the NIST AI Risk Management Framework and the EU AI Act place growing emphasis on explainability, governance, risk assessment, and human oversight.&lt;/p&gt;

&lt;p&gt;This trend is unlikely to reverse.&lt;/p&gt;

&lt;p&gt;As AI systems gain influence over business operations and decision-making processes, regulators will continue demanding greater visibility into how those decisions are produced.&lt;/p&gt;

&lt;p&gt;A model that cannot be explained becomes difficult to audit.&lt;/p&gt;

&lt;p&gt;A model that cannot be audited becomes difficult to trust.&lt;/p&gt;




&lt;h2&gt;
  
  
  Explainability Does Not Mean Perfect Understanding
&lt;/h2&gt;

&lt;p&gt;One misconception I encountered while researching XAI is the assumption that explainability will somehow reveal every detail of a model's reasoning process.&lt;/p&gt;

&lt;p&gt;The reality is more nuanced.&lt;/p&gt;

&lt;p&gt;Explainability is not a magic solution.&lt;/p&gt;

&lt;p&gt;It does not guarantee fairness.&lt;/p&gt;

&lt;p&gt;It does not eliminate bias.&lt;/p&gt;

&lt;p&gt;It does not automatically prevent prompt injection attacks or model manipulation.&lt;/p&gt;

&lt;p&gt;What it does provide is a significantly better understanding of model behavior than having no visibility at all.&lt;/p&gt;

&lt;p&gt;For security teams, that visibility is invaluable.&lt;/p&gt;




&lt;h2&gt;
  
  
  The Future of AI Security
&lt;/h2&gt;

&lt;p&gt;Artificial intelligence is rapidly becoming part of enterprise infrastructure.&lt;/p&gt;

&lt;p&gt;Organizations are integrating AI into customer support, software development, business intelligence, cybersecurity operations, healthcare workflows, financial services, and countless other domains.&lt;/p&gt;

&lt;p&gt;As adoption accelerates, security strategies must evolve alongside it.&lt;/p&gt;

&lt;p&gt;The next generation of AI security will not focus solely on protecting models from attack.&lt;/p&gt;

&lt;p&gt;It will also focus on understanding how those models behave.&lt;/p&gt;

&lt;p&gt;For decades, security professionals have operated under a simple assumption:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;If you cannot observe a system, you cannot effectively secure it.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;As AI becomes embedded in critical business processes, that principle remains unchanged.&lt;/p&gt;

&lt;p&gt;The difference is that visibility must now extend beyond networks, applications, and identities.&lt;/p&gt;

&lt;p&gt;It must reach into the decision-making processes of the models themselves.&lt;/p&gt;

&lt;p&gt;And that is precisely where Explainable AI may become one of the most important security controls of the next decade.&lt;/p&gt;




&lt;h2&gt;
  
  
  References and Further Reading
&lt;/h2&gt;

&lt;h3&gt;
  
  
  Explainable Artificial Intelligence (XAI): What We Know and What Is Left to Attain Trustworthy Artificial Intelligence
&lt;/h3&gt;

&lt;p&gt;Ali, S., Abuhmed, T., El-Sappagh, S., et al.&lt;br&gt;
Information Fusion, Volume 99, 2023&lt;br&gt;
&lt;a href="https://doi.org/10.1016/j.inffus.2023.101805" rel="noopener noreferrer"&gt;https://doi.org/10.1016/j.inffus.2023.101805&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Towards Monosemanticity: Decomposing Language Models With Dictionary Learning
&lt;/h3&gt;

&lt;p&gt;Anthropic Research&lt;br&gt;
&lt;a href="https://arxiv.org/abs/2212.14024" rel="noopener noreferrer"&gt;https://arxiv.org/abs/2212.14024&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Explainable AI (XAI)
&lt;/h3&gt;

&lt;p&gt;IBM&lt;br&gt;
&lt;a href="https://www.ibm.com/topics/explainable-ai" rel="noopener noreferrer"&gt;https://www.ibm.com/topics/explainable-ai&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Explainable AI Documentation
&lt;/h3&gt;

&lt;p&gt;Google Cloud&lt;br&gt;
&lt;a href="https://cloud.google.com/explainable-ai" rel="noopener noreferrer"&gt;https://cloud.google.com/explainable-ai&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  AI Risk Management Framework (AI RMF 1.0)
&lt;/h3&gt;

&lt;p&gt;NIST&lt;br&gt;
&lt;a href="https://www.nist.gov/itl/ai-risk-management-framework" rel="noopener noreferrer"&gt;https://www.nist.gov/itl/ai-risk-management-framework&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  OWASP Top 10 for Large Language Model Applications
&lt;/h3&gt;

&lt;p&gt;OWASP Foundation&lt;br&gt;
&lt;a href="https://genai.owasp.org" rel="noopener noreferrer"&gt;https://genai.owasp.org&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  EU Artificial Intelligence Act
&lt;/h3&gt;

&lt;p&gt;European Union&lt;br&gt;
&lt;a href="https://artificialintelligenceact.eu" rel="noopener noreferrer"&gt;https://artificialintelligenceact.eu&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>security</category>
      <category>programming</category>
      <category>devops</category>
    </item>
    <item>
      <title>Raw AI models are a fundamental security risk.</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Mon, 01 Jun 2026 22:06:26 +0000</pubDate>
      <link>https://dev.to/alifunk/raw-ai-models-are-a-fundamental-security-risk-93m</link>
      <guid>https://dev.to/alifunk/raw-ai-models-are-a-fundamental-security-risk-93m</guid>
      <description>&lt;p&gt;This is not my usual dev.to content  &lt;strong&gt;BUT&lt;/strong&gt; sometimes you just have to share what excites you.&lt;/p&gt;

&lt;p&gt;The lecture clearly separates Pre-training from Post-training — and this distinction is critical for enterprises.&lt;/p&gt;

&lt;p&gt;Pre-training basically teaches the model to predict the next word based on massive, unfiltered internet data. It has zero understanding of corporate policies, data protection, compliance or ethics.&lt;/p&gt;

&lt;p&gt;Real business value and safety only emerge in Post-training.&lt;br&gt;
Especially through techniques like RLHF (Reinforcement Learning from Human Feedback). This is where guardrails, alignment, and security controls are built.&lt;/p&gt;

&lt;p&gt;As someone transitioning into System Integration with a strong cybersecurity background, this lecture reinforced my view:&lt;/p&gt;

&lt;p&gt;AI alignment and governance are not just “nice-to-have” features.They are core components of modern IT security and risk management.&lt;/p&gt;

&lt;p&gt;In a world where companies are rushing to integrate LLMs, weak post-training and missing governance will lead to massive data leaks, compliance violations, and security incidents. Solid infrastructure is essential, but secure and governed AI systems are what actually make AI usable in regulated environments.&lt;/p&gt;

&lt;p&gt;We need to treat Generative AI as the ultimate infrastructure and security stress test.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;What’s your take?&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;How is your organization handling AI governance and security in 2026?&lt;/p&gt;

&lt;p&gt;Sources &amp;amp; Lecture:&lt;/p&gt;

&lt;p&gt;Stanford CS229: Building Large Language Models&lt;br&gt;
&lt;a href="https://www.youtube.com/watch?v=9vM4p9NN0Ts" rel="noopener noreferrer"&gt;https://www.youtube.com/watch?v=9vM4p9NN0Ts&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;RLHF Documentation &amp;amp; Enterprise AI Security Frameworks &lt;/p&gt;

&lt;p&gt;&lt;a href="https://www.ibm.com/think/topics/rlhf" rel="noopener noreferrer"&gt;https://www.ibm.com/think/topics/rlhf&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>infrastructure</category>
      <category>security</category>
    </item>
    <item>
      <title>Supply Chain Attacks + Stale Credentials: Why This Combination Is So Dangerous in 2026</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Sat, 23 May 2026 19:56:37 +0000</pubDate>
      <link>https://dev.to/alifunk/supply-chain-attacks-stale-credentials-why-this-combination-is-so-dangerous-in-2026-208g</link>
      <guid>https://dev.to/alifunk/supply-chain-attacks-stale-credentials-why-this-combination-is-so-dangerous-in-2026-208g</guid>
      <description>&lt;p&gt;Recent incidents at GitHub and Grafana Labs highlight a painful truth in modern infrastructure: even strong perimeter defenses can fail completely when credential management is neglected.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;What Happened ?&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;A supply chain attack through compromised TanStack npm packages led to the breach of over 3,800 internal GitHub repositories via a malicious VS Code extension. Shortly after, Grafana Labs disclosed that attackers stole their source code because a single GitHub token was missed during emergency rotation.&lt;/p&gt;

&lt;p&gt;Two separate incidents. Same underlying problem.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;The Core Lesson&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Human memory is not a valid security strategy.&lt;br&gt;
From my eight years of hands-on experience in IT infrastructure and administration, I’ve seen this pattern too many times. Teams invest heavily in firewalls, segmentation, and threat detection, yet basic credential hygiene.Especially secret rotation and least privilege — is often treated as an afterthought.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;Why This Combination Is So Dangerous&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;When a supply chain attack meets stale credentials, the impact multiplies:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;Attackers don’t need to crack passwords anymore. They simply abuse existing, trusted tokens.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;A single missed token during rotation can give attackers long-term access to critical systems.&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Compromised dependencies (like npm packages or VS Code extensions) act as silent entry points.&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is no longer theoretical. It’s the new normal in cloud-native and DevOps-heavy environments.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;Practical Strategies for 2026&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To defend against this threat, organizations need to move from reactive patching to architectural resilience:&lt;/p&gt;

&lt;p&gt;Implement automated secret rotation&lt;/p&gt;

&lt;p&gt;Credentials should expire by default. Automation removes human error from the equation.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Enforce strict least privilege&lt;/li&gt;
&lt;li&gt;CI/CD tokens and service accounts should only have the minimum permissions required and nothing more.&lt;/li&gt;
&lt;li&gt;Treat every third-party dependency as untrusted&lt;/li&gt;
&lt;li&gt;Continuous scanning and monitoring of npm packages, VS Code extensions, and other tools must become standard.&lt;/li&gt;
&lt;li&gt;Design systems that survive human error&lt;/li&gt;
&lt;li&gt;Assume credentials will eventually leak. &lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Build architectures with strong segmentation, just-in-time access, and rapid detection of anomalous behavior.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;Final Thoughts&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;In 2026, strong security is no longer just about blocking attacks from the outside.&lt;/p&gt;

&lt;p&gt;It’s about designing systems that can survive inevitable compromises and human mistakes.&lt;/p&gt;

&lt;p&gt;The combination of supply chain attacks and stale credentials is particularly dangerous because it exploits both trust in the ecosystem and gaps in our own processes.&lt;/p&gt;

&lt;p&gt;How is your team handling secret rotation and supply chain security today?&lt;/p&gt;

&lt;p&gt;Sources: &lt;/p&gt;

&lt;p&gt;BleepingComputer: &lt;br&gt;
GitHub confirms breach of 3,800 repos via malicious VS Code extension&lt;br&gt;
&lt;a href="https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/" rel="noopener noreferrer"&gt;https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;BleepingComputer: Grafana says stolen GitHub token let hackers steal codebase&lt;br&gt;
&lt;a href="https://www.bleepingcomputer.com/news/security/grafana-says-stolen-github-token-let-hackers-steal-codebase/" rel="noopener noreferrer"&gt;https://www.bleepingcomputer.com/news/security/grafana-says-stolen-github-token-let-hackers-steal-codebase/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The Hacker News / Unit 42: TanStack npm supply chain attack analysis&lt;br&gt;
&lt;a href="https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/" rel="noopener noreferrer"&gt;https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/&lt;/a&gt;&lt;/p&gt;

</description>
      <category>security</category>
      <category>cybersecurity</category>
      <category>infrastructure</category>
      <category>devops</category>
    </item>
    <item>
      <title>The PCPJack Worm and the Death of Cloud Isolation</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Fri, 08 May 2026 11:47:50 +0000</pubDate>
      <link>https://dev.to/alifunk/the-pcpjack-worm-and-the-death-of-cloud-isolation-514l</link>
      <guid>https://dev.to/alifunk/the-pcpjack-worm-and-the-death-of-cloud-isolation-514l</guid>
      <description>&lt;p&gt;The discovery of the PCPJack malware framework in late April 2026 should serve as a wake up call for anyone responsible for cloud infrastructure security.&lt;/p&gt;

&lt;p&gt;This is not just another piece of malware. It is a modular autonomous worm designed to spread across exposed cloud environments harvest credentials remove competing malware and establish persistent access. Researchers first noticed it when a hunting rule detected a script actively cleaning up traces of TeamPCP infections. That is a clear sign of competition between threat actors for control of compromised infrastructure.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;The Real Architectural Failure&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Attackers are no longer just breaching the perimeter. They are deploying malware that lives inside your environment moves laterally and maintains dominance.&lt;/p&gt;

&lt;p&gt;The core problem is not the initial compromise. The real failure lies in weak internal isolation. When a single compromised workload can:&lt;/p&gt;

&lt;p&gt;-Harvest credentials across the environment&lt;br&gt;
-Move laterally between containers and cloud accounts&lt;br&gt;
-Remove rival malware to maintain exclusive control&lt;br&gt;
...your cloud architecture has a fundamental design flaw.&lt;/p&gt;

&lt;p&gt;Modern cloud deployments often prioritize speed and developer convenience over proper segmentation least privilege access and east west traffic monitoring. The result is a flat overly trusting internal network where one breach can quickly escalate into full environment compromise.&lt;br&gt;
&lt;strong&gt;&lt;u&gt;&lt;br&gt;
What PCPJack Actually Teaches Us&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;PCPJack specifically targets cloud credentials developer environments container infrastructure and enterprise services. Its ability to clean up other malware shows a new level of sophistication. Criminal groups are now fighting each other for dominance over compromised infrastructure not just cashing out with ransomware.&lt;/p&gt;

&lt;p&gt;This marks a shift in attacker behavior. From opportunistic breaches to persistent competitive infrastructure takeover.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;The Zero Trust Reality Check&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Traditional perimeter focused security is no longer sufficient. Organizations must assume breach and implement proper internal controls:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;-Strict workload segmentation&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;-Least privilege access for every service and container&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;-Continuous monitoring of east west traffic&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;-Automated credential rotation and just in time access&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;-Behavioral anomaly detection inside the environment&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;If your architecture allows a single compromised container to map your internal network and harvest developer keys your security model is already outdated.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;Final Thought&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The PCPJack worm is not an isolated incident. It is a symptom of a deeper architectural problem. Cloud environments have grown too fast with convenience often prioritized over security fundamentals.&lt;/p&gt;

&lt;p&gt;The question every security and infrastructure team should ask themselves today is:&lt;/p&gt;

&lt;p&gt;Are we still securing the front door while leaving the internal network completely open?&lt;/p&gt;

</description>
      <category>security</category>
      <category>cloud</category>
      <category>architecture</category>
      <category>virus</category>
    </item>
    <item>
      <title>The Silent Backdoor in Enterprise Security: Why Unmanaged OAuth Tokens Are the New High-Risk Vector</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Tue, 05 May 2026 21:08:34 +0000</pubDate>
      <link>https://dev.to/alifunk/the-silent-backdoor-in-enterprise-security-why-unmanaged-oauth-tokens-are-the-new-high-risk-vector-phf</link>
      <guid>https://dev.to/alifunk/the-silent-backdoor-in-enterprise-security-why-unmanaged-oauth-tokens-are-the-new-high-risk-vector-phf</guid>
      <description>&lt;p&gt;The rapid adoption of AI productivity tools is exposing a dangerous blind spot in enterprise security architecture. Organizations invest heavily in firewalls, SSO, and MFA not yet leave one of the most effective back doors wide open: persistent, unmanaged OAuth tokens.&lt;/p&gt;

&lt;p&gt;The disconnect between technical execution and strategic risk management has never been clearer. We are building massive walls while leaving the vault unlocked.&lt;/p&gt;

&lt;p&gt;&lt;u&gt;&lt;strong&gt;The Core Problem&lt;/strong&gt;&lt;/u&gt;&lt;/p&gt;

&lt;p&gt;Every time an employee connects an AI tool, automation, or SaaS application to Google Workspace or Microsoft 365, a persistent OAuth token is created. These tokens:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Do not expire when employees leave the company&lt;/li&gt;
&lt;li&gt;Do not reset when passwords change&lt;/li&gt;
&lt;li&gt;Completely bypass traditional MFA&lt;/li&gt;
&lt;li&gt;Often remain active for years with broad permissions&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is not a misconfiguration. This is how OAuth is designed to work — and most security programs were never built to handle it at the scale of Shadow AI.&lt;/p&gt;

&lt;p&gt;Material Security’s 2026 research highlights the gap: 80% of security leaders consider unmanaged OAuth grants a critical or significant risk. Yet 45% of organizations still do nothing to monitor them at scale, while many others rely on manual spreadsheets and ad-hoc reviews.&lt;br&gt;
Spreadsheets are not a security control. They are documentation of risk you don’t fully understand.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;Real-World Proof: The Drift Incident&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;In August 2025, threat actors (UNC6395) stole OAuth refresh tokens from the Salesloft Drift integration. Using these legitimate tokens, they accessed Salesforce environments of over 700 organizations, including Cloudflare, PagerDuty, and others.&lt;/p&gt;

&lt;p&gt;No passwords were cracked. No MFA was triggered. The attackers simply used already-approved, trusted integrations.&lt;/p&gt;

&lt;p&gt;This incident demonstrates the new reality: a legitimate application today can become a serious weapon tomorrow.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;What Effective OAuth Security Must Look Like&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;We need to move from point-in-time approval to continuous oversight with three key capabilities:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;Behavioral Monitoring:&lt;/u&gt;&lt;/strong&gt; Track what the application actually does (API calls, data volume, access patterns)&lt;/p&gt;

&lt;p&gt;Blast Radius Assessment: Understand who approved the token and how much sensitive data it can reach.&lt;/p&gt;

&lt;p&gt;Intelligent Response: &lt;strong&gt;Automatically revoke high-risk tokens and escalate ambiguous cases for human review&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;The Leadership Gap&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The market no longer needs only people who can configure firewalls or write code. It needs leaders who can securely integrate powerful AI tools into enterprise architectures — without creating massive hidden risks.&lt;br&gt;
True security leadership today means combining technical excellence with strategic governance: systems that continuously audit, assess, and respond to OAuth risk in real time.&lt;/p&gt;

&lt;p&gt;Sources and Further Reading:&lt;/p&gt;

&lt;p&gt;&lt;u&gt;Material Security Research OAuth Grant Management Gap&lt;/u&gt;&lt;br&gt;
&lt;a href="https://material.security/resources/automating-oauth-grant-management-materials-research-shows-the-growing-gap-between-awareness-and-action" rel="noopener noreferrer"&gt;https://material.security/resources/automating-oauth-grant-management-materials-research-shows-the-growing-gap-between-awareness-and-action&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;u&gt;Palo Alto Networks Unit 42 Threat Brief Salesloft Drift OAuth Compromise&lt;/u&gt;&lt;br&gt;
&lt;a href="https://unit42.paloaltonetworks.com/threat-brief-compromised-salesforce-instances/" rel="noopener noreferrer"&gt;https://unit42.paloaltonetworks.com/threat-brief-compromised-salesforce-instances/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;u&gt;Google Threat Intelligence Widespread Data Theft via Salesloft Drift&lt;/u&gt;&lt;br&gt;
&lt;a href="https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift" rel="noopener noreferrer"&gt;https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;u&gt;OAuth 2.0 Security Best Current Practice IETF RFC&lt;/u&gt;&lt;br&gt;
&lt;a href="https://datatracker.ietf.org/doc/html/rfc9700" rel="noopener noreferrer"&gt;https://datatracker.ietf.org/doc/html/rfc9700&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;NIST Special Publication 800 63B Digital Identity Guidelines&lt;br&gt;
&lt;a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63B-4.pdf" rel="noopener noreferrer"&gt;https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63B-4.pdf&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>oauth</category>
      <category>enterprisesecurity</category>
      <category>cybersecurity</category>
    </item>
    <item>
      <title>The Abstraction of Cloud Engineering: How AI Agents Are Redefining Enterprise Architecture</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Sat, 25 Apr 2026 12:35:39 +0000</pubDate>
      <link>https://dev.to/alifunk/the-abstraction-of-cloud-engineering-how-ai-agents-are-redefining-enterprise-architecture-5535</link>
      <guid>https://dev.to/alifunk/the-abstraction-of-cloud-engineering-how-ai-agents-are-redefining-enterprise-architecture-5535</guid>
      <description>&lt;p&gt;Amazon Web Services is accelerating a structural shift in cloud engineering through prompt driven workflows and agent based automation capabilities. With platforms like Amazon Bedrock and its expanding architecture guidance AWS is moving toward a model where production ready environments can be generated with minimal manual configuration.&lt;/p&gt;

&lt;p&gt;AWS provides reference architectures automated deployment patterns and prescriptive guidance through its official architecture center. Its startup platform further emphasizes rapid environment creation and scaling.&lt;/p&gt;

&lt;p&gt;Real World Evidence: The Optimization for Zero Friction&lt;br&gt;
To understand why this shifts the value of human talent we only need to look at how AI actually writes infrastructure code today. Industry research on AI generated code reveals a stark statistical reality. Analysis cited by Veracode demonstrates that up to 45 percent of AI generated code fails basic security tests and introduces on average 2.74 times more vulnerabilities than human written code from the same repositories.&lt;/p&gt;

&lt;p&gt;Security analysis from Styra highlights a consistent pattern in AI generated Infrastructure as Code where models prioritize immediate functionality over secure configuration. This pattern is consistently observed in practice.&lt;/p&gt;

&lt;p&gt;Consider a direct observed pattern frequently seen when deploying Kubernetes clusters through Amazon EKS. When prompted to generate a working cluster AI models often:&lt;/p&gt;

&lt;p&gt;1.Expose the Kubernetes API endpoint publicly&lt;/p&gt;

&lt;p&gt;2.Leave network policies completely undefined&lt;/p&gt;

&lt;p&gt;3.Omit the private cluster configuration flag entirely&lt;/p&gt;

&lt;p&gt;This behavior reflects the objective of the model. It optimizes for immediate usability. A public endpoint and unrestricted access ensure zero friction during the initial connection. The model optimizes for user gratification and immediate technical success. If the system works upon the first deployment the AI has fulfilled its direct positive instructions.&lt;/p&gt;

&lt;p&gt;From a governance standpoint this optimization represents deferred risk. This friction removed by the AI is merely AMPLIFIED for the human operator who must later audit the architecture for regulatory compliance and secure segmentation.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;Implicit Constraints: The Missing Attacker Path&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;A defining limitation of current AI models is their reliance on direct explicit commands. When a human prompts an agent to "Scaffold a microservice architecture" the AI executes exactly that positive command. However the prompt almost never includes the massive list of implicit negative constraints required by enterprise governance.&lt;/p&gt;

&lt;p&gt;We do not prompt an AI with statements like "Build a public facing application but ensure it is not vulnerable to SQL injection cross site scripting or unauthorized access based on overly permissive IAM bindings". We operate under the assumption that an AI will handle these implicit constraints but it does not. It focuses entirely on technical capability. The attacker path was never included in the instructions.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;From Infrastructure Execution to Governance&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The constraint in cloud delivery is no longer infrastructure creation. Infrastructure as Code combined with AI driven generation has reduced build time from weeks to minutes. The primary constraint now moves to governance budget management and regulatory compliance.&lt;/p&gt;

&lt;p&gt;When infrastructure can be generated autonomously misconfigurations scale at the same speed. The role of the enterprise architect must change accordingly. Value is no longer tied to manual configuration or boilerplate code. It is tied to defining the global guardrails validating generated systems and enforcing continuous compliance across all environments.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;&lt;u&gt;The New Skill Profile for Technical Talent&lt;/u&gt;&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Configuration knowledge is no longer a durable differentiator. Provisioning compute networking and containers is increasingly automated. The differentiating skills required in the German and European markets are now:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;System level reasoning across highly distributed architectures&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Security and compliance evaluation against local standards&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Complex integration into existing legacy enterprise environments&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Risk management mid failure scenario&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Knowing how to deploy a container is not a competitive skill. Understanding how an AI generated microservice architecture interacts with corporate identity systems data governance policies and rigid network boundaries is.&lt;/p&gt;

&lt;p&gt;Enterprise Return on Investment: Speed Versus Integration Reality&lt;br&gt;
For startups automation reduces time to market and initial costs allowing rapid experimentation and deployment of best practice architectures.&lt;/p&gt;

&lt;p&gt;For large enterprises the return on investment equation is more complex. AI generates infrastructure but it also often introduces technical debt to achieve immediate functionality. The true enterprise cost is not in generating the initial setup but in integrating and governing it long term. This is exactly where technical account managers IT directors and cloud strategists create value by aligning the generated system with actual business and commercial constraints.&lt;/p&gt;

&lt;p&gt;The Strategic Shift: From Reactive Auditing to Proactive Constraints&lt;br&gt;
Cloud infrastructure is rapidly becoming a generated output rather than a manually constructed asset. &lt;strong&gt;This shift requires moving away from just reactive auditing of AI outputs toward proactive constraint enforcement.&lt;/strong&gt; The ultimate goal for enterprise architecture is not just better auditing of what the AI built but building systems that enforce commercial and security requirements BEFORE the AI executes the prompt.&lt;/p&gt;

&lt;p&gt;Organizations that adopt AI generated infrastructure without deep governance increase the likelihood of security incidents regulatory violations and uncontrolled cloud costs. Organizations that build strong control frameworks and governance structures will gain operational speed while maintaining control over security, compliance, and cost.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Sources&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;&lt;p&gt;AWS Architecture Center: &lt;a href="https://aws.amazon.com/architecture" rel="noopener noreferrer"&gt;https://aws.amazon.com/architecture&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;AWS Startups Portal: &lt;a href="https://aws.amazon.com/startups" rel="noopener noreferrer"&gt;https://aws.amazon.com/startups&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Amazon Bedrock Overview: &lt;a href="https://aws.amazon.com/bedrock" rel="noopener noreferrer"&gt;https://aws.amazon.com/bedrock&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Styra AI Generated Infrastructure Analysis: &lt;a href="https://www.styra.com/blog/ai-generated-infrastructure-as-code-the-good-the-bad-and-the-ugly/" rel="noopener noreferrer"&gt;https://www.styra.com/blog/ai-generated-infrastructure-as-code-the-good-the-bad-and-the-ugly/&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Veracode AI Code Vulnerability Research: &lt;a href="https://www.svenroth.ai/post/ai-" rel="noopener noreferrer"&gt;https://www.svenroth.ai/post/ai-&lt;/a&gt; generated-code-vulnerabilities-2-74x-4c9a7&lt;/p&gt;&lt;/li&gt;
&lt;/ul&gt;

</description>
      <category>aws</category>
      <category>cloud</category>
      <category>architecture</category>
      <category>security</category>
    </item>
    <item>
      <title>Lets say my Manager wants Multi-Cloud (AWS + GCP) in 6 months here’s how I would respond and why</title>
      <dc:creator>Ali-Funk</dc:creator>
      <pubDate>Thu, 02 Apr 2026 21:33:26 +0000</pubDate>
      <link>https://dev.to/alifunk/let-s-say-my-manager-wants-multi-cloud-aws-gcp-in-6-months-heres-how-i-would-respond-and-why-27kc</link>
      <guid>https://dev.to/alifunk/let-s-say-my-manager-wants-multi-cloud-aws-gcp-in-6-months-heres-how-i-would-respond-and-why-27kc</guid>
      <description>&lt;p&gt;A contact on LinkedIn asked a question that every cloud architect eventually hears:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;“Your manager says "We need to be Multi Cloud, AWS plus GCP. In 6 months."&lt;br&gt;
You’re currently 100 % in AWS. Do you push back, agree, or propose a middle path? The reason behind the request matters more than the request itself.”&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;Here is exactly how I answered and why.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;The Hidden Costs of the Multi-Cloud Trend&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Transitioning to a Multi Cloud architecture is often sold as a strategic victory. When management sets a six month deadline to integrate GCP into an existing 100 % AWS environment, the first job of any engineer is to evaluate operational reality rather than marketing hype. Drawing on eight years of professional experience as a Solutions Architect, I consider this one of the most dangerous directives an engineering team can receive.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Questioning the Directive First&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The very first step is always to clarify the objective. Is the company facing strict regulatory compliance that genuinely requires two clouds? Or is management simply afraid of "vendor lock in"? If the reasoning is &lt;br&gt;
fear based rather than business-driven, the resulting architecture will be flawed from day one.&lt;/p&gt;

&lt;p&gt;The one non negotiable exception is Mergers and Acquisitions. If your company just acquired an organization running natively on GCP, integrating that environment is a hard business mandate, not a trend.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Evaluating the True Costs&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Data Egress&lt;/strong&gt;  &lt;/p&gt;

&lt;p&gt;Cloud providers want your data to stay inside their ecosystem. Moving even moderate volumes of data between AWS and GCP triggers significant egress fees. The hyperscalers let data in for free but charge heavily to move it out. The network architecture required to bridge the two environments adds complexity and cost that is rarely budgeted.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Team Capacity&lt;/strong&gt;  &lt;/p&gt;

&lt;p&gt;Forcing a single team to master both AWS and GCP is an engineering &lt;br&gt;
anti pattern. The alternative , hiring a completely new team or launching extensive retraining programs , this cannot be done securely or effectively in just six months.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Architectural Coupling&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The danger level of a six month timeline depends entirely on your compute layer. &lt;br&gt;
If your AWS environment relies heavily on proprietary managed services like Lambda and DynamoDB, a GCP integration is an operational nightmare. &lt;/p&gt;

&lt;p&gt;However, if your architecture is already heavily containerized using EKS and stateless microservices, dropping those workloads into Google Kubernetes Engine is significantly less complex.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Pipeline Fragmentation&lt;/strong&gt;  &lt;/p&gt;

&lt;p&gt;Managing infrastructure state across two hyperscalers requires immense discipline. The cognitive load of preventing configuration drift while deploying to two different environments is almost never factored into management timelines. Securing two separate Identity and Access Management perimeters at the same time doubles the risk of a breach.&lt;/p&gt;

&lt;p&gt;Here is a minimal Terraform example that illustrates the immediate fragmentation:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight hcl"&gt;&lt;code&gt;&lt;span class="c1"&gt;# AWS provider&lt;/span&gt;
&lt;span class="nx"&gt;provider&lt;/span&gt; &lt;span class="s2"&gt;"aws"&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;span class="nx"&gt;region&lt;/span&gt; &lt;span class="p"&gt;=&lt;/span&gt; &lt;span class="s2"&gt;"eu-west-1"&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="c1"&gt;# GCP provider already doubling the cognitive load&lt;/span&gt;
&lt;span class="nx"&gt;provider&lt;/span&gt; &lt;span class="s2"&gt;"google"&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="nx"&gt;project&lt;/span&gt; &lt;span class="p"&gt;=&lt;/span&gt; &lt;span class="s2"&gt;"my-gcp-project"&lt;/span&gt;
  &lt;span class="nx"&gt;region&lt;/span&gt;  &lt;span class="p"&gt;=&lt;/span&gt; &lt;span class="s2"&gt;"europe-west1"&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="c1"&gt;# Two separate remote backends become mandatory&lt;/span&gt;
&lt;span class="nx"&gt;terraform&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;span class="nx"&gt;backend&lt;/span&gt; &lt;span class="s2"&gt;"s3"&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt;      &lt;span class="c1"&gt;# AWS state&lt;/span&gt;
&lt;span class="c1"&gt;# GCP state needs its own backend GCS&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;A single terraform apply now touches two completely different ecosystems. State drift detection, IAM policies, and security scanning all become twice as complex.&lt;/p&gt;

&lt;p&gt;When (and only when) Multi Cloud actually makes sense&lt;br&gt;
In rare cases Multi Cloud is the right call: strict data-residency regulations that force workloads into specific GCP regions, a highly specialized service (such as BigQuery for massive analytics that has no cost-effective AWS equivalent), or a true disaster recovery strategy that demands geographic and provider diversity.&lt;/p&gt;

&lt;p&gt;When those conditions are met, the safe middle path is not a big bang six month migration. Start with a narrow, non-critical "proof of concept" workload in GCP (e.g., a new analytics pipeline), keep the core platform in AWS, abstract common patterns with Terraform modules, and enforce strict cost and security gates before any production traffic moves.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Conclusion&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Multi Cloud is not inherently bad, but rushing into it for the wrong reasons is expensive, risky, and almost always avoidable. The reason behind the request matters more than the request itself. Ask why first. Then protect the team and the architecture with data, not dogma.&lt;br&gt;
Sources&lt;/p&gt;

&lt;p&gt;AWS Data Transfer Out Pricing (to Internet / other clouds): &lt;/p&gt;

&lt;p&gt;&lt;a href="https://aws.amazon.com/ec2/pricing/on-demand/#Data_Transfer" rel="noopener noreferrer"&gt;https://aws.amazon.com/ec2/pricing/on-demand/#Data_Transfer&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Martin Fowler&lt;br&gt;&lt;br&gt;
“Don’t get locked up into avoiding lock-in” (Multi Cloud discussion): &lt;/p&gt;

&lt;p&gt;&lt;a href="https://martinfowler.com/articles/oss-lockin.html" rel="noopener noreferrer"&gt;https://martinfowler.com/articles/oss-lockin.html&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;HashiCorp &lt;br&gt;
Workspace Best Practices for HCP Terraform (Multi Cloud state management): &lt;br&gt;
&lt;a href="https://developer.hashicorp.com/terraform/cloud-docs/workspaces/best-practices" rel="noopener noreferrer"&gt;https://developer.hashicorp.com/terraform/cloud-docs/workspaces/best-practices&lt;/a&gt;&lt;/p&gt;

</description>
      <category>aws</category>
      <category>gcp</category>
      <category>multicloud</category>
      <category>architecture</category>
    </item>
  </channel>
</rss>
