Security Is Job Zero — Even (Especially) in the Age of Coding Agents
$20 and Two Hours
On February 28, 2026, security startup CodeWall gave an autonomous AI agent a single input: a domain name. Two hours and approximately $20 in API tokens later, the agent had full read/write access to the production database of McKinsey’s internal AI platform, Lilli [1] [2].
The attack vector? SQL injection — a vulnerability class from the 1990s. But in a novel context: the injection was in JSON keys, not values, which standard security scanners missed [3].
😱 𝗔𝗿𝗴𝗵 - 𝗠𝘆 𝗔𝗜 𝗔𝗴𝗲𝗻𝘁 𝗱𝗲𝗹𝗲𝘁𝗲𝗱 𝗮𝗹𝗹 𝗺𝘆 𝗳𝗶𝗹𝗲𝘀!!!! Worried about AI agents running amok with your data? B
😱 𝗔𝗿𝗴𝗵 - 𝗠𝘆 𝗔𝗜 𝗔𝗴𝗲𝗻𝘁 𝗱𝗲𝗹𝗲𝘁𝗲𝗱 𝗮𝗹𝗹 𝗺𝘆 𝗳𝗶𝗹𝗲𝘀!!!! Worried about AI agents running amok with your data? Before panicking, consider this: we’ve been solving permission and access control problems for decades with human coworkers. Let’s apply those same principles to our new AI teammates and find the right balance between agency and control. #AIAgents #FutureOfWork
“Good Morning! said Bilbo, and he meant it. The sun was shining, and the grass was very green. But G
“Good Morning!" said Bilbo, and he meant it. The sun was shining, and the grass was very green. But Gandalf looked at him from under long bushy eyebrows that stuck out further than the brim of his shady hat.
“What do you mean?” he said. “Do you wish me a good morning, or mean that it is a good morning whether I want it or not; or that you feel good this morning; or that it is a morning to be good on?”
🚀 𝗖𝗿𝘆𝗽𝘁𝗼𝗴𝗿𝗮𝗽𝗵𝘆 𝗶𝗻 𝘁𝗵𝗲 𝗤𝘂𝗮𝗻𝘁𝘂𝗺 𝗔𝗴𝗲: 𝗦𝘁𝗮𝗿𝘁𝗶𝗻𝗴 𝗡𝗼𝘄
🚀 𝗖𝗿𝘆𝗽𝘁𝗼𝗴𝗿𝗮𝗽𝗵𝘆 𝗶𝗻 𝘁𝗵𝗲 𝗤𝘂𝗮𝗻𝘁𝘂𝗺 𝗔𝗴𝗲: 𝗦𝘁𝗮𝗿𝘁𝗶𝗻𝗴 𝗡𝗼𝘄
Yesterday I had the pleasure to listen to and discuss with my colleagues Sviatoslav Redko and Viacheslav Romanov during their talk “Cryptography in the Quantum Age: Starting Now.” They guided us through the future of data security with insights on quantum-resistant cryptography.
🔍 What We Explored:
1️⃣ The impact of quantum computing on traditional encryption 2️⃣ Vulnerabilities in current cryptographic systems 3️⃣ Post-quantum solutions emerging in the industry 4️⃣ Latest NIST standards and important industry collaborations 5️⃣ Security strategies specifically designed for cloud users 6️⃣ Roadmap for making workloads quantum-safe
Do You Know What Your AI Agents Are Doing? Lost Control? 🤔
Do You Know What Your AI Agents Are Doing? Lost Control? 🤔
While having a 2nd coffee - to be honest, it’s the third already as days are long at #MTM25 - I’m reflecting on what has been top of mind for the participants I’ve met here so far. They share two things: curiosity and fear. 🔍
Curiosity to learn about new technology and figure out what’s possible with it.
Fear of losing control and having to deal with a black box that gives them no way to understand what’s happening inside. How it achieves the results it delivers. No way to explain why these results and not others. 💭
⚖️ In my conversation with customers, I don't get tired in highlighting how important it is to deco
⚖️ In my conversation with customers, I don’t get tired in highlighting how important it is to decompose application’s needs into the different use cases and choose the optimal fitting foundation models per use case to optimise functional fit, cost and frugal resource utilisation.
🔐 This is all good, but obviously increases the complexity of the overall solution slightly and leaves us with the need to define guardrails across different foundation models to secure our applications . Here Amazon Bedrock guardrails come to the rescue. The allow to define Guardrails spanning across different foundation models. Directly integrated into Bedrock are just integrated via API in to your application. In my re:invent recap(https://lnkd.in/dkqPBQi3), I highlighted how new functionality in Amazon Bedrock Guardrails makes this approach even more powerful. But a Markus points out - it also got now so much more affordable. So no excuses 😉
Today content monetisation still largely depends on 3rd party data while the technical foundation, 3
Today content monetisation still largely depends on 3rd party data while the technical foundation, 3rd party cookies, are deprecated soon. Advertisers and Publishers need to find a privacy-first approach to monetise content. One of the options, the renaissance of contextual targeting, enhanced by AI capabilities is described in https://lnkd.in/eWvb9JPZ. Join Aramide Kehinde, Anuj Gupta, Julian Lang and myself to understand how you can build a contextual-intelligence solution based on AWS services. #ai #privacyfirst #ml #aws #adtech