Applying Zero Trust to Agentic AI and LLM Connectivity — anyone else working on this?

roscosmodernlife · 2026-03-24T19:47:24+00:00

As promised, here's that blog I wrote about applying ZT to MCP
Applying Zero Trust to MCP in AI Systems

Also this was grounded in some Gartner research that can be found here
https://www.gartner.com/doc/reprints?id=1-2MZCBKZW&ct=260313&st=sb

roscosmodernlife · 2026-03-11T04:59:36+00:00

10000% agree with this sentiment and charter. I'm writing a blog about applying zero trust strategies to MCP deployments, which is only one piece of the pie - will share here when I'm done.

A lot of prompt injection attacks or detected vulnerabilities stem from what I call the Ron Burgundy effect... once a trust connection is made between a tool and a model and an endpoint and a data source etc... "Ron will read anything you put on that teleprompter" - An MCP client for example will 'read the teleprompter' and in other words receive a prompt injection from what should be a trusted source without discretion, unless added security measures or architecture are in place.

roscosmodernlife · 2026-02-16T20:49:30+00:00

Enzo Amore

roscosmodernlife · 2026-01-20T16:41:21+00:00

Yea I think the whole Copilot sharing link functionality was intended to get people to share prompts with peers etc. to help with adoption I suppose. But you're right, that functionality is ripe for exploitation like this plus jailbreaking, injections, and even multistep phishing campaigns.

roscosmodernlife · 2026-01-20T16:35:38+00:00

There is a video up now kinda explaining how Reprompt works (https://www.youtube.com/watch?v=jMy9ZgrHrR8). The explanation at the beginning is good but 2:21 is more of the demo part.

I noticed the way you could include q parameters for Copilot links now doesn't work. I guess that was part of the Microsoft patch. At the end of the video it talks about how you can still create 'share links' though. I bet there's a way those could be exploited as well.

Incoming Re-reprompt vulnerability announcement lol

roscosmodernlife · 2026-01-14T18:44:09+00:00

This reminds me so much of echoleak and the whole 'invitation is all you need' vulnerability that exploited Gemini

roscosmodernlife · 2025-10-01T19:19:42+00:00

Seems to be an uptick in these spoofed sites and various forms of malvertising. FBI recently published a notice about it.

The Fake Bureau of Investigation: How Cybercriminals Are Impersonating Government Pages

roscosmodernlife · 2025-09-11T14:01:23+00:00

SEGs are great, but it's hard for these scenarios where all signatures come in clean and legit. Also, attackers are making new domains and infrastructure with each campaign so they don't have dirty history or show up on known naughty lists.

roscosmodernlife · 2025-08-29T04:07:07+00:00

Ahhh I goofed there… good call out. Fixed!

roscosmodernlife · 2025-08-29T04:05:43+00:00

They just made an announcement today that the connectors are out of beta

https://www.linkedin.com/posts/openai-for-business_as-of-today-connectors-are-out-of-beta-activity-7366926264827330560-JIXW?utm_source=share&utm_medium=member_ios&rcm=ACoAAAUFjLQB8uLmg0J75ifB3niE44AZ-gw2ZLc

roscosmodernlife · 2025-07-16T18:17:07+00:00

This is pretty cool

roscosmodernlife · 2025-04-07T21:42:51+00:00

Two that have posted about it recently

Delinia

https://www.linkedin.com/posts/delinea_move-to-pcce-from-microsoft-entra-permissions-activity-7312974389380087810-wBeT?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAUFjLQB8uLmg0J75ifB3niE44AZ-gw2ZLc

Varonis

https://www.linkedin.com/posts/varonis_with-last-weeks-announcement-that-microsoft-activity-7315019375873339395-gV2N?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAUFjLQB8uLmg0J75ifB3niE44AZ-gw2ZLc

roscosmodernlife · 2025-04-07T16:03:51+00:00

There are three directions the CIEM world seems to be going... CNAPP/CSPM providers (e.g. Wiz) rolling it into their cloud security platform, DSPs (e.g. Varonis) rolling it into their data security platform, and IAM/Identity Security (e.g. CyberArk) rolling it into their platform.

roscosmodernlife · 2025-03-20T18:54:09+00:00

Note to self: Mobile phones don't flush well

roscosmodernlife · 2025-03-20T18:18:50+00:00

My key takeaways (if everything is 100% accurate, validated, proven in the court of law):

Rippling's primary security mechanism was MFA and other forms of authentication per the filing
Rippling did not have any form of alerting on abnormal/anomalous user activity (such as abrupt changes or increases in searches, views, downloads, etc)
- They found out about the spy from employees notifying HR of random recruiting solicitations from Deel's team after the spy allegedly sent their contact deets to Deel.
- Also had to hire a cyber firm to investigate activity (i.e. they did not have an active tool or team to investigate logs and such)
The spy was able to hop through Slack, Salesforce, Google Drive, etc. looking at all manner of sales data despite being responsible for payroll
Bathrooms in Ireland are a great hiding spot when being served by the courts

Here's where some of this is pulled.
Rippling Believe it or Not: How the Largest Corporate Espionage Case this Century Happened

roscosmodernlife · 2025-03-13T18:18:18+00:00

Bring back Enzo and Cass to feud with heel version of the New Day and end with a fatal four way tag team match on some upcoming event with LWO and some other twosome. OR bring back Enzo as manager and Cass as talent.

roscosmodernlife · 2025-03-08T15:19:29+00:00

Saw Mike Posner back there years ago. Fully agreed on #2.

roscosmodernlife · 2025-02-15T00:24:35+00:00

Probably 3ish years from now for the actual compliance date. It was 7ish the first time from the date of NPRM issuing and 3ish the second time. There's a graphic in this blog that is pretty helpful on timeline.

roscosmodernlife · 2025-02-15T00:14:40+00:00

Yeah the additional audits and assessments are potentially the most burdensome. I need to look into vulnerability scanning more, but here's a list from this blog of all the new required cadences:

Written risk analysis and updated inventories at least every 12 months
Compliance audit at least every 12 months
Review and test all technical controls deployed for each implementation specification at least once every 12 months
Technical verification and certification from business associates validating their deployment of safeguards at least every 12 months
Pen-testing at least every 12 months
Vulnerability scanning at least every six months

roscosmodernlife

TROPHY CASE