Start your day with intelligence. Get The OODA Daily Pulse.

Home > Briefs > Technology > Your next insider threat doesn’t have a badge. It has an API token

Your next insider threat doesn’t have a badge. It has an API token

The threat that I now spend most of my time designing against doesn’t look like a breach at all. At least not at first. Imagine a team deploys an agent that does exactly what it’s permitted to do: it reads a customer record, summarizes it, then sends the summary to an outside address. Every step in the sequence is authorized. But it turns out that the breach is the sequence itself. The problem is that each security check only looks at one step at a time. Is this read okay? Yes. Is this summary okay? Yes. Is this email okay? Yes. Each step passes. But nobody is watching the combination of all three steps together. The security tools designed for human-driven workflows assumed a person would be doing this manually, one thing at a time. However, the AI agent bundles it all into a single automated sequence, and that bundling slips through gaps between the checks.

Full report : Stop worrying about prompt injection; your next major breach will be caused by an authorized AI agent doing exactly what you permitted it to do.