PRESENTED BY

Cyber AI Chronicle

By Simon Ganiere · 30th March 2025

Welcome back!

Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.

Table of Contents

What I learned this week

TL;DR

  • The cybersecurity landscape is undergoing a profound transformation as AI-driven computer-using agents (CUAs) revolutionize identity-based attacks in multi-SaaS environments. These autonomous entities can mimic human behavior with uncanny precision, automate entire attack sequences, and orchestrate sophisticated campaigns across numerous cloud platforms simultaneously. In 2024, as stolen passwords became the catalyst for 80% of web app breaches, this convergence of widely available credentials and increasingly capable AI agents has created a perfect storm that traditional security measures are ill-equipped to handle. Organizations must urgently adopt AI-powered defenses, implement zero-trust architectures, and gain comprehensive visibility across their SaaS ecosystem to counter this rising threat. » READ MORE

  • Even top officials aren't immune to operational security slip-ups: the "Signalgate" debacle saw senior U.S. leaders inadvertently sharing classified military plans with a journalist via the encrypted app Signal. As Costin Raiu mentioned on the Three Buddy Problem podcast, looks like someone discovered the risk of BYOD 😆

  • AI innovation is continuing at high speed with a mix of bigger, more powerful models (e.g., Gemini 2.5, DeepSeek V3-0324) and enhancements to existing systems. Multimodality—combining text, images, audio, and video—is a clear focus, as seen with OpenAI 4o Image Generation and OpenAI 4o Image Generation.

  • The cyber threat landscape is equally busy with all of the usual activities (e.g. third-party breach, supply chain, double extortion, etc.) across multiple industries. It looks like Oracle is having a particularly difficult week with the claim about the Oracle Cloud breach - which Oracle hasn’t confirmed yet but customers have validated some of the data - and the Oracle Health breach.

How AI Agents Are Redefining Identity Attacks

The modern enterprise increasingly relies on a sprawling ecosystem of SaaS applications, creating a complex tapestry of identity and access challenges. Each new app expands the attack surface, introducing unique security configurations and authentication methods that must somehow be cohesively managed. What's fundamentally different now is that the human element - traditionally required to steer attacks - has been largely automated away.

Computer-using AI agents represent a step-change in offensive capability. Unlike basic scripts or bots, these entities can navigate web interfaces as a human would - typing at believable speeds, moving the mouse naturally, and adapting in real-time to unexpected prompts or challenges. They can operate at machine scale with human-like precision, effectively bridging the gap that once made detecting automated attacks relatively straightforward.

Recent proof-of-concept demonstrations of tools like OpenAI's Operator have proven these agents can already conduct end-to-end SaaS attacks with minimal guidance. The implications are stark: attacks once requiring teams of skilled adversaries can now be executed by a single threat actor leveraging multiple AI agents in parallel.

Critical Vulnerability Points

The most immediate danger lies in the industrialization of credential stuffing. AI agents can attempt logins across hundreds of SaaS platforms simultaneously while mimicking legitimate user behavior. Unlike traditional credential stuffing tools, these agents can bypass CAPTCHAs, adjust timing to evade rate limiting, and rotate IP addresses and user-agent strings to appear as different users.

Perhaps more concerning is their exploitation of "ghost logins" - alternative authentication pathways that exist alongside an organization's primary SSO. An AI agent finding one overlooked local username/password (where MFA might be disabled) can gain access despite robust primary authentication. The 2023 Snowflake breach exemplifies this risk, where attackers compromised over 160 enterprise tenants by targeting local password logins that circumvented SSO protections.

AI agents are also revolutionizing lateral movement through techniques like cross-IdP impersonation. By creating fraudulent IdP accounts with email domains matching target companies, they can exploit the trust assumptions in federation protocols. One security researcher demonstrated how creating an Apple ID with a company's support email allowed access to both their Zendesk and Slack instances via SSO - no password required.

Most alarmingly, these agents excel at data exfiltration by behaving like legitimate users. Rather than bulk-downloading files (which triggers alerts), they can identify high-value information, extract it in small increments, and disguise the exfiltration as normal user activity - all while operating across multiple compromised accounts simultaneously.

Defensive Strategies That Work

The defense against AI-powered identity attacks requires both strengthening fundamentals and deploying advanced countermeasures.

Start by eliminating authentication diversity. The "one user, one login method" principle should be strictly enforced - if SSO is implemented, disable all local password authentication options. Any exceptions should require explicit approval and additional verification layers. This directly counters the ghost login problem that AI agents exploit.

Implement phishing-resistant MFA everywhere possible. While traditional time-based codes can be intercepted through adversary-in-the-middle attacks, FIDO2/WebAuthn standards provide stronger protection by binding authentication to the specific device and validating the destination site.

Deploy SaaS Security Posture Management (SSPM) solutions to continuously monitor for misconfigurations across your cloud ecosystem. These tools can identify risky settings, excessive permissions, and unapproved login methods before they become attack vectors.

Enhance your anomaly detection capabilities with behavioral analytics specifically designed to identify AI patterns. These systems baseline normal user behavior and can detect even subtle deviations when an AI agent is operating, regardless of how well it mimics human interactions.

Implement continuous verification throughout sessions - not just at login. This includes periodic re-authentication for sensitive operations and monitoring in-session activities for unusual patterns, such as accessing unusual data types or performing atypical functions.

Your Next Move: Authentication Audit

Convene a cross-functional team to create a comprehensive inventory of all login methods for each SaaS application in your environment. For each application, document:

  1. Which identity providers are authorized (your primary IdP and any approved alternatives)

  2. Whether local username/password authentication is enabled in parallel with SSO

  3. Whether MFA is enforced for all authentication paths

  4. What non-human identities (API keys, OAuth tokens, service accounts) have access

  5. The last time each authentication method was used

This inventory will reveal the "ghost logins" in your environment - authentication paths that bypass your primary identity controls and represent prime targets for AI-driven attacks. Prioritize disabling unnecessary login methods, especially local passwords on applications where SSO is implemented.

For applications that cannot be immediately remediated, implement enhanced monitoring specifically targeting these vulnerable authentication paths. This creates a risk-based approach to closing the identity gaps that AI agents are designed to exploit.

Conclusion

The convergence of widely accessible AI and simplified identity attacks represents a fundamental shift in the threat landscape. We're no longer defending against what humans can feasibly execute, but what machines can accomplish autonomously at scale.

Success requires treating identity as your new perimeter - continuously monitored, rigorously verified, and consistently enforced across your entire SaaS ecosystem. The alternative is an environment where a single overlooked authentication path becomes the gateway to compromise your entire digital estate.

Are you treating every authentication method with the same rigor as your primary IdP? If not, you've likely already created the conditions for the next generation of AI-powered attacks to succeed.

SPONSORED BY

Learn AI in 5 minutes a day

What’s the secret to staying ahead of the curve in the world of AI? Information. Luckily, you can join 1,000,000+ early adopters reading The Rundown AI — the free newsletter that makes you smarter on AI with just a 5-minute read per day.

Sign up to start learning.

Worth a full read

Google - Cloud CISO Perspective: 5 tips for secure AI success

Cloud CISO Perspectives: 5 tips for secure AI success

Implement robust AI governance and security measures to protect against evolving cyber threats and vulnerabilities.

cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-5-tips-secure-ai-success

Key Takeaways

  • AI Protection enables comprehensive AI vulnerability management, enhancing organizational security postures.

  • Secure AI development benefits from long-standing principles of "secure by design" and "default."

  • AI security frameworks address supply chain vulnerabilities and evolving cybersecurity landscapes.

  • AI guardrails effectively prevent novel threat actor capabilities, maintaining organizational security.

  • Red teaming provides essential insights into AI vulnerabilities through strategic simulated attacks.

  • Effective AI governance and data practices ensure robust, secure AI deployment across organizations.

  • Role-based access controls and least privilege principles minimize risks of unauthorized data exposure.

  • Thorough due diligence on third-party AI models prevents inherited vulnerabilities and strengthens security.

  • Consistent security measures for AI tools ensure comprehensive protection and risk mitigation.

  • Post-quantum cryptography tackles emerging security challenges within rapid AI technological advancements.

  • Investigating security moonshots with AI can revolutionize threat detection and mitigation strategies.

  • Industrial-scale security optimization enables organizations to thrive in complex, evolving environments.

  • Immersive security events like Google Cloud Next foster learning and collaboration among security professionals.

  • Insider threat risks from IT workers necessitate proactive, concrete mitigation strategies.

  • Streamlined DDoS protection application, setup, and automation enhance organizational security defenses.

Tracing the thoughts of a large language model

Anthropic's latest interpretability research: a new microscope to understand Claude's internal mechanisms

www.anthropic.com/research/tracing-thoughts-language-model

Key Takeaways

  • AI models' inscrutability stems from learning strategies encoded in vast computational processes.

  • Cross-lingual core features in AI suggest a universal language of thought.

  • Planning in AI models reveals foresight beyond immediate word prediction.

  • AI's default behavior often avoids speculation unless overridden by specific cues.

  • Interpretability research is vital for aligning AI models with human values.

  • AI models' adaptability showcases their capability to adjust plans dynamically.

  • Understanding AI's planning mechanisms enhances insights into complex problem-solving.

  • AI's ability to apply learned concepts across languages enhances reasoning capabilities.

  • Language models' reasoning can be traced to identify faithful versus unfaithful explanations.

  • AI models' reliance on coherence can expose them to potential exploitations.

Why hasn’t AI taken your job yet?

AI excels in structured tasks but struggles with unstructured workflows, temporarily protecting some human jobs.

www.ft.com/content/471b5eba-2a71-4650-a019-e8d4065b78a0

Key Takeaways

  • AI excels in structured tasks but struggles with dynamic, unstructured workflows.

  • Messy multitasking limitations protect human jobs from AI disruption.

  • Freelancing roles are more susceptible to AI replacement.

  • AI's progress is steady across diverse tasks, despite complexity.

  • Workflow unpredictability shields some jobs from AI takeover.

  • Tech roles optimized for efficiency are surprisingly fragile.

  • Linear, predictable tasks are vulnerable to AI advancements.

  • Unstructured workflows hinder AI's ability to replace human jobs.

  • AI's impact varies significantly across different industries.

  • Administrative roles temporarily shielded by AI's multitasking struggles.

Wisdom of the week

Your purpose is not the thing you do.

It is the thing that happens in others when you do what you do.

Dr Caroline Leaf

Contact

Let me know if you have any feedback or any topics you want me to cover. You can ping me on LinkedIn or on Twitter/X. I’ll do my best to reply promptly!

Thanks! see you next week! Simon

Reply

Avatar

or to participate

Keep Reading

© 2026 Project Overwatch - The views and opinions expressed are my own and not those of any of my current, previous, or future employers..
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv