AI Agent Identity: Why Your Current Auth Model Will Break in Production
Traditional OAuth and service accounts don't work for multi-agent AI systems. Here's what Uber and Auth0 discovered — and how to design agent identity the right way.
Traditional OAuth and service accounts don't work for multi-agent AI systems. Here's what Uber and Auth0 discovered — and how to design agent identity the right way.
Anthropic documented how DeepSeek, Moonshot, and MiniMax ran 16 million fraudulent Claude queries through 24,000 fake accounts to distill Claude's reasoning, tool use, and coding capabilities into their own models. This is what the attack looked like, and why it matters.
Microsoft released the Agent Governance Toolkit on April 3, 2026 — seven packages covering policy enforcement, cryptographic identity, runtime isolation, and compliance automation. Here's a practical breakdown from someone building production agents.
This week's top reads for Tech Leads & Engineers: the AI coding tools war heats up, Stripe's autonomous agents ship 1,300 PRs/week, software supply chain becomes the #1 attack vector, and engineering leadership rethinks itself.
Deep dive into AI agent security threats in 2026. Covers prompt injection, data exfiltration, OpenClaw vulnerabilities, Claude Code hardening, and a complete defense architecture for teams deploying AI agents in client projects.
AI doesn't understand threat models. How to define your trust boundary, handle security-critical code, and build guardrails that protect your users.
Production security patterns for multi-agent AI systems. Covers IAM least privilege per agent, prompt injection defense, input sanitization, output validation, audit logging, secrets management, and compliance requirements.
Web security explained without the paranoia — mostly. Two tech leads discuss OWASP Top 10, authentication patterns, secrets management, and why your password requirements are probably wrong.
COPPA fines start at $50,000 per violation. GDPR penalties can reach 4% of revenue. This isn't optional. Here's how we built KidSpark to be compliant from day one.
How AI transforms the Security Engineer role: AI-assisted threat modelling, automated SAST/DAST pipelines, dependency scanning, security policy generation, and the human security judgment that keeps systems and users safe.
Recording interviews is easy. Doing it legally isn't. LiveKit Egress, real-time transcription, GDPR consent flows, HIPAA encryption requirements, and the compliance checklist you need before go-live.
Post G — Security patterns every Angular Tech Lead must know for ecommerce. How Angular's sanitizer works, the token refresh race condition and the shareReplay fix, Content Security Policy with SSR, and CSRF protection.
Implement production security for a children's platform: least-privilege IAM policies, Cognito user pools with COPPA-compliant parental consent flows, WAF rule groups, KMS encryption, Secrets Manager auto-rotation, and GuardDuty threat detection.
Everything I configured to secure my portfolio site with Cloudflare — from SSL and WAF rules to bot protection and security headers. Free tier covers most of it.
Get notified when I publish new posts on AI, .NET, cloud architecture and more.