Archive - RockCyber Musings

Agent Supply Chain Attacks: Your Scanner Already Switched Sides

March 2026's Trivy-LiteLLM-Axios cascade shows why agent supply chain risk breaks existing controls. Practical steps for CISOs.

20 hrs ago • Rock Lambros

Reasoning Theater: Why Chain-of-Thought Monitoring Fails Your Agentic AI

New research proves reasoning models perform deliberation they've already completed. Apply the CARE framework to close your agentic AI monitoring gap.

20 hrs ago • Rock Lambros

Weekly Musings Top 10 AI Security Wrapup: Issue 32 March 27-April 2, 2026

Anthropic's Worst Week, CISA's Busiest Friday, and the EU Still Wasn't Ready

Apr 3 • Rock Lambros

March 2026

AI Monitoring Is a Standards Problem, Not a Technology Problem

NIST AI 800-4 proves AI monitoring fails from missing standards, not missing tech. Specific actions CISOs should take before EU AI Act Article 72 hits…

Mar 31 • Rock Lambros

Weekly Musings Top 10 AI Security Wrapup: Issue 31 March 20-26, 2026

RSA 2026: Every Vendor Sold an Agent. A Supply Chain Attack Ran Quietly in the Background

Mar 27 • Rock Lambros

Weekly Musings Top 10 AI Security Wrapup: Issue 30 March 13-19, 2026

Agentic AI Security Moves From "Meh" to Incident Log

Mar 20 • Rock Lambros

AI Agent Authentication Gets the Hard Part Right. Authorization Is Still Your Problem.

IETF's new AI agent auth draft nails identity with WIMSE and SPIFFE but skips per-action authorization.

Mar 17 • Rock Lambros

Weekly Musings Top 10 AI Security Wrapup: Issue 29 March 6, 2026 - March 12, 2026

When AI Companies Sue the Government and OpenAI Enters the Security Market

Mar 13 • Rock Lambros

AI Vendor Lock-In: What the Pentagon Taught Every CISO This Week

The DoD's Anthropic supply chain risk designation exposed every enterprise's embedded AI architecture gap. Here's what your vendor contracts are…

Mar 10 • Rock Lambros

Weekly Musings Top 10 AI Security Wrapup: Issue 28 February 27, 2026 - March 5, 2026

When AI Attacks AI: The Agentic Threat Era Arrives in Full

Mar 6 • Rock Lambros

Agentic AI Authorization: From T-Shaped to Z-Shaped Security

Context engineering is authorization engineering. Staff accordingly

Mar 3 • Rock Lambros

February 2026

Weekly Musings Top 10 AI Security Wrapup: Issue 27 February 20, 2026 - February 26, 2026

Pentagon, Prompt Injection, and China’s AI Playbook: The Week AI Security Got Loud

Feb 27 • Rock Lambros

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts