AI Agent Guardrails, Edge Intel, and EV Charging Flaws Amid Cloud…

New guardrails for AI agents and safer data access led today’s developments. AWS made Policy for Bedrock AgentCore generally available via a gateway that enforces least-privilege tool use at runtime, decoupled from agent code, as detailed in Bedrock Policy. Google introduced a typesafe Java SDK for the Model Context Protocol Toolbox for Databases to connect agents to transactional data with stronger controls and session state, in MCP SDK. Alongside these prevention-first moves, CISA flagged critical weaknesses across several EV charging backends, and responders tracked major disruptions and breaches.

Agent guardrails and data access mature

Centralized, policy-driven control over agent actions is advancing. AWS’s new Policy for Bedrock AgentCore evaluates natural-language policies compiled to Cedar in a gateway that intercepts tool calls and approves or denies them before execution. This externalized enforcement lets security and compliance teams author and audit rules without redeploying agent code, supporting consistent governance across regions and teams. In parallel, Google’s new Java SDK for the MCP Toolbox brings a typesafe control plane for connecting AI agents to mission-critical databases, with Day 2 features such as high concurrency, transactional integrity, and Spring Boot/LangChain4j integrations for stateful, multi-agent workflows. Secure patterns—such as binding authenticated user context and using parameterized SQL—aim to keep models from issuing raw queries while preserving enterprise-grade reliability.

That same agentic stack is moving closer to the network. An integration between Nokia’s Network as Code platform and Google’s agentic AI stack makes mobile networks programmable by intent, exposing standardized APIs, translating goals through Gemini and MCP, and coordinating business-to-network agents in real time, as outlined by Google Cloud. The approach targets use cases from autonomous logistics to network anomaly response, with edge orchestration to meet strict latency needs.

Threat intelligence moves to the edge

An edge-first Threat Intelligence Platform centralizes telemetry, investigation context, and automated enforcement in a single operational system, as detailed in the Cloudflare post. Built on globally distributed Durable Objects, GraphQL, and R2 storage, it enriches indicators with actor patterns, supports high-cardinality searches, exports STIX2 from the edge, and turns investigations into one-click, globally deployed Firewall API rules—reducing data gravity and accelerating hunting and response.

Email defense also leans on large language models to close detection gaps. A complementary Cloudflare write-up describes using LLMs to label phishing behaviors at scale, feed targeted models, and cut operational noise—citing a 20.4% quarter-over-quarter drop in one high-volume lure category and further reductions this year. The pipeline surfaces behavioral trends faster than user-reported misses, improving both coverage and analyst throughput.

EV charging and industrial controls: exposed paths

CISA released multiple advisories on vulnerabilities in EV charging platforms used across critical infrastructure. One CISA advisory covers Mobiliti’s e-mobi.hu, listing unauthenticated OCPP WebSocket access, weak session controls, and missing rate limiting among issues (CVSS up to 9.4) that could enable charger impersonation, privilege escalation, and service disruption; the vendor did not respond, and no fixes were available at publication. A second CISA advisory on ePower’s epower.ie documents a critical authentication bypass and related flaws that could allow unauthorized administrative control or denial of service; again, mitigations—not vendor patches—are emphasized, including network isolation, secure remote access, and rate limiting.

Everon’s OCPP backends face similar risks—missing authentication, absent rate limiting, and session hijacking vectors—though the affected platform was shut down in late 2025 as the primary mitigation, per a CISA advisory. Beyond EV infrastructure, CISA detailed a critical auth bypass in Labkotec’s LID-3300IP ice detector software that lets unauthenticated attackers alter configuration and issue operational commands on devices used in Communications and Energy sectors; the vendor advises migrating to Type 2 units with current firmware and enabling HTTPS, per the CISA advisory. Why it matters: unauthenticated control paths in OCPP and legacy industrial devices create straightforward opportunities for disruption and safety impacts if not isolated and patched.

Confirmed incidents and active exploitation

Amazon confirmed that drone strikes physically damaged three AWS data centers in the UAE and Bahrain, significantly impairing specific availability zones and disrupting dozens of services; restoration efforts prioritize safety, alternate software-based recovery paths, and guidance for customers to invoke disaster recovery and redirect traffic, according to BleepingComputer. Separately, LexisNexis Legal & Professional disclosed that an attacker exploited an unpatched frontend vulnerability to access a limited number of servers; the actor claims to have exfiltrated structured data from AWS infrastructure, while the company says most accessed data was legacy and excluded sensitive categories like Social Security or driver’s license numbers. The intrusion was contained, authorities were notified, and customers were informed, per BleepingComputer.

On the mobile front, Google’s March bulletin includes a fix for CVE-2026-21385 in a Qualcomm graphics component and notes indications of limited, targeted exploitation; two patch levels were released and prompt updates are advised, per BleepingComputer. In parallel, a Check Point analysis highlights an ongoing espionage campaign (“Silver Dragon”) against government entities in Southeast Asia and Europe that blends server exploitation and spearphishing with a bespoke backdoor using Google Drive for covert command-and-control, complicating detection; defenders are urged to harden internet-exposed services, enforce MFA, and monitor unusual cloud storage API activity, per Check Point.