data exposure
7 posts
The agent is the breach
A board-level assessment of the Microsoft Copilot Cowork file exfiltration: control failure, exposure model, and the conditions that must hold for in-tenant agents.
Your AI sessions are outside your control perimeter.
A board-level risk statement on the Claude AI file exfiltration demonstration: control failure, exposure, and what must be true going forward.
Deleting the link does not recall the file
A file accessible without authentication is a file in distribution. Removing the link does not revoke access already granted.
The 2021 bucket that sat open for nine years
Abandoned files, forgotten buckets, and stale subdomains are the cheapest way attackers get in. Here is how to find yours before they do.
The breach scope you're quoting is fiction
Canvas breach scope is not confirmed. Operator brief on what failed, what must be assumed, and what users and institutions must do now.
Every field in the Canvas tenant is lit
The Canvas LMS incident lacks field-level disclosure. Treat every identity attribute, message, and uploaded file as exposed until the platform proves otherwise.
The number on the screen is a guess
The Canvas hack scope is not confirmed. A senior operator breakdown of what failed, what is rumour, and what users must now do.