Nik Kale
Nik Kale
Building Intelligent Systems That Operate Themselves Securely
⌘K
Subscribe Sign in
Nik Kale

Machine Identity

88% of You Have Already Had an AI Agent Security Incident. The Other 12% Probably Don’t Know Yet.
Enterprise Security

88% of You Have Already Had an AI Agent Security Incident. The Other 12% Probably Don’t Know Yet.

Gravitee surveyed 900+ executives and found 88% reported AI agent security incidents, while 82% believed their policies were adequate. The gap between executive confidence and operational reality is the most dangerous metric in enterprise AI security right now.
The Trust Boundary Problem: Identity Architecture for Autonomous AI
Machine Identity

The Trust Boundary Problem: Identity Architecture for Autonomous AI

As AI agents move from assistants to autonomous actors, they don't just need permission to act. They need identity.
Researchers Just Proved That Making AI Agents Collaborate Better Makes Them Leak More Data
Trustworthy AI

Researchers Just Proved That Making AI Agents Collaborate Better Makes Them Leak More Data

Every connection between AI agents creates both capability and exposure. The trust-vulnerability paradox formalizes what practitioners have observed: multi-agent collaboration scales risk faster than it scales value without trust budgeting.
MCP Gets OAuth 2.1, Six Months Too Late, and Thousands of Servers Already Deployed Without It
Machine Identity

MCP Gets OAuth 2.1, Six Months Too Late, and Thousands of Servers Already Deployed Without It

MCP's OAuth 2.1 integration addresses the authentication gap, but 13,000 servers were deployed during the six months it was optional. Security debt doesn't vanish when you update a spec. It persists in every system built before the fix.
OpenAI Just Adopted MCP, And the Protocol Still Doesn’t Mandate Authentication
Agentic Systems

OpenAI Just Adopted MCP, And the Protocol Still Doesn’t Mandate Authentication

OpenAI's adoption of MCP validates the protocol's trajectory but doesn't resolve its core security gap. Authentication remains optional in the specification, and adoption at scale amplifies the risk of every unauthenticated connection.
The Death of the Service Account: Why Google and CoSAI Say AI Agents Need Human Identity
Machine Identity

The Death of the Service Account: Why Google and CoSAI Say AI Agents Need Human Identity

AI agents operating under shared service accounts create an accountability void. Google and CoSAI are converging on identity propagation as the answer: agents should inherit and carry human identity, not mask it behind generic credentials.
Anthropic Just Released the ‘USB-C for AI’, And It Ships Without Authentication
Machine Identity

Anthropic Just Released the ‘USB-C for AI’, And It Ships Without Authentication

Anthropic's Model Context Protocol promises to standardize how AI connects to tools and data. The architecture is elegant. The problem: the initial specification shipped without mandatory authentication, creating a protocol-level trust gap.
$25.5 Million in 12 Minutes: The Arup Deepfake Heist That Should Terrify Every CFO
Machine Identity

$25.5 Million in 12 Minutes: The Arup Deepfake Heist That Should Terrify Every CFO

An employee at engineering firm Arup transferred $25.5 million after a video call with deepfake recreations of senior executives. This wasn't a failure of awareness training. It was an architecture failure where visual identity was the only trust layer.
Deepfake Fraud Surged 3,000% This Year: Your Video Calls Are No Longer Proof of Identity
Machine Identity

Deepfake Fraud Surged 3,000% This Year: Your Video Calls Are No Longer Proof of Identity

Deepfake fraud increased 3,000% in 2023, and the implications extend beyond social engineering. When video and voice can be synthesized in real time, visual confirmation of identity stops being a reliable authentication factor.