Linkedin

What are You Looking For?

admin
onJune 24, 2026

๐—” ๐Ÿญ๐Ÿต๐Ÿต๐Ÿต ๐— ๐—ถ๐—ฐ๐—ฟ๐—ผ๐˜€๐—ผ๐—ณ๐˜ ๐—บ๐—ฒ๐—บ๐—ผ ๐—ฝ๐—ฟ๐—ฒ๐—ฑ๐—ถ๐—ฐ๐˜๐—ฒ๐—ฑ ๐—ต๐—ผ๐˜„ (๐—”๐—œ) ๐—ฎ๐—ด๐—ฒ๐—ป๐˜๐˜€ ๐˜„๐—ผ๐˜‚๐—น๐—ฑ ๐—ด๐—ฒ๐˜ ๐—ฎ๐˜๐˜๐—ฎ๐—ฐ๐—ธ๐—ฒ๐—ฑ ๐—ถ๐—ป ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฒ. ๐—œ๐˜ ๐—ท๐˜‚๐˜€๐˜ ๐—ฑ๐—ถ๐—ฑ๐—ป’๐˜ ๐—ธ๐—ป๐—ผ๐˜„ ๐—ถ๐˜ ๐˜†๐—ฒ๐˜.

2 min read

Back in ’99, an engineer named Loren Kohnfelder wrote up “The Threats To Our Products” and gave security teams an acronymโ€”STRIDEโ€”we’ve leaned on ever since.

Almost thirty years later, AI agents are reading inboxes, running code, and calling APIs on our behalf. And STRIDE fits them almost uncomfortably well.
I don’t think that’s luck. Kohnfelder was pointing at something underneath the tech!
How trust moves between systems. Agents might be the messiest trust problem we’ve ever shipped.

๐—›๐—ฒ๐—ฟ๐—ฒ’๐˜€ ๐˜๐—ต๐—ฒ ๐—ณ๐—ฟ๐—ฎ๐—บ๐—ฒ๐˜„๐—ผ๐—ฟ๐—ธ, ๐—ฎ๐—ฝ๐—ฝ๐—น๐—ถ๐—ฒ๐—ฑ ๐˜๐—ผ ๐—ฎ๐—ด๐—ฒ๐—ป๐˜๐˜€:
๐—ฆ โ€” ๐—ฆ๐—ฝ๐—ผ๐—ผ๐—ณ๐—ถ๐—ป๐—ด. Prompt injection. An attacker hides instructions in a doc or email the agent reads, dressed up to look like they came from you. The agent obeys, because it can’t always tell your instructions from theirs. (OWASP ranks this #1 for LLM apps.)

๐—ง โ€” ๐—ง๐—ฎ๐—บ๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ป๐—ด. Poisoned dataโ€”either in training or in a compromised API the agent trusts. Goes in upstream, shows up downstream in production.

๐—ฅ โ€” ๐—ฅ๐—ฒ๐—ฝ๐˜‚๐—ฑ๐—ถ๐—ฎ๐˜๐—ถ๐—ผ๐—ป. An agent fires off a purchase or edits a file autonomously, and the audit trail is patchy or missing. Something breaks and nobody can prove what happened. Accountability quietly evaporates.

๐—œ โ€” ๐—œ๐—ป๐—ณ๐—ผ๐—ฟ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐——๐—ถ๐˜€๐—ฐ๐—น๐—ผ๐˜€๐˜‚๐—ฟ๐—ฒ. Models can cough up training data when prompted right. And a long-running agent piling up context can be nudged into leaking it.

๐—— โ€” ๐——๐—ฒ๐—ป๐—ถ๐—ฎ๐—น ๐—ผ๐—ณ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ถ๐—ฐ๐—ฒ. Inference costs real money. Force an agent into a loop and you get both downtime and an ugly cloud bill. MITRE ATLAS calls it “Cost Harvesting.”

๐—˜ โ€” ๐—˜๐—น๐—ฒ๐˜ƒ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ผ๐—ณ ๐—ฃ๐—ฟ๐—ถ๐˜ƒ๐—ถ๐—น๐—ฒ๐—ด๐—ฒ. Agents get broad permissions to stay useful. A prompt injection can ride those permissions and do anything the deploying user could. Most agents in production are wildly over-privileged.

The threats aren’t a new shape. They’re just harder to spot, because agents behave probabilistically. You can’t read the source and point at the bugโ€”you have to poke the thing and see what falls out.
That’s exactly why the old frameworks earn their keep: they hand you the right questions even when the system’s a black box.

admin
onJune 24, 2026
Share
Previous Article

50 Signs You Belong in Cybersecurity (or Not)

Read Next

Subscribe to our Newsletter

Subscribe to our email newsletter to get the latest posts delivered right to your email.
Pure inspiration, zero spam โœจ
Welcome to New Web Life, your trusted source for cybersecurity insights, risk management strategies, and technology analysis.
ยฉ 2026 โ€” Newweblife. All Rights Reserved.