Breaking 13:37 Somaliland president makes first state visit to Israel following recognition 13:28 Israeli airstrike on Beirut southern suburbs kills at least three people 13:12 UK anti-Islam activist briefly detained under counter-terrorism laws at Heathrow 13:01 Distrust hampers Ebola response in Congo displacement camps 12:53 Swiss voters reject population cap initiative in early projections 12:42 French president speaks with family of Lyhanna as investigation continues 12:31 North Korea declares denuclearization issue permanently closed 12:26 French education minister calls for morning-only exams amid rising temperatures 12:13 Experienced paraglider dies after fall into the sea off Brittany coast 12:04 Anthropic AI suspension reignites debate over regulation in the United States 11:52 Forgotten French cheese makes a comeback thanks to social media 11:44 Draft US-Iran agreement could unlock $25 billion in frozen assets 11:40 Police search for suspect after woman assaulted in park in northern France 11:36 Teenager fatally shot in Montbéliard as homicide investigation begins 11:14 Limited cyberattack disrupts services at four Iranian banks, officials say 11:05 Iran says draft US agreement includes sanctions relief, oil terms and nuclear limits 10:55 United Kingdom continues internal talks over defence spending, minister says 10:00 Man arrested at Cape Town airport with 150 venomous scorpions in luggage 09:45 Venezuela confirms death of Tren de Aragua leader in joint operation with the United States 09:30 Chaos erupts in Manhattan celebrations as bus is set on fire after Knicks victory 09:15 Trump hosts MMA event at the White House to mark his 80th birthday 09:00 Trump says Iran peace agreement could be signed within days 08:45 Romanian president nominates Adrian Vestea as prime minister to end political deadlock 08:30 Iran urges FIFA to ban opposition flags from World Cup stadiums 08:15 Taiwan proposes tougher penalties to strengthen mandatory military service 08:00 Japan plans Greenland mission to assess rare earth mining opportunities 07:45 British forces intercept suspected Russian shadow fleet tanker in the English Channel 07:30 Taiwan launches online platform for Chinese citizens to share intelligence information 07:15 Protests erupt in Peru amid fears of a return to Fujimorismo 07:00 Swiss voters head to the polls on population cap and civil service reform 19:28 Moroccan fans fill times square ahead of World Cup clash against Brazil 19:21 Agadir University Hospital successfully performs first radiofrequency treatment for liver cancer 19:16 Amazon raises concerns over advanced Anthropic AI models amid U.S. security restrictions 17:30 Morocco’s tourist transport sector mobilizes for major modernization push 17:15 Russell takes pole position in Barcelona as Hamilton secures front row start 17:00 Toulouse: 33 years old man fatally stabbed by suspect “in a state of apparent drunkenness” 16:45 Rabat Grand Museum of Archaeology and earth sciences project faces early delays 16:30 Al Omrane Expo “Moroccans of the World 2026” continues with Amsterdam stage 16:15 Kidnapped Nigerian retired major general dies in terrorist captivity 16:00 Haute-Savoie: a gendarme killed and two others injured in road accident on the sidelines of the G7 in Évian 15:49 Poultry sector in Morocco faces price drop as producers warn of economic pressure 15:45 World Cup 2026: Klopp criticizes cooling breaks, saying football is “Held Hostage” 15:30 Ukraine’s Zaporizhzhia nuclear plant reconnected to power grid after IAEA-brokered ceasefire 15:27 Heatwaves in Île-de-France affect public transport usage, study finds 15:17 Sweden celebrates the royal couple’s golden wedding anniversary 15:15 French exit from Franco-German tank project cannot be ruled out, rheinmetall CEO says 15:00 Pakistan says U.S.-Iran peace agreement could be signed within 24 hours 14:45 Daniel Kretinsky becomes West Ham’s largest shareholder after increasing his stake 14:30 Morocco’s seawater desalination strategy gains international recognition 14:21 Switzerland Faces a Historic Choice: Capping Its Population at 10 Million 14:15 World Bank approves $650 million to support Morocco’s digital transformation and climate resilience 14:02 Global Grain Harvest Set to Reach Record High in 2026-2027, USDA Forecasts 14:00 North Korea condemns EU–South Korea statement criticizing military ties with Russia 13:47 WHO report shows progress in blood safety, but there are worrying gaps 13:45 French political leaders warn of growing AI dependence after U.S. restrictions on Anthropic

Microsoft AI agent security toolkit flaw exposes missing authentication checks

Monday 27 April 2026 - 10:20
By: Dakir Madiha
Microsoft AI agent security toolkit flaw exposes missing authentication checks

Microsoft faces scrutiny after a security analysis found that authentication checks in its open source AI agent governance toolkit are not executed in production code. The toolkit, released on April 3, was designed to provide runtime safeguards for autonomous AI agents and address risks outlined by OWASP in its top 10 list for agent based systems.

The issue was identified by security researcher Davi Ottenheimer, who examined the codebase and found that authentication primitives exist but are never invoked in operational workflows. Across five language implementations, Rust, Python, TypeScript, .NET, and Go, the verification functions are fully implemented and tested but remain disconnected from production paths. As a result, agent identities are not validated before being processed by governance systems.

Specific implementations reveal practical risks. In the Go version, any caller can impersonate an agent by setting a single HTTP header, allowing unauthenticated identities to pass through governance layers. In the .NET version, actions default to a hard coded anonymous identity when authentication middleware is not configured, leading to audit logs that fail to distinguish between different actors. Core components such as the MCP gateway accept rate limiting and policy engines but do not provide integration points for authentication, leaving verification outside the request flow.

Further analysis shows that some verification functions perform self signed checks that always return true, effectively bypassing identity validation. These mechanisms complete cryptographic steps without establishing trust, creating a false sense of security while leaving systems exposed to impersonation risks.

The findings mirror a separate vulnerability, CVE-2026-32173, affecting an Azure SRE agent developed by Microsoft. Discovered by Yanir Tsarimi of Enclave AI, the flaw allowed any account within the Entra ID ecosystem to access sensitive real time data streams in a multi tenant setup. Microsoft has since patched this issue on the server side.

Researchers describe both cases as part of a broader structural problem in AI security systems, where controls are implemented but not properly integrated. This gap is becoming more critical as companies accelerate adoption of autonomous agents under new regulatory pressure, including the upcoming enforcement of the European Union AI Act and the Colorado AI Act.

Recent industry data shows that 88 percent of organizations have experienced or suspect security incidents involving AI agents, while only 22 percent treat them as independent entities with distinct identities. Experts advise organizations using the toolkit to audit all entry points for agent identity and treat any default anonymous identity in logs as a configuration failure requiring immediate attention.

Keywords:



Latest News
  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

Newsletter

Subscribe now to the Walaw website newsletter to receive all the latest updates

Email address

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.