Breaking 17:20 Veolia and Amazon deploy recycled water systems for data centers 17:00 Ai maps growing risks for white collar jobs across key sectors 16:40 MIT researchers reveal self organizing laser breakthrough for brain imaging 16:30 Canary Islands government aligns with Spain’s support for Moroccan autonomy plan 16:20 OpenAI and Microsoft revise partnership, end exclusive intellectual property rights 16:15 Paramount seeks regulatory approval for foreign funding in Warner Bros acquisition 16:01 Bank of Portugal governor sells shares after ECB ethics review 16:00 Chanel revisits Biarritz roots with cruise 2026 2027 show revival 15:45 Short sellers increase bets on life insurance stocks amid private credit concerns 15:40 Chery plans European production of small electric car to expand market 15:30 Nice court sentences rapper Freeze Corleone for terrorism-related apology remarks 15:20 Ferrari unveils Hypersail project targeting high speed ocean records 15:15 Adidas shares rise after Sabastian Sawe’s historic London Marathon performance 15:00 Wizz Air reassures on fuel supply amid global uncertainty 15:00 Porsche 975 RSE signals major leap as Formula E enters GEN4 era 14:45 Canada launches sovereign wealth fund to boost long-term investment 14:40 Ford Mustang GTD Competition sets new Nürburgring lap record 14:30 Microsoft ends exclusive access to OpenAI technology in strategic shift 14:20 Altman warns AGI could end jobs and destabilize global economy 14:15 Prada launches Indian-inspired sandals to rebuild cultural ties 14:00 Norwegian FA chief calls on FIFA to scrap peace prize 13:50 Eurozone growth outlook cut as Iran conflict fuels stagflation fears 13:45 Hungary and EU hold talks to unlock billions in frozen funds 13:30 Italy calls for EU budget flexibility on energy spending 13:15 Qualcomm surges on report of OpenAI partnership for AI smartphone processors 13:00 Thermo Fisher to sell microbiology business to Astorg for over $1 billion 12:45 Eli Lilly to buy Ajax therapeutics for up to $2.3 billion 12:30 European Union extends Myanmar sanctions for another year amid ongoing military rule 12:20 Beijing auto show 2026 signals China’s growing dominance in global industry 12:15 Bank of Canada expected to hold interest rates at 2.25% as oil shock seen as temporary 12:00 Congo launches $100 million US-backed mining guard to secure strategic mineral sites 12:00 Toyota global sales fall again as Middle East demand weakens 11:45 Insurgent groups challenge Mali’s military government amid rising instability 11:40 Smart unveils concept #2 previewing next generation electric city car 11:30 Polish crypto platform Zondacrypto faces money laundering allegations amid major scandal 11:20 Morocco launches probe into rice imports amid pressure on farmers 11:15 India’s UltraTech Cement beats profit estimates on stronger construction demand 11:00 China accelerates AI satellite network amid rising space competition 11:00 Audit court investigates alleged irregularities in public procurement contracts 10:45 23-year-old man shot dead in Bordeaux suburb as police open investigation 10:40 Lachguar draws clear lines on women's rights, opposition, and democratic balance 10:30 Sterling edges higher against dollar as Middle East tensions and Bank of England decision loom 10:20 Microsoft AI agent security toolkit flaw exposes missing authentication checks 10:15 Google to build AI campus in South Korea to boost global tech cooperation 10:00 One killed in drone strike near Zaporizhzhia nuclear plant amid Ukraine war tensions 10:00 Evening routines that cut stress and rebuild energy after work 09:45 Lightning strikes kill at least 14 in Bangladesh after severe heat wave 09:40 Comfort zone psychology: when feeling safe is just another form of settling 09:30 France prioritizes vaccination for adolescents and young adults amid public health concerns 09:20 Apple prepares leadership shift as MacBook Neo drives demand surge 09:15 Ecuador disqualifies two opposition parties months before local elections 09:01 European central bank survey shows limited signs of second-round inflation effects 09:00 China’s AI chip demand set to push imports above exports growth 08:45 Spain urges travelers to book flights early as Iran conflict drives up oil prices 08:40 DeepSeek slashes API prices tenfold to escalate global AI competition 08:30 MobiKwik secures central bank approval for NBFC licence in India 08:20 Hyundai targets electric vehicle exports from China to global markets 08:15 Public broadcasting: Attal questions report delay as allies plan abstention 08:00 Forvia to sell its interiors business to Apollo funds for $2.1 billion 07:50 China unveils zero emission coal fuel cell breakthrough 07:45 Syria: trial opens against former president Bashar al-Assad and his entourage 07:30 Strong 6.1 magnitude earthquake shakes northern Japan’s Hokkaido 07:15 North Korea reaffirms support for Russia’s war effort in Ukraine 07:00 Musk vs Altman: a landmark legal battle over OpenAI’s origins begins in California

Microsoft AI agent security toolkit flaw exposes missing authentication checks

Yesterday 10:20
By: Dakir Madiha
Microsoft AI agent security toolkit flaw exposes missing authentication checks

Microsoft faces scrutiny after a security analysis found that authentication checks in its open source AI agent governance toolkit are not executed in production code. The toolkit, released on April 3, was designed to provide runtime safeguards for autonomous AI agents and address risks outlined by OWASP in its top 10 list for agent based systems.

The issue was identified by security researcher Davi Ottenheimer, who examined the codebase and found that authentication primitives exist but are never invoked in operational workflows. Across five language implementations, Rust, Python, TypeScript, .NET, and Go, the verification functions are fully implemented and tested but remain disconnected from production paths. As a result, agent identities are not validated before being processed by governance systems.

Specific implementations reveal practical risks. In the Go version, any caller can impersonate an agent by setting a single HTTP header, allowing unauthenticated identities to pass through governance layers. In the .NET version, actions default to a hard coded anonymous identity when authentication middleware is not configured, leading to audit logs that fail to distinguish between different actors. Core components such as the MCP gateway accept rate limiting and policy engines but do not provide integration points for authentication, leaving verification outside the request flow.

Further analysis shows that some verification functions perform self signed checks that always return true, effectively bypassing identity validation. These mechanisms complete cryptographic steps without establishing trust, creating a false sense of security while leaving systems exposed to impersonation risks.

The findings mirror a separate vulnerability, CVE-2026-32173, affecting an Azure SRE agent developed by Microsoft. Discovered by Yanir Tsarimi of Enclave AI, the flaw allowed any account within the Entra ID ecosystem to access sensitive real time data streams in a multi tenant setup. Microsoft has since patched this issue on the server side.

Researchers describe both cases as part of a broader structural problem in AI security systems, where controls are implemented but not properly integrated. This gap is becoming more critical as companies accelerate adoption of autonomous agents under new regulatory pressure, including the upcoming enforcement of the European Union AI Act and the Colorado AI Act.

Recent industry data shows that 88 percent of organizations have experienced or suspect security incidents involving AI agents, while only 22 percent treat them as independent entities with distinct identities. Experts advise organizations using the toolkit to audit all entry points for agent identity and treat any default anonymous identity in logs as a configuration failure requiring immediate attention.

Keywords:



Latest News
  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

Newsletter

Subscribe now to the Walaw website newsletter to receive all the latest updates

Email address

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.