<?xml version="1.0" encoding="UTF-8"?>        <rss version="2.0"
             xmlns:atom="http://www.w3.org/2005/Atom"
             xmlns:dc="http://purl.org/dc/elements/1.1/"
             xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
             xmlns:admin="http://webns.net/mvcb/"
             xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
             xmlns:content="http://purl.org/rss/1.0/modules/content/">
        <channel>
            <title>
									Cyber Security Beyond Identity - NHIMG Forum				            </title>
            <link>https://nhimg.org/community/cybersecurity-beyond-identity/</link>
            <description>NHIMG Discussion Board</description>
            <language>en-US</language>
            <lastBuildDate>Thu, 09 Jul 2026 12:47:19 +0000</lastBuildDate>
            <generator>wpForo</generator>
            <ttl>60</ttl>
							                    <item>
                        <title>OpenVSX extension abuse: what it means for AI coding security</title>
                        <link>https://nhimg.org/community/cybersecurity-beyond-identity/openvsx-extension-abuse-what-it-means-for-ai-coding-security/</link>
                        <pubDate>Thu, 09 Jul 2026 12:37:39 +0000</pubDate>
                        <description><![CDATA[TL;DR: Malicious and hijacked extensions remain publicly available on OpenVSX even after exposure, while dormant projects and low-reputation publishers can be repurposed as malware distribut...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> Malicious and hijacked extensions remain publicly available on OpenVSX even after exposure, while dormant projects and low-reputation publishers can be repurposed as malware distribution paths, according to Knostic. The finding shows that extension marketplaces need runtime trust controls, not just review and takedown workflows, as AI coding assistants increasingly consume them.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Knostic: compromised OpenVSX extensions remain active after exposure</em></p>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-malicious-extensions-remain-available-after-exposure/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when malicious extensions remain available after exposure?</a></strong></p>
<p><strong>A:</strong> When compromised extensions remain available, security teams lose the assumption that discovery equals containment.</p>
<p><strong>Q: Why do AI coding assistants increase extension marketplace risk?</strong></p>
<p><strong>A:</strong> AI coding assistants increase risk because they often operate inside high-trust developer environments and can interact with the same packages, files, and credentials as the human user.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/how-do-security-teams-know-if-extension-governance-is-actually-working/?utm_source=nhimg&amp;utm_medium=NHIForum">How do security teams know if extension governance is actually working?</a></strong></p>
<p><strong>A:</strong> Measure whether unapproved extensions can be installed, whether dormant packages are being reviewed after sudden updates, and whether malicious listings can be blocked before execution.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Verify publisher lineage before approving extensions</strong> Require documented <a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum">publisher identity, account history, and package provenance</a> before allowing extensions into developer-approved catalogs, especially where dormant projects have resumed activity.</li>
<li><strong>Restrict AI coding assistants to approved extension sources</strong> Limit what assistants can install, recommend, or execute so they cannot freely pull from public marketplaces without policy checks and workspace controls.</li>
<li><strong>Add install-time inspection and blocking</strong> Inspect extension metadata, signatures, and behaviour at the moment of installation so suspicious packages can be stopped before they execute in the developer environment.</li>
</ul>
<h2>What's in the full article</h2>
<p>Knostic's full analysis covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>Step-by-step examples of malicious and hijacked OpenVSX listings that remained live after exposure</li>
<li>The screenshots and publisher warnings used to distinguish dormant projects from freshly weaponised packages</li>
<li>How Kirin detects an infected extension at install time and alerts the user before spread</li>
<li>Operational guidance on stopping risky extensions from reaching developers and AI coding assistants</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.knostic.ai/blog/malicious-vs-code-extensions-on-openvsx?utm_source=nhimg&amp;utm_medium=NHIForum">Read Knostic's analysis of malicious OpenVSX extensions and AI coding risk →</a></strong></p>
<p><em>OpenVSX extension abuse: what it means for AI coding security?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/cybersecurity-beyond-identity/">Cyber Security Beyond Identity</category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/cybersecurity-beyond-identity/openvsx-extension-abuse-what-it-means-for-ai-coding-security/</guid>
                    </item>
				                    <item>
                        <title>Invisible Unicode in AI coding agents: what teams need to act on</title>
                        <link>https://nhimg.org/community/cybersecurity-beyond-identity/invisible-unicode-in-ai-coding-agents-what-teams-need-to-act-on/</link>
                        <pubDate>Thu, 09 Jul 2026 12:37:14 +0000</pubDate>
                        <description><![CDATA[TL;DR: Invisible zero-width and bidirectional Unicode characters can hide logic, alter execution flow, and poison AI coding workflows, with real campaigns affecting IDEs, extensions, and rul...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> Invisible zero-width and bidirectional Unicode characters can hide logic, alter execution flow, and poison AI coding workflows, with real campaigns affecting IDEs, extensions, and rules files used by GitHub Copilot and Cursor. The control problem is no longer just code review; teams need scanning, review, and governance for AI configuration files and developer tooling.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Knostic: Invisible Unicode in AI coding agents is a supply-chain risk</em></p>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-invisible-unicode-characters-are-not-checked-in-code-and-ai-rul/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when invisible Unicode characters are not checked in code and AI rules files?</a></strong></p>
<p><strong>A:</strong> Reviewers can approve code that does not match what the compiler or AI agent actually consumes.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-ai-coding-agents-make-hidden-character-attacks-more-dangerous/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do AI coding agents make hidden-character attacks more dangerous?</a></strong></p>
<p><strong>A:</strong> AI coding agents can repeatedly apply poisoned instructions from rules files, templates, or shared config, so one hidden payload can influence many future outputs.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/how-can-security-teams-detect-invisible-unicode-abuse-in-development-workflows/?utm_source=nhimg&amp;utm_medium=NHIForum">How can security teams detect invisible Unicode abuse in development workflows?</a></strong></p>
<p><strong>A:</strong> Run Unicode scanning in pre-commit and CI, render non-printing characters during review, and block files that contain bidirectional overrides or unexpected control ranges.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Scan for control-character abuse in CI</strong> Add Unicode linting to pre-commit hooks and build pipelines, and reject files containing bidirectional overrides or unexpected zero-width ranges.</li>
<li><strong>Put AI rules files under change control</strong> Treat .cursorrules, .mdc, and related agent instructions as executable policy objects.</li>
<li><strong>Harden developer-tool provenance</strong> Allowlist IDE extensions, verify publishers, and remove unused add-ons from developer workstations.</li>
</ul>
<h2>What's in the full article</h2>
<p>Knostic's full article covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>A concrete walkthrough of the hidden Unicode patterns that evade human review and simple syntax highlighting.</li>
<li>Step-by-step detection examples for command-line and CI-based scanning of control and zero-width character ranges.</li>
<li>Operational guidance for hardening IDE extensions, AI rules files, and development templates before they influence code generation.</li>
<li>A closer look at the Kirin detection example showing how hidden payloads are identified at install time.</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.knostic.ai/blog/zero-width-unicode-characters-risks?utm_source=nhimg&amp;utm_medium=NHIForum">Read Knostic's analysis of invisible Unicode attacks in AI coding workflows →</a></strong></p>
<p><em>Invisible Unicode in AI coding agents: what teams need to act on?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/cybersecurity-beyond-identity/">Cyber Security Beyond Identity</category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/cybersecurity-beyond-identity/invisible-unicode-in-ai-coding-agents-what-teams-need-to-act-on/</guid>
                    </item>
				                    <item>
                        <title>AI coding assistant governance: are your controls keeping up?</title>
                        <link>https://nhimg.org/community/cybersecurity-beyond-identity/ai-coding-assistant-governance-are-your-controls-keeping-up/</link>
                        <pubDate>Thu, 09 Jul 2026 12:36:26 +0000</pubDate>
                        <description><![CDATA[TL;DR: AI coding assistants are now used or planned by 84% of developers, while 46% say they do not trust AI-generated results, according to Stack Overflow and ITPro coverage cited by Knosti...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> AI coding assistants are now used or planned by 84% of developers, while 46% say they do not trust AI-generated results, according to Stack Overflow and ITPro coverage cited by Knostic. Governance is no longer optional because traceability, policy enforcement, and data controls determine whether speed turns into audit failure, leakage, or insecure code.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Knostic: Fast Facts on AI Coding Assistant Governance AI coding assistants accelerate development, but without governance, their outputs can bypass security, compliance, and regulatory frameworks</em></p>
<p><strong>By the numbers:</strong></p>
<ul>
<li><a href="https://www.knostic.ai/blog/ai-coding-assistant-governance?utm_source=nhimg&amp;utm_medium=NHIForum">84% of developers use or plan to use AI tools</a> in their development workflows.</li>
<li><a href="https://www.knostic.ai/blog/ai-coding-assistant-governance?utm_source=nhimg&amp;utm_medium=NHIForum">46% of developers say they do not trust</a> the accuracy of AI-generated results, up from about 31% in 2024.</li>
<li><a href="https://www.knostic.ai/blog/ai-coding-assistant-governance?utm_source=nhimg&amp;utm_medium=NHIForum">58% of employees admitted they had pasted sensitive data</a> into LLMs, even when their companies had not clearly defined what was allowed.</li>
</ul>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/how-should-security-teams-govern-ai-coding-assistants-that-can-execute-commands/?utm_source=nhimg&amp;utm_medium=NHIForum">How should security teams govern AI coding assistants in development workflows?</a></strong></p>
<p><strong>A:</strong> Security teams should govern AI coding assistants by combining approved use cases, model allowlists, prompt filtering, and traceable logging.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-ai-coding-assistants-create-compliance-and-audit-risk/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do AI coding assistants create compliance and audit risk?</a></strong></p>
<p><strong>A:</strong> They create compliance and audit risk because they can generate code and process inputs outside traditional review paths.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/what-do-teams-get-wrong-about-monitoring-ai-generated-code/?utm_source=nhimg&amp;utm_medium=NHIForum">What do teams get wrong about monitoring AI-generated code?</a></strong></p>
<p><strong>A:</strong> Teams often focus on the code itself and forget the provenance trail around it.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Define allowed AI coding use cases</strong> Restrict assistants to low-risk tasks such as boilerplate, documentation, and test scaffolding, and explicitly prohibit use in cryptography, authentication flows, or credential handling.</li>
<li><strong>Enforce model allowlists and prompt controls</strong> Approve specific providers centrally, then block or mask prompts that contain secrets, regulated data, or repository content outside policy.</li>
<li><strong>Tag and trace AI-assisted changes</strong> Record when a suggestion was generated, whether it was accepted or modified, and which pull request or commit introduced it.</li>
</ul>
<h2>What's in the full article</h2>
<p>Knostic's full article covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>Specific policy examples for allowing or blocking AI assistant use in code review and repository workflows.</li>
<li>Workflow guidance for logging AI-assisted suggestions, edits, and approvals at pull request level.</li>
<li>Implementation detail on prompt filtering, model whitelisting, and guardrail enforcement in developer environments.</li>
<li>Practical examples of how governance can be embedded into CI/CD without adding excessive manual review.</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.knostic.ai/blog/ai-coding-assistant-governance?utm_source=nhimg&amp;utm_medium=NHIForum">Read Knostic's analysis of AI coding assistant governance and DevSecOps controls →</a></strong></p>
<p><em>AI coding assistant governance: are your controls keeping up?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/cybersecurity-beyond-identity/">Cyber Security Beyond Identity</category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/cybersecurity-beyond-identity/ai-coding-assistant-governance-are-your-controls-keeping-up/</guid>
                    </item>
				                    <item>
                        <title>Coding assistants, MCP, and the governance gap teams are missing</title>
                        <link>https://nhimg.org/community/cybersecurity-beyond-identity/coding-assistants-mcp-and-the-governance-gap-teams-are-missing/</link>
                        <pubDate>Thu, 09 Jul 2026 12:35:03 +0000</pubDate>
                        <description><![CDATA[TL;DR: AI-assisted software development is accelerating vulnerability discovery, expanding the attack surface in IDEs and toolchains, and creating governance pressure around dependency use, ...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> AI-assisted software development is accelerating vulnerability discovery, expanding the attack surface in IDEs and toolchains, and creating governance pressure around dependency use, generated code, and autonomous tool actions, according to Knostic's webinar with CTO Sounil Yu. The critical issue is no longer just what code ships, but whether security teams can constrain agent behaviour, verify outcomes, and recover when non-deterministic workflows go wrong.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Knostic: What security leaders need to know from our recent webinar with Knostic CTO Sounil Yu</em></p>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/how-should-security-teams-govern-coding-assistants-on-developer-endpoints/?utm_source=nhimg&amp;utm_medium=NHIForum">How should security teams govern coding assistants that can take actions inside the IDE?</a></strong></p>
<p><strong>A:</strong> Treat coding assistants as privileged systems with bounded capabilities, not as neutral productivity tools.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-conversational-ai-systems-create-new-identity-and-access-risks/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do coding assistants create new identity and access risks?</a></strong></p>
<p><strong>A:</strong> Because they operate inside a high-trust environment and can inherit access to files, secrets, tools, and services.</p>
<p><strong>Q: What breaks when teams rely on SBOMs and SCA alone for generated code?</strong></p>
<p><strong>A:</strong> They can create false confidence if the code is bespoke but still risky.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Instrument the IDE as a security endpoint</strong> Log assistant actions, file context, tool calls, and destructive commands from the IDE so you can detect unsafe behaviour before code is committed.</li>
<li><strong>Gate all-three agent states</strong> Block or require approval when an assistant has <a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum">untrusted inputs, access to sensitive data</a>, and external communication in the same workflow.</li>
<li><strong>Curate MCP servers and extensions</strong> Maintain allow-lists for approved extensions and MCP endpoints, then review exceptions like privileged access requests.</li>
</ul>
<h2>What's in the full article</h2>
<p>Knostic's full webinar covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>The live walkthrough of the Agent’s Rule of Two and how to operationalise it in developer environments.</li>
<li>The OODA lens for distinguishing tools, AI agents, and agentic AI in practical workflows.</li>
<li>The Kirin approach to instrumenting IDE actions, MCP calls, and extension behaviour.</li>
<li>The specific examples of dangerous actions, prompt injection paths, and control points discussed in the session.</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.knostic.ai/blog/ai-supply-chain-risks?utm_source=nhimg&amp;utm_medium=NHIForum">Read Knostic's webinar analysis of agentic development security and AI-assisted vulnerability discovery →</a></strong></p>
<p><em>Coding assistants, MCP, and the governance gap teams are missing?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/cybersecurity-beyond-identity/">Cyber Security Beyond Identity</category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/cybersecurity-beyond-identity/coding-assistants-mcp-and-the-governance-gap-teams-are-missing/</guid>
                    </item>
				                    <item>
                        <title>IDE secrets management: are your developer controls keeping up?</title>
                        <link>https://nhimg.org/community/cybersecurity-beyond-identity/ide-secrets-management-are-your-developer-controls-keeping-up/</link>
                        <pubDate>Thu, 09 Jul 2026 12:34:49 +0000</pubDate>
                        <description><![CDATA[TL;DR: IDE secrets management is exposed as a hidden control gap because AI tools, extensions, MCP servers, and clipboard workflows can ingest, retain, and leak credentials from development ...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> IDE secrets management is exposed as a hidden control gap because AI tools, extensions, MCP servers, and clipboard workflows can ingest, retain, and leak credentials from development environments, according to Knostic. The practical lesson is that plaintext storage, broad context access, and weak drift monitoring create a much larger secrets risk than most teams assume.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Knostic: Key Findings on IDE Secrets Management</em></p>
<p><strong>By the numbers:</strong></p>
<ul>
<li>Stolen or misused credentials were the leading initial access vector, accounting for <a href="https://www.knostic.ai/blog/ide-secrets-management?utm_source=nhimg&amp;utm_medium=NHIForum">30% of all incidents</a>.</li>
<li><a href="https://www.knostic.ai/blog/ide-secrets-management?utm_source=nhimg&amp;utm_medium=NHIForum">95% of surveyed organizations</a> had experienced a cloud-related breach in the previous 18 months, and 99% of those cited insecure identities as the primary cause.</li>
</ul>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-fails-when-ide-secrets-are-stored-in-plaintext-or-unprotected-buffers/?utm_source=nhimg&amp;utm_medium=NHIForum">What fails when IDE secrets are stored in plaintext or unprotected buffers?</a></strong></p>
<p><strong>A:</strong> Plaintext storage turns a temporary developer convenience into persistent credential exposure.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-ai-assistants-and-ide-extensions-create-extra-risk-for-secrets-management/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do AI assistants and IDE extensions create extra risk for secrets management?</a></strong></p>
<p><strong>A:</strong> They expand the number of components that can read context, store output, or relay diagnostic data.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/how-do-teams-know-if-ide-secrets-controls-are-actually-working/?utm_source=nhimg&amp;utm_medium=NHIForum">How do teams know if IDE secrets controls are actually working?</a></strong></p>
<p><strong>A:</strong> Look for the absence of secrets in local caches, extension storage, clipboard history, and AI assistant logs, not just clean repository scans.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Constrain IDE context access by default</strong> Disable broad workspace scanning, automatic environment-variable ingestion, and full-project context sharing in AI assistants unless a specific use case requires it.</li>
<li><strong>Move secrets out of plaintext developer storage</strong> Require encrypted OS-backed storage such as Keychain, DPAPI, or GNOME Keyring for any local credential material, and block .env or token files from unprotected project directories.</li>
<li><strong>Standardise IDE baselines across the fleet</strong> Package approved settings for IDEs, clipboard behaviour, autosave, and extension installation into workspace templates so developer machines do not drift into insecure defaults.</li>
</ul>
<h2>What's in the full article</h2>
<p>Knostic's full analysis covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>How specific IDE components, extensions, and AI assistants store or relay secrets in real workflows.</li>
<li>The security framework for storage policies, access scope policies, token lifespan policies, and exposure prevention policies.</li>
<li>Practical controls for configuration baselines, local storage hygiene, and monitoring for drift or misuse.</li>
<li>Examples of where diagnostic output, clipboard behaviour, and autosave settings create silent leak paths.</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.knostic.ai/blog/ide-secrets-management?utm_source=nhimg&amp;utm_medium=NHIForum">Read Knostic's analysis of IDE secrets management and hidden developer exposure paths →</a></strong></p>
<p><em>IDE secrets management: are your developer controls keeping up?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/cybersecurity-beyond-identity/">Cyber Security Beyond Identity</category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/cybersecurity-beyond-identity/ide-secrets-management-are-your-developer-controls-keeping-up/</guid>
                    </item>
				                    <item>
                        <title>AI coding agents and MCP security: what practitioners need now</title>
                        <link>https://nhimg.org/community/cybersecurity-beyond-identity/ai-coding-agents-and-mcp-security-what-practitioners-need-now/</link>
                        <pubDate>Thu, 09 Jul 2026 10:03:42 +0000</pubDate>
                        <description><![CDATA[TL;DR: AI coding agents are moving beyond developer workflows into broader knowledge work, with MCP servers, IDE extensions, and skill configurations creating new exposure points for command...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> AI coding agents are moving beyond developer workflows into broader knowledge work, with MCP servers, IDE extensions, and skill configurations creating new exposure points for command execution, data access, and supply chain dependence, according to Knostic. The governance gap is now less about whether these tools are useful and more about whether organisations can discover, monitor, and contain them before they touch production systems.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Knostic: Open Source Tools for Security Teams and the OpenClaw agent control gap</em></p>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/how-should-security-teams-govern-ai-coding-assistants-that-can-execute-commands/?utm_source=nhimg&amp;utm_medium=NHIForum">How should security teams govern AI coding agents that can access tools and services?</a></strong></p>
<p><strong>A:</strong> Security teams should treat AI coding agents as governed software entities with explicit tool permissions, lifecycle logging, and named ownership.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-ai-agent-discovery-is-incomplete/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when AI agents are deployed without discovery controls?</a></strong></p>
<p><strong>A:</strong> Without discovery controls, organisations cannot tell whether an agent is approved, duplicated, or hiding in an unmanaged endpoint path.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/how-do-security-teams-know-whether-agent-telemetry-is-actually-working/?utm_source=nhimg&amp;utm_medium=NHIForum">How do security teams know whether agent telemetry is actually working?</a></strong></p>
<p><strong>A:</strong> Telemetry is working when it captures tool calls, lifecycle events, and message traces in a way that supports investigation and correlation.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Inventory all agent entry points</strong> Scan managed devices and build environments for <a href="https://nhimg.org/complete-guide-to-the-2026-owasp-top-10-risks-for-agentic-applications?utm_source=nhimg&amp;utm_medium=NHIForum">CLI binaries, app bundles</a>, gateway services, config files, and container artifacts associated with coding agents and their extensions.</li>
<li><strong>Govern MCP and extension permissions</strong> Review every <a href="https://nhimg.org/top-10-non-human-identity-issues?utm_source=nhimg&amp;utm_medium=NHIForum">MCP server definition</a>, IDE extension, rule file, and skill configuration as a policy object with explicit approval, scope, and ownership.</li>
<li><strong>Require behavioural telemetry for agents</strong> Collect <a href="https://nhimg.org/complete-guide-to-the-2026-owasp-top-10-risks-for-agentic-applications?utm_source=nhimg&amp;utm_medium=NHIForum">tool-call logs</a>, message events, and lifecycle traces with sensitive-data redaction and tamper-resistant storage so security teams can investigate agent actions later.</li>
</ul>
<h2>What's in the full article</h2>
<p>Knostic's full research covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>OpenClaw-specific detection logic for managed devices, including binaries, bundles, gateway services, and Docker artifacts.</li>
<li>Telemetry design details for tool calls, lifecycle events, message events, and redaction in JSONL output.</li>
<li>Implementation notes for forwarding logs into SIEM workflows and existing response playbooks.</li>
<li>Deployment guidance for MDM platforms such as Intune, Jamf, JumpCloud, Kandji, and Workspace ONE.</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.knostic.ai/blog/agents-are-hiring-humans.-who-is-securing-the-them?utm_source=nhimg&amp;utm_medium=NHIForum">Read Knostic's analysis of OpenClaw detection and telemetry for AI coding agents →</a></strong></p>
<p><em>AI coding agents and MCP security: what practitioners need now?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/cybersecurity-beyond-identity/">Cyber Security Beyond Identity</category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/cybersecurity-beyond-identity/ai-coding-agents-and-mcp-security-what-practitioners-need-now/</guid>
                    </item>
				                    <item>
                        <title>AI vulnerability discovery is outpacing patch cycles: are controls keeping up?</title>
                        <link>https://nhimg.org/community/cybersecurity-beyond-identity/ai-vulnerability-discovery-is-outpacing-patch-cycles-are-controls-keeping-up/</link>
                        <pubDate>Thu, 09 Jul 2026 10:03:29 +0000</pubDate>
                        <description><![CDATA[TL;DR: AI-driven vulnerability discovery is compressing the window between discovery and weaponization to hours, while security programmes built on weekly patch cycles and quarterly testing ...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> AI-driven vulnerability discovery is compressing the window between discovery and weaponization to hours, while security programmes built on weekly patch cycles and quarterly testing were not designed for that pace, according to the Cloud Security Alliance briefing published by Knostic. Minimum viable resilience, automated assessment, and faster governance become the practical response, not optional hardening.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Knostic: "The AI Vulnerability Storm" briefing on building a Mythos-ready security program</em></p>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-vulnerability-discovery-is-faster-than-patch-cycles/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when vulnerability discovery is faster than patch cycles?</a></strong></p>
<p><strong>A:</strong> Patch-centric programmes break because they assume security teams have days or weeks to assess, approve, and deploy fixes.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-does-clean-core-matter-for-identity-and-access-governance/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do AI-driven exploits matter for identity and access governance?</a></strong></p>
<p><strong>A:</strong> Because once a flaw is weaponised, the next step is often credential use, privilege escalation, or service account abuse.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/how-do-security-teams-know-whether-their-vulnerability-programme-is-keeping-up/?utm_source=nhimg&amp;utm_medium=NHIForum">How do security teams know whether their vulnerability programme is keeping up?</a></strong></p>
<p><strong>A:</strong> Look for measurable reductions in time from disclosure to validated remediation, fewer exceptions on internet-facing assets, and faster containment when active exploitation appears.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Rebuild patch prioritisation around exploitability windows</strong> Classify vulnerabilities by time to likely weaponization, not only severity score.</li>
<li><strong>Harden the basic controls that slow AI-assisted attackers</strong> Strengthen <a href="https://nhimg.org/52-non-human-identity-breaches?utm_source=nhimg&amp;utm_medium=NHIForum">segmentation, egress filtering, and multifactor authentication</a> on all systems that can reach sensitive data or administrative interfaces.</li>
<li><strong>Build a continuous VulnOps workflow</strong> Treat vulnerability intake, exception approval, remediation, and verification as <a href="https://nhimg.org/top-10-non-human-identity-issues?utm_source=nhimg&amp;utm_medium=NHIForum">one governed process with named owners</a> and auditability.</li>
</ul>
<h2>What's in the full report</h2>
<p>Knostic's full briefing covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>Prioritised action plan with start dates and time horizons for a Mythos-ready security programme</li>
<li>Board-facing language for explaining shorter adversary timelines and remediation pressure</li>
<li>Operational recommendations on automated security assessments and LLM-powered vulnerability finding</li>
<li>Governance changes needed for faster vendor onboarding and AI-based defence deployment</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.knostic.ai/blog/the-ai-vulnerability-storm-a-cisos-playbook-for-the-mythos-era?utm_source=nhimg&amp;utm_medium=NHIForum">Read Knostic's analysis of the AI vulnerability storm and Mythos-ready security →</a></strong></p>
<p><em>AI vulnerability discovery is outpacing patch cycles: are controls keeping up?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/cybersecurity-beyond-identity/">Cyber Security Beyond Identity</category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/cybersecurity-beyond-identity/ai-vulnerability-discovery-is-outpacing-patch-cycles-are-controls-keeping-up/</guid>
                    </item>
				                    <item>
                        <title>AI IDE extensions and secret theft: what security teams should do</title>
                        <link>https://nhimg.org/community/cybersecurity-beyond-identity/ai-ide-extensions-and-secret-theft-what-security-teams-should-do/</link>
                        <pubDate>Thu, 09 Jul 2026 09:34:31 +0000</pubDate>
                        <description><![CDATA[TL;DR: Malicious VS Code and Cursor extensions can steal OAuth refresh tokens, exfiltrate environment variables, and run attacker-controlled code, turning developer tooling into a cloud acce...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> Malicious VS Code and Cursor extensions can steal OAuth refresh tokens, exfiltrate environment variables, and run attacker-controlled code, turning developer tooling into a cloud access and secret-harvesting channel, according to Knostic's threat intelligence report. The pattern reinforces that IDE extensions now need the same governance attention as other software supply chain and identity-bearing endpoints.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Knostic: LLMjacking and malicious agentic supply chain findings in IDE extensions</em></p>
<p><strong>By the numbers:</strong></p>
<ul>
<li>When AWS credentials are exposed publicly, attackers attempt access within an average of <a href="https://www.knostic.ai/blog/agentic-threat-intelligence-feed-vs-code-extensions?utm_source=nhimg&amp;utm_medium=NHIForum">17 minutes, and as quickly as 9 minutes</a> in some cases.</li>
</ul>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-a-malicious-ide-extension-can-read-cloud-credentials-and-enviro/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when a malicious IDE extension can read cloud credentials and environment variables?</a></strong></p>
<p><strong>A:</strong> The main failure is that the editor stops being a neutral tool and becomes a credential collection point.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-ide-extensions-complicate-iam-and-nhi-governance/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do IDE extensions complicate IAM and NHI governance?</a></strong></p>
<p><strong>A:</strong> They complicate governance because they behave like runtime identities with delegated authority, but they are rarely managed like service accounts or applications.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/how-can-security-teams-tell-if-a-developer-extension-is-behaving-like-malware/?utm_source=nhimg&amp;utm_medium=NHIForum">How can security teams tell if a developer extension is behaving like malware?</a></strong></p>
<p><strong>A:</strong> Look for auto-activation, frequent polling to unfamiliar endpoints, browser automation, unexpected token reuse, and attempts to read broad environment state.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Inventory IDE extensions as identity-bearing software</strong> Classify editor extensions by the data and credentials they can touch, then require approval for any extension that <a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum">can read environment variables</a>, request OAuth scopes, or auto-activate on startup.</li>
<li><strong>Block broad OAuth grants from developer tooling</strong> Restrict cloud and AI OAuth flows used by local developer tools to the <a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum#key-challenges-and-risks">minimum scopes required</a>, and revoke refresh tokens immediately when extensions change behaviour.</li>
<li><strong>Detect extension-driven secret exposure at the endpoint</strong> Monitor for outbound polling, suspicious browser automation, unexpected use of eval, and <a href="https://nhimg.org/52-non-human-identity-breaches?utm_source=nhimg&amp;utm_medium=NHIForum">large reads of process.env</a> or equivalent environment state.</li>
</ul>
<h2>What's in the full article</h2>
<p>Knostic's full threat-intelligence report covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>IOC-level indicators for the BCAI Rosetta extension, including package identifiers, hashes, and affected marketplace metadata</li>
<li>Static validation details showing how the refresh-token theft, OAuth scope abuse, and proxying behaviour were confirmed from the VSIX</li>
<li>Per-finding breakdowns for the KoltinSmith cluster, sunsetHighlight, and Musa-DSL, including which cases were malicious versus dangerous by design</li>
<li>Network fingerprints, callback ports, and attacker domains that help defenders build detection and hunting rules</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.knostic.ai/blog/agentic-threat-intelligence-feed-vs-code-extensions?utm_source=nhimg&amp;utm_medium=NHIForum">Read Knostic's analysis of malicious IDE extensions hijacking cloud credentials →</a></strong></p>
<p><em>AI IDE extensions and secret theft: what security teams should do?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/cybersecurity-beyond-identity/">Cyber Security Beyond Identity</category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/cybersecurity-beyond-identity/ai-ide-extensions-and-secret-theft-what-security-teams-should-do/</guid>
                    </item>
				                    <item>
                        <title>Glassworm and developer IDE risk: what security teams need to do now</title>
                        <link>https://nhimg.org/community/cybersecurity-beyond-identity/glassworm-and-developer-ide-risk-what-security-teams-need-to-do-now/</link>
                        <pubDate>Thu, 09 Jul 2026 09:34:17 +0000</pubDate>
                        <description><![CDATA[TL;DR: CrowdStrike says Glassworm has targeted software developers since at least early 2025, using trojanized VS Code extensions, compromised npm and Python packages, and poisoned GitHub re...]]></description>
                        <content:encoded><![CDATA[<blockquote>
<p><strong>TL;DR:</strong> CrowdStrike says Glassworm has targeted software developers since at least early 2025, using trojanized VS Code extensions, compromised npm and Python packages, and poisoned GitHub repositories to seed a botnet that can steal credentials and push supply-chain compromise downstream. The takedown buys time, but it also shows that developer workstations have become a primary supply-chain attack surface, not just production build pipelines.</p>
</blockquote>
<p><em>NHIMG editorial — based on content published by Knostic covering CrowdStrike's Glassworm takedown: Disrupting Glassworm and the developer-targeting botnet threat</em></p>
<h2>Questions worth separating out</h2>
<p><strong>Q: <a href="https://nhimg.org/faq/what-breaks-when-malicious-code-can-run-inside-a-developer-ide-or-package-instal/?utm_source=nhimg&amp;utm_medium=NHIForum">What breaks when malicious code can run inside a developer IDE or package install?</a></strong></p>
<p><strong>A:</strong> Traditional endpoint and supply-chain controls lose time to the same mechanism they are trying to inspect.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/why-do-developer-workstations-increase-supply-chain-risk-so-quickly/?utm_source=nhimg&amp;utm_medium=NHIForum">Why do developer workstations increase supply-chain risk so quickly?</a></strong></p>
<p><strong>A:</strong> Developer workstations concentrate source code, cloud credentials, CI/CD secrets, SSH keys, and repository permissions in one place.</p>
<p><strong>Q: <a href="https://nhimg.org/faq/how-should-security-teams-govern-mcp-connected-ide-workflows/?utm_source=nhimg&amp;utm_medium=NHIForum">How should security teams govern IDE extensions and MCP servers?</a></strong></p>
<p><strong>A:</strong> Treat them as executable trust relationships, not convenience features.</p>
<h2>Practitioner guidance</h2>
<ul>
<li><strong>Inventory every developer execution surface</strong> Build a live list of <a href="https://nhimg.org/top-10-non-human-identity-issues?utm_source=nhimg&amp;utm_medium=NHIForum">IDE extensions, package managers, MCP servers</a>, and assistant-connected tools across engineering endpoints.</li>
<li><strong>Block install-time code execution by policy</strong> Restrict extension activation, <a href="https://nhimg.org/top-10-non-human-identity-issues?utm_source=nhimg&amp;utm_medium=NHIForum">postinstall hooks, and setup scripts</a> unless the source is approved and the behavior is explicitly expected.</li>
<li><strong>Harden developer identity material on endpoints</strong> Separate <a href="https://nhimg.org/the-ultimate-guide-to-non-human-identities?utm_source=nhimg&amp;utm_medium=NHIForum">cloud credentials, SSH keys</a>, and password-manager access from everyday editor processes, and enforce scoped access for repository write operations.</li>
</ul>
<h2>What's in the full article</h2>
<p>Knostic's full analysis covers the operational detail this post intentionally leaves for the source:</p>
<ul>
<li>The full attacker tradecraft behind Glassworm's extension, package, and repository infection paths.</li>
<li>The specific command-and-control infrastructure CrowdStrike disrupted across blockchain, peer-to-peer, and web services.</li>
<li>The published YARA rules and hunting indicators for the RAT and downloader stages.</li>
<li>The remediation actions for engineering fleets that matched the 164.92.88210 beacon.</li>
</ul>
<p>&#x1f449; <strong><a href="https://www.knostic.ai/blog/glassworm-targeting-developers-at-scale?utm_source=nhimg&amp;utm_medium=NHIForum">Read Knostic's analysis of Glassworm and developer-targeting botnet risk →</a></strong></p>
<p><em>Glassworm and developer IDE risk: what security teams need to do now?</em></p>
<blockquote>
<p><strong>Explore further</strong></p>
<p><a href="/community/?utm_source=nhimg&amp;utm_medium=NHIForum">View Full Forum →</a>  |  <a href="/nhi-training/?utm_source=nhimg&amp;utm_medium=NHIForum">NHI Foundation Course →</a></p>
</blockquote>]]></content:encoded>
						                            <category domain="https://nhimg.org/community/cybersecurity-beyond-identity/">Cyber Security Beyond Identity</category>                        <dc:creator>NHI Mgmt Group</dc:creator>
                        <guid isPermaLink="true">https://nhimg.org/community/cybersecurity-beyond-identity/glassworm-and-developer-ide-risk-what-security-teams-need-to-do-now/</guid>
                    </item>
							        </channel>
        </rss>
		