AI Coding Agents, FortiGate Attacks, Surveillance & Identity Hacks

This week’s discussion touched on a familiar pattern in security: the technology changes quickly, but the underlying principles rarely do. AI coding agents are entering developer environments with significant autonomy, attackers are experimenting with automated exploitation platforms, and identity continues to dominate breach statistics. At the same time, long-lived embedded systems and telemetry-heavy devices keep expanding the attack surface. The thread connecting all of it is not novelty, but scale and speed. Many of the risks look familiar; they’re just operating faster and in more places than before.

Key Takeaways:

Flaws in Claude Code Put Developers' Machines at Risk, Dark Reading

https://www.darkreading.com/application-security/flaws-claude-code-developer-machines-risk

• What Matters: AI coding tools are operating directly inside developer environments, often with access to repositories, credentials, and the ability to run commands locally. That creates a path where malicious prompts embedded in repositories or documentation could influence an agent’s behavior. The core risk isn’t the existence of AI coding tools; it’s giving them too much autonomy. The security principle here is familiar: least privilege. If an agent can modify files, execute commands, or interact with sensitive resources, assume those capabilities could eventually be abused through manipulated inputs. Limiting what the agent can actually do is more effective than trying to perfectly control what it reads.
• What’s Overhyped: This isn’t a fundamentally new category of vulnerability. Developers have been running untrusted scripts and installing packages from unknown sources for decades. AI agents simply make the execution path easier and faster. The underlying fix remains the same: control access, review execution paths, and treat automation with the same skepticism as any other privileged process.

Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries, The Hacker News 

https://thehackernews.com/2026/03/open-source-cyberstrikeai-deployed-in.html

• What Matters: Researchers observed threat actors using an open-source platform to automate reconnaissance and exploitation against Fortinet appliances across dozens of countries. The important shift isn’t the specific tool but the scale it enables. Automation compresses the cycle between vulnerability discovery and active exploitation. What used to take months to develop and deploy can now happen much faster. That acceleration affects both attackers and defenders. Security teams need to assume scanning, exploitation attempts, and attack development are happening continuously rather than in isolated campaigns.
• What’s Overhyped: Tools themselves aren’t the problem. Offensive frameworks like Metasploit or Sliver have existed for years. The difference now is speed, not capability. Defensive teams should run the same tools against their own infrastructure to understand exposure before attackers do.

A Hacker Threat Is Hiding in Your Car's Tire Pressure System, CNET

https://www.cnet.com/roadshow/news/hacker-threat-hiding-in-car-tire-pressure-system/

• What Matters: Researchers demonstrated that signals emitted by tire pressure monitoring systems (TPMS) can be intercepted and used to track vehicles. Since these sensors have been mandatory in many cars since 2008, they represent a large population of long-lived embedded devices broadcasting identifiable telemetry. The security issue isn’t limited to cars. As more safety and operational systems emit wireless data, unintended tracking and surveillance capabilities become easier to exploit. Once hardware ships and stays in service for a decade or more, fixing those design decisions becomes difficult.
• What’s Overhyped: This isn’t necessarily an easy or scalable attack for everyday criminals. In practice, the more realistic risk is targeted tracking or intelligence gathering rather than widespread exploitation. The broader lesson is about lifecycle planning: embedded systems designed for one purpose often end up exposing data in ways their creators never anticipated.

Ransomware activity peaks outside business hours, Help Net Security

https://www.helpnetsecurity.com/2026/02/27/sophos-identity-driven-breaches-report/

Report: Identity attacks rise to 67% of incidents, The Nation

https://thenationonlineng.net/report-identity-attacks-rise-to-67-of-incidents/

• What Matters: Identity systems continue to sit at the center of most compromises, with reporting indicating identity-related attacks involved in 67% of incidents. Once attackers obtain valid credentials, the path to deeper access can be very short, sometimes only hours before critical infrastructure like Active Directory is reached. Identity security therefore becomes less about preventing every compromise and more about limiting blast radius and detecting abnormal behavior quickly. Phishing-resistant authentication, anomaly detection, and rapid account containment are increasingly essential controls.
• What’s Overhyped: Identity attacks aren’t a new phenomenon. Credential theft, privilege escalation, and permission abuse have been central to breaches for years. What’s changing is the complexity of identity itself. Humans, devices, APIs, and now autonomous agents all represent identities that require authentication and permissions, expanding the landscape security teams have to manage.