Agentic AI systems are increasingly being deployed in defence and security networks, but this introduces new attack surfaces — illustrated by reports that an unauthorised group claimed access to Anthropic’s Claude Mythos model within hours of a limited technical preview. The incident highlights that AI capabilities in high-stakes environments are only as secure as the infrastructure underpinning them. Without robust access controls, segmentation, and identity governance, agentic AI deployments can become a significant liability rather than a force multiplier.

Architect’s Take: Before onboarding any agentic AI model into sensitive or defence-adjacent environments, conduct a thorough access control review: enforce least-privilege API access, implement strict identity verification for model endpoints, and ensure AI workloads are isolated within dedicated network segments with full audit logging enabled.

Original advisory: Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It

A vulnerability in AWS’s Kiro agentic IDE (versions prior to 0.11) allows remote unauthenticated attackers to write to execution-sensitive files such as .vscode/tasks.json, which can trigger automatic command execution when a folder is opened. The flaw stems from insufficient access control restrictions in the IDE’s file write tool. This is particularly concerning as it can be exploited via crafted instructions, potentially through AI agent interactions.

Architect’s Take: Ensure all developers using Kiro IDE have updated to version 0.11 or later immediately, and consider enforcing this via endpoint management tooling. Review developer workstation security policies to restrict auto-execution behaviours in IDE environments, particularly for AI-assisted or agentic tooling.

Original advisory: CVE-2026-10591 - Kiro IDE Insufficient File Write Restrictions to Execution-Sensitive Paths