Zero Trust for AI Agents: Why Anthropic's New eBook Should Be on Your Reading List

Attackers Now Run at Machine Speed If you have been following this blog, you know that 2026 has not been a quiet year for the security community. The Trivy supply chain attack in March was the wake up call: a trusted security scanner turned into a credential harvesting machine, followed by the CanisterWorm escalation that propagated itself through the npm ecosystem at a speed no human operator could match. In the weeks after, we saw several other serious and successful exploitations following the same pattern: automation turned against the defenders, with exploits appearing within hours of a patch instead of months. ...

June 10, 2026 · 7 min · 1384 words · Matteo Bisi

The Challenge of Securing AI Agents: A DevSecOps Perspective

As a DevSecOps Team Leader, my job is to secure customers using modern technologies. Sounds straightforward, right? The reality is far more complex. Every day, I face the challenge of enabling innovation while maintaining security. The rapid adoption of AI has introduced a new dimension to this challenge: agentic AI assistants that do not just chat, they act. This challenge connects directly to something I wrote about recently. In my article on spec-driven development with GitHub Spec-Kit, I discussed how structure and governance matter when using AI for coding. The same principle applies here: when AI agents can execute code, access secrets, and operate with user privileges, we need structure and governance more than ever. ...

February 17, 2026 · 5 min · 1059 words · Matteo Bisi