Zero-trust

Published on
February 26, 2026
Why Connector Authorization Is Not Enough to Secure an AI Agent (SilentBridge)
AI Security Prompt-Injection Agentic-AI Authorization Zero-Trust
Aurascape's research team this week published SilentBridge, a class of indirect prompt injection attacks against Meta's Manus AI agent. The attack exfiltrated email, extracted secrets, achieved root-level code execution, and exposed cross-tenant media files via CDN — all three variants scored CVSS 9.8 (Critical): network-exploitable, no privileges required, no user interaction. The user had authorized Gmail and the agent used it exactly as permitted. Vulnerabilities discovered September 2025, Manus mitigated November 2025, coordinated disclosure February 2026.
Published on
January 27, 2026
Making Vector Search Identity-Aware in RAG Systems
RAG ABAC Database-Native Zero-Trust Security Vector-Search Data-Security
Most RAG stacks retrieve top-K chunks first and enforce permissions later in the app. At scale, this breaks the trust boundary and degrades retrieval quality. When users only have access to a subset of the corpus, post-filtering collapses top-K into a tiny context window, even when many relevant authorized chunks exist deeper in the index. The fix is to make retrieval identity-aware so authorization becomes part of ranking. In the blog, I walk through how to design identity-aware retrieval so access control is enforced during search, not after it.

Why Connector Authorization Is Not Enough to Secure an AI Agent (SilentBridge)