Editor’s Note

Hey there, security leaders,

If you’ve been following the AWS news cycles this year, you probably caught the news of the "Kiro Incident."

In December, a coding agent named Kiro designed to help AWS engineers move faster decided to "autonomously" delete and then recreate a production environment.

The result? A 13-hour outage for specific AWS services.

Amazon called it "user error" (misconfigured permissions). The industry calls it a wake-up call.

But while AWS was an "internal" accident, the recent Mexico Government hack (March 12, 2026) proves the same tools are being weaponized.

A lone hacker used Claude Code to exfiltrate 150GB of taxpayer data in just 1,000 prompts, bypassing traditional safety guardrails.

At Siemba, we’re seeing a shift.

We’ve spent years worrying about hackers; now, we have to worry about our own "helpful" interns except these interns have machine-speed execution and zero hesitation.

This edition, let’s talk about the AI Blast Radius and why your agent frameworks might be the biggest "insider threat" you haven't audited yet. Let's go.

Lavanya Chandrasekharan,
Siemba

The Reality Check: Agentic Speed vs. Human Safety

The problem isn't just that AI makes mistakes. It’s that AI makes mistakes faster than you can hit "Undo."

When a human with admin rights makes a mistake, they might delete a few rows before the "Oh no" moment hits.

When an agent like Kiro or a misconfigured LangChain framework makes a mistake, it wipes the entire VPC before your monitoring tool can even send a Slack alert.

"The blast radius of a misconfigured agent is orders of magnitude larger than a human because it moves faster and doesn't hesitate." - Recent Security Sentiment Jamieson O'Reilly, Security Researcher (March 2026)

The "Vibe Coding" Stats for March 2026

• 89% Surge: AI-enabled attacks have surged nearly 90% year-over-year as the "skill floor" for hacking collapses.

• 90% of AI Agents are currently over-permissioned, often holding 10x the privileges they actually need to function.
  
  
• 48% of AppSec Pros now rank "Agentic AI" as the #1 threat vector for 2026, surpassing deepfakes and supply chain attacks.
  
  
• 16x Data Velocity: Agents move data between systems sixteen times faster than human users, making "Data Exfiltration at Scale" a near-instant event.
  
  The average breakout time from initial access to lateral movement is now just 29 minutes.

Payload-Driven Proof, Not Guesswork

Watch GenPT’s payload-driven engine automatically verify business logic flaws in your APIs, proving real exploitability (like IDOR) instead of relying on assumptions.

Built for modern agentic environments, GenPT actively executes test payloads to validate risk the same way an attacker would so you know what’s truly exploitable, not just theoretically vulnerable.

How to Shrink Your AI Blast Radius

If you are deploying Agentic Frameworks (LangChain, AutoGPT, or custom internal tools), here is your March checklist:

1. Identity Propagation: Stop giving agents "Admin" or "Service Account" tokens.
   
   Every agent needs a unique, scoped identity. If the agent is compromised, you kill that identity, not your whole CI/CD pipeline.
   
   
2. The "Human-in-the-Loop" Gate: For any action involving DELETE, DROP, or RECREATE, implement a mandatory manual approval. Agents should propose, not dispose.
   
   
3. Audit “Shadow Agents”: just like Shadow IT, developers are spinning up local LLM assistants that can read your codebase.
   
   
4. Blast Radius Mapping: Ask your team: "If this agent goes rogue, what is the worst thing it can touch?"
   If the answer is "Everything," you have a foundation problem.

Conclusion

The "Kiro Incident" isn't an isolated fluke; it's the beginning of a pattern where Identity becomes the new perimeter. If an agent can't prove why it needs to delete a resource at 3 AM, the system shouldn't let it, no matter how many "optimizations" it promises.

Stay secure, stay curious, and maybe double-check those IAM roles today.

See you in the next one!

Thanks :)