The Fabric Is the Defense: What This Week's Attacks Tell Us About Identity, Supply Chains, and the Cost of Unfinished Architecture
The Fabric Is the Defense: What This Week's Attacks Tell Us About Identity, Supply Chains, and the Cost of Unfinished Architecture
My Articles this Quarter have established a baseline on Identity Fabric and its importance in our defenses: ShinyHunters and APT28 proved that identity is the perimeter, and the Identity Fabric with Zero Trust Identity Administration (ZTIA) article is the architectural response. This week, the threat landscape handed us a live exam on both. Our adversaries did not change the attack playbook on identity; They are only refining it, and they are finding the same seams in your stack that I have been writing about on the Nomaden Cyber Blog. Overnight on March 30, the reality of these seams splashed like cold water to the face: a single compromised identity in the npm ecosystem took down Axios, one of the most downloaded JavaScript packages on the planet, and delivered a cross-platform remote access trojan to every developer and CI/CD pipeline that ran a routine install during a three-hour window.
Executive Summary
Four converging threat stories define the final days of March 2026, and every single one traces back to the same foundational gaps that the ShinyHunters and APT28 campaigns first exposed: ungoverned identity trust relationships, unmanaged non-human identities, and an incomplete Identity Fabric that leaves seams between tools for adversaries to exploit.
The ConnectWise 2026 MSP Threat Report only confirmed what security and incident response practitioners have observed in the industry: attackers are optimizing specifically against the remote access and management tools many MSPs rely on to serve their clients. Medusa ransomware continued its healthcare and public-sector campaign with over 300 confirmed victims. CISA added three critical vulnerabilities to its Known Exploited Vulnerabilities catalog, including a Langflow AI platform remote code execution scoring CVSS 9.8, a Trivy security scanner supply-chain compromise at CVSS 9.4, and an F5 BIG-IP APM reclassified from denial-of-service to full remote code execution. And then, at 00:21 UTC on March 31, the Axios supply-chain attack began: a single stolen long-lived npm access token for the primary Axios maintainer account was used to publish two malicious versions of the library, injecting a pre-staged dependency that deployed a cross-platform RAT to any machine that ran npm install during the attack window.
Each of these incidents is a thread pulling at an incomplete identity fabric that only reinforces my ZTIA story. It is why I am developing the ZTIA playbook and put so much emphasis on identity first security in every conversation I have now with anyone in the cyber space. These live examples this week make the urgency impossible to ignore. This Axios attack adds a dimension that security teams must confront directly: this rapid adoption of AI-assisted development, including "vibe coding" of generating and deploying AI coded systems with minimal human review, is introducing ungoverned workload identities, hallucinated dependencies, and unreviewed code into production pipelines at a pace that no reactive patch process can keep up with.
Key Takeaways:
The adversary playbook has not changed | your fabric must catch up. ShinyHunters' session-token harvesting, the Trivy compromise, and the Axios attack all exploited ungoverned workload identities and trust relationships. The attack surface described in prior analysis is now confirmed in consecutive headlines in Q1.
A single identity is all it takes. The Axios attack required exactly one thing: a long-lived npm access token that was never rotated, never scoped, and never bound to the CI/CD pipeline that was supposed to govern all published code. ZTIA's least-privilege and identity lifecycle principles exist precisely to close this gap.
CISA's KEV catalog is your Tier-0 patch list. CVE-2026-33017 (Langflow), CVE-2026-33634 (Trivy), and CVE-2025-53521 (F5 BIG-IP APM) are all actively exploited. They require immediate action, not the next patch cycle.
Vibe coding without governance is a supply-chain attack waiting to happen. AI-generated code at speed and scale, deployed without structured human review, over-permissive IAM patterns, or dependency validation, creates the exact vulnerability conditions that supply-chain attackers rely on. Human-in-the-loop accountability is not a bottleneck or a cost center that should be reduced. It is the control we have over the tools and services we ship. The Human is still mandatory and can never be truly replaced by these Agentic systems across the board in successful and secure businesses of the future.
ZTIA is the operational doctrine that prevents these breaches from becoming business-ending events. Assume compromise, enforce least privilege by default, bind publishing and deployment identities to verifiable, time-limited credentials, and ensure you have a tested identity reconstitution procedure before you need it.
Part 1: The MSP Threat Landscape | The Same Playbook, Executed Against Your Stack
Attackers Are Not Bypassing the Perimeter. They Are Walking Through Your Identity Gaps.
In the ShinyHunters analysis, we established that identity is not merely an authentication mechanism. It is the control plane of your entire environment. ShinyHunters did not brute-force their way into their targets. They used adversary-in-the-middle (AiTM) proxies to harvest session tokens after MFA was already completed, then replayed those tokens against Microsoft Entra to inherit the full federated trust of the compromised identity. APT28 took a different path; a zero-day exploitation of CVE-2026-21509 in Microsoft Office's RTF engine. Yet both adversaries converged on the same objective: steal the identity, inherit the access, move laterally through the trust relationships that identity controls and complete their objectives.
This week's ConnectWise 2026 MSP Threat Report validates that adversaries have systematized this approach against the MSP channel specifically. RMM platforms, VPN concentrators, and PSA tools are not soft targets by accident. They are true strategic objectives because a single compromised identity within an MSP's management plane does not yield one victim. It yields every tenant that MSP manages. The blast radius of an ungoverned MSP identity is not a client problem. It is a business-ending event for the MSP itself.
The Identity Fabric and ZTIA introduction I outlined in my previous article is the architectural answer to this reality. An identity fabric does not replace the tools you already have. It unifies them under a single governance model IAM, PAM, IGA, and ITDR all working together so that the seams between systems do not become the attack path. When ShinyHunters exploited the gap between Microsoft Entra, federated SaaS applications, and browser-layer controls, they exploited the absence of a fabric, not a failure of any single tool.
Ransomware in 2026: Medusa and the Double-Extortion Pattern
Medusa ransomware has crossed the threshold from emerging threat to entrenched criminal enterprise. With over 300 confirmed victims and a public-facing leak site designed for maximum reputational pressure, Medusa follows the same double-extortion model that APT28 and ShinyHunters have each demonstrated in their own way: compromise the identity first, exfiltrate the data, then encrypt. The encryption event is not the beginning of the attack. It is the final and honestly an optional objective in fast moving adversaries now.
This month, University of Mississippi Medical Center clinics and Passaic County, New Jersey, both sustained operational disruptions from Medusa-attributed incidents, with more than a terabyte of protected health information claimed in one case. Healthcare and public sector are high-value targets not because their technology is weaker, but because their operational dependency on continuous access makes paying the ransom feel like the faster path to recovery than rebuilding from scratch.
The defense requires Pillar 5 of the Identity Fabric: identity-aware business continuity. When ShinyHunters compromised Entra credentials, many victims had no rehearsed procedure for emergency token revocation across federated SaaS applications. Medusa victims face the same problem under a different time pressure: once encryption triggers, your ability to recover is only as strong as the identity controls protecting your backup infrastructure and your ability to reconstitute trusted identities while an adversary still holds valid tokens in your environment.
Part 2: This Week's Threat Activity | The Identity Fabric Under Live Fire
Chrome Zero-Days, Router Botnets, and a CI/CD Identity Heist
The Hacker News weekly recap for the final week of March documented three converging threat threads that, individually, read as distinct incidents. Viewed through the lens of Identity Fabric architecture, they describe the same underlying vulnerability at different layers.
Google confirmed active exploitation of two Chrome vulnerabilities, CVE-2026-3909 and CVE-2026-3910, impacting Skia and V8 respectively. Both are now in CISA's KEV catalog. These are browser-layer identity attack vectors. The browser is where users authenticate. It is where session tokens are issued, stored, and transmitted. DefensX's Secure Browser and Remote Browser Isolation capabilities, spotlighted in the ShinyHunters analysis for their ability to block AiTM phishing at the render layer, become even more relevant when the browser itself is the compromised substrate.
Law enforcement dismantled SocksEscort, a criminal proxy service built on enslaved residential and small-office routers. This is the device identity layer of the fabric: every unmanaged endpoint that are not limited to SOHO routers, IoT devices, consumer networking gear operating without a device identity registered in your Zero Trust access policy is a potential node in someone else's botnet. ZTIA's principle of explicit verification at every layer means device posture must be evaluated continuously, not assumed because the device is on a managed subnet.
Most significantly for MSPs managing DevOps or cloud infrastructure, Google's threat intelligence team documented how threat actor UNC6426 used credentials stolen from a compromised npm package to escalate to full AWS administrator access in 72 hours, exploiting the OIDC trust relationship between GitHub Actions and AWS. Such a pattern is used across thousands of CI/CD pipelines. This is Pillar 4 of the Identity Fabric in its most consequential failure mode: an ungoverned workload identity became the adversary's lateral movement path from a compromised developer dependency to cloud administrator access.
Two Breaches That Confirm the Third-Party Credential Cascade
ShinyHunters returned to the headlines this month with the Telus Digital breach, claiming close to one petabyte of customer support and operational data. The confirmed attack vector traces back to Google Cloud credentials originally obtained during the 2025 Salesloft/Drift incident. Stolen credentials do not expire with the news cycle. They circulate, get tested against related services, and resurface months later in a new compromise at a different organization. This is the SaaS identity governance failure the five pillars address directly: Telus Digital's exposure was not a failure of its perimeter. It was a failure to govern the lifecycle of credentials inherited through a third-party SaaS trust relationship.
Separately, benefits provider Navia disclosed a breach affecting approximately 2.7 million individuals, rooted in a broken object-level authorization vulnerability that allowed unauthorized access for nearly a month. That breach cascaded downstream to HackerOne, the vulnerability disclosure and bug-bounty platform, whose own employee personal data was exposed through a vendor relationship that most security reviews would not flag as high-risk. HackerOne's own controls were not bypassed. Their vendor's authorization logic was broken. This is the third-party identity risk that ZTIA's "assume compromise" principle is designed to address: when a vendor in your supply chain holds data that cascades to your employees, their security posture is functionally part of your identity attack surface and your own security posture.
Part 3: The Axios npm Attack | One Identity, One Token, 100 Million Weekly Downloads
What Happened Overnight
At 23:59 UTC on March 30, an attacker published plain-crypto-js@4.2.1 to the npm registry, a purpose-built malicious package under an attacker-controlled account. This was the staging phase: a clean decoy version (4.2.0) had been published 18 hours earlier to establish brief registry history for defensive evasion and avoid heuristic detection. Then, at 00:21 UTC on March 31, the attacker published axios@1.14.1 by using the compromised npm account of the primary Axios maintainer by adding the malicious plain-crypto-js dependency to the package.json. The 0.x branch followed 39 minutes later with axios@0.30.4, poisoning both active release lines simultaneously. Both malicious versions were removed from the registry at 03:29 UTC, three hours and eight minutes after the first publish.
Axios downloads approximately 83 to 100 million packages per week. It is embedded in front-end applications, back-end services, CI/CD pipelines, and developer tooling across virtually every technology sector. Even a three-hour exposure window at that download volume represents an enormous potential blast radius, with CI/CD systems running overnight npm install jobs being at the highest risk of having pulled the compromised versions automatically.
The malicious dependency deployed a cross-platform remote access trojan. On macOS it dropped a background persistence agent. On Windows it installed a binary named wt.exe. On Linux it fetched a Python RAT script to /tmp/ld.py and executed it with nohup to survive shell exits. Each platform reported back to a command-and-control server at packages.npm.org/product0, /product1, and /product2, allowing the attacker to serve platform-appropriate second-stage payloads. Critically, the dropper then self-destructed, replacing its own package.json with a clean decoy to defeat post-infection forensic inspection of node_modules. If you ran npm install during the attack window, checking the directory after the fact will tell you nothing. You must check your logs.
The Single Identity That Made It Possible
The Picus Security technical analysis identifies precisely why this attack succeeded at the identity layer: the attacker obtained a long-lived classic npm access token for the Primary Axios Maintainer account. Classic npm tokens, unlike the granular access tokens introduced in later npm security updates, do not enforce IP restrictions, expiration windows, CIDR-scoped publishing rights, or OIDC binding to a specific workflow. Once the attacker possessed this token, they had unrestricted npm publish capability for every package under that account effectively entirely bypassing the project's GitHub Actions CI/CD pipeline, its branch protections, its code review gates, and its tagged release workflows.
The forensic signal is visible in the npm registry metadata itself and was identified by StepSecurity. Every legitimate Axios 1.x release is published via GitHub Actions with npm's OIDC Trusted Publisher mechanism, meaning the publish is cryptographically tied to a verified GitHub Actions workflow. Axios@1.14.1 breaks that pattern entirely: it was published manually via the stolen token with no OIDC binding and no corresponding gitHead. There is no commit and no tag in the Axios GitHub repository that corresponds to 1.14.1. The release exists only on npm. Any organization running dependency integrity checks or SLSA provenance attestation would have caught this anomaly immediately; those that were not found out by running the package.
This is ZTIA's Pillar 2 and Pillar 4 failure mode made concrete: a long-lived credential with standing elevated publish privileges and no just-in-time controls, no behavioral monitoring, and no cryptographic binding to an approved workflow. The attacker also solidified control by changing the registered email address on the maintainers account to an attacker-controlled ProtonMail address, locking the legitimate maintainer out of account recovery flows. This is the identity equivalent of changing the locks while the owner is outside. This is a textbook case for ZTIA's identity lifecycle as security control principle: account email changes, permission escalations, and publishing actions should be treated as security events requiring validation and review, not viewed as just routine self-service operations.
What Organizations With Axios Exposure Must Do
If your team, your pipelines, or your clients' environments ran npm install between 00:21 and 03:29 UTC on March 31, 2026, treat the affected systems as compromised until confirmed otherwise:
Check for malicious versions: npm list axios 2>/dev/null | grep -E "1\.14\.1|0\.30\.4" and review your package-lock.json
Downgrade to axios@1.14.0 or axios@0.30.3 immediately.
Pin your versions from here on out to known and reviewed releases. Assume updates are compromised until confirmed otherwise.
Rotate all credentials accessible from the affected environment: npm tokens, AWS access keys, SSH private keys, CI/CD secrets, and .env values
Audit CI/CD pipeline logs for any runs that installed the affected versions and rotate all secrets injected into those runs
If any RAT artifacts are found (com.apple.act.mond, wt.exe, ld.py), do not attempt to clean in place — rebuild from a verified clean state
Run npm ci --ignore-scripts as a standing policy in all CI/CD pipelines going forward
Part 4: Vibe Coding, Agentic AI, and the Governance Gap That Supply-Chain Attackers Depend On
The Productivity Trade-Off Nobody Is Talking About
The Axios attack is not just a story about one compromised maintainer account. It is a story about what happens when AI-accelerated development adoption outpaces the governance frameworks designed to keep it safe. Over 35% of enterprise development teams were using AI to generate large code blocks from natural language prompts by early 2026, according to JetBrains. GitHub reports that 41% of new code is now AI-assisted. And "vibe coding" which is the practice of generating and deploying AI coded stacks with minimal human review, often by developers who, by definition, do not need to understand how or why the code works, is entering production systems at a pace that security teams did not anticipate and have not yet matched with appropriate controls.
The security implications of this are not theoretical. Research from Veracode shows that 45% of AI-generated code samples fail security tests, introducing OWASP Top 10 vulnerabilities into production systems. Benchmarks testing real-world AI coding tasks found that 47.5% of AI-generated code passed functional tests, while only 8.25% was actually secure… This means that over 80% of code that "works" ships with critical vulnerabilities buried within. AI models optimize for code that runs, not code that is secure. Security requirements must be explicit in the prompt or enforced by post-generation tooling and human review. Neither approach alone is sufficient.
Here is the direct line from vibe coding to the Axios attack: developers relying on AI-assisted workflows may never manually type or verify package names, choosing to trust AI suggestions without validation. AI coding assistants have been documented recommending abandoned, typosquatted, or hallucinated package names. This is a risk researchers have termed "slopsquatting" which is creating direct pathways for malicious code injection. When a developer accepts an AI-suggested dependency without reviewing it, they are importing an unvalidated identity into their build. When that identity turns out to be attacker-controlled, the npm install that runs automatically in CI/CD at 2:00 AM becomes the delivery mechanism for a cross-platform RAT.
Human-in-the-Loop Is Not a Bottleneck. It Is the Control.
ZTIA's fifth core principle of assume compromise applies as much to AI-generated code as it does to network access decisions. An AI agent or coding assistant that generates a pull request, suggests a dependency, or proposes an infrastructure configuration is a non-human identity acting with delegated, privileged authority. Its output is not pre-verified. It requires the same governance treatment as any other digital identity output: scoped, reviewed, attested, and approved by an accountable human owner before it touches production.
This is the distinction between vibe coding and governed AI-assisted development. Vibe coding outsources judgment. Governed AI-assisted development uses AI to accelerate the work while keeping accountability and review with the human who commits the code which may or may not originate from their AI Prompts. Tenable's guidance for agentic AI usage in development pipelines states this plainly: the developer who reviews, modifies, and commits AI-generated code is fully accountable for its security, compliance, and legal standing. AI assistance does not transfer accountability or the risk. It accelerates it to the next decision point in the human review chain. If there is no human review, there is no accountability, only speed. Focusing on speed will only end in your crashing of the now over powered and underestimated risks in a vehicle you were never prepared to drive in the first place
The Axios attacker's staging strategy, publishing a clean decoy version 18 hours before the malicious version to build registry history, is operationally identical to the pattern that researchers have documented for AI-hallucinated dependency exploitation: publish something benign under the target name, build minimal history, then substitute the payload. Developers and automated pipelines that do not verify SLSA provenance, pin to commit SHA, or run dependency integrity checks before installation will not distinguish the legitimate version from the staged malicious one. AI coding assistants that suggest pulling a dependency without verifying its provenance are providing air cover for exactly this attack pattern.
The Governance Framework MSPs Should Deliver
For MSPs building Security-as-a-Service offerings for developer-facing clients, the vibe coding risk is a concrete and billable service gap. The governance controls that prevent supply-chain attacks like Axios and Trivy are not security theories. They are operational policies and tooling choices that most development organizations have not implemented:
Mandatory SLSA provenance verification for all package publishes and installs in managed pipelines. Legitimate releases leave cryptographic evidence. Axios@1.14.1 did not. Automated integrity checks would have flagged it within seconds of publication and indeed, Socket's scanner detected it within approximately six minutes.
Long-lived credential elimination. Every npm publish token, CI/CD service account credential, and cloud access key that does not have a maximum lifetime, an IP restriction, and an OIDC binding to a specific workflow is a standing vulnerability. ZTIA's least-privilege principle means publish rights should be scoped to a specific workflow and automatically expire.
Tiered AI code review policy. Security engineer review for authentication, IAM, cryptographic, and dependency configuration code. SAST scanning as a mandatory pre-merge gate for data access and external API integrations. Standard peer review as the minimum floor for all AI-generated commits. The risk tier determines the review requirement, not developer judgment about whether a given block of AI code looks finished.
Dependency integrity scanning at generation time. Tools that flag vulnerable or unrecognized package recommendations before the developer accepts them, rather than waiting for a post-install scan to catch what is already in the build. AI suggestions for dependencies should be validated against known package registries with provenance checks before being accepted into a lockfile.
Human-in-the-loop requirements for agentic AI in pipelines. Any AI agent that can create pull requests, modify infrastructure-as-code, or deploy to production environments must operate within predefined guardrails with explicit human approval gates. Autonomous agents in CI/CD pipelines without these controls are non-human identities with standing elevated access and no governance which was the exact attack surface that Trivy and now Axios have proven adversaries will target.
Part 5: The High-Priority Vulnerability Queue | Identity Fabric Failures in CVE Form
The three CISA KEV additions from the final week of March are not isolated patch events. Each represents a specific failure in the Identity Fabric architecture, and each connects directly to the adversarial patterns first documented in the ShinyHunters and APT28 analysis I wrote about in February of this year.
CVE-2026-33017: Langflow RCE (CVSS 9.8) | The Agentic AI Identity Gap
Langflow is an open-source platform for building AI application workflows. This is exactly the category of agentic AI infrastructure that Pillar 4 of the Identity Fabric addresses. CVE-2026-33017 is an unauthenticated remote code execution vulnerability in Langflow's build_public_tmp endpoint, requiring nothing more than a cheekily crafted HTTP POST request to execute arbitrary Python on the host. Active exploitation began within 20 minutes of the public proof-of-concept becoming available. CISA added this to KEV on March 25.
An exposed Langflow endpoint with no authentication controls is the equivalent of a standing administrative credential with no PAM session recording and no just-in-time elevation. ZTIA's principle of least privilege as default state means no Langflow instance should be internet-accessible without authentication controls in front of it. Any that is, should be treated as a compromised workload identity until confirmed otherwise.
CVE-2026-33634: Trivy Supply-Chain Compromise (CVSS 9.4) | Workload Identity Governance Failure
An attacker used compromised credentials to publish a malicious Trivy 0.69.4 release and simultaneously poisoning 76 of 77 trivy-action GitHub Action tags. Any CI/CD pipeline pulling Trivy during that window ran attacker-controlled code that harvested secrets from the runners environment. GitHub Action tags like @v1 are mutable. They can be silently redirected to malicious code. This is precisely the Pillar 4 failure mode: non-human identities operating outside the governance framework, with no inventory, no rotation policy, and no behavioral monitoring. Pinning GitHub Actions to commit SHA rather than mutable version tags is the operational fix. Rotating any credentials that may have transited a compromised runner is the remediation step.
CVE-2025-53521: F5 BIG-IP APM RCE (CVSS 9.3) | The Perimeter-Identity Intersection
F5 BIG-IP APM is the policy enforcement point where ZTNA access decisions are made. It’s the layer that connects identity posture evaluation to network access grants. CVE-2025-53521 was initially scored as a denial-of-service issue and reclassified as remote code execution after additional analysis. A compromised APM appliance does not just represent a network intrusion. It represents a compromised policy enforcement point, meaning every access decision that appliance made during the vulnerable window must be treated as potentially adversary-influenced. CISA added this to KEV on March 27. Apply the emergency patch immediately and review APM access logs for unauthorized activity since mid-March.
The Architecture Is the Answer: What to Do This Week
The articles I have published in Q1 of 2026 have identified, analyzed, and baselined a connected framework that I will continue to advocate for; the Identity Fabric and the era of ZTIA. My Attack Analysis article: Identity Is the New Perimeter: What ShinyHunters and APT28 Just Taught Us About Identity Exploits established the diagnosis: ShinyHunters and APT28 proved that identity is the perimeter, that AiTM attacks bypass MFA by harvesting tokens after authentication completes, and that browser-layer defense is critical to stop credential theft before it reaches the identity provider. My Article/Whitepaper: Beyond Passwordless: The Era of Zero Trust Identity Administration provided the treatment plan: the Identity Fabric as a unified control plane across five identity types, the five pillars of enterprise identity security, and ZTIA as the operational doctrine governing every access decision. This article connects the architecture to live threat events, including the Axios attack disclosed overnight. Thus only confirming every assumption is a risk and that ZTIA is the edge of our defensive capabilities and daily operations.
On the Axios compromise:
Audit all environments and pipelines for axios@1.14.1 and axios@0.30.4 and downgrade immediately
Rotate all credentials accessible from any system that ran npm install during the 00:21 to 03:29 UTC window on March 31
Implement npm ci --ignore-scripts as a standing policy and enable SLSA provenance verification across all managed pipelines
Eliminate long-lived, unscoped npm publish tokens and require OIDC-bound, workflow-specific credentials for all package publishing
On the Identity Fabric and ZTIA fundamentals:
Audit all five identity types: workforce, workload, SaaS, device, and agentic AI. The Trivy compromise exploited ungoverned workload identities. The Navia cascade exploited ungoverned SaaS identity trust. The Langflow RCE and Axios attack both exploited ungoverned non-human identities with standing elevated access. All five pillars must be covered.
Enforce least-privilege-as-default-state. No identity whether it’s human or non-human should hold standing access beyond what active, current work requires.
Build and test your Pillar 5 procedure: emergency token revocation across all federated applications. Time yourself. If it takes more than 30 minutes, you have a gap adversaries will exploit before you can close it and the blast radius which expands from it.
On AI-assisted development governance:
Establish a tiered code review policy for AI-generated code: security engineer review for authentication, IAM, crypto, and dependency configurations; SAST as a mandatory pre-merge gate for data access and API integrations; peer review as the minimum floor for all AI-generated commits.
Require human-in-the-loop approval gates for any agentic AI action that modifies infrastructure, creates pull requests, or installs dependencies in production pipelines.
Deploy dependency scanning at the generation stage, not just the post-install stage, so that AI-suggested packages are validated against provenance and vulnerability data before they enter the lockfile.
On the MSP-specific posture:
Every administrative identity in your RMM, PSA, and VPN management planes requires phishing-resistant MFA, PAM session recording, and just-in-time elevation.
Add third-party vendor security posture to your quarterly business review agenda. The Navia-to-HackerOne and Telus-to-ShinyHunters cascades both model how a vendor's broken governance becomes your breach notification obligation.
Offer CI/CD security reviews covering SLSA provenance, action pinning, secret management, OIDC trust configuration, and SBOM practices all as a managed service for your clients that have developers on staff. The Axios and Trivy incidents have given you the business case conversation to drive more service and maintain your stickiness as the trusted provider your client already sees you as.
Conclusions
The adversaries in this week's headlines did not discover new attack surfaces. They exploited the same ones we mapped in the first quarter of 2026: ungoverned identities, unmanaged trust relationships, long-lived credentials with standing elevated access, and the seams between tools that an incomplete identity fabric leaves open. The Axios attack makes the stakes concrete for every developer, every MSP managing DevOps infrastructure, and every organization deploying AI-assisted development without a governance framework to match. The ZTIA architecture is the answer. The question is whether your program has caught up to the threat.
In upcoming articles, I will go deeper on ZTIA operational implementation: policy-as-code for identity configurations, maturity benchmarks you can measure your program against, and the governance model for agentic AI identities before the next CVE in an LLM orchestration platform makes the case for you.
Forward Unto Dawn,
Michael Carter II
Related Articles in This Series
Key Resources
About the Author
Carter leads identity, network, and endpoint security initiatives as a Sr. Solutions Engineer for Pax8, a Cloud Marketplace for MSPs, and serves as CEO of Nomaden, a Colorado-based firm. He specializes in helping MSPs and enterprises design security architectures and identity-centric security programs to beat the breach before Zero-Day comes. Carter has a deep passion and unwavering mission of wanting to Secure All of Our Futures, Together. Connect with Carter to discuss cybersecurity defense strategies and how your business can benefit from solutions that turn these strategies into repeatable outcomes.
