APT10 never breached its actual targets. It breached the companies managing them. And what what came to pass was one of the most consequential demonstrations of how trust in shared infrastructure becomes a structural attack surface.
Tackling sophisticated AI scrapers requires tracking behavioral intent across sessions, not relying on metrics built for a different generation of threat.
Open source software's greatest strength, its transparency, is exactly what makes it a systematic targeting mechanism for state-sponsored actors with broad collection objectives.
In 1996, attackers didn't need to break into US networks. They used authorized access to exfiltrate data undetected for two years. Today, autonomous AI is exposing that exact same security blind spot.
When autonomous agents operate across borders without verified identities or bounded access, the blast radius of a single compromise is no longer an organisational problem but a geopolitical one.
Threat actors exploit the window between detection and remediation. One practitioner's open-source response did what commercial vendors had no incentive to build.
