In 1996, attackers didn't need to break into US networks. They used authorized access to exfiltrate data undetected for two years. Today, autonomous AI is exposing that exact same security blind spot.
APT10 never breached its actual targets. It breached the companies managing them. And what came to pass was one of the most consequential demonstrations of how trust in shared infrastructure becomes a structural attack surface.
Open source software's greatest strength, its transparency, is exactly what makes it a systematic targeting mechanism for state-sponsored actors with broad collection objectives.
When autonomous agents operate across borders without verified identities or bounded access, the blast radius of a single compromise is no longer an organisational problem but a geopolitical one.
