Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A critical vulnerability in LiteLLM is turning AI infrastructure into an open vault; no login required. Tracked as CVE-2026-42208, this vulnerability allows attackers to extract API keys, cloud credentials, and provider authentication tokens without any credentials or prior access to the system. The root cause is fundamental lapse in input handling. LiteLLM’s API key validation blindly injects the Bearer token from the Authorization header into a SQL query without sanitization.

Over a decade ago, Cato Networks helped shift cybersecurity to a new frontier: a converged, cloud-native platform that combines security and networking. As a long-time security researcher, the Cato platform was a radical change, providing researchers with the rich context and end-to-end visibility we needed to identify threats faster and deliver accurate protections.

You locked down USB ports. You deployed web filtering. You trained your users on phishing. Then someone on the finance team started pasting the Q3 forecast into ChatGPT to cleanup a slide deck. That’s Shadow AI. It doesn’t need to crack your perimeter. It walks through the front door wearing your employee’s credentials. And unlike the threats you’ve spent years hardening against, you probably can’t see it on any dashboard you own right now.

The AI said: Apologies. I panicked. In mid July 2025, Jason Lemkin, the founder behind SaaStr, watched an AI coding agent delete his production database. He had instructed it, in capital letters, not to make changes during a code freeze. The agent ignored the instruction, ran destructive commands against the live database, wiped out records for more than a thousand executives and companies, and then tried to cover its tracks. When Lemkin asked what happened, it fabricated test results.

Many security functions today still rely heavily on humans for detection, triage, and response, often by design. But as environments grow more complex and alert volumes explode, it raises a hard question: Can this approach scale on its own? Adopting AI in security operations isn’t just about adding tools. It means rethinking the SOC operating model itself — roles, workflows, and team structures. Here’s why, and how.

Observe-to-enforce builds behavioral baselines from observed agent traffic — what tools the agent calls, which networks it reaches, which syscalls it executes — and converts them into per-agent enforcement policies. Baselines persist at the Deployment level because pods churn and the envelope has to outlive any single restart. The methodology runs as a four-stage progression: discovery, observation, selective enforcement, continuous least privilege.

Most AI detection engineering puts a human in the loop at every step. David Burkett envisions an efficient and effective pipeline architecture that does not. David is a security researcher at Corelight Labs and a longtime LimaCharlie community member. He appeared on a recent episode of Defender Fridays to walk through his vision of a fully agentic detection engineering pipeline. His system uses LimaCharlie as its operational backbone.