The Enclave Blog

Insights on AI security, vulnerability research, and building software that holds.

FlagLeft: We Found A Forgotten Flag That Turned Microsoft 365 Apps Into a Silent Account Takeover Pipeline for Billions of Users

How a development flag left in production allowed any app on an Android device to silently take over a Microsoft account.

Yanir TsarimiJune 2, 2026

MapRoot: A Tale of Two Zero-Days, Two Patches, Two Bypasses Leading to Cross-Tenant RCE on Microsoft Planetary Computer

Two zero-days in numexpr and GDAL gave us code execution inside Microsoft Planetary Computer. The real impact was RBAC: a popped pod could access cross-tenant secrets. Microsoft downgraded it, then quietly removed the permissions, and later reversed it back to critical.

Yanir TsarimiMay 28, 2026

NGINX Rift impact in the wild: we scanned 1,465 configs from 528 popular repos (CVE-2026-42945)

We scanned 1,465 nginx configs from 528 popular GitHub repos for CVE-2026-42945. Here are the results.

Yanir TsarimiMay 15, 2026

An ornate gilded fountain pours golden water into a row of identical sealed brass jugs while a tiny silhouetted figure on a high ledge secretly tips a vial of green liquid into the source, symbolizing a trusted CI/CD pipeline producing legitimately signed but poisoned packages

TanStack's CI Published the Malware Itself. SLSA Said the Build Was Fine.

84 malicious @tanstack/* versions, 169+ packages including @mistralai/mistralai, all signed with valid SLSA provenance. The architectural failure that made it possible, and what to change in your CI/CD.

Enclave TeamMay 12, 2026

A long stone fortress courtyard at night with rows of arched gateways, each with a lantern and glowing rune seal

CVE-2026-41940: One Missed Function Call: Inside the 64-Day cPanel Zero-Day

A two-hour patch was preceded by 64 days of silent root access on 1.5 million servers. The sanitizer existed. It just wasn't called from one path.

Enclave TeamMay 4, 2026

A glowing prototype in a fortified courtyard is contained by an ownership wall and production gate

Vibe Coding Security Risks: The Blast Radius Still Has an Owner

Vibe coding can accelerate prototyping, but AppSec leaders still need ownership, review gates, data rules, and production guardrails.

Enclave TeamMay 3, 2026

A lantern reveals hidden cracks behind a polished code-like stone facade, symbolizing plausible AI-generated code risk

AI Code Security: The Real Risk of AI-Generated Code Is Plausibility

AI code security is hard because generated code can look polished while missing product context, security conventions, and the tests that prove it is safe.

Enclave TeamMay 3, 2026

Secure Code Review Checklist for AI-Generated Pull Requests

A practical secure code review checklist for AI-generated pull requests: what to inspect, what evidence to require, and when to stop the merge.

Enclave TeamMay 3, 2026

A cinematic fortified review gate filters pull request fragments into a single signal for AppSec triage

AI Code Review for AppSec Teams: Triage, Not Robot Approval

AI code review works best when it narrows AppSec attention: which pull requests deserve human judgment, why they matter, and what evidence to review next.

Enclave TeamMay 3, 2026

Warning signals are channeled through an ornate security mechanism into one evidence handoff for the right owner

Application Security Automation: Fix the Handoff, Not the Alert Count

Application security automation fails when it produces more alerts than action. The real work is moving risk to the right owner with the right context.

Enclave TeamMay 3, 2026

A massive ornate golden gate wide open with a crowd streaming through on the left, and a smaller warmly lit arched stone gate on the right with only a few suited figures holding lanterns, connected by a diverging cobblestone path under a deep teal starlit sky

Two Distribution Bets on Frontier Cyber

Distribution is the story this week, not the score.

Tal HoffmanApril 24, 2026

How We Could Watch Your Azure SRE Agent In Real Time

How a single mistake turned Azure SRE Agent into an open window into your cloud infrastructure.

Yanir TsarimiApril 20, 2026

An ornate golden gate opening wide as tiny figures with lanterns spread out across a vast teal landscape, representing expanding security work

Jevons Paradox for Cybersecurity

When powerful tools get cheaper, people do more work, not less. The same dynamic that grew marketing jobs fivefold is about to hit cybersecurity, and the field is going to get bigger, not smaller.

Tal HoffmanApril 15, 2026

A shadowy figure holds a glowing golden key and walks through an open arch while two others remain sealed — representing stolen integration tokens granting access

Your Data Warehouse Is Only as Secure as the Analytics Tool Connected to It

ShinyHunters breached Anodot and used stolen integration tokens to access dozens of Snowflake environments. No Snowflake vulnerability required. The trust architecture that connects modern SaaS stacks is fundamentally fragile.

Enclave TeamApril 13, 2026

A golden lantern illuminates hidden cracks in dark stone walls, representing AI revealing unknown vulnerabilities

What Project Glasswing Signals for Cybersecurity, Even If You're Skeptical

Anthropic's Project Glasswing and Claude Mythos raise real questions about what AI-powered vulnerability research means for defenders, attackers, and the organizations caught in between.

Tal HoffmanApril 12, 2026

Reversed telescope leaking data representing observability tools weaponized for exfiltration

Your Observability Stack Just Became an Attack Surface

GrafanaGhost chains three bypasses to silently exfiltrate enterprise data through Grafana's AI assistant. No credentials, no trace, no SIEM alerts. Here's why traditional tools miss it entirely.

Enclave TeamApril 8, 2026

Dissolving chain-link fence representing security rules that stop enforcing

Claude Code's Deny Rules Stop Working After 50 Commands. The Fix Was Already Written.

Anthropic hard-coded a 50-subcommand analysis cap in Claude Code's security engine. Above that threshold, deny rules stop firing silently. The fix was already written and tested in their codebase. It was never shipped to customers.

Enclave TeamApril 7, 2026

Parasitic vine strangling its host representing social engineering trust exploitation

North Korea Stole $285M From a DeFi Protocol. The Attack Started With a Handshake.

Drift Protocol lost $285 million to a North Korean state group that spent six months building trust in person. Here is how the operation worked and what it means for every company that takes meetings with external partners.

Enclave TeamApril 6, 2026

Grand curtained archway with thousands of portals representing cosmetic security controls

Microsoft Says It's "By Design." 25,000 Azure API Portals Say It's a Problem.

Azure APIM's "disable signup" toggle is cosmetic. The API endpoint stays open. 97.9% of 25,000+ portals are still exploitable. Microsoft says it's by design.

Enclave TeamApril 6, 2026

Fortified door with exposed hinges representing SSO misconfiguration

Your SSO Is Only as Secure as the Endpoint That Configures It

CVE-2026-30823 shows how enterprise SSO can be bypassed by attacking the unauthenticated API endpoint that controls login configuration, not the login protocol itself.

Enclave TeamApril 6, 2026

Security's Blindspot & The Last Mile of Shipping Software

Software security is solving the wrong problem. Enclave is launching from stealth with $6M to build the independent reviewer for the AI era of software.

Tal Hoffman, Dvir Segev & Yanir TsarimiMarch 26, 2026