Comment by zkmon
19 hours ago
The biggest rule-break was done, not by the agent or infra company, but by the person who gave such elevated authorization (API key) to an autonomous bot.
19 hours ago
The biggest rule-break was done, not by the agent or infra company, but by the person who gave such elevated authorization (API key) to an autonomous bot.
Isn’t the biggest rule to have working backups with 3-2-1 strategy?
That's not what happened.
if an api key with full perms was put in a place where the agent can access it, that is the biggest problem.
that somebody made a key thst can delete prod when they dont need to delete prod is the underlying problem with that
and underlying that still is that the staging environments were on the same account as prod.
You’re very defensive in these comments - are you the author?