Securing non‑human access: GTIG threat trends, JIT AuthZ, and ChatGPT Lockdown Mode
Attackers are leveraging AI and non-human identities at scale, pushing teams to adopt zero-trust patterns like just-in-time authorization and tool constraints to curb data exfiltration and misuse. Google’s Threat Intelligence Group reports rising model extraction (distillation) attempts and broader AI-augmented phishing and recon across multiple state actors, though no breakthrough attacker capability has yet emerged; see their latest findings for concrete patterns defenders should anticipate and disrupt ([GTIG AI Threat Tracker](https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use?_bhlid=e8c3bb888ecba50d9cd632ef6e7caa0d1a96f294)). A complementary zero-trust lens for agentic systems is outlined in this short talk on hardening agent permissions and egress ([Securing AI Agents with Zero Trust](https://www.youtube.com/watch?v=d8d9EZHU7fw&_bhlid=2d86e48f55bcb7e2838f5fae2b06083739cea245)). For API backends, tightening non-human access is urgent: adopt just-in-time OAuth patterns to eliminate “ghost” and “zombie” identities and shorten token lifetimes, as detailed in this practical guide to adapting OAuth for agents and services ([Just-in-Time Authorization](https://nordicapis.com/just-in-time-authorization-securing-the-non-human-internet/)). On the tooling side, OpenAI introduced ChatGPT Lockdown Mode to deterministically restrict risky integrations (e.g., browsing limited to cached content) and added “Elevated Risk” labels for sensitive capabilities ([Lockdown Mode and Elevated Risk](https://links.tldrnewsletter.com/sJL9w6)), while the open-source [llm-authz-audit](https://github.com/aiauthz/llm-authz-audit?_bhlid=a9fa546b051a3f05f59975ca296c7abd0f224afe) scanner helps catch missing rate limits, leaked creds, and prompt-injection surfaces in CI before deployment.