Cyber Immunity in the AI Era

Source: Dev.to

Presentation Overview

Adapted from Sasha Le’s keynote (Senior Engineer, Tide Foundation) at the launch of the RMIT AWS Innovation Lab (RAIL) – 21 April 2026.

The Human Vulnerability

In 2022, a ransomware group named Lapsus$ breached some of the most sophisticated tech companies on the planet: Microsoft, Nvidia, Okta, Uber, and Samsung.

The ringleader wasn’t a state‑sponsored syndicate. He was a sixteen‑year‑old operating out of his mother’s living room. He didn’t discover an obscure zero‑day vulnerability, nor did he out‑code the security teams at these tech giants. He succeeded by bribing, blackmailing, and tricking the people inside those organizations who held the keys to the kingdom.

We have spent billions fortifying our software and systems, yet the people managing those systems still hold “god‑like” administrative powers. For any attacker worth their salt, those people are the shortest path in.

Now, hand that attack pattern over to artificial intelligence.

We are facing super‑intelligent systems capable of:

• cloning a CEO’s voice in real‑time,
• mapping an organization’s chart in minutes, and
• applying perfectly timed social pressure at scale.

In an era where AI can relentlessly target human psychology and software vulnerabilities, traditional cybersecurity paradigms fail at an unprecedented pace.

The Paradox of “Vibe Coding”

We cannot simply rely on AI to defend us from AI. The way we build software is changing too rapidly. We have entered the era of “vibe coding”—you describe what you want in plain English, and AI builds the application.

• The barrier to entry has vanished, driving the global builder population from 100 million in 2023 to an estimated 1.5 billion this year.
• It is estimated that 85 % of all production source code is now AI‑generated.

While this productivity boom is incredible, it comes with a massive blind spot. We are mass‑producing software with hard‑coded secrets, misconfigured access, and exposed credentials at a pace no human security team can review. Vibe coding has introduced a 300 % increase in vulnerabilities.

Pitting one super‑intelligence against another to patch these millions of holes solves nothing. It’s a structural stalemate.

The only way to defend against this exponentially scaling threat is to change the physics of the problem entirely: remove what the AI is able to attack.
What if systems were never trusted with anything sensitive in the first place?

Introducing Emergent Authority

At Tide, we are building infrastructure based on a novel principle we call Emergent Authority.

The concept is straightforward. The actual authority to execute a sensitive action—such as authenticating a user or accessing critical data—sits completely beyond the reach of any system or person using it.

• It does not live in a centralized vault (as is today’s best practice).
• Instead, that authority emerges just‑in‑time, and only when all cryptographic conditions are perfectly met.

Under this architecture, a server is effectively an oblivious proxy. It holds no power and stores no secrets. If an attacker breaches the server, they find nothing of value. If an AI socially engineers a system administrator, the breach is equally fruitless, because that administrator no longer holds direct, unilateral authority themselves.

The weakest link is rendered incapable of posing a catastrophic threat.

Proving It with KeyleSSH

KeyleSSH – A Privileged Access Management System

Theoretical security is one thing; proving it where the stakes are highest is another. We validated this architecture through our work with the RACE Cloud Supercomputing Hub, an initiative supported by RMIT and AWS.

We applied Emergent Authority to one of the most critical and high‑risk areas of IT infrastructure: Privileged Access Management (PAM).

• A PAM system is used by IT teams to manage access to servers, firewalls, and databases.
• By design, a traditional PAM centralizes every privileged credential an organization has—effectively a vault containing the keys to the kingdom.
• When attackers compromise these central vaults, the failure is catastrophic.

We saw this pattern when the Lapsus$ group breached Uber by tricking an employee into handing over credentials, giving the hackers direct access to the company’s vault. More recently, a major breach at the U.S. Treasury was traced back to BeyondTrust, a leading PAM vendor; attackers exploited specific “weak spots” in the software’s defense to hijack security keys.

KeyleSSH demonstrates that removing direct authority from humans and systems eliminates the high‑value target that attackers (human or AI) seek, thereby breaking the chain of compromise.

Vulnerabilities in vendors like Ivanti and Okta have recently impacted other agencies, including the U.S. Department of Justice.
It is a stark reminder that when we centralize all our authority in one provider, we place blind trust in them, and a single flaw in their code becomes a back‑door into our most sensitive institutions.

Solving the problem at its core

Tide built KeyleSSH, an open‑source PAM built entirely on Emergent Authority.

To understand the scale, consider that a single mid‑sized utility company might have tens of thousands of servers, each with its own credentials. KeyleSSH manages the access keys to all of them but holds absolutely none of them.

When an administrator logs in through KeyleSSH, it is a Zero‑Knowledge Login:

• No password ever leaves the device.
• There is no password database on the server to be stolen.
• Authentication is verified cryptographically.

When that administrator opens a session to a production server:

• There are no keys to store, rotate, or revoke.
• There is no central vault.
• The cryptographic authority to open the session emerges just‑in‑time to connect them, but neither the user nor the PAM ever possesses the key itself.
• Executing consequential commands requires cryptographic approval from other administrators, eliminating the risk of a single compromised “god‑mode” account.

The Infrastructure for What’s Next

Super‑intelligent AI will inevitably find vulnerabilities in your software and social‑engineer your administrators.

If an architecture ensures no secrets are stored in a vulnerable state, a successful breach yields nothing for the attacker. The goal shifts from merely preventing breaches to creating a baseline of cyber immunity. In this model, even when a network is compromised, the mathematical structure of the system renders the event structurally inconsequential.

Photographed

• RMIT Deputy Vice Chancellor Research & Innovation, Distinguished Professor Calum Drummond AO
• Professor Alec Cameron, Vice‑Chancellor and President at RMIT University
• Valerie Singer, AWS General Manager of Global Education
• Yuval Hertzog, Co‑founder, Tide Foundation
• Sasha Le, Senior Engineer, Tide Foundation
• Dr. Ian Oppermann, ACCC Commissioner
• Professor Mark Easton, Associate Deputy Vice Chancellor (Research Infrastructure)
• Chris Mano, Account Executive Education, AWS
• Dr. Robert Shen, Director of AWS Cloud Supercomputing Hub