Great Scott, we've seen this before.

If you could climb into a DeLorean and travel back through your organization's identity management history, you'd find the same pattern repeating at every stop. 2014: overprivileged Active Directory service accounts. 2017: Hadoop credentials nobody remembers creating. 2021: Tray.io integrations that are "too risky to rotate."

Different year. Same mistake. And if my calculations are correct, your AI agents are about to become the next entry in this timeline.

In this episode, we'll fire up the flux capacitor and take you on a tour through twenty-five years of IAM failures. From Operation Aurora through SolarWinds to the no-code revolution. The lesson? We keep traveling back to the same problems because we never actually fix them. We just give them new technology to hide behind.

MCP promised to be the USB-C of AI agents, a universal bridge to your tools, APIs, and data. But when the setup docs tell you to copy cookies out of Chrome DevTools and paste them into plaintext config files, something has gone very wrong. This episode traces a year of MCP security breaches from tool poisoning to full supply chain compromise, unpacks the IDE vulnerabilities turning developer laptops into open doors, and makes the case that credential brokers, not user discipline, are the architectural answer. If your AI agents hold raw OAuth tokens, this one's for you.

In 1983, Ken Thompson warned us: you can't trust code you didn't write yourself. Forty-two years later, a worm called Shai-Hulud proved him right after compromising thousands of packages in hours. Software supply chain attacks aren't just theoretical anymore, they're automated, self-replicating, and could be spreading through the packages your team installed this morning. We break down the s1ngularity and Shai-Hulud campaigns, explain why attackers target developers differently than customers, and give you seven things you can do this week to stop being an easy target.