Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: “Wait… who approved this?”...

PT-2025-43143

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.4 through 18.4.2 GitLab EE versions 18.5 through 18.5.0 Description GitLab EE is affected by a business logic error in the access request approval workflow. This issue could allow authenticated users to gain unauthorized...

CVE-2025-8353

UI synchronization issue in the Just-in-Time JIT access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing...

CVE-2020-24655

A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a PIN on older Android devices effectively bypassing the PIN requirement...