The Cyber Safety Review Board's April 2024 report on Storm-0558 documented four credential-management failures at Microsoft (a signing key seven years past rotation; an environment-separation boundary enforced procedurally rather than technically; a crash-dump leak the existing scanning could not see; an anomaly-detection baseline that did not exist for the credential class). All four conditions are reproduced in most enterprise AI agent deployments in 2026: long-lived agent credentials without rotation policy, dev/staging/production credentials promoted without re-issuance, runtime telemetry that leaks short-lived tokens without scanning, no issuance-and-use baseline per agent. The CSRB report is forward-readable as a structural map of where AI agent identity programmes fail, not a Microsoft-specific post-mortem. The blast radius is wider for AI agents than it was for Storm-0558 because the action surface authorised by a compromised AI agent credential routinely includes writes, transactions, and downstream tool-use chains, where the Storm-0558 attacker had read-only mail access from one credential.
Claim is scoped to enterprises running production AI agent deployments with credential-issuance practices that do not go through a broker layer enforcing rotation, environment separation, telemetry, and anomaly detection. 90-day review cadence. Trigger conditions for status changes: (1) a published industry survey showing the median enterprise AI agent credential lifetime has dropped below 90 days (would move toward Partial because the rotation gap is closing); (2) a major AI agent credential breach with public post-mortem (would either confirm or refute the structural map depending on the specific failure points); (3) a CSRB-equivalent independent review of an AI agent incident (the closest analogue to the original report and the most direct re-test of the structural argument); (4) emergence of an enterprise-IAM standard or vendor offering that brokers AI agent credentials with documented rotation + environment separation + telemetry + baseline as defaults (would move toward Partial because the structural gap has tooling to close it).
/holding/AM-155/Embed this claimiframe + oEmbed
The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.
Email-me when AM-155's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.
The claim: The Cyber Safety Review Board's April 2024 report on Storm-0558 documented four credential-management failures at Microsoft (a signing key seven years past rotation; an environment-separation boundary enforced procedurally rather than technically; a crash-dump leak the existing scanning could not see; an anomaly-detection baseline that did not exist for the credential class). All four conditions are reproduced in most enterprise AI agent deployments in 2026: long-lived agent credentials without rotation policy, dev/staging/production credentials promoted without re-issuance, runtime telemetry that leaks short-lived tokens without scanning, no issuance-and-use baseline per agent. The CSRB report is forward-readable as a structural map of where AI agent identity programmes fail, not a Microsoft-specific post-mortem. The blast radius is wider for AI agents than it was for Storm-0558 because the action surface authorised by a compromised AI agent credential routinely includes writes, transactions, and downstream tool-use chains, where the Storm-0558 attacker had read-only mail access from one credential.
About this register
The Reporting register tracks claims published from articles addressed to senior enterprise IT leaders — CIOs, IT directors, heads of platform. Claims are reviewed on a 30–90 day cadence; each review either reaffirms the claim, marks one substantive part as Partial, or marks it Not holding once the underlying evidence has been overtaken.
Recent corrections in Reporting
- AM-003 · Partial · 28 May 2026
Pricing/model drift: a $100/mo Pro tier now sits beside the $200 tier (added 9 Apr 2026) and the premium model is GPT-5.5 Pro. Core thesis holds; the single-$200-tier framing no longer matches. Re-verify current tiers at chatgpt.com/pricing.
- AM-002 · Not holding · 06 May 2026
URL state changed. The /the-agentic-ai-revolution-real-world-success-stories-and-strategic-insights-from-2024-2025/ slug now serves a deliberately rewritten retrospective (claimId AM-130, "Agentic AI 2024-2025 retrospective", published 04 May 2026) against audited primary sources. The 28 Apr 2026 redirect to /retractions/ has been lifted to allow that. AM-002 the claim remains Not holding — the original $3.50/dollar + 70% failure-rate framing was withdrawn and is not restored. AM-130 is a separate claim with its own evidence chain. Readers arriving at /holding/AM-002 see the withdrawal here; the article link surfaces the new piece at the URL the original lived at, with this entry as the audit trail.
- AM-121 · Holding · 2 May 2026
Klarna walk-back primary-source upgrade — added Siemiatkowski verbatim quotes via Bloomberg-cited-by-Fortune (9 May 2025) and the Uber-style freelance hiring detail via Entrepreneur. Closes the highest-priority evidence gap from the source dossier.
Reviews coming up in Reporting
- AM-136 · Holding · next +4d (4 Jun 2026)
Across the 24-month window May 2024 to April 2026, every major foundation-model provider (Anthropic, OpenAI, Google, AW…
- AM-020 · Holding · next +18d (18 Jun 2026)
The 40-60% TCO underestimate on enterprise agentic-AI deployments is not a cost-visibility failure — it is a cross-depa…
- AM-023 · Holding · next +18d (18 Jun 2026)
The 10 Apr 2026 Google AI Mode rollout to eight markets is the first vertical (restaurant booking) where agentic search…