The Cyber Safety Review Board's April 2024 report on Storm-0558 documented four credential-management failures at Microsoft (a signing key seven years past rotation; an environment-separation boundary enforced procedurally rather than technically; a crash-dump leak the existing scanning could not see; an anomaly-detection baseline that did not exist for the credential class). All four conditions are reproduced in most enterprise AI agent deployments in 2026: long-lived agent credentials without rotation policy, dev/staging/production credentials promoted without re-issuance, runtime telemetry that leaks short-lived tokens without scanning, no issuance-and-use baseline per agent. The CSRB report is forward-readable as a structural map of where AI agent identity programmes fail, not a Microsoft-specific post-mortem. The blast radius is wider for AI agents than it was for Storm-0558 because the action surface authorised by a compromised AI agent credential routinely includes writes, transactions, and downstream tool-use chains, where the Storm-0558 attacker had read-only mail access from one credential.
Claim is scoped to enterprises running production AI agent deployments with credential-issuance practices that do not go through a broker layer enforcing rotation, environment separation, telemetry, and anomaly detection. 90-day review cadence. Trigger conditions for status changes: (1) a published industry survey showing the median enterprise AI agent credential lifetime has dropped below 90 days (would move toward Partial because the rotation gap is closing); (2) a major AI agent credential breach with public post-mortem (would either confirm or refute the structural map depending on the specific failure points); (3) a CSRB-equivalent independent review of an AI agent incident (the closest analogue to the original report and the most direct re-test of the structural argument); (4) emergence of an enterprise-IAM standard or vendor offering that brokers AI agent credentials with documented rotation + environment separation + telemetry + baseline as defaults (would move toward Partial because the structural gap has tooling to close it).
/holding/AM-155/Embed this claimiframe + oEmbed
The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.
Email-me when AM-155's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.
The claim: The Cyber Safety Review Board's April 2024 report on Storm-0558 documented four credential-management failures at Microsoft (a signing key seven years past rotation; an environment-separation boundary enforced procedurally rather than technically; a crash-dump leak the existing scanning could not see; an anomaly-detection baseline that did not exist for the credential class). All four conditions are reproduced in most enterprise AI agent deployments in 2026: long-lived agent credentials without rotation policy, dev/staging/production credentials promoted without re-issuance, runtime telemetry that leaks short-lived tokens without scanning, no issuance-and-use baseline per agent. The CSRB report is forward-readable as a structural map of where AI agent identity programmes fail, not a Microsoft-specific post-mortem. The blast radius is wider for AI agents than it was for Storm-0558 because the action surface authorised by a compromised AI agent credential routinely includes writes, transactions, and downstream tool-use chains, where the Storm-0558 attacker had read-only mail access from one credential.
About this register
The Reporting register tracks claims published from articles addressed to senior enterprise IT leaders — CIOs, IT directors, heads of platform. Claims are reviewed on a 30–90 day cadence; each review either reaffirms the claim, marks one substantive part as Partial, or marks it Not holding once the underlying evidence has been overtaken.
Recent corrections in Reporting
- AM-002 · Not holding · 06 May 2026
URL state changed. The /the-agentic-ai-revolution-real-world-success-stories-and-strategic-insights-from-2024-2025/ slug now serves a deliberately rewritten retrospective (claimId AM-130, "Agentic AI 2024-2025 retrospective", published 04 May 2026) against audited primary sources. The 28 Apr 2026 redirect to /retractions/ has been lifted to allow that. AM-002 the claim remains Not holding — the original $3.50/dollar + 70% failure-rate framing was withdrawn and is not restored. AM-130 is a separate claim with its own evidence chain. Readers arriving at /holding/AM-002 see the withdrawal here; the article link surfaces the new piece at the URL the original lived at, with this entry as the audit trail.
- AM-121 · Holding · 2 May 2026
Klarna walk-back primary-source upgrade — added Siemiatkowski verbatim quotes via Bloomberg-cited-by-Fortune (9 May 2025) and the Uber-style freelance hiring detail via Entrepreneur. Closes the highest-priority evidence gap from the source dossier.
- AM-115 · Holding · 29 Apr 2026
Initial publication 29 Apr 2026 — the first Quarterly Claim Review Bulletin. The claim itself is recursive: it asserts that the bulletin will ship quarterly, and the next review (30 Jul 2026) tests whether the Q3 bulletin actually appeared. Status starts as 'up' because the claim is currently true (the Q2 bulletin shipped). The verdict at end of July 2026 will move to Holding, Partial (bulletin shipped but on a delayed cadence), or Not holding (no bulletin shipped). REVIEW: Peter — please verify claim text + cadence wording before removing rewriteInProgress flag.
Reviews coming up in Reporting
- AM-003 · Holding · next +2d (19 May 2026)
GPT-5 Pro's tiered-subscription model forces enterprises to classify problems by computational difficulty — $200/month…
- AM-136 · Holding · next +18d (4 Jun 2026)
Across the 24-month window May 2024 to April 2026, every major foundation-model provider (Anthropic, OpenAI, Google, AW…
- AM-020 · Holding · next +32d (18 Jun 2026)
The 40-60% TCO underestimate on enterprise agentic-AI deployments is not a cost-visibility failure — it is a cross-depa…