Skip to content
Holding·last review16 May 2026

The Cyber Safety Review Board's April 2024 report on Storm-0558 documented four credential-management failures at Microsoft (a signing key seven years past rotation; an environment-separation boundary enforced procedurally rather than technically; a crash-dump leak the existing scanning could not see; an anomaly-detection baseline that did not exist for the credential class). All four conditions are reproduced in most enterprise AI agent deployments in 2026: long-lived agent credentials without rotation policy, dev/staging/production credentials promoted without re-issuance, runtime telemetry that leaks short-lived tokens without scanning, no issuance-and-use baseline per agent. The CSRB report is forward-readable as a structural map of where AI agent identity programmes fail, not a Microsoft-specific post-mortem. The blast radius is wider for AI agents than it was for Storm-0558 because the action surface authorised by a compromised AI agent credential routinely includes writes, transactions, and downstream tool-use chains, where the Storm-0558 attacker had read-only mail access from one credential.

Claim is scoped to enterprises running production AI agent deployments with credential-issuance practices that do not go through a broker layer enforcing rotation, environment separation, telemetry, and anomaly detection. 90-day review cadence. Trigger conditions for status changes: (1) a published industry survey showing the median enterprise AI agent credential lifetime has dropped below 90 days (would move toward Partial because the rotation gap is closing); (2) a major AI agent credential breach with public post-mortem (would either confirm or refute the structural map depending on the specific failure points); (3) a CSRB-equivalent independent review of an AI agent incident (the closest analogue to the original report and the most direct re-test of the structural argument); (4) emergence of an enterprise-IAM standard or vendor offering that brokers AI agent credentials with documented rotation + environment separation + telemetry + baseline as defaults (would move toward Partial because the structural gap has tooling to close it).

Published
16 May 2026
Last reviewed
16 May 2026
Next review
+57d· 14 Aug 2026
Embed this claimiframe + oEmbed
HTML iframe
Paste-the-URL (Substack, Medium, Notion, WordPress)

The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.

Watch this claim

Email-me when AM-155's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.

The claim: The Cyber Safety Review Board's April 2024 report on Storm-0558 documented four credential-management failures at Microsoft (a signing key seven years past rotation; an environment-separation boundary enforced procedurally rather than technically; a crash-dump leak the existing scanning could not see; an anomaly-detection baseline that did not exist for the credential class). All four conditions are reproduced in most enterprise AI agent deployments in 2026: long-lived agent credentials without rotation policy, dev/staging/production credentials promoted without re-issuance, runtime telemetry that leaks short-lived tokens without scanning, no issuance-and-use baseline per agent. The CSRB report is forward-readable as a structural map of where AI agent identity programmes fail, not a Microsoft-specific post-mortem. The blast radius is wider for AI agents than it was for Storm-0558 because the action surface authorised by a compromised AI agent credential routinely includes writes, transactions, and downstream tool-use chains, where the Storm-0558 attacker had read-only mail access from one credential.

About this register

The Reporting register tracks claims published from articles addressed to senior enterprise IT leaders — CIOs, IT directors, heads of platform. Claims are reviewed on a 30–90 day cadence; each review either reaffirms the claim, marks one substantive part as Partial, or marks it Not holding once the underlying evidence has been overtaken.

Recent corrections in Reporting

  • AM-008 · Partial · 17 Jun 2026

    Source-text figure re-review: Google's 2024 Environmental Report reports a 28% year-over-year increase to 8.1 billion gallons, not the 33% (from a 6.1 billion 2023 base) asserted at publish. The 8.1B 2024 figure and the Microsoft WUE 0.30 L/kWh / 39%-improvement figure are unchanged and verified. Article corrected to 28% and the unsupported 6.1B base removed; the claim text retains the original figure with this correction per the Holding-up protocol.

  • AM-132 · Partial · 10 Jun 2026

    One of four legs unanchored on re-review. The claim text attributes '12% of deployments clearing 300%+ ROI with 88% at or below break-even at 12-18 months' to the Stanford DEL 2026 Enterprise AI Playbook. Full-text verification on 10 Jun 2026 found no such figure in that source: the playbook (Pereira, Graylin, Brynjolfsson, Apr 2026) studies 51 successful deployments by design and contains no ROI distribution, no 300%-plus cohort, and no break-even measurement point (full finding at AM-029, correction of 10 Jun 2026). The only verified figure carrying the same 12/88 numerals is IDC research with Lenovo (via CIO.com, Mar 2025): roughly 88% of AI proof-of-concepts never reach production and roughly 12% graduate — a pilot-to-production graduation metric, not an ROI distribution. The Gartner 28%, McKinsey 23%/17%, and MIT NANDA 95% legs verify; they support a small high-performing tail and a large struggling body, but none documents the two-peak bimodal shape the claim asserts. Status Up -> Partial.

  • AM-129 · Partial · 10 Jun 2026

    One of three read-against anchors unanchored on re-review. The claim text cites 'Stanford Digital Economy Lab Enterprise AI Playbook (12/88 bimodal ROI distribution at 12-18 months)' and frames the realistic ROI band around 'the highest-discipline 12% cohort'. Full-text verification on 10 Jun 2026 found the playbook contains no 12/88 distribution, no bimodal ROI shape, and no 12-18-month ROI measurement point (full finding at AM-029, correction of 10 Jun 2026). The claim's core negative finding — no mid-market enterprise has produced a documented +240% ROI in 90 days under audited conditions — is unaffected; the McKinsey State of AI 2025 and MIT NANDA legs verify and continue to support it. The '12% cohort' framing has no verifiable referent. The only verified figure carrying the 12/88 numerals is IDC's pilot-graduation finding (roughly 88% of AI proof-of-concepts never reach production; via CIO.com, Mar 2025), a different metric. Status Up -> Partial.

Reviews coming up in Reporting

  • AM-063 · Holding · next +9d (27 Jun 2026)

    AI agents executing financial transactions need a four-control bundle (action-approval gates by blast radius, kill-swit…

  • AM-061 · Holding · next +9d (27 Jun 2026)

    Production agentic-AI costs at scale routinely run multiples of POC projections, and a layered optimisation programme c…

  • AM-003 · Partial · next +9d (27 Jun 2026)

    GPT-5 Pro's tiered-subscription model forces enterprises to classify problems by computational difficulty — $200/month…