Why AI Agent Authorization Is Still Unsolved in 2026

In March 2026, a security scanner called Trivy was compromised for less than a day. The stolen credentials cascaded downstream into LiteLLM, a library used by thousands of companies to connect their applications to AI services. Within 40 minutes, attackers harvested credentials from an estimated 500,000 machines across 1,000 SaaS environments. Mercor, a $10 billion AI recruiting startup that handles contractor data for OpenAI, Anthropic, and Meta, was one of those companies. Meta indefinitely suspended all work with Mercor. A class action lawsuit was filed on behalf of 40,000 affected individuals. Lapsus$ claimed to have exfiltrated 4 terabytes of data. The attacker group TeamPCP didn't target Mercor directly. They poisoned a dependency that Mercor happened to use. The agents had valid credentials. The tools executed normally. Nothing looked wrong until it was too late. This is the pattern that keeps repeating. And no one has solved it yet. The Problem Is Not Detection Every major AI a