In this month's Threat Briefing, Nathanael Iversen examines three breaches that became public this summer - each a case study in what happens when lateral movement goes unchecked.
Novo Nordisk: A GitHub Token Opens the Vault
Cyber extortion group FulcrumSec claims to have stolen 1.3TB of data from pharmaceutical giant Novo Nordisk, gaining initial access through a GitHub personal access token and then finding additional credentials stored within the cloned repositories. From there, the attackers reportedly moved directly from developer environments into clinical trial databases and proprietary AI research systems - exposing data on approximately 11,500 trial patients and dozens of internal AI models.
Two control failures defined the incident. First, the compromised token carried permissions far too broad for its scope, spanning hundreds of unrelated repositories. Second, there was no network-level segmentation between the development environment and production clinical systems - no Zero Trust boundary to stop lateral movement once credentials were in hand. Novo Nordisk has confirmed a breach and is investigating; the full scope of FulcrumSec's claims has not been independently corroborated.
NYC Health + Hospitals: Vendor Access With No Boundaries
The largest public health system in the United States disclosed that attackers accessed its network from approximately November 2025 through February 2026 - an 11-week dwell time - through a breach at an unnamed third-party vendor. The incident exposed sensitive data for at least 1.8M patients and employees, including medical records, Social Security numbers, geolocation data, and biometric fingerprint and palm print scans.
The vendor served as a pivot point into the main network with minimal friction. Eleven weeks without detection points to a lack of meaningful segmentation between vendor access zones and sensitive patient data stores. Scoped vendor access, microsegmentation, continuous monitoring of third-party sessions, and strict privileged access management would each have substantially limited the blast radius.
Step Finance: When AI Agents Become the Attack Surface
In January 2026, Solana DeFi portfolio manager Step Finance suffered a breach that drained approximately $30 million from its treasury. Attackers compromised executive devices and gained access to wallets and fee accounts. What turned a recoverable device compromise into an existential event were the autonomous AI trading agents integrated into the platform - agents that had permissions to execute large token transfers without human approval. Once attackers had access, those agents moved over 260,000 tokens before operations could be halted. Recovery efforts clawed back roughly $4.7 million of the $30 million lost.
The lesson is direct: AI agents are a force multiplier. They amplify whatever access they are given. Governing agents as privileged identities - with transaction limits, velocity controls, and the same scrutiny applied to any high-privilege human account - is no longer optional. As Nathanael puts it, the device compromise was bad but recoverable. The ungoverned agent autonomy is what made it existential.
Key Takeaways