Cyber Immunity in the AI Era

This presentation is an adaptation of a keynote address delivered by Sasha Le, Senior Engineer, Tide Foundation at the launch event of the RMIT AWS Innovation Lab (RAIL) on 21st of April, 2026

The Human Vulnerability

In 2022, a ransomware group named Lapsus$ breached some of the most sophisticated tech companies on the planet. The list included Microsoft, Nvidia, Okta, Uber, and Samsung.

The ringleader wasn't a state-sponsored syndicate. He was a sixteen-year-old operating out of his mother's living room. He didn’t find some obscure zero-day vulnerability, and he certainly didn't outcode the security teams at these tech giants. He did something much simpler by bribing, blackmailing, and tricking the people inside those organizations who held the keys to the kingdom.

We have spent billions fortifying our software and systems. Yet, the people managing those systems still hold "god-like" administrative powers. For any attacker worth their salt, those people are the shortest path in.

Now, hand that attack pattern over to artificial intelligence.

We are facing superintelligent systems capable of cloning a CEO’s voice in real-time, mapping an organization's chart in minutes, and applying perfectly timed social pressure at scale. In an era where AI can relentlessly target human psychology, traditional cybersecurity perimeters fail at an unprecedented pace.

The Paradox of "Vibe Coding"

We cannot simply rely on AI to defend us from AI. The way we build software is changing too rapidly. We have entered the era of "vibe coding" where you simply describe what you want in plain English, and AI builds the application.

The barrier to entry has vanished, driving the global builder population from 100 million in 2023 to an estimated 1.5 billion this year. It is estimated that 85% of all production source code is now AI-generated.

While this productivity boom is incredible, it comes with a massive blind spot. We are mass-producing software with hardcoded secrets, misconfigured access, and exposed credentials at a pace no human security team can review. Vibe coding has introduced a 300% increase in vulnerabilities.

Pitting one superintelligence against another to patch these millions of holes solves nothing. It's a structural stalemate.

To break the stalemate, we have to rethink the architecture entirely. What if systems never had access to sensitive data in the first place?

Introducing Emergent Authority

At Tide, we are building infrastructure based on a novel principle we call Emergent Authority.

The concept is straightforward. The actual authority to execute a sensitive action like authenticating a user or accessing critical data sits completely beyond the reach of any system or person using it.

It doesn't live in a centralized vault. Instead, that authority emerges just-in-time, and only when all cryptographic conditions are perfectly met.

Under this architecture, a server is effectively an oblivious proxy. It holds no power and stores no secrets. If an attacker breaches the server, they find nothing. If an AI socially engineers a system administrator, the breach is equally fruitless, because that administrator no longer holds direct, unilateral authority themselves.

The weakest link is rendered completely incapable of posing a threat.

Proving it with KeyleSSH

Theoretical security is one thing, but proving it where the stakes are highest is another. We were able to test and validate this architecture through our work with the RACE Cloud Supercomputing Hub, an initiative supported by RMIT and AWS.

We applied Emergent Authority to one of the most critical and high-risk areas of IT infrastructure. That area is Privileged Access Management, known as PAM.

A PAM is the system IT teams use to manage access to the servers, firewalls, and databases running a business. By design, a traditional PAM centralizes every privileged credential an organization has. It is a literal vault containing the keys to the kingdom. When attackers compromise these central vaults, the failure is catastrophic.

We saw this when the Lapsus$ group breached Uber by tricking an employee into handing over their credentials. This gave the hackers the 'master keys' to the company’s vault. More recently, this pattern hit the federal government. A major breach at the U.S. Treasury was traced back to BeyondTrust, which is a leading security vendor. In that case, attackers exploited specific 'weak spots' in the software’s defense that allow hackers to hijack security keys. Similar vulnerabilities in vendors like Ivanti and Okta have recently impacted other agencies, including the Department of Justice. It is a stark reminder that when we centralize all our authority in one provider, a single flaw in their code becomes a backdoor into our most sensitive institutions.

To solve this problem, Tide built KeyleSSH, a PAM built entirely on Emergent Authority.

To understand the scale, consider that a single mid-sized utility company might have tens of thousands of servers, each with its own credentials. KeyleSSH manages access to all of them but holds absolutely none of them.

When an administrator logs in through KeyleSSH, it is a Zero-Knowledge Login. No password ever leaves the device, and there is no password database on the server to be stolen. The authentication is verified cryptographically.

When that administrator opens a session to a production server, there are no keys to store, rotate, or revoke. There is no central vault. The cryptographic authority to open the session emerges just-in-time to connect them, but neither the user nor the PAM ever possesses the key itself. Furthermore, executing commands of consequence requires cryptographic approval from other administrators, entirely eliminating the risk of a single compromised "god-mode" account.

The Infrastructure for What's Next

Superintelligent AI will inevitably find vulnerabilities in your software. It will inevitably social-engineer your administrators.

If an architecture ensures there are no secrets stored in a vulnerable state, a successful breach yields nothing for the attacker. The goal is no longer just preventing breaches, but creating a baseline of cyber immunity. In this model, even when a network is compromised, the mathematical structure of the system renders the event structurally inconsequential.

_{Photographed: RMIT Deputy Vice Chancellor Research & Innovation, Distinguished Professor Calum Drummond AO, Professor Alec Cameron - Vice-Chancellor and President at RMIT University, Valerie Singer - AWS General Manager of Global Education, Yuval Hertzog - Co-founder Tide Foundation, Sasha Le - Senior Engineer, Tide Foundation, Dr Ian Oppermann - ACCC Commissioner, Professor Mark Easton - Associate Deputy Vice Chancellor (Research Infrastructure), Chris Mano - Account Executive Education, AWS, Dr Robert Shen - Director of AWS Cloud Supercomputing Hub}