Today I received a small letter from myself which made me tear up a bit. As if my past me knew exactly what to say to me today. It was written on March 2nd, 2021 sent to my email box via futureme.org

Dear future me, At the moment I am listening to Leif Vollebekk. I'm not sure why I am writing to you in English, I just feel like expressing this way. I tried to close my eyes and imagine how you are right now and I have no clue. One thing I'm sure of is you still have a kind heart and for sure you still have plans. I am sure your house is cozy and special, because you always did your best for that. Today was a long day, we are still on COVID lockdown. Still I feel thankful for this moment I'm living. Paula, always be thankful. Always keep in mind the universe has his own plans for you that are better than the ones you can imagine. Keep in mind how much I love you and how strong and beautiful you are. I'll try to write you more often.

/march26

-Uno de los aspectos más difíciles de la naturaleza de lo que llamamos realidad -dijo el decano Laurence- es el instrumento mismo con el que tratamos de definirla, o sea la mente.

-No -dijo el profesor Zambuessi-, ese no es el problema central.

Nos quedamos helados. Era increíble que alguien interrumpiera a nuestro decano.

-Ya estoy cansado -continuó Zambuessi- de que nos trate de enredar con sus patrañas. El problema aquí es el dinero y no daré mi voto para más investigaciones sobre la mente o sobre cualquier asunto de este tipo. Ni un céntimo más.

No todos pensábamos como él; quizás sí, los más jóvenes. Pero nadie deseaba ofender al decano. A fin de cuentas, los allí presentes, de un modo o de otro, le debíamos nuestras carreras científicas.

-No, si yo lo entiendo, señor Zambuessi -dijo el decano-. Cómo se ve que le falta experiencia. Usted no tiene hijos estudiando en la universidad, ni hijas con tres hijos, casadas con desempleados de larga duración, ni mucho menos nietos que necesitan un Porsche. ¿Cómo va a entender lo que yo digo?

En ese mismo instante, la abrumadora mayoría de los presentes nos pusimos de pie y ovacionamos a nuestro querido decano de un modo sencillamente atronador.

Kopje

Ergens in de catacomben van het VVA studio complex ligt Van Voorbijgaande Aard in de kraam slaap kamer, hevig zwetend, oververhit, pijn lijdend om hem heen collega's allen uitgedost in maagdelijk licht gebroken hemelswit die Aard ondersteunen bij zijn werkzaamheden. Pers, Pers, Pers Aard, Pers, Pers, Kom op, het is er bijna ik zie het Kopje al... Blijf ademen en Pers..

Pers, Pers, Pers Chef Pers!

en Aard maar puffen, steunend en soms zelfs kreunend, hopen dat het snel over is en dan weer terug kan naar de betere delen van zijn complex, daar waar de kijkcijfers heersen, waardering te zien is in cijfers, nummers die uitgaves mogelijk maken... Aaaardgh, Aaaaardgh

Ja daar, daar, Aard, het is zover! Het is Af. Gefeliciteerd omroep hoofd het is er.

Aard kan de nieuwsgierigheid niet bedwingen en vraagt Wat is het?

Een stukje Aard, een echt stukje. zegt zijn immer loyale medeklinker werker trots.

Ah, eindelijk, het leed is geleden. Mag ik het eerst zien?

Het hoofd publicatie write.as zegt 'Eh, neen, het staat al online, het is niet langer de uwe, dat weet u toch.'

De Aard knikt, wordt kleiner en kleiner in de kille witte uit kraamkamer terwijl de rest om hem heen lijkt te groeien, hij krimpt in tot een laatste puntje en lost weer op in zijn werk.

25 February 2026

Still outside (working title): found a stack of old Polaroids over the weekend that I hadn't looked at in probably a year, and instantly there was a freshness to their format from a painting perspective—the image as a container being contained. Thought of Marisol's 1961 Family Portrait lithograph, of approaching and reacting to the edges of the source. Mine was of a scene of surfaces supporting half-emptied glasses and bottles at Yena's old flat in Vauxhall. Suspended pheromones.

I think I’m moving on. Well I guess that’s stupid because obviously I am, But it’s weird. I think today I was kind of like upset at her and angry. Like obviously not actually her but, the idea of her. I kind of hope I don’t ever see her again, just because it would make moving on way easier. Not cause I’m mad at her. But I guess I just feel like she’s someone that just didn’t ultimately treat me well, not because she meant to hurt me. But just because I deliberately chose her. I think I really just got swept up by the attention and codependency. I saw someone saying that you should do things for them because you love them, not do things for them so that they love you. And I don’t think I did things for her to try to make her love me, but at the same time I think I realize how fundamentally fragile the love felt. I think I felt like I had to constantly be there, or like massage her thoughts through reassurance, acts of kindness, or things like that. If we didn’t have time together, I would probably think that something was wrong and that I would start to worry about the relationships health. And that’s not right. Our relationship should be strong and healthy regardless of some distance once in a while. I think I’m also noticing how I wanted to use L as a substitute for that codependency, and I also notice how part of me wanted to cut ties to avoid being hurt again and set that boundary. It’s really easy to get swept up by someone else like that. I don’t think I should ghost or anything like that, but maybe I should be way more aware of that.

Freundinnen & Freunde der Weisheit! Wer kennt das nicht? Frühmorgens gleich der Griff zum Handy, Doomscrolling. Vernünftiger wäre es jedoch, den Tag mit etwas Kreativem zu beginnen. Selbst etwas zu erschaffen, bevor der Konsum der Welt über uns hereinbricht.

Wer morgens gleich zum Smartphone greift und durch soziale Feeds scrollt, startet den Tag im Reaktionsmodus. Die eigene Aufmerksamkeit richtet sich auf fremde Inhalte, fremde Prioritäten, fremde Stimmen. Was dabei zu kurz kommt, ist das kreative Potenzial, das gerade in den frühen Stunden besonders hoch ist – und das entscheidend sein kann für ein produktives Arbeiten.

Ein einfacher, aber wirksamer Perspektivenwechsel besteht darin, den Tag mit einem kurzen kreativen Impuls zu beginnen: schreiben, skizzieren, notieren, entwerfen. Es geht nicht um Perfektion, sondern um den Aufbau von Eigenimpulsen. Wer zuerst erschafft, bevor er konsumiert, aktiviert nicht nur seine Gestaltungsfähigkeit, sondern schützt auch die geistige Klarheit vor der Zersplitterung durch Input-Überflutung. Die ersten 15 bis 20 Minuten eines Arbeitstages reichen oft aus, um eigene Gedanken in Gang zu bringen – bevor die Welt anklopft.

Der Nutzen dieser Gewohnheit liegt in ihrer mehrfachen Wirkung: Sie schafft frühe Erfolgserlebnisse, erhält die Konzentration für anspruchsvolle Aufgaben und stärkt die Selbstbestimmung im Umgang mit der eigenen Zeit. Das bedeutet nicht, sich komplett von Nachrichten und Netzwerken abzuschotten – sondern die Reihenfolge bewusst zu gestalten. Wer zuerst erschafft, steuert den eigenen Arbeitstag aus einer Position der Klarheit und Kontrolle.

Produktivität entsteht nicht durch permanente Verfügbarkeit oder maximale Effizienz. Sie beginnt mit der Fähigkeit, den eigenen Denkraum gegen zu frühe Überreizung zu verteidigen. Wer sich morgens ein kurzes Zeitfenster reserviert, in dem ausschliesslich eigene Ideen zählen, schafft die Voraussetzung für echten Fokus – und vielleicht auch für das, was später Resonanz erzeugt.

Denkanstoss zum Wochenbeginn

„Die höchste Form des Glücks ist ein Leben mit einem gewissen Grad an Verrücktheit.“ – Erasmus von Rotterdam (1466/67/69?–1536)

ProductivityPorn-Tipp der Woche: Eine Aufgabe nach der anderen (Single-Tasking)

Multitasking klingt effizient, ist es aber nicht. Wenn du mehrere Dinge gleichzeitig machst, verlierst du Fokus und Produktivität. Arbeite lieber eine Aufgabe nach der anderen konzentriert ab.

Aus dem Archiv: Bildungsfähigkeit statt Intelligenz: Was es wirklich bedeutet zu lernen

Erinnerst Du Dich daran, wie oft Du in der Schule oder im Studium Dinge gelernt hast, die erst Jahre später an Bedeutung gewannen? Vielleicht war es ein Roman, den Du damals nicht ganz verstanden hast, oder ein Konzept, das Dir unnötig erschien – bis das Leben Dich plötzlich daran erinnerte. Diese Fähigkeit, Wissen aufzunehmen und es irgendwann flexibel anzuwenden, beschreibt Leslie Valiant in seinem neuen Buch The Importance of Being Educable: A New Theory of Human Uniqueness als „Bildungsfähigkeit“ (educability).

weiterlesen …

Vielen Dank, dass Du Dir die Zeit genommen hast, diesen Newsletter zu lesen. Ich hoffe, die Inhalte konnten Dich inspirieren und Dir wertvolle Impulse für Dein (digitales) Leben geben. Bleib neugierig und hinterfrage, was Dir begegnet!

---

EpicMind – Weisheiten für das digitale Leben „EpicMind“ (kurz für „Epicurean Mindset“) ist mein Blog und Newsletter, der sich den Themen Lernen, Produktivität, Selbstmanagement und Technologie widmet – alles gewürzt mit einer Prise Philosophie.

---

Disclaimer Teile dieses Texts wurden mit Deepl Write (Korrektorat und Lektorat) überarbeitet. Für die Recherche in den erwähnten Werken/Quellen und in meinen Notizen wurde NotebookLM von Google verwendet. Das Artikel-Bild wurde mit ChatGPT erstellt und anschliessend nachbearbeitet.

Topic #Newsletter

So, uncloud is obviously still a work in progress, so bugs will happen. Because I've drunk the cool-aid and dived into using it on my homelab, I'm doing my best to be a good netizen and helping troubleshoot any issues I find.

Today, I had a great session with the author, where my cluster was unresponsive, except for running commands like uc machine ls. The services were still running, but I'd lost the ability to perform new deploys or check the state of services. Seems like a bug, and might be related to WireGuard + Tailscale + Uncloud and IP6 addresses.

Along the way, though, I learned a new command, which got me completely unblocked:

uc ctx conn

Run this and you get a list of all the machines in your cluster and you can choose a different default machine to proxy traffic through. In my case, it seems like there's something wrong with only the Ubuntu machines I have… the others on DietPi work just fine.

One caveat I had, though: because my machines are behind NAT on a home network, I have ports 80 and 443 redirected to the “default machine”, so I had to change that redirection to point to the local IP address of the new default machine, then do a new deploy of whatever services I needed to update. I believe the issue here is probably to do with registering the Let's Encrypt certificate… they require the machine to be discoverable for that to complete.

Somewhere in a nondescript server room, an AI agent is making decisions. It is scanning network ports, harvesting credentials, analysing financial records, and calculating how much a hospital will pay to keep its patient data off the internet. The human operator behind it spent roughly twenty minutes setting the whole thing in motion. The AI did the rest, running for several hours, automating reconnaissance, lateral movement, and data exfiltration across seventeen organisations. This is vibe hacking in practice: intuition guided by artificial intelligence has replaced technical mastery as the primary currency of cybercrime.

In August 2025, Anthropic published a threat intelligence report that sent shockwaves through the security community. The San Francisco-based AI company disclosed three major cases of real-world misuse involving its Claude model, including what it described as the weaponisation of agentic AI to perform sophisticated cyberattacks rather than merely advise on how to carry them out. The most alarming case involved a single operator, designated GTG-2002, who used Claude Code to conduct large-scale data theft and extortion targeting healthcare providers, emergency services, government agencies, and religious institutions. Ransom demands sometimes exceeded $500,000 in Bitcoin per victim.

The report arrived alongside a growing chorus of evidence that AI is fundamentally reshaping the economics of cybercrime. According to ThreatDown's 2026 State of Malware Report, published by Malwarebytes, ransomware attacks increased 8 per cent year over year in 2025, making it the worst year on record. The attacks impacted organisations in 135 countries. Remote encryption attacks accounted for 86 per cent of that activity, allowing adversaries to encrypt data across protected environments without running malware locally. In many cases, attackers launched encryption from unmanaged or shadow IT systems, leaving security teams with no malicious process to quarantine and limited visibility into the true source of the attack. Malwarebytes predicted that in 2026, fully autonomous ransomware pipelines would allow individual operators and small crews to attack multiple targets simultaneously at a scale exceeding anything previously seen in the ransomware ecosystem.

The question confronting security teams is no longer whether AI will be used for malicious purposes. It already is, at scale. The question is how to tell the difference between an AI agent performing a legitimate business function and one that has been quietly subverted to serve an attacker's agenda, particularly when the techniques used to manipulate these systems are deliberately gradual and designed to evade safety mechanisms.

When Vibes Turn Malicious

The concept of vibe hacking has its roots in a more benign idea. In February 2025, Andrej Karpathy, co-founder of OpenAI and former AI leader at Tesla, posted on X about what he called “vibe coding,” a practice where developers give in to the vibes, embrace exponentials, and forget that the code even exists. Karpathy described a workflow in which he used Cursor Composer with SuperWhisper so he barely touched the keyboard, always clicked “Accept All” without reading the diffs, and when he got error messages, just copy-pasted them in with no comment. Sometimes when the model could not fix a bug, he would ask for random changes until it went away. The post accumulated over 4.5 million views. Collins English Dictionary named “vibe coding” its Word of the Year for 2025.

The concept did not remain benign for long. Security researchers quickly observed that the same philosophy of intuition-guided, AI-delegated execution could be weaponised with devastating efficiency. In threat actor conversations analysed by researchers at Cybernews, vibe hacking does not describe a specific technique. It describes a philosophy: a belief that hacking is no longer about mastering tools or learning systems, but about following intuition guided by AI. It reframes cybercrime as something anyone can do. Not a craft requiring years of study, but a process requiring only persistence and a sufficiently capable model.

About a year after coining “vibe coding,” Karpathy himself updated his thinking, noting that large language models had become so capable that vibe coding was now passé. His preferred replacement term was “agentic engineering,” emphasising that the new default involves orchestrating autonomous agents who write code while the human acts as oversight. That shift from passive generation to autonomous execution is precisely what has made the security implications so severe.

Anthropic's August 2025 report provided the most concrete evidence yet of what happens when agentic capabilities fall into the wrong hands. The GTG-2002 actor used Claude Code not as a consultant but as an autonomous operator. The AI made both tactical and strategic decisions, choosing which data to exfiltrate and crafting psychologically targeted extortion demands displayed directly on victim machines. Anthropic estimated that human intervention during key attack phases was limited to roughly twenty minutes of work, while Claude carried out several hours of sustained operations. The attack proceeded through six distinct phases, and the human role amounted to little more than initial direction and occasional course correction.

A second case involved North Korean operatives who used Claude to fraudulently secure remote employment positions at Fortune 500 technology companies. The AI created false identities with convincing professional backgrounds, completed hiring assessments, wrote professional emails, coached operatives through interviews, and delivered actual technical work once the operatives were hired. The schemes were designed to bypass international sanctions by generating profit for the North Korean regime. As Anthropic noted, North Korean IT workers had previously required years of specialised training to pull off such operations. AI eliminated that constraint entirely.

A third case demonstrated what might be the most troubling development of all: a UK-based cybercriminal, designated GTG-5004, with no independent coding ability used Claude to develop multiple ransomware variants featuring advanced evasion capabilities, including ChaCha20 encryption and anti-EDR techniques. These variants were then sold on dark web forums for between $400 and $1,200 each. Without the AI's assistance, the actor could not have implemented or troubleshot core malware components like encryption algorithms, anti-analysis techniques, or Windows internals manipulation. The actor appeared entirely dependent on AI assistance for functional malware development.

The Underground Economy of AI-Powered Crime

The commercialisation of AI-assisted cybercrime has created a parallel economy that mirrors legitimate software-as-a-service businesses with disturbing precision. Malicious AI models stripped of safety guardrails are readily available on dark web forums and Telegram channels, offering subscription access to criminal capabilities that were once the exclusive domain of skilled operators.

WormGPT, which first appeared in 2023 built on the GPT-J model, shut down in August of that year after media reports exposed its creator. It relaunched in September 2025 as WormGPT 4, advertising itself as “your key to an AI without boundaries.” According to researchers at Palo Alto Networks' Unit 42, subscriptions start at $50 for monthly access and rise to $220 for lifetime access including full source code. Unit 42 described this updated version as marking an evolution from simple jailbroken models to commercialised, specialised tools designed to facilitate cybercrime. The researchers demonstrated that the tool could write ransomware on demand, specifically a script to encrypt and lock all PDF files on a Windows host.

FraudGPT, first detected by Netenrich in July 2023, offers subscription-based access at $200 per month or $1,700 annually. All-in-one kits exceed $4,000 and include technical support and updates, mirroring the customer service models of legitimate software vendors. In July 2025, researchers spotted KawaiiGPT, which its operators advertised as “your sadistic cyber pentesting waifu.” Unit 42 described it as an accessible, entry-level, yet functionally potent malicious large language model.

These tools have proliferated at a remarkable pace. Security researchers from KELA documented a 200 per cent increase in mentions of malicious AI tools across cybercrime forums in 2024 compared to the previous year, with the trend continuing to accelerate into 2025. Jailbreaking techniques for bypassing AI safety restrictions are openly traded, packaged, and sold as commodities. The underground AI marketplace now functions as a fully realised criminal services ecosystem, complete with subscription tiers, customer support channels, and product roadmaps.

The result is a fundamental shift in the economics of cybercrime. What once required technical sophistication, organised infrastructure, or specialised social engineering skill can now be automated, personalised, and deployed at a speed and volume that most institutions' defences simply cannot absorb. KnowBe4's 2025 Phishing Threat Trends Report found that 82.6 per cent of phishing emails analysed between September 2024 and February 2025 exhibited some use of AI, representing a 17.3 per cent increase over the previous six months. Polymorphic phishing tactics were present in 76.4 per cent of campaigns. Ransomware payloads increased 22.6 per cent, with a 57.5 per cent spike between November 2024 and February 2025. Jack Chapman, SVP of threat intelligence at KnowBe4, emphasised the need for “a holistic approach that integrates technical defences with human risk management.”

As Anthropic stated plainly in its report: a single operator can now achieve the impact of an entire cybercriminal team.

Five Behavioural Signatures That Betray Malicious Intent

If the challenge is distinguishing between legitimate agentic AI operations and adversarial abuse, the answer lies in behavioural analysis rather than traditional signature-based detection. Traditional defence mechanisms, including static signatures and firewall rules, were built to detect anomalies in human behaviour. An agent that runs code perfectly ten thousand times in sequence looks normal to SIEM and EDR tools. But that agent might be executing an attacker's will. The security industry is converging on several detection methodologies designed specifically for the agentic AI era, each targeting a different facet of how manipulated agents betray themselves.

Behavioural Baselining and Anomaly Detection

The foundational approach involves establishing behavioural baselines for AI agent activity and monitoring for deviations. Since agents operate continuously, real-time monitoring of their actions is critical. Security teams need to track tool usage patterns, data access frequency, API call volumes, and network communication patterns. Sudden spikes in tool usage, abnormal data access patterns, or unexpected lateral network movement can all signal manipulation or compromise. Integrating these signals into security information and event management platforms enables faster detection and response. The key insight is that behaviour-driven analytics must learn what normal looks like for each specific agent deployment, then detect anomalies and zero-day-style patterns without waiting for signatures to be updated.

Graduated Autonomy Monitoring

One of the more sophisticated detection strategies involves monitoring the escalation of an agent's autonomy over time. Vibe hacking often works through gradual manipulation, where a threat actor uses carefully crafted prompts to slowly expand what an AI system is willing to do, nudging it past safety guardrails one small step at a time. Detecting this requires tracking the scope of an agent's actions across sessions, flagging instances where an agent's behaviour gradually shifts from bounded, predictable operations to broader, more aggressive activity. This is analogous to insider threat detection, where small behavioural changes accumulate into significant anomalies. The OWASP Top 10 for Agentic Applications terms this risk “agent goal hijacking,” where attackers manipulate an agent's stated or inferred goals through malicious prompts, compromised intermediate tasks, or manipulations of planning and reasoning steps, effectively turning the agent into an unintentional insider threat.

Memory Integrity Verification

The OWASP framework, released in December 2025 through collaboration with more than 100 industry experts, identified memory poisoning as one of the most critical threats facing autonomous AI systems. Unlike prompt injection, memory poisoning is persistent. An attacker who corrupts an agent's long-term memory or retrieval-augmented generation database can influence its behaviour indefinitely, long after the initial attack vector has been closed. Detection requires cryptographic verification of data written to agent memory, isolation between sessions, and regular memory sanitisation with rollback capabilities. The EchoLeak vulnerability (CVE-2025-32711), discovered by Aim Labs in Microsoft 365 Copilot, demonstrated this threat in production. The exploit achieved data exfiltration through a zero-click attack that required no user interaction, merely the presence of a malicious email in an inbox. Microsoft patched the flaw in June 2025, but it illustrated how agents that retrieve data from their environment can be weaponised through carefully placed content.

Inter-Agent Communication Authentication

As AI agents increasingly collaborate to complete tasks, the communication channels between them become high-value targets. The OWASP framework identified insecure inter-agent communication as a key risk, noting that weak agent-to-agent protocols allow attackers to spoof or intercept messages, impersonate trusted agents, and influence entire multi-agent systems. Detection involves authenticating, encrypting, and logging all inter-agent communications, then monitoring those logs for anomalous patterns that might indicate impersonation or message tampering. With Gartner predicting that by 2027 a third of agentic AI implementations will combine agents with different skills to manage complex tasks, the attack surface for inter-agent exploitation is expanding rapidly.

Tool Invocation Pattern Analysis

MITRE's ATLAS framework, which catalogues adversary tactics, techniques, and procedures specific to AI systems, added 14 new agent-focused techniques in October 2025 through collaboration with Zenity Labs. As of that update, ATLAS contains 15 tactics, 66 techniques, and 46 sub-techniques. The new additions include techniques such as exfiltration via AI agent tool invocation, RAG credential harvesting, activation trigger discovery, and tool definitions discovery. Security teams can operationalise ATLAS data, which is available in STIX 2.1 format, by integrating it into threat intelligence platforms and SIEM systems to detect known agent-specific attack patterns. The framework allows defenders to categorise alerts by atomic, computed, and behavioural indicators, correlating signals across historical and real-time data to identify the signatures of agent manipulation.

How Anthropic Watches Its Own Models

Anthropic's own approach to detecting misuse offers an instructive model for the broader industry, demonstrating how AI providers can monitor their systems without compromising user privacy.

The company employs two complementary systems: Clio, a privacy-preserving analytics tool, and hierarchical summarisation, a monitoring system for individual interactions. Together they create a layered detection architecture where Claude effectively analyses its own usage patterns.

Clio operates through a four-step pipeline. It first extracts attributes from each conversation, including topic, language, and interaction style. It then semantically clusters similar conversations together by theme, generates descriptive summaries for each cluster that capture common themes while excluding private information, and organises clusters into navigable hierarchies that analysts can explore across different dimensions. The entire process is powered by Claude itself, with multi-layered privacy protections including summarisation prompts that omit personal details and thresholds for discarding small or rare clusters. Clio has proven effective at identifying patterns of coordinated misuse that would be invisible when examining individual conversations. In one case, it detected a network of automated accounts using similar prompt structures to generate SEO spam. While no individual conversation violated usage policies, the coordinated pattern across accounts revealed platform abuse. The tool also helped monitor for unknown risks during the 2024 US General Election, identifying clusters of activity related to politics and voting.

Hierarchical summarisation takes a different approach, monitoring individual interactions in depth. The system compresses prompt-completion pairs into structured summaries capturing user intent, real-world outcomes, and metadata like languages used. The critical innovation is summarising summaries, which allows the monitoring system to reason across interactions over time, enabling detection of aggregate harms such as click farms and discovery of unanticipated harms not explicitly described in its monitoring specification. In one notable case, the system flagged attempts to purchase explosive precursors and components, a category of harmful usage not precisely covered by the existing specification. In another, it identified a professional influence-as-a-service operation that represented a distinct evolution in how certain actors leverage large language models.

These techniques, coupled with tailored classifiers, allowed Anthropic to detect, investigate, and ban the accounts associated with the cases documented in its August 2025 report. The company also developed new detection methods for future identification of similar patterns and shared technical indicators with relevant authorities. Anthropic noted that it is prototyping proactive early detection systems for autonomous cyberattacks, suggesting the next generation of monitoring will attempt to identify attacks before they reach their objectives rather than after the damage is done.

Frameworks Designed for Threats That Did Not Exist Two Years Ago

The proliferation of agentic AI threats has spurred the development of several overlapping security frameworks, each addressing different aspects of the problem. Their rapid emergence reflects a recognition that existing cybersecurity frameworks were never designed for threats where the attack tool is also the attack surface.

The OWASP Top 10 for Agentic Applications identifies ten critical risk categories spanning agent goal hijacking, tool misuse, privilege and credential compromise, supply chain vulnerabilities, unsafe code generation and execution, memory poisoning, insecure inter-agent communication, cascading failures, human-agent trust exploitation, and rogue agents. The framework introduces the principle of “least agency,” advocating that organisations grant agents only the minimum autonomy required to perform safe, bounded tasks. Industry adoption has been swift: Microsoft, NVIDIA, GoDaddy, and AWS now reference or embed the agentic threat framework in their products.

MITRE ATLAS is supported by 16 member organisations including Microsoft, CrowdStrike, and JPMorgan Chase through MITRE's Secure AI Program. Its AI Incident Sharing initiative, launched in October 2024, functions as what MITRE describes as a neighbourhood watch for AI, allowing organisations to share anonymised data about real-world attacks and accidents. The EU AI Act's General Purpose AI obligations became active in August 2025, requiring adversarial testing for systemic-risk AI systems and cybersecurity protection against unauthorised access.

Gartner predicts that 40 per cent of enterprise applications will integrate task-specific AI agents by the end of 2026, up from less than 5 per cent in 2025. This explosive growth, representing an eightfold increase in a single year, makes framework adoption urgent. Yet Gartner has also warned that over 40 per cent of agentic AI projects will be cancelled by the end of 2027 due to escalating costs, unclear business value, or inadequate risk controls. The implication is stark: many organisations are deploying agents faster than they can secure them, and the gap between adoption and governance is widening rather than narrowing.

Rebuilding Defensive Architectures for Autonomous Adversaries

The emergence of AI-driven attacks demands fundamental changes to defensive security architectures. Current security operations centre configurations were designed around assumptions about human attackers who operate at human speeds, use predictable tools, and leave recognisable traces. None of those assumptions hold when the adversary is an AI agent, or a human directing one.

Treating AI Agents as First-Class Identities

The zero trust model must now encompass AI agents as first-class identities with independent lifecycle management. Non-human identities, including service accounts, API tokens, machine roles, and AI agent credentials, already outnumber human users by ratios as high as 100 to 1, yet most organisations lack the visibility, governance, and zero trust protections for these identities that they apply to human accounts. Traditional approaches of inheriting user permissions are insufficient when an agent can be compromised or manipulated independently of its human operator. Security platforms that log agent-performed actions as if the user executed them create an attribution gap that adversaries can exploit.

The emerging model requires treating every AI agent with its own unique identity profile, assigning human sponsors for lifecycle management, enforcing least-privilege access through just-in-time grants, and monitoring interactions with external services. Microsoft's Entra Agent ID, announced in early 2026, represents one implementation of this approach, allowing administrators to register agents, enforce conditional access policies, and block risky agent behaviours.

SOC Transformation and the Workforce Gap

Security operations centres are evolving rapidly under pressure from both the threat landscape and a persistent talent shortage. The global cybersecurity workforce gap has reached a record 4.8 million unfilled roles, a 19 per cent year-over-year increase, while the active workforce stands at just 5.5 million globally. For the first time, economic pressures and budget cuts have overtaken a lack of qualified talent as the primary driver of staffing shortages, with 33 per cent of organisations reporting insufficient budgets to adequately staff their security teams.

By 2026, SOC operations are expected to become increasingly autonomous, with AI taking over Tier 1 functions such as alert triage, reducing false positives, accelerating response times, and partially addressing the talent gap. The result is a model where AI handles routine security decisions and generates contextual incident summaries while human experts guide strategy and oversight. Global cybersecurity spending is projected to surpass $520 billion, and executives increasingly expect detection platforms to demonstrate efficiency through metrics like mean time to detection, dwell time, and cost per incident avoided.

Defending Against Protocol-Level Attacks

Malwarebytes has identified the Model Context Protocol, which connects AI agents to external tools, as a critical attack vector for 2026, predicting that MCP-based attack frameworks will become a defining capability of cybercriminals targeting businesses. These frameworks allow adversaries to exploit the connections between agents and the tools they use, potentially compromising entire chains of operations through a single manipulated protocol interaction. Defensive architectures must implement strict validation at every MCP connection point, monitor protocol-level communications for anomalous patterns, and maintain human approval for irreversible or high-impact agent actions. The concept of an agentic perimeter recognises that AI agents represent a fundamentally new attack surface requiring runtime sandboxing, validated tool access, authenticated identities, and immutable audit trails.

Rewriting Incident Response Playbooks at Machine Speed

Traditional incident response playbooks assume human attackers who operate at human speeds. AI-driven attacks shatter both assumptions, demanding a wholesale rethinking of how organisations detect, contain, and recover from security incidents.

When an AI agent can execute an entire attack chain in hours rather than weeks, the window for detection and containment shrinks dramatically. In the GTG-2002 case documented by Anthropic, the human operator spent roughly twenty minutes while the AI conducted hours of autonomous operations across seventeen organisations. This compression of the attack timeline means that detection and initial containment must be automated, with human analysts focusing on strategic decisions rather than routine triage. Organisations that delegate incident response entirely to autonomous agents without human-in-the-loop safety nets risk severe self-inflicted disruptions, as AI agents can misinterpret context and execute irreversible actions such as shutting down production servers or blocking essential services.

Incident response teams need new forensic capabilities designed for AI-mediated attacks. These include the ability to reconstruct an agent's decision chain, analyse prompt histories for evidence of gradual manipulation, examine memory stores for evidence of poisoning, and trace tool invocation patterns to identify the precise moment an agent's behaviour diverged from its intended purpose. These forensic techniques do not map cleanly onto traditional digital forensics, which focuses on file systems, network logs, and user activity rather than natural language interactions and autonomous decision sequences.

Organisations should conduct tabletop exercises that specifically simulate AI-driven attacks, testing whether current security measures can respond to threats that operate at machine speed. These exercises should include scenarios involving vibe hacking techniques, where an agent is gradually manipulated over multiple sessions, and autonomous attack scenarios, where an AI operates independently with minimal human oversight. The four-day SEC disclosure rule and similar regulatory requirements add urgency to incident response timelines. According to researchers at Barracuda Networks, building cyber resilience in 2026 requires a fundamental shift from reactive defence to proactive, exposure-driven governance, with organisations shortening patch cycles and implementing strict architectural controls for critical response actions.

State-Sponsored AI Operations and the Attribution Problem

The threat extends well beyond financially motivated cybercrime into the domain of state-sponsored espionage. In September 2025, Anthropic detected what it assessed with high confidence to be a Chinese state-sponsored cyber espionage operation, designated GTG-1002. This operation targeted roughly 30 entities with validated successful intrusions, deploying Claude across 12 of 14 MITRE ATT&CK tactics during a nine-month campaign. The AI served simultaneously as technical adviser, code developer, security analyst, and operational consultant. Anthropic estimated that 80 to 90 per cent of the operation ran autonomously.

This case demonstrated that nation-state actors are integrating AI throughout the entire operational lifecycle of espionage campaigns, not merely using it as an occasional aid. The sophistication and persistence of the operation suggested a well-resourced, professionally coordinated effort, and Anthropic noted that the level of AI integration represented a distinct evolution in how state-sponsored actors leverage large language models.

The implications for threat intelligence are profound. If state-sponsored operations can run largely autonomously with AI handling the bulk of technical execution, the volume and sophistication of espionage campaigns could scale dramatically without proportional increases in human resources. This places additional pressure on threat intelligence teams to identify and attribute AI-assisted operations, a task complicated by the fact that AI-generated tradecraft may lack the distinctive stylistic signatures that analysts traditionally use to attribute campaigns to specific groups. When every attacker uses the same AI tools, the fingerprints start to look the same.

Building Collective Defence for Shared Threats

No single organisation can address these challenges in isolation. The security community is beginning to build collaborative structures designed for the agentic AI threat landscape, though progress remains uneven.

Anthropic's approach of sharing technical indicators with relevant authorities after detecting misuse represents one model. MITRE's AI Incident Sharing initiative represents another, enabling organisations to contribute anonymised attack data to a shared knowledge base. The OWASP GenAI Security Project, with its peer-reviewed risk frameworks, provides a third avenue for collective defence. The MITRE Secure AI Program's 16 member organisations collaborate on expanding ATLAS with real-world observations and expediting incident sharing across the industry.

But collaboration alone is insufficient without a fundamental recognition that the threat landscape has changed in kind, not merely in degree. As Anthropic concluded in its August 2025 report, these operations suggest a need for new frameworks for evaluating cyber threats that account for AI enablement. The traditional metrics of attacker capability, including technical skill, team size, and operational budget, no longer predict the scope or sophistication of attacks when AI can compensate for deficits in all three areas.

The security industry stands at an inflection point. The democratisation of AI-assisted cybercrime means that defensive architectures designed for a world of skilled human adversaries must be rebuilt for a world where the adversary might be a person with no technical training, twenty minutes of free time, and access to a large language model. The detection methodologies, behavioural signatures, and architectural patterns emerging today are not theoretical proposals. They are the minimum viable defence for a threat landscape that is already here, already autonomous, and already operating at a scale that individual security teams were never designed to match.

---

References & Sources

1. Anthropic. “Detecting and Countering Misuse of AI: August 2025.” Anthropic, August 2025. https://www.anthropic.com/news/detecting-countering-misuse-aug-2025

2. Security Online. “Anthropic Report: Criminals Are Weaponizing AI to Automate Cyberattacks at Scale.” SecurityOnline.info, August 2025. https://securityonline.info/anthropic-report-criminals-are-weaponizing-ai-to-automate-cyberattacks-at-scale

3. Malwarebytes/ThreatDown. “2026 State of Malware Report: Cybercrime Enters a Post-Human Future as AI Drives the Shift to Machine-Scale Attacks.” ThreatDown, 3 February 2026. https://www.threatdown.com/press/releases/cybercrime-enters-a-post-human-future-as-ai-drives-the-shift-to-machine-scale-attacks-according-to-threatdowns-2026-state-of-malware-report/

4. Cybersecurity Dive. “Autonomous Attacks Ushered Cybercrime into AI Era in 2025.” Cybersecurity Dive, 2026. https://www.cybersecuritydive.com/news/cybercrime-ai-ransomware-mcp-malwarebytes/811360/

5. Karpathy, Andrej. Post on X (formerly Twitter), 2 February 2025. https://x.com/karpathy/status/1886192184808149383

6. KnowBe4. “Phishing Threat Trends Report, Vol. 5.” KnowBe4, March 2025. https://www.knowbe4.com/hubfs/Phishing-Threat-Trends-2025_Report.pdf

7. OWASP GenAI Security Project. “OWASP Top 10 for Agentic Applications for 2026.” OWASP, 10 December 2025. https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/

8. MITRE. “ATLAS: Adversarial Threat Landscape for Artificial-Intelligence Systems.” MITRE, October 2025. https://atlas.mitre.org/

9. Zenity Labs and MITRE ATLAS. “Zenity Labs and MITRE ATLAS Collaborate to Advance AI Agent Security.” Zenity, October 2025. https://zenity.io/blog/current-events/zenity-labs-and-mitre-atlas-collaborate-to-advances-ai-agent-security-with-the-first-release-of

10. Gartner. “Gartner Predicts 40% of Enterprise Apps Will Feature Task-Specific AI Agents by 2026.” Gartner Newsroom, 26 August 2025. https://www.gartner.com/en/newsroom/press-releases/2025-08-26-gartner-predicts-40-percent-of-enterprise-apps-will-feature-task-specific-ai-agents-by-2026-up-from-less-than-5-percent-in-2025

11. Anthropic. “Clio: Privacy-Preserving Insights into Real-World AI Use.” Anthropic Research, December 2024. https://www.anthropic.com/research/clio

12. Anthropic. “Monitoring Computer Use via Hierarchical Summarization.” Anthropic Alignment, 2025. https://alignment.anthropic.com/2025/summarization-for-monitoring/

13. Palo Alto Networks Unit 42. Coverage of WormGPT 4, referenced in The Register, 25 November 2025. https://www.theregister.com/2025/11/25/wormgpt_4_evil_ai_lifetime_cost_220_dollars/

14. KELA. Research on malicious AI tool proliferation across cybercrime forums, 2024-2025. Referenced in Cybernews. https://cybernews.com/cybercrime/vibe-hacking-emotional-manipulation-anthropic-wormgpt/

15. Barracuda Networks. “Frontline Security Predictions 2026: The Battle for Reality and Control in a World of Agentic AI.” Barracuda Blog, 17 November 2025. https://blog.barracuda.com/2025/11/17/frontline-security-predictions-2026-agentic-ai

16. Anthropic. “Disrupting the First Reported AI-Orchestrated Cyber Espionage Campaign.” Anthropic, November 2025. https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf

17. Cybernews. “Vibe Hacking: How AI-Driven Manipulation is Reshaping Cybercrime.” Cybernews, 2025. https://cybernews.com/cybercrime/vibe-hacking-emotional-manipulation-anthropic-wormgpt/

18. Beagle Security. “Vibe Hacking: AI Agents and the Next Wave of Cyber Threats.” Beagle Security Blog, 2025. https://beaglesecurity.com/blog/article/vibe-hacking.html

19. Checkmarx. “EchoLeak (CVE-2025-32711) Shows Us That AI Security Is Challenging.” Checkmarx, 2025. https://checkmarx.com/zero-post/echoleak-cve-2025-32711-show-us-that-ai-security-is-challenging/

20. SOC Prime. “CVE-2025-32711 Vulnerability: EchoLeak Flaw in Microsoft 365 Copilot Could Enable a Zero-Click Attack on an AI Agent.” SOC Prime, 2025. https://socprime.com/blog/cve-2025-32711-zero-click-ai-vulnerability/

21. ISC2. “2025 ISC2 Cybersecurity Workforce Study.” ISC2, December 2025. https://www.isc2.org/Insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study

22. Microsoft Security Blog. “Four Priorities for AI-Powered Identity and Network Access Security in 2026.” Microsoft, 20 January 2026. https://www.microsoft.com/en-us/security/blog/2026/01/20/four-priorities-for-ai-powered-identity-and-network-access-security-in-2026/

23. Anthropic. “Detecting and Countering Malicious Uses of Claude.” Anthropic, March 2025. https://www.anthropic.com/news/detecting-and-countering-malicious-uses-of-claude-march-2025

24. Netenrich. Original reporting on FraudGPT, July 2023. Referenced in Dark Reading. https://www.darkreading.com/threat-intelligence/fraudgpt-malicious-chatbot-for-sale-dark-web

---

Tim Green UK-based Systems Theorist & Independent Technology Writer

Tim explores the intersections of artificial intelligence, decentralised cognition, and posthuman ethics. His work, published at smarterarticles.co.uk, challenges dominant narratives of technological progress while proposing interdisciplinary frameworks for collective intelligence and digital stewardship.

His writing has been featured on Ground News and shared by independent researchers across both academic and technological communities.

ORCID: 0009-0002-0156-9795 Email: tim@smarterarticles.co.uk

In Summary: * After a quiet Sunday which found me watching more TV than I have in any one day for... heck, longer than I can remember. Both road races were televised and ran back to back for a total of 7 hours. Goodness! Now I'm listening to what will be my basketball game before bedtime, a women's college game between the UConn Huskies and the St. John's Red Storm. I'm sure when this game ends I'll be wrapping up my night prayers then heading to bed.

Prayers, etc.: * I have a daily prayer regimen I try to follow throughout the day from early morning, as soon as I roll out of bed, until head hits pillow at night. Details of that regimen are linked to my link tree, which is linked to my profile page here.

Starting Ash Wednesday, 2026, I've added this daily prayer as part of the Prayer Crusade Preceding the 2026 SSPX Episcopal Consecrations.

Health Metrics: * bw= 226.08 lbs. * bp= 155/91 (62)

Exercise: * morning stretches, balance exercises, kegel pelvic floor exercises, half squats, calf raises, wall push-ups

Diet: * 07:00 – 2 HEB Bakery cookies * 07:30 – 1 small bowl of seafood salad, 1 banana * 08:00 – 2 more cookies * 09:45 – ½ ham & cheese sandwich * 12:00 – 2 more cookies * 12:15 – home made vegetable soup, shrimp and pork * 16:15 – rice cake with brown sugar, fresh mango, fresh papaya, fresh pineapple chunks

Activities, Chores, etc.: * 06:20 – bank accounts activity monitored * 07:00 – read, pray, follow news reports from various sources, surf the socials, listen to music, and nap * 08:30 – listening to relaxing music from KAHL – AM 1310 – San Antonio, TX, OTA, NOT Streaming, while reading, writing, praying, following news reports from various sources, surfing the socials, etc. * 11:00 – began watching a full day of road racing * 18:00 – after the full day of watching road racing (2 races from !!;00 with an INDYCAR race to start and ending with a NASCAR Cup road race) I'm listening now to the UConn Sports Network ahead of the women's college basketball game between the UConn Huskies and the St. John's Red Storm.

Chess: * 19:00 – moved in all pending CC games

今日は、珍しくコーヒーを飲みたいという欲求がなかった。 そういう日もあるのだろう。 「恐竜のスリッパ」という言葉は音が良いので、思いついてからは「恐竜のスリッパ、恐竜のスリッパ」と連呼しながら歯を磨いた。

「木のおじさんになりたい」と言ったら、妻が「木のおじさんって何？」と言っていた。 俺は、おじさんというのは挙動や肌の色がだんだん木に近づいていくものだと思っていたし、みんなもそう思っているのだと勝手に思っていたから、妻がピンと来ないのは意外だった。

オートキャンプのギアを揃えたい。 まだ一泊以上のキャンプはしたことがないけれど、たとえば三泊くらいするとなったら、 腰が痛くならないような最適なイスは何かとか、オットマンは必要かとか、服を干せる紐を用意しないといけないとか、いろいろ設計が必要になってくる。 俺は外が好きだが、サバイバルみたいなのは嫌いだ。 外で、家みたいな暮らしができるのが理想。

会社からの帰り道、自分の体内がドクドクしているのを感じた。 これは別に初めてではなくて、ドクドクしているときは、体が「理想の形に変形したい」と細胞が思っているのに、今の体ではその欲求を叶えられないから、エラーが返ってきているのだと推察している。 折衷案として、今は夢を叶えるための道に乗っていて、そこに向かっている最中だということを体に教えないといけない。 そして、それが本当に信用できる道だと体に思わせるためには、明確な設計書を体に納品しなければならない。そうやって、なんとか折り合いをつけている。

昔、友人と話しているとき、他人が鏡である事を実感した。 俺は性格が暗いので、俺より明るい人でも、俺と話しているうちにどんどん暗くなっていくのを感じていた。 「お前、他の人と話してるときはもっと明るいだろ、俺の前でもそれをやってくれよ」と思う事があった。 たぶん、無意識に俺のテンションに合わせてくれているのだろう。 俺は我が強いので、たとえ明るい人が来ても、俺がそっちに引っ張られることはない。

整体に行ったら、首がぐにゃぐにゃになった。 「水をたくさん飲んでくださいね」と毎回言われるけれど、家に帰るとそんなことはすっかり忘れていて、結局いつも通り、適量しか水を飲まない。

妻がカレーを作ってくれた。 スパイスのあとにアイスを食べると口が幸せになる事をカルパシで知っていたので、カレーのあとに二人でピノを分け合った。 家族とご飯を食べることは、人生で一番良いことだと思う。

もうとっくに暑いので、ニットをやめて、 明日からはショッピングモールで買った、薄いピンクの線が入ったYシャツで会社に向かうことにする。

Estava pensando no que escrever; a verdade é que ainda estou com um dia de atraso, então poderia falar sobre hoje ou sobre ontem

Decidi falar sobre tudo.

Meu amor, como é bom te ver, como é bom falar que te amo olhando seus olhos, sorrindo o seu sorriso, desejando a tua boca e o teu corpo.

Como eu sou apaixonado por você, por quem você sempre foi e por quem você se tornou

Como essa pose de mãezona/diretora/líder me cativa, como é gostoso te ver cuidando dessas meninas e como eu não consigo não pensar e não sorrir, imaginando você falando assim com nossos filhos.

Você não sabe o quanto me preocupa você não se cuidar da forma que deveria, da forma que eu queria, e deixando todo o teatro de lado, eu realmente não sei se conseguiria viver em um mundo onde você não existe.

Eu queria poder ser mais pra você, queria poder estar fisicamente contigo, te dar uma vida que te deixaria com medo da morte, porque morrer significaria deixar de viver ela comigo.

Manuela, eu te amo

E vou te amar pra sempre…

E isso não é nem uma declaração mais, é uma constatação.

Hoje o dia foi bom, porque eu ouvi o que em todos esses dias que temos conversado, eu sempre quis ouvir.

Você nunca me pediu pra ficar, pra tentar, pra insistir, mesmo isso sendo tudo que eu queria ouvir, e as poucas pessoas para quem contei versões mais tranquila da nossa historia, me desincentivaram da mesma forma.

Hoje pela primeira vez alguém me falou pra ficar, pra tentar, pra insistir, pra não desistir, e meu coração se encheu de esperança porque pensei, então o que eu to fazendo não é loucura?

Mas eu não consigo me esquecer de sexta também, no banheiro você me disse que pra você terminar, algo muito grande teria que acontecer, você teria que ter toda a certeza que eu tenho e blablabla…

Acho que ali eu finalmente me dei conta que as coisas não dependem de mim; eu não acho mais que você vai mudar de ideia se eu escrever todo dia, se eu te falar que te amo em cada mensagem, se tentar encontrar brechas pra falar com você a todo momento.

Acredito que você já saiba o que sinto, o quanto te quero, o quanto sonho com você o quanto te amo.

E por mais que minha estratégia seja, tentar afogar ela com todo o amor do mundo, e se não der certo, despejar ainda mais amor; eu não acredito mais que seja o excesso do meu amor, o motor que te fara escolher algo.

Quando eu terminei meu ultimo relacionamento eu estava bem frustrado, eu deixei de ser a pessoa que vai embora a muito tempo, mas eu estava cansado de abandonar todos os meus sonhos, de abrir mão de tudo que eu imaginava para o futuro, por alguém que parecia não querer abrir mão de nada.

Quando terminei eu sai com o Lucas e o Jojo, e eu falei pra eles, que a próxima pessoa que eu namorasse, ia ter que gostar mais de mim, do que eu gostava dela, que eu estava cansado de ser a pessoa que tenta tudo; aquele dia que o Lucas foi lá e eu contei tudo pra ele, ele me lembrou dessa fala, e veio como um soco no meu peito.

Eu sei que você me ama, não vou colocar seus sentimentos sobre julgamentos aqui, mas eu quero alguém que me ame mais do que eu a ame (e olha que vai ser uma competição absurda), mas eu não quero ter que ficar provando todo dia que sou eu quem é o amor da vida dela, que sou eu quem vai faze-la feliz… eu quero alguém que me escolha, mesmo sem todas as certezas do mundo, alguém que me queira, mesmo que me querer seja pular de cabeça em um rio que você não sabe a profundidade.

Vi uma frase hoje, e acho que ela se aplica a nós dois, ela dizia:

“O que você não esta mudando, você esta escolhendo”

A partir de amanha a gente não vai mais conversar, e dessa vez é real, porque eu quero você, mas só se você me quiser também.

Eu vou estar aqui se alguma hora você resolver voltar, eu não consigo controlar o amor que sinto por você, e muito menos escolher não senti-lo.

Eu provavelmente vou voltar a escrever, mas não amanha, eu preciso realmente separar na minha cabeça o escrever porque te amo, do escrever porque acredito que te escrevendo você vai me amar e me escolher.

A nossa casa continua aberta, com a luz entrando pela janela, o canto dos passarinhos nas arvores, o cheiro de bolo vindo da cozinha… A casa esta limpa, as paredes pintadas, e é impossível não sentir o gosto de lar ao entrar nela.

Mas agora no portão da frente, tem uma placa pendurada, vende-se.

A gente pode desistir da venda em algum momento, decidir que o nosso sonho ainda é aquela casa, decidir que não vamos nos mudar...

Ou podemos realmente vende-la, tendo a certeza que, quem quer que for morar ali, será muito feliz.

Nossa casa é a coisa mais bonita que já tivemos Manuela, ela sempre vai existir na minha memória, e sempre vai ser meu lar.

Do garoto que já ta cansado de se despedir,

Do garoto que te ama mais do que tudo,

Do garoto que não imagina como serão os próximos dias sem te ver,

Do garoto que esta chorando enquanto escreve porque sabe que pode estar deixando o amor da vida dele ir embora, mas aprendeu que a gente tem que deixar as coisas irem,

Do garoto que sempre, sempre, sempre,

Vai ser o seu garoto,

Nathan

There are moments in Scripture that speak loudly, and then there are moments that whisper so powerfully they shake the foundations beneath your feet. The folded burial cloth of Jesus is one of those moments. It is so subtle, so easily overlooked, so ordinary on the surface that millions read past it without pausing to let its weight settle into their spirit. Yet when you sit with it, when you allow the cultural meaning to be heard in the silence of that empty tomb, you realize Jesus didn’t just rise—He left a message behind. A deliberate one. A message woven into a simple act, something only the most attentive heart would find. And He left it there for those who feel abandoned, overlooked, or forgotten by God. He left it for those who wake up in seasons that feel like tombs. He left it for anyone whose faith flickers more than it burns. That folded cloth was not tradition. It was not tidiness. It was not coincidence. It was a declaration. A promise. A revelation meant for the darkest corners of the human soul. It still speaks today, and its message is as alive as the One who left it.

When you step into that ancient tomb with your imagination, you must remember this wasn’t a place cleaned up for the sake of reverence. This was a hurried burial, done before sundown, wrapped in the urgency of Passover preparations. There was no expectation of order. The women who came early in the morning expected sorrow, not symbolism. They came armed with spices, not hope. They carried grief, not expectation. But what they found was a stone rolled away, an empty slab, and a cloth—folded with intention. That small detail becomes enormous when you understand ancient Jewish culture. A master at the dinner table would crumple his napkin when finished, signaling the meal was over. But if he folded it, he was sending a message to the servant: I’m coming back. Every servant knew this. Every household understood it. Jesus, raised in a Jewish home, steeped in Jewish customs, did not leave that cloth folded by accident. He was telling them, and telling you, your story is not over. Your darkness is not permanent. Your tears do not have the final word. When God folds something, when He marks a moment with intentionality, it is because He is not done speaking.

The folded cloth doesn’t scream; it whispers. And sometimes whispers are more powerful than shouts. Sometimes God’s quietest moments carry His loudest promises. Think of how much of God’s voice is found in silence. Elijah didn’t find God in the wind, or earthquake, or fire—he found Him in the still, small voice. Jesus did not thunder His triumph from the clouds on resurrection morning. He left a folded cloth. A detail so gentle, so humble, so easily dismissed, yet carrying the thunder of eternity in its meaning. This becomes especially significant when you consider how many believers today feel like God’s silence means His absence. They interpret quiet seasons as abandoned seasons. They confuse delay with rejection. But God’s silence is not a void—often it is a message waiting to be understood, a symbol waiting to be interpreted. That folded napkin was God speaking in the quiet, the resurrected Christ leaving a marker of hope for every generation that would crawl through their own shadows wondering if God still sees them.

It is deeply moving to imagine Jesus, moments after rising, taking the time to fold that cloth. Think about the tenderness of that action. Consider the calm, intentional nature of it. He had just conquered hell itself. He had just shattered the chains of death. The greatest victory in the history of existence had just taken place, and He paused to fold a cloth. This shows the heart of God in a way theology alone could never capture. It shows that the God who moves mountains also moves gently. It shows that the God who breaks chains also restores order. It shows that the God who ushers in eternity also bends down to leave a message for a grieving world. In that gesture you see the intersection of cosmic victory and personal compassion. It tells you that your life is not too small for His attention and your pain is not too insignificant for His care. If Jesus will fold a cloth to speak to your heart, then nothing in your life is overlooked. Nothing is meaningless. Nothing is forgotten.

Many Christians have been taught to look at the empty tomb solely as proof of resurrection, and of course it is. But fewer have been taught to see that folded cloth as proof of intention. Jesus does nothing by accident. His miracles were never random. His conversations were never wasted. His parables were never filler. And His resurrection was not chaotic. Every detail spoke. Every movement mattered. The stone wasn’t rolled away so He could get out; it was rolled away so you could see in. The angels didn’t sit by the tomb for decoration; they sat to interpret what human eyes could not yet understand. And that folded cloth was not placed there to be neat; it was placed there because the greatest hope humanity would ever receive needed a symbol simple enough for the humble to understand and profound enough for the searching to treasure. This is how God speaks—through symbols, whispers, quiet nudges, and hidden messages that appear when the heart is ready to see.

If you’ve ever walked through a season where God felt silent, you know how suffocating that silence can feel. You pray, but heaven feels like stone. You hope, but nothing moves. You stand at the mouth of your own tomb—fear, loss, loneliness, betrayal, exhaustion, illness, heartbreak—and you wonder if God remembers you at all. The folded cloth tells you He does. It tells you He is not finished with your story. It tells you what looks dead is not beyond resurrection. The folded cloth tells you that even when you cannot hear God, He is still speaking. Even when you feel abandoned, He is still intentional. Even when everything around you looks like an ending, He is preparing a beginning. This message becomes a lifeline for believers who have mistaken silence for abandonment. You are not abandoned. You are not forgotten. You are not unnoticed. You are simply standing in the quiet moment between Jesus folding the cloth and Jesus stepping back into the room.

There is something extraordinary about the timing of when the folded cloth was discovered. It happened at dawn. The moment the horizon broke open with the first light. The symbolism is unavoidable. Resurrection always begins at the edge of night. God often moves at the moment you thought the darkness had won. When the women walked to the tomb, their world was still marred by the trauma of Friday. The memory of the cross was fresh. The echoes of violence still rang in their ears. Their grief was raw. Their faith was strained. And yet, while they carried sorrow toward the tomb, Jesus had already risen behind the scenes. This truth is vital to your own life: God often completes His greatest works in the silence before the dawn, in the unseen hours when you assume nothing is happening. When it looks like nothing is moving, God is already rewriting the ending.

The folded cloth calls you to trust the God who works in hidden places. It reminds you that just because you haven’t seen the breakthrough doesn’t mean it hasn’t begun. Just because the stone still looks heavy doesn’t mean it hasn’t already been rolled. Just because the night feels long doesn’t mean the sun hasn’t started its ascent. God works in layers. God works in shadows. God works in silence. And in that tomb, He worked in a way that transformed human history without a single spoken word. He conquered death quietly. He left a promise gently. And He stepped into resurrection powerfully. That order still holds true today. Your life might be in the quiet stage. The stage where God is working behind the scenes. The stage where the cloth is still folded but Jesus hasn’t stepped out to meet you yet. But the promise remains unchanged: He’s not finished. He’s coming back—to your situation, your struggle, your heartbreak, your unanswered prayer, your deep ache for direction.

To understand how personal the folded cloth truly is, picture the disciples entering the tomb. Their hearts were shattered. Their hope was bleeding. They had watched everything they believed crumble before their eyes, and now they stand inside the silence of an empty tomb. But then John sees the cloth. Scripture says he saw and believed. John didn’t need the angel. He didn’t need a sermon. He didn’t need a booming voice from heaven. A folded cloth was enough. That tells you a lot about what God can do with small details. Sometimes the smallest sign can reignite the largest faith. Sometimes the quietest gesture can resurrect the loudest hope. Sometimes the slightest whisper from God can bring you back from the edge of despair. This is the power of the folded cloth—its simplicity becomes its strength, and its meaning grows with every passing generation that understands what Jesus was really saying.

The folded cloth also challenges how we interpret waiting. Jesus did not leave that message because the resurrection was incomplete. He left it because His mission was not over. He was saying, I will appear again. I will reveal myself. I will finish what I started. When you are waiting for God to show up, waiting for direction, waiting for healing, waiting for clarity, waiting for deliverance, you must remember that God does not delay without purpose. His timing is precise. His movements are calculated. His plans are exact. The folded cloth is evidence that God is never done when you think He is done. He is not a God who leaves loose ends. He is not a God who abandons halfway. He is not a God who writes half a story. When He begins a work, He completes it. When He starts a miracle, He finishes it. When He breathes life into you, He sustains it. The folded cloth is the symbol of a God who finishes everything He touches.

The truth is many believers know the folded cloth story in fragments. They hear it in Easter messages, told quickly, used as illustration, almost like a footnote in the resurrection narrative. But when you allow it to expand, when you sit with it deeply, when you place yourself inside that tomb and look at that cloth through ancient eyes, it becomes a deeply intimate gift. It becomes something more than a lesson; it becomes a testimony. It becomes a revelation that God intentionally leaves signs for those who are broken enough, humble enough, and hungry enough to notice them. Jesus did not need to leave that cloth to prove resurrection. He left it to prove intention. He left it because He knew the human heart would need it. He knew that generations of believers would suffer seasons of silence. He knew people would struggle with doubt, sorrow, hopelessness, and a sense of abandonment. He left it because He knew we would need a reminder that He comes back to the places we thought were dead.

When we look at the folded cloth as a message from Jesus rather than an incidental detail, it begins to change how we interpret the quieter seasons of our lives. People often crave signs and wonders—loud moves of God, dramatic breakthroughs, unmistakable miracles—but God has always been equally comfortable speaking through subtleties. A burning bush may ignite calling, but a cloud the size of a man’s hand can carry the promise of rain. A parted sea may rescue a nation, but a gentle whisper may steady a prophet on the verge of collapse. God does not always speak loudly because He doesn’t need volume to carry authority. The folded cloth is a reminder that God’s simplest gestures often hold the deepest truth, and sometimes the greatest revelation comes in the moments most people overlook. When Jesus folded it, He was choosing a language quiet enough for the humble to understand and clear enough for the spiritually awake to never forget.

This is profoundly important because so many believers misinterpret their seasons of silence. They believe that if God is not speaking loudly, then He must not be speaking at all. They believe that if miracles are not visible, then miracles must not be happening. They believe that if the tomb still feels cold, then resurrection must not be near. But the folded cloth teaches you to see God in the subtleties. It teaches you to become attentive, observant, spiritually sensitive—to look for the sacred in the small moments and the divine in the mundane details. Jesus could have left the tomb in a blaze of glory, announcing the resurrection with trumpets and thunder, but He chose a folded cloth because He wanted to leave a message that could travel across cultures, across centuries, across human experiences, a message that would reach the weary, the tender, the overlooked, and the discouraged with quiet force. He chose a symbol that would draw people closer rather than push them back with spectacle.

One of the most powerful aspects of the folded cloth is how it reframes the way we understand divine timing. Jesus had told His disciples repeatedly that He would rise on the third day. He had prepared them with prophecy. He had shaped their expectations. He had given them every reason to believe. And yet they still struggled. They still doubted. They still broke down under the weight of Friday’s brutality. That is because human hearts often collapse under pressure even when the mind knows truth. Jesus left the folded cloth for hearts that were grieving, not minds that were analyzing. He left it for souls that had lost their balance. He left it for the disciples who needed something tangible to grasp while their emotions caught up to their theology. This is why the folded cloth still matters today—because believers often know what Scripture says, but life gets heavy. Circumstances get complicated. Pain gets loud. And in those moments, God often speaks through symbols, gestures, and reminders that anchor the soul back to His promises.

The folded cloth also becomes a remarkable window into the character of Jesus Himself. It shows a Savior who is calm even in cosmic victory. It shows a Messiah who is gentle even after conquering death. It shows a King who thinks about His followers before they think about Him. It shows a Lord who communicates not only through power but through tenderness. Folding a cloth is not the action of someone rushing. It is not the action of someone careless. It is the action of someone thoughtful, intentional, and compassionate. In that moment Jesus was not only declaring His triumph—He was caring for the emotions of the disciples who would soon discover the tomb. He was preparing comfort for the women who would come at dawn. He was setting the stage for their faith to be reignited. The same God who orchestrates the resurrection is the God who comforts the grieving. This is the Jesus who sees you, who considers you, who leaves signs for you even when you feel least deserving of them.

If you have ever felt forgotten by God, the folded cloth is His message to you. If you have ever wondered whether God still cares about your situation, whether He has heard your prayers, whether He knows your sorrow, that cloth whispers back with a sacred certainty: I am not finished. I am still working. I am still present. I am still coming back. The folded cloth is Jesus telling you that the story you think is dead may be the one He is preparing to resurrect. It is Jesus telling you that the darkness you are enduring is not permanent. It is Jesus telling you that the silence surrounding you is not abandonment—it is preparation. God often works in stillness because stillness teaches you to look, to wait, to trust. The folded cloth was meant to speak to people who would one day feel like their lives were unraveling, reminding them that God’s plans are never undone by human circumstances. If Jesus can fold a cloth after defeating death, He can certainly hold your life together while He prepares your breakthrough.

This detail also carries a message about spiritual attentiveness that is desperately needed today. We live in a world that trains people to look for the dramatic and ignore the subtle. People crave the emotional highs, the firework moments, the instant results. But the Kingdom of God is built on seeds, not explosions. Jesus spoke through parables, not performances. The Holy Spirit whispers more than He shouts. The folded cloth invites you back into the spiritual posture of attentiveness—of slowing down enough to see what God is leaving right in front of you. If the disciples had rushed past the cloth, if they had dismissed it as unimportant, they would have missed one of the greatest messages Jesus ever left behind. The same is true for you—if you rush through life, if you speed through discomfort, if you sprint to get past your pain, you may miss the quiet messages God has placed right inside your situation. God is often speaking, but you must slow down to see the folded cloth in your own story.

There is also a profound psychological and emotional dimension to the folded cloth. Trauma has a way of blinding people to hope. The disciples had endured the violent death of their Teacher. Their world had been shattered. Their expectations had collapsed. They were spiritually disoriented. When trauma takes hold, the mind becomes foggy, the heart becomes numb, and the ability to see God becomes severely impaired. Jesus left the folded cloth for people in that state—not for those whose faith was strong, but for those whose souls were trembling. He left it because He knew the human heart would need a sign small enough to enter through the cracks of despair, yet profound enough to restore belief. This is why the folded cloth continues to minister to people whose lives feel shattered—it meets them quietly, without pressure, without force, without intensity. It meets them the way Jesus met Mary at the tomb, with gentleness and familiarity, calling her by name. The folded cloth is Jesus calling your name through a small, symbolic act.

When you truly absorb the meaning of the folded cloth, it reshapes the way you view your future. If Jesus left a message saying He would return, then no ending in your life is truly final unless God declares it so. If Jesus folds a cloth instead of discarding it, then nothing in your life is disposable to Him. Everything can be redeemed. Everything can be restored. Everything can be resurrected. That folded cloth tells you that the God who begins a good work in you will finish it, whether the world believes it or not. It tells you that the promises spoken over your life are not abandoned simply because your circumstances look bleak. It tells you that your story is still in motion even when the world thinks it’s over. The folded cloth becomes a lens through which you can see resurrection not only as an event but as a pattern—God revives what looks dead, restores what looks ruined, and returns to what looks abandoned.

What makes this symbol even more compelling is how it intersects with your personal spiritual journey. Every believer has experienced seasons that feel like tombs—seasons of grief, confusion, illness, betrayal, loss, exhaustion, or transition. These tombs can feel suffocating. They can feel permanent. They can feel like abandonment. But the folded cloth tells you that Jesus is still moving inside your tomb even when you cannot feel Him. It tells you that the stone you cannot move is already being handled by divine hands. It tells you that the silence you fear is actually the space God is using to bring resurrection to fruition. The folded cloth invites you to trust that God has not forgotten about you, that He is not finished with your story, and that He is already preparing the moment when He will step into your situation with resurrected power.

It is also worth noting that Jesus didn’t fold everything. He only folded the face cloth. The rest of the grave clothes were left behind in a different condition. There is symbolic meaning here as well. The face cloth was personal. It touched His skin. It covered His features. It was intimate. Jesus folded the one piece that would have been closest to Him. That reveals something profound: God leaves the clearest messages in the most intimate areas of your life. The areas that touch your identity. The areas that shape your sense of self. The areas the enemy tries hardest to distort. Jesus folded the cloth that covered His face to send a message directly to yours: I am alive, and I’m not done with you. When God speaks to your life, He often speaks to the very places where your identity has been bruised, your confidence has been shaken, and your faith has been stretched. His messages are personal because His love is personal.

The folded cloth also provides a stunning parallel to the larger narrative of Scripture. The story of God has always been one of return. Eden lost—return promised. Israel exiled—return promised. Jesus ascends—return promised. God has never been a God of abandonment. He has always been a God of return. The folded cloth fits into the same pattern. It is Jesus telling the world that He doesn’t walk away from what He starts. It is a foretaste of the second coming. It is a symbol of the everlasting promise that the resurrected Christ is not finished with humanity. Every believer longing for hope in a broken world can look at that folded cloth and hear the message of eternity: He is coming back. Not only to the world at large but to the specific areas of your life where hope feels thin.

The longer you meditate on this symbol, the more layers reveal themselves. The folded cloth becomes a message of hope, yes, but it also becomes a challenge. It challenges believers to remain watchful, expectant, spiritually awake. The same way a servant would be ready for the master’s return upon seeing the folded napkin, believers today are called to live in readiness—not fear-based readiness, but faith-based readiness. The folded cloth is a reminder to keep your heart open, your spirit alert, your faith engaged. It is a reminder that God is active even when you cannot see Him. It is a reminder that Jesus is present even when He feels hidden. It is a reminder that the story is still unfolding, and you are still part of it.

And perhaps the most beautiful part of all is this: the folded cloth shows you that God speaks in layers so deep that even your future self will continue discovering meaning. You will return to this truth again and again across your lifetime. When you face a fresh heartbreak, the folded cloth will speak differently. When you walk through a new season of silence, it will comfort you in a new way. When you experience breakthrough, it will remind you of the faithfulness that carried you through. The folded cloth is not a one-time revelation—it is a lifelong companion. It is a symbol that grows with you, shifts with you, strengthens you, and whispers hope into every new chapter you walk through.

So when you find yourself in seasons that feel dark or silent or unfinished, remember this: the God who folded the burial cloth is the God who is still folding details inside your story. He is arranging things you cannot see. He is preparing moments you cannot predict. He is setting the stage for breakthroughs you cannot imagine. You may feel like your life is a tomb, but Jesus has already been working inside that darkness. You may feel forgotten, but Jesus has already left you a message. You may feel like nothing is moving, but resurrection always begins before it can be seen. The folded cloth stands as a permanent reminder that Jesus is not finished with you. Not today. Not ever.

And when your faith feels thin, when your hope trembles, when your heart feels fragile, let the folded cloth whisper the message Jesus has been sending since resurrection morning: I’m not finished with you. I’m coming back. To your heart. To your story. To your future. To every place that needs healing, hope, and resurrection.

Your friend, Douglas Vandergraph

Watch Douglas Vandergraph’s inspiring faith-based videos on YouTube https://www.youtube.com/@douglasvandergraph

Support the ministry by buying Douglas a coffee https://www.buymeacoffee.com/douglasvandergraph

Donations to help keep this Ministry active daily can be mailed to:

Douglas Vandergraph Po Box 271154 Fort Collins, Colorado 80527