Failure Pattern
Data lakes trust ingestion jobs that attackers can compromise. Malicious data flows directly into strategic datasets.
What We See in the Field
A compromised workload publishes poisoned data into the lake. Downstream analytics or AI systems ingest it as legitimate input.
Underlying Causes
Overprivileged ingestion roles
No per-workload identity
Metadata-based trust
Certificate reuse
Lack of trust enforcement at pipeline edges
Trust-Native Network Resolution
DTL enforces identity at ingestion boundaries. Data lakes accept data only from workloads that present valid TrustKeys tied to device identity.
Broken Trust Assumption
This failure pattern has played out repeatedly in real security incidents—not because of missing tools, but because of how trust is assigned.
In breaches such as SolarWinds, Capital One, Okta, and MOVEit, attackers did not bypass security controls. They operated through them, using valid identities, trusted credentials, signed code, and encrypted sessions. Security systems accepted these signals as proof of legitimacy, allowing malicious behavior to proceed.
The common thread across these incidents is structural: identity was assumed based on trust signals, not proven at the moment of execution.