Failure Pattern
Dynamic cloud workloads scale up, down, and across hosts. Identity inherits from metadata rather than grounding to an immutable anchor. Attackers exploit this churn.
What We See in the Field
A compromised workload spins up multiple clones or steals labels from legitimate workloads. Tools cannot distinguish which instance is trusted.
Underlying Causes
Ephemeral identity
Metadata drift
Certificates copied across instances
Identity tied to orchestrator rather than device
Fast-moving infrastructure overwhelming controls
Trust-Native Network Resolution
DTL binds identity to the workload’s cryptographic fingerprint. Dynamic scaling does not break trust because identity does not drift.
Broken Trust Assumption
This failure pattern has played out repeatedly in real security incidents—not because of missing tools, but because of how trust is assigned.
In breaches such as SolarWinds, Capital One, Okta, and MOVEit, attackers did not bypass security controls. They operated through them, using valid identities, trusted credentials, signed code, and encrypted sessions. Security systems accepted these signals as proof of legitimacy, allowing malicious behavior to proceed.
The common thread across these incidents is structural: identity was assumed based on trust signals, not proven at the moment of execution.