This month, CISA and the FBI warned again that China-linked actors are pre-positioning inside US critical infrastructure for potential destructive attacks. Days later, researchers confirmed that Volt Typhoon remains embedded in US utilities, and that some of those intrusions may never be found. The detail that should worry every CISO is not the persistence. It is the method.
Volt Typhoon does not break in. It logs in.
Because there is nothing to find. Volt Typhoon's signature technique is living off the land: using valid credentials and built-in system tools to operate as a trusted user. No malware to flag. No exploit to detect. When access looks legitimate, behavioral monitoring is reduced to guessing which ordinary-looking session is actually the adversary. That is why CISA has been blunt that some compromises may never be discovered.
This is not a sophistication problem. It is an architecture problem. We built networks that trust whoever holds the credential, then express surprise when a nation-state holds the credential.
The security industry has spent a decade pouring budget into detecting intrusions faster. That investment matters, but it cannot fix the underlying exposure: static, reusable credentials. More than 40% of reported attacks involve stolen PKI credentials. Once an attacker holds a valid one, every downstream control assumes they belong there.
Stolen credentials are valuable precisely because they persist. A certificate or key that stays valid for weeks, months, or until someone manually replaces it is a reusable asset for an intruder. You cannot monitor your way out of an architecture that hands attackers durable, reusable keys.
Autonomous Key Management™ replaces PKI with an architecture that gives an attacker nothing worth stealing. Keys are session-based and refresh with every session. There are no standing credentials to capture, reuse, or escalate. An adversary who intercepts a credential holds something that has already expired.
This collapses the living-off-the-land playbook. Lateral movement depends on reusing captured credentials to reach the next system. When every session is independently verified and nothing persists between them, the reuse step has nothing to reuse. The intrusion that used to go undetected for years cannot establish itself in the first place.
Federal Zero Trust mandates, NIST 800-207, EO 14028, and the DoD Zero Trust Reference Architecture all require exactly this: no implicit trust, no standing privileges, verification at every step. Most implementations try to approximate that on top of PKI, layering policy engines and monitoring over an architecture that still issues persistent credentials underneath.
AKM delivers Zero Trust at the protocol layer. Every session is verified independently, with no credential left behind to betray you later. That is not a dashboard bolted onto legacy trust. It is the thing the mandates actually describe.
Volt Typhoon is a preview, not an anomaly. As long as critical infrastructure runs on credentials that can be stolen and reused, the next adversary will use the same front door. The fix is not another sensor. It is removing the credential that makes the intrusion invisible.
AKMSecure delivers a patented Autonomous Key Management™ protocol built to replace outdated PKI approaches with a dynamic, quantum-secure, air-gapped-capable architecture. Instead of relying on persistent credentials that can be stolen, reused, or abused, AKM enables independently verified sessions with no standing privileges left behind. The result is a model that better aligns with Zero Trust principles, reduces certificate-based risk, and supports resilient operations across enterprise IT, OT and Tactical Edge environments. Built to NSA-grade security standards and deployable as a lightweight SDK, AKMSecure helps organizations modernize trust at the protocol layer without rebuilding everything around it.