All news with #agent security tag

🛡️ The Remote Model Context Protocol (MCP) Server for AlloyDB is now generally available, providing a secure HTTP endpoint that lets AI agents access real-time operational data. This fully managed service simplifies production deployments by centralizing discovery, offering fine-grained IAM-based authorization, audit logging, and integration with Model Armor for prompt and response protection. Developers can join AlloyDB operational data with analytics in BigQuery and use built-in AI functions for low-latency agentic experiences.

🧭 At Infosecurity Europe 2026, OWASP will unveil the Agentic Research Council to better align fast‑moving agentic AI capabilities with security research and operational practice. Launched from the GenAI Security Project’s Agentic Security Initiative, the council will prioritize a public research pipeline, convene working groups and connect academic outputs to deployable mitigations. The initiative aims to accelerate runtime‑focused defenses against multi‑agent threats.

🛰️ The Linux Foundation has proposed DNS-AID, a standards-driven extension to the Domain Name System to let AI agents discover, verify, and communicate without new infrastructure. The project leverages a well-known DNS address pattern (for example, _index._agents.{domain}) to provide a global, vendor-neutral directory for agents and MCP servers. Initial work was done by Infoblox, with contributions from Deutsche Telekom and Amazon, and the foundation is soliciting further input to keep the approach scalable and secure.

🧭This post explains how A2UI, an open protocol for agent-driven user interfaces, enables agents to return structured JSON UI payloads instead of plain text or HTML. It outlines the four-layer stack (app shell, rendering, conversation pipeline, and cargo), the inline and decoupled patterns, and how Gemini Enterprise integrates a built-in A2UI renderer. The article points to a reference repo, demo, and implementation notes for registering an A2A agent with GE.

🔒 Palo Alto Networks has completed its acquisition of Portkey and will integrate Portkey’s AI Gateway into Prisma AIRS to provide a centralized control plane that secures and governs AI agents at scale. The integrated Prisma AIRS AI Gateway will offer unified APIs, an agent registry, semantic routing, artifact scanning, automated red teaming and runtime security to identify, authenticate and authorize agent interactions in real time. This aims to give enterprises a single enforcement point to manage agent identity, least-privilege access and consistent policies across autonomous workloads.

🛡️ CIOs rushing to deploy AI agents without visibility risk major failures; experts warn that observability and governance are required. Many organizations treat agents like RPA and set-and-forget systems, but agents operate in model runtimes and need end-to-end tracing, least-privilege permissions, and human-in-the-loop checks. Vendors and cloud providers offer tools, yet governance can become a bottleneck if it’s not scalable and actionable.

🛡️ Recent developments show AI moving from automation to autonomous cyber operations, shifting how offense and defense interact. The Anthropic Mythos Preview and related incidents illustrate models discovering and chaining vulnerabilities with limited human direction, prompting coordinated defensive responses from major vendors. Policy and procurement are adapting, and security leaders must treat AI agents as principals, invest in adaptive defenses, and reframe risk models for continuous compromise.

🚦The author argues that traditional post-hoc compliance reviews fail for AI because AI systems change continuously. Drawing on research into Chinese and EU approaches, the piece recommends embedding governance into CI/CD pipelines so model cards, data lineage and risk evaluations are generated and enforced as deployment gates. It also urges treating agent identity as first-class security control and positioning compliance as operational release infrastructure rather than a review layer.

🛡️ Researchers argue enterprises must stop treating AI agents as trusted components and instead secure them as untrusted systems. The paper, authored by teams from Google, UC San Diego, UW–Madison and others, distills five systems-security principles—least privilege, tamper resistance, complete mediation, secure information flow, and human risk—and maps eleven real-world agent attacks to these violations. They caution that stacking ML guardrails is insufficient and propose research directions for separating instructions from data, verifiable least-privilege policies, and information-flow controls.

🔒 Google is folding CodeMender into its broader Agent Platform strategy, expanding the AI-powered security agent from standalone vulnerability remediation toward an integrated, governed enterprise agent ecosystem. Launched in October 2025 to autonomously identify and patch vulnerabilities using Gemini models, CodeMender reportedly upstreamed dozens of fixes but lacks published performance metrics on accuracy and regressions. The integration emphasizes governance, observability, and identity, positioning CodeMender as a controlled participant in AI-native development and security pipelines rather than an unsupervised remediation tool.

🚀 At Google I/O ‘26, Google Cloud announced expanded agentic capabilities, new frontier models, and developer tools to help startups move from prototype to production. Highlights include Gemini 3.5 Flash and Gemini Omni for multimodal content, Antigravity 2.0 as an agent control plane with CLI/SDK and dynamic subagents, and Managed Agents to run agent workloads securely in Google Cloud. The releases aim to accelerate development, reduce infrastructure overhead, and provide enterprise-grade security.

🛡️ This week's ThreatsDay bulletin highlights a string of notable cybersecurity developments, from 47 zero-day exploits revealed at Pwn2Own Berlin 2026 to active Linux rootkit evolution. It summarizes warnings about agentic AI, targeted intrusions using AI agents, and advisories on token and dependency leaks. The report also covers nation-state tensions, ransomware activity, encrypted communications, and campaigns abusing identity recovery flows.

🔒 Microsoft has open-sourced two tools, Rampart and Clarity, intended to embed safety engineering into the AI agent development lifecycle rather than leaving it as a periodic checkpoint. Rampart converts red-team findings into structured, repeatable tests that can be automated in CI/CD pipelines and is built on top of PyRIT for continuous adversarial and benign scenario execution. Clarity targets an earlier phase, guiding engineers through structured conversations to clarify assumptions, expected behaviors, permissions and trust boundaries, storing outcomes as markdown in a .clarity-protocol/ directory for review. Both projects join Microsoft’s broader open-source agent governance stack to address risks such as prompt injection, unsafe tool use, privilege escalation, and unintended autonomous actions.

🛡️ Microsoft has released two open-source tools, RAMPART and Clarity, to help developers test and clarify AI agent safety early in the development lifecycle. RAMPART is a Pytest-native framework for writing and running adversarial and benign safety tests against agents, building on prior work such as PyRIT. It evaluates test outcomes via simple adapters that connect an agent to the suite, while Clarity acts as a structured thinking partner to surface assumptions, explore failure modes, and guide design decisions before coding begins.

🚀 Google Cloud announced general availability of GKE Agent Sandbox and introduced the open-source Agent Substrate. Agent Sandbox is a cloud-native execution environment designed for AI agents, offering pod snapshots to suspend idle workloads, an integrated warm pool for sub-second provisioning, gVisor and pluggable kernel isolation, and standby suspended VMs to reduce warm-pool cost. Agent Substrate aims to provide a minimal control plane and scheduler optimizations to support ultra-dense, low-latency agent workloads at scale.

🔧 Google today introduced Agent Executor, an open-source runtime standard for durable, resumable, and distributed agent execution. It offers event logging and snapshotting to enable durable execution, secure sandbox isolation to limit harm, and a single-writer architecture to maintain session consistency. Agent Executor also supports connection recovery so clients can reconnect to long-running workflows. The project is available in preview and pairs with Agent Substrate to improve Kubernetes-scale agent scheduling.

🔒 Microsoft has open-sourced two engineering tools—RAMPART and Clarity—to make agent safety a continuous part of development. RAMPART provides a pytest-style framework that brings red-team and adversarial tests into CI, evaluating tools invoked and side effects. Clarity is a structured design companion that captures problem statements, failure analyses, and decisions in a .clarity-protocol directory. Both aim to create living safety artifacts integrated into normal workflows.

🔧 At Google I/O, Google Cloud introduced a unified developer toolkit that brings Antigravity 2.0, the Gemini Enterprise Agent Platform, the Managed Agents API, and ADK 2.0 into a shared protocol layer to accelerate local development and secure cloud deployment. The post outlines a four-rung ladder from low-code Agent Studio to code-first ADK, all underpinned by the interoperable A2A protocol. New Antigravity desktop and CLI tools provide a consistent harness for coding agents, while Managed Agents offer agent-as-a-service with sandboxed execution. The platform emphasizes governance, skill reuse, evaluation tooling, and secure pipelines for production.

🔒 The UK’s National Cyber Security Centre (NCSC) has published new guidance for organisations considering the adoption of agentic AI, summarising a wider report produced with Five Eyes partners. It flags the heightened risk from agent autonomy and complexity, including excessive access, unpredictable behaviour and actions that can outpace human review. The NCSC advises incremental deployment with tightly bounded pilots, clear ownership, ongoing monitoring and meaningful human oversight, and points organisations to industry best practice such as ETSI EN 304 223.

🛡️ Microsoft Security explains how rising agentic autonomy reorients security from models to how agents are assembled, constrained, and governed inside applications. The post identifies amplified risks—agent hijacking, intent breaking, data leakage, supply chain compromise—and shows why the application layer is decisive because builders fully control permissions, tool access, and failure handling. It recommends concrete design patterns: agents as microservices, least permissions, deterministic human-in-the-loop, and distinct agent identity to limit blast radius and preserve auditability.