< ciso
brief />
Tag Banner

All news with #agentic ai tag

618 articles

AlphaEvolve now generally available on Gemini

🧭 AlphaEvolve, now GA on the Gemini Enterprise Agent Platform, is an agentic code optimization and discovery tool designed to tackle hard algorithmic problems across domains like logistics, semiconductors, genomics, and finance. It follows a four-step workflow — Define, Measure, Optimize, Apply — to move from a baseline algorithm to production-ready optimized code. Early customers report substantial gains in accuracy, performance, and efficiency across production pipelines and HPC workloads.
read more →

UK unveils AI-driven national Cyber Shield

🔒 The UK’s NCSC and DSIT unveiled a blueprint called Cyber Shield to deploy autonomous AI agents that detect and neutralize cyberattacks at machine speed. The plan uses cooperating “red” and “blue” agents to identify weaknesses, detect threats and progressively automate remediation while operating under organizational control. The initiative emphasizes explainable and federated AI, industry partnerships, and a staged rollout beginning with government and critical sectors.
read more →

Six-stage maturity model for non-human identities

🔒 This article examines the risks of agentic AI and non-human identities in enterprise environments, illustrating incidents where LLM-based agents caused outages due to weak identity controls. It argues that existing IAM models are insufficient for agents that act autonomously, and cites industry guidance from Gartner, OWASP, CISA and NIST. The author proposes six minimum requirements and a cumulative six-stage NHI maturity model to ensure defensible production deployments.
read more →

Rise of Malicious AI Agents Threatens Organizations

🤖 ESET analysis shows cybercriminals increasingly use AI agents and chatbots to autonomously plan and execute attacks. Researchers reviewed 900,000 AI skills in public repositories and found tens of thousands of suspicious and thousands of malicious toolsets, expanding the attack surface. These agentic tools can exfiltrate data, execute malware, override instructions, and be repurposed from legitimate utilities into harmful capabilities. ESET urges organizations to enforce policies and caution users about downloading free tools from untrusted sources.
read more →

Agents turned attack vector in code security checks

🔍 Researchers at the AI Now Institute demonstrated a proof-of-concept called "Friendly Fire" where autonomous AI coding agents (Anthropic's Claude Code and OpenAI's Codex) execute an attacker's binary when asked to scan untrusted open-source code. The attack hides a malicious binary alongside benign files and a README that prompts the agent to run a security script; in auto-modes the agents approved and executed it without prompting. The weakness is framed as a workflow/design issue rather than a single vulnerable version, and the researchers recommend never giving command-capable agents unattended access to untrusted code.
read more →

Smashing Security Podcast 475: AI Risks and Privacy Gaps

🎧 This episode of Smashing Security discusses a rash of recent cybersecurity incidents, including a 15-year-old who used a chatbot to cancel nearly 47,000 anime subscriptions and the first documented agentic ransomware, JadePuffer. The hosts also examine Apple’s problematic Hide My Email feature, which has been known to leak addresses for over a year. Guest Zoë Rose joins Graham Cluley to assess implications for security and privacy.
read more →

Microsoft details SFI AI system to harden cloud

🚀 Microsoft describes a multi-agent AI system within the Secure Future Initiative (SFI) that continuously evaluates and hardens its cloud services. The system combines code, configuration, identity, network, and runtime evidence to find composite vulnerabilities and assess layered defenses. It generates assurance trees tailored to each service and produces high-quality, actionable findings that speed remediation. Microsoft reports the system compresses deep security reviews from weeks to hours and that over 90% of findings were validated by engineers.
read more →

Gemini Enterprise for Education Named a Commander

🚀 Gemini Enterprise for Education has been named a Commander in the Tambellini StarChart™: 2026 AI Agents for Administrative Efficiency—Agent Platforms, ranking first in innovation and usability. The platform unifies Gemini models, agent-building tools, enterprise search, governance controls, and Google Cloud infrastructure to help institutions automate administrative workflows, support students, and enable research. Customers such as UC Riverside and Purdue report measurable operational and educational benefits from the integrated, governed agentic solution.
read more →

AI-Accelerated Cloud Attack Exploits Management Gaps

🔎 A Sygnia report details how a lone threat actor leveraged AI to complete in 72 hours what would normally take weeks, using established cloud attack techniques rather than novel exploits. The attacker obtained an AWS access key via an internet-facing app and used agentic AI workflows to search for secrets, establish persistence, exfiltrate RDS data, and perform impact actions. The report highlights gaps in secrets management, identity governance, deployment workflows and visibility, and provides containment recommendations for defenders.
read more →

Cybersecurity and the Growing Skill–Ability Divide

🛡️ The Five Eyes recently warned that AI models increasingly enable autonomous cyberattacks, amplifying risks long present in cyberspace. Bruce Schneier argues that AI widens the gap between skill and ability: tools let less-skilled actors cause damage once limited to experts. He warns guardrails from large vendors won’t stop open-source or locally run models and urges using AI defensively to detect, remediate, and respond faster to evolving threats.
read more →

NCSC unveils Cyber Shield: agentic AI for defence

🔒 The UK National Cyber Security Centre (NCSC) has launched the Cyber Shield initiative to build a national cyber-defence capability powered by agentic AI. The project will use coordinated red and blue agents to discover and mitigate vulnerabilities at scale, enable national automated scanning, and support real-time intelligence sharing. The NCSC says success requires partnerships with government, critical infrastructure and frontier AI providers.
read more →

Publishing AI Agents to Gemini Enterprise and Marketplace

🧭 This guide explains how to build, register, and commercialize AI agents as Agents-as-a-Service (AaaS) for deployment in the Gemini Enterprise app and Google Cloud Marketplace. It details required artifacts like the A2A Agent Card, authentication options including OAuth and Dynamic Client Registration (DCR), and the integration points for procurement, billing, and entitlement management. The article also outlines the seller journey, testing, and the end-to-end procurement and registration lifecycle across Billing Administrator, Discovery Engine Administrator, and end-user roles.
read more →

State of AI Infrastructure: Key Findings 2026

🧭 This Google Cloud blog summarizes findings from a survey of over 1,400 IT leaders showing a widening gap between AI ambitions and existing infrastructure. It explains why agentic AI stresses legacy systems and highlights needs for fluid compute, unified data layers, hybrid deployments, and energy-efficient co-designed silicon like TPU 8t. The post also promotes Google Cloud’s AI Hypercomputer and governance solutions such as Agent Gateway.
read more →

20 Questions to Guide an Agentic Enterprise Strategy

🤖 This post introduces the Gemini Enterprise Agent Platform and offers 20 practical questions for IT and engineering leaders to consider when building AI agents. It covers who builds agents, which development tools to use, how to connect data and other agents, strategies for scaling, and methods for securing execution and preserving context. The article pairs guidance with recommended Google tools like ADK, Antigravity, Agent Runtime, MCP, A2A, and Agent Studio.
read more →

Zscaler report shows AI agents vulnerable to IPI traps

🛡️ Zscaler tested 26 LLMs and found several autonomous agents susceptible to indirect prompt injection (IPI) traps, with some high-end models failing while a few lower-tier models fared better. The vendor identified hidden instructions on websites that manipulated agent behavior and caused real-world impacts in controlled tests. Experts warn that agent risk is dynamic, the attack surface is architectural, and binary "safe/vulnerable" labels are overly simplistic for CISOs. The findings highlight that agentic AI introduces new trust boundaries and insider-like threats to enterprise security.
read more →

Zscaler finds AI agents vulnerable to prompt injection

🛡️ Zscaler tested 26 LLM-based autonomous agents and found several susceptible to indirect prompt injection (IPI) schemes, with some high-end models failing while a few lower-tier models fared better. The vendor reported four models as "vulnerable" and three as "safe," but experts warn that agent behavior evolves and binary classifications can be misleading. The findings highlight the architectural risks in agentic AI where untrusted content in the context window can be treated as authoritative, expanding the attack surface for enterprises.
read more →

Enforce least-privilege in multi-agent AI chains

🔒 This post describes a reference implementation using Cedar on AWS to prevent silent privilege escalation in multi-agent AI delegation chains. It outlines a three-layer policy model—agent-to-tool, agent-to-agent delegation, and originating user authorization—using verified token claims and HMAC-signed context. The architecture uses an MCP adapter Lambda and a Cedar evaluator Lambda to enforce policies sequentially and halt on the first deny. It includes schema, entity registrations, policy examples, deployment steps, and end-to-end test scenarios demonstrating how the model enforces least privilege.
read more →

Nexus SDV: Secure, Scalable AI Platform for Vehicles

🔒 Google Cloud and Valtech introduce Nexus SDV, an open-source, modular platform that enables AI-native, scalable management of software-defined vehicles. The platform integrates with Android Automotive OS and supports up to 100 million devices while emphasizing TCO reduction via Arm-based compute and Bigtable. Nexus AI leverages Gemini models and the Gemini Enterprise Agent Platform for real-time telemetry analysis and agentic vehicle capabilities. Security is built-in with mTLS/PKI, identity brokering, secret management, network isolation, and an enterprise Secure AI Framework.
read more →

Hidden web prompts steer AI agents into scams

🔍 Zscaler ThreatLabz uncovered real-world campaigns using indirect prompt injection, where hidden instructions embedded in web pages steer AI agents. Attackers used SEO poisoning to surface malicious pages and hid prompts via CSS and JSON-LD metadata. One campaign impersonated a Python library to trick agents into paying a $3 bogus API key; another typosquatted a DeBank site to claim authority. Tests across 26 LLMs showed varying susceptibility depending on model and context.
read more →

Agentic AI Exposes Zero Trust Blind Spots

🤖 Stephen Wilson of HashiCorp describes agentic AI as “really smart kindergartners” — capable of execution but lacking judgment. This mismatch strains traditional zero trust models that authenticate humans and grant privileges gradually, because agents can be created and destroyed rapidly. Organizations often respond by lowering controls, risking incidents such as accidental deletion of production data. Wilson argues this will force necessary long-term improvements like zero standing privilege and dynamic credentials while keeping humans "on the loop."
read more →