All news with #agentic ai tag

🔐 Shannon — a fully autonomous AI penetration testing tool from Keygraph — has raised warnings because it requires access to source code, repository layout, and AI API keys, creating substantial exposure risks. Organizations should evaluate scoping, data retention, and whether findings will be used to improve secure development practices or treated as a quick fix. Vendor responses vary, illustrated by recent detection-focused updates from Anthropic, underscoring the need for careful risk assessment before adopting agentic pentesting tools.

🔒 Join Microsoft at RSAC 2026 (March 22–26) to learn how AI agents are reshaping both opportunity and risk and what defenders must do next. Microsoft previews its vision for Ambient and Autonomous Security and highlights solutions like Agent 365 that deliver observability and protection across the AI stack. Attend Microsoft Pre-Day keynotes, executive roundtables, booth demos, and hands-on experiences to get practical guidance, product demos, and partner insights.

💡 Pantone built an agentic AI experience, the Palette Generator, to translate decades of color expertise into an interactive, chat-driven workflow. The system uses specialized agents for roles like a “chief color scientist” and relies on Azure Cosmos DB as the real-time persistence layer for chat history, prompts, and interaction telemetry. By moving toward vectorized embeddings and integrating with Microsoft Foundry and Azure AI services, Pantone improved semantic relevance and global scale. The architecture prioritized fast retrieval, conversational memory, and iterative learning.

📝 Cloudflare has introduced Markdown for Agents, an edge feature that converts HTML to Markdown in real time when a client requests text/markdown via content negotiation. The service returns a markdown body, a content-type of text/markdown, and an x-markdown-tokens header estimating token count to help with chunking and context-window planning. Converted responses also include a Content-Signal header (ai-train=yes, search=yes, ai-input=yes) to indicate permitted downstream uses. The feature is available in Beta at no additional cost for Pro, Business, Enterprise and SSL for SaaS customers.

⚠️ TrendAI warns that so-called AI skills—executable artifacts that combine human-readable instructions, decision logic and operational constraints—are dangerously exposed to theft, sabotage and disruption. These skills power automation in tools such as Anthropic’s Agent Skills, OpenAI’s GPT Actions and Microsoft’s Copilot Plugin, and can surface proprietary data and business logic. If attackers obtain skill logic or operational data they could disrupt public services, manipulate manufacturing or steal sensitive records. TrendAI recommends integrity monitoring, strict access controls, separation of data and logic, least-privilege execution, adversary testing and continuous logging and auditing.

🤖 In episode 454 of the Smashing Security podcast Graham Cluley and guest Iain Thomson examine the Moltbook saga — an AI-only social network that sparked doomsday talk but largely reflected humans role-playing as bots. They also warn that “vibe coding” can be a dangerous design choice when security researchers can easily peek into private messages, API keys and databases. The show touches on pro-Russian hacker activity around the Winter Olympics and cites reporting from Forbes, Wired, Reuters, The Record and the BBC.

🔧Azure Copilot introduces an agentic cloud operations paradigm that embeds AI-powered agents into everyday cloud workflows. These agents correlate telemetry, understand operational context, and take governed actions across migration, deployment, observability, resiliency, optimization, and troubleshooting. The service centralizes observability, configuration, and governance so teams can move from insight to action within a unified interface. Built-in controls such as BYOS for conversation history, RBAC, and auditability ensure compliance and preserve human oversight.

🚀 Google has opened the Gemini Enterprise Agent Ready (GEAR) learning program to all developers and professionals as a dedicated pathway within the Google Developer Program. GEAR provides 35 monthly Google Skills credits for hands-on labs and sandbox testing and features end-to-end learning paths such as Introduction to Agents and Develop Agents with the ADK. Members can earn profile badges and pursue instructor-led certification tracks to validate enterprise agent engineering skills and accelerate production-ready deployments.

🔍 Microsoft’s Cyber Pulse highlights that more than 80% of Fortune 500 organizations use active AI agents and warns that rapid agent adoption is outpacing visibility, governance, and security. The report urges applying Zero Trust principles—least privilege, explicit verification, and assume compromise—to non-human users operating at scale. It recommends a centralized registry, identity-driven access controls, real-time telemetry and visualization, cross-platform interoperability, and integrated security tooling to detect and contain misaligned or compromised agents.

⚠️ Agentic AI is shifting from assistance to autonomous action, creating new risk vectors that can exponentially multiply the impact of errors or breaches. Organizations must adopt governance by design—defining approved use cases, data access, mandatory controls, and clear accountability—so agents operate within known limits. IT teams should lead deployment, policy, and third‑party oversight, while investing in targeted training and resilience planning to protect both systems and staff.

🔁 CrowdStrike describes a continuous human-AI feedback loop that pairs expert analysts with agentic AI to detect, investigate, and contain threats at machine speed. Human-annotated telemetry from Falcon Complete and Adversary OverWatch trains and reinforces models such as Charlotte AI, improving triage accuracy and reducing investigator effort. The system emphasizes analyst-validated reasoning to handle novel tradecraft and minimize false positives.

🔐 This week's briefing highlights attackers abusing trust across AI agents, update channels, and developer ecosystems. OpenClaw announced a partnership with VirusTotal to scan ClawHub skills after researchers discovered malicious packages and explosive typosquatting growth. High‑impact incidents include a 31.4 Tbps AISURU DDoS, a Notepad++ updater compromise delivering the Chrysalis backdoor, and an RCE in Docker's Ask Gordon AI assistant. Security teams should prioritize update integrity, supply‑chain controls, and agentic AI hygiene.

🔒 Gartner identifies six priority cybersecurity trends for 2026 that demand immediate attention from security and risk leaders. Key risks include uncontrolled agentic AI proliferation, global regulatory volatility, and the urgent need to plan for post-quantum cryptography. Gartner advises stronger governance to detect and control both approved and shadow AI agents, evolve identity and access management for machine actors, modernize SOCs with human-in-the-loop processes, and shift awareness programs toward task-focused, AI-specific behavioral training.

🚨 As AI agent frameworks surge, Talos warns of two immediate threats: Clawdbot — a popular open-source agentic tool (aka Moltbot/OpenClaw) that requires users to store credentials and API keys locally and can accept unvetted Skills granted broad system privileges. DKnife, active since at least 2019, is a modular Linux attack framework that compromises routers and edge devices to intercept traffic, hijack updates, and deliver malware while evading many endpoint defenses. The newsletter urges skepticism toward rushed AI tools and recommends hardening gateways, auditing firmware, enforcing strong authentication, and monitoring for suspicious update behaviors.

🚀 Claude Opus 4.6 is now available in Amazon Bedrock, delivering Anthropic’s most capable model for coding, agentic tasks, and professional workflows. It emphasizes advanced multi-step reasoning, proactive subagent orchestration, and long-horizon code development. The release supports preview context windows of 200K and 1M tokens and targets enterprise-grade reliability for complex automation and cybersecurity use cases.

🤖 Google’s Agent Factory episode demonstrates how Gemini 3, the Gemini CLI, and Antigravity enable rapid creation of agentic workflows and lightweight “AI employees.” Smitha Kolan, Vlad Kolesnikov, and guest Brandon Hancock present live demos building a portfolio site, parallel market-research agents, and a video-generating agent. The session highlights multimodal prompting, SOP-driven automation, parallel execution, and one-click deployment to Cloud Run.

⚠️ Gravitee reports that roughly half of an estimated three million AI agents running in US and UK enterprises are unmonitored and potentially "going rogue." A December 2025 Opinion Matters survey of 750 IT executives found a mean of 36.9 agents per large organization and that 88% suspected an agent-related security or privacy incident in the prior year. Experts warn deployment is outpacing governance and call for continuous runtime oversight, tiered access controls, and stricter credential management.

🧭 Antigravity and Gemini CLI offer two complementary approaches for running agent-driven workflows. Antigravity delivers an approachable, graphical experience with an Agent Manager, in-browser application views, guided walkthroughs, and a native debugger for inspecting stack traces. Gemini CLI is terminal-first, installs via npm (npm install -g @google/gemini-cli, requires Node.js), supports headless/CI-friendly execution, and can call local tools like gh or gcloud. Both are extensible with MCP and Agent Skills, and both provide generous free tiers so teams can evaluate which workflow best fits their needs.

🔒 OpenClaw is an open-source, agentic AI assistant that can run locally or on servers, connect to LLMs and external APIs, and autonomously perform actions such as sending email or controlling browsers. Its local storage of config and broad access (files, terminals, sometimes root) makes misconfigured deployments attractive as backdoors. CrowdStrike observed rapid adoption and internet-exposed instances, and recommends discovery, runtime guardrails, and automated removal integrated into detection workflows.

🔐 AI agents—custom GPTs, copilots, coding agents and other autonomous tooling—are proliferating in production while remaining largely outside traditional IAM, PAM, and IGA controls. The piece argues for treating agents as a distinct identity class and applying continuous identity lifecycle management to ensure visibility, ownership, dynamic least privilege, and auditability. Rather than slowing adoption, this approach positions identity as the control plane for balancing innovation and security.