< ciso
brief />
Tag Banner

All news with #agentic ai tag

619 articles · page 14 of 31

How Attackers Abuse AI Services to Breach Enterprises

⚠️ Attackers are increasingly abusing enterprise AI services—poisoning connectors, impersonating Model Context Protocol (MCP) servers, and using platforms as covert C2 channels—to exfiltrate sensitive data and hide malicious traffic. Notable incidents include a counterfeit MCP package siphoning transactional emails, the SesameOp backdoor tunneling commands through the OpenAI Assistants API, and command-injection flaws in Microsoft Copilot and OpenClaw that enabled agent hijacking. Threat actors also automate espionage with Claude Code and assemble modular black‑hat stacks like Xanthorox and Hexstrike. Security teams should treat AI assistants like privileged users, enforce governance, and harden supply-chain and connector integrity.
read more →

Envoy as a Foundation for Agentic AI Networking at Scale

🔧Envoy is presented as a production-ready data plane for agentic AI networking, arguing that networks must parse protocol payloads and enforce governance centrally rather than acting as blind transports. The post explains how Envoy deframes MCP, A2A, and OpenAI-style traffic to expose protocol attributes to filters and reuse HTTP extensions such as RBAC, ext_authz, and tracing. It also covers per-request buffer controls, session management for streamable transports, AgentCard-based discovery, and integration with control planes for policy rollout.
read more →

Four Security Principles for Agentic AI Systems Guidance

🔒AWS outlines four security principles for agentic AI in its NIST CAISI response, arguing existing security frameworks should be extended rather than replaced. It emphasizes secure development lifecycles for both traditional and AI components, continued use of standard controls, and deterministic, infrastructure-level enforcement outside the agent's reasoning ('security box'). AWS applies these through Amazon Bedrock AgentCore, which provides compute isolation, identity and access controls, centralized tool gateways, observability, and secure model execution.
read more →

Unifying Real-Time and Async Inference with GKE Platform

🚀 GKE Inference Gateway enables teams to run both real-time and asynchronous AI inference on a single shared pool of accelerators (GPUs/TPUs). It applies latency-aware scheduling using runtime signals such as KV cache utilization to prioritize deterministic, low-latency requests while treating queued batch work as 'filler' via an Async Processor Agent integrated with Cloud Pub/Sub. The open-source stack reduces idle capacity, consolidates software stacks, and preserves strict priority and retry controls for reliable delivery.
read more →

Amazon OpenSearch Adds Agentic AI for Log Analytics

🔍 Amazon OpenSearch Service now includes agentic AI capabilities that let engineering and support teams analyze log data through a conversational interface. The features simplify log querying, generate and refine Piped Processing Language (PPL) queries in Discover, and surface visualization insights. An investigation agent can autonomously plan and execute root cause analysis and return ranked hypotheses with transparent reasoning. Agent memory preserves context across pages and sessions to maintain conversational continuity.
read more →

Amazon S3 Vectors Adds Availability in 17 Regions Globally

🚀 Amazon expanded S3 Vectors into 17 additional AWS Regions — now available in 31 Regions worldwide. S3 Vectors is the first cloud object storage with native vector support, built for AI agents, inference, Retrieval-Augmented Generation (RAG), and semantic search at billion-vector scale. It supports up to two billion vectors per index, elastic scaling to 10,000 vector indexes per bucket, low-latency queries (frequent queries as fast as 100 ms; infrequent under one second), and native integration with Amazon Bedrock Knowledge Bases to help reduce RAG costs.
read more →

Customers Achieve Scale and Flexibility with Spanner

🚀 Google Cloud Spanner’s interoperable multi-model capabilities are being adopted by customers to run relational, graph, vector, and full-text workloads together at global scale. Real-world examples across fraud detection, recommendation engines, hybrid search, and autonomous network operations show consolidation of database sprawl, elimination of ETL, and improved real-time analytics. Customers such as DANA, Palo Alto Networks, Target and Inspira highlight Spanner’s global consistency, native graph and vector search, and high availability as enablers of simpler, future-proof architectures.
read more →

Spanner's Multi-Model Advantage for Agentic AI in Production

🔍Spanner positions itself as a unified, globally consistent database designed for agentic AI by combining relational, key-value, graph, vector and full-text search capabilities in one platform. The post argues this interoperable multi-model approach reduces data silos, removes brittle synchronization logic, and improves governance, availability, and development velocity. Google highlights features such as GQL graph support, a Cassandra native endpoint for lift-and-shift, and ScaNN-based ANN vector search. The customer example of MakeMyTrip illustrates significant operational simplification and faster AI feature delivery.
read more →

Amazon Bedrock AgentCore Evaluations Now Generally Available

🎯 Amazon Bedrock AgentCore Evaluations is now generally available to deliver automated, continuous and on-demand quality assessment for AI agents. The feature provides online evaluation to sample and score live production traces and on-demand evaluation for programmatic tests in CI/CD pipelines and interactive workflows. It includes 13 built-in evaluators covering response quality, safety, task completion and tool usage, plus Ground Truth and customizable LLM- or code-based evaluators.
read more →

Sovereign AI at the Edge: Azure Local on Galleon MDC

🔒 Microsoft and Armada are integrating Azure Local and Foundry Local into Armada’s Galleon modular datacenters to provide a customer-controlled cloud for intermittently connected, contested, or fully disconnected environments. The validated reference architecture supports Azure Local control plane and managed clusters with multi-rack scalability, flexible hyperconverged or SAN-backed storage, and resilient multi-network connectivity including satellite, LTE/5G, RF, and SD-WAN. Designed for defense, public safety, energy, and other regulated sectors, the solution preserves Azure’s cloud operating model while enabling local AI inference and analytics to meet sovereignty, latency, and regulatory requirements.
read more →

Categorizing AI Agents to Prioritize Enterprise Risk

🛡️ AI agents are shifting enterprise automation from passive assistants to autonomous actors, creating new security challenges centered on access, autonomy, and identity governance. The article groups agents into three types—agentic chatbots, local agents, and production agents—and outlines how each carries distinct operational capabilities and risk profiles. For CISOs, the immediate priority is discovering and governing agent identities, limiting over-permissioned access, and aligning permissions with an agent’s intended purpose.
read more →

The AI Arms Race: Why Unified Exposure Management Matters

🔒 The weaponization of AI is compressing the attack lifecycle and outpacing traditional defenses. Platforms like PlexTrac consolidate cloud misconfigurations, identity risks, application flaws, and pentest findings into a unified, dynamic view of exposure. Combined with Agentic AI for continuous threat assessment and automated remediation, organizations can prioritize actionable risk, orchestrate fixes, and validate controls at machine speed.
read more →

Multi-Agent Architecture and Long-Term Memory with ADK

🤖 Dev Signal is a multi-agent system designed to turn raw community signals into reliable technical guidance by automating the path from trend discovery to expert content creation. It relies on the Model Context Protocol (MCP) to standardize integrations with Reddit, Google Cloud Docs, and a custom Nano Banana Pro MCP server, all coordinated by a Root Orchestrator that manages three specialist agents. A dual-layer memory model uses Vertex AI for long-term embeddings while the Session Service preserves short-term state, with automated callbacks and tools (save_session_to_memory_callback, PreloadMemoryTool, LoadMemoryTool) to persist and fetch user preferences and stylistic signals.
read more →

Addressing the OWASP Top 10 Risks in Agentic AI with Copilot

🔐 This post summarizes the OWASP Top 10 for Agentic Applications (2026) and explains how Microsoft applies practical mitigations using Copilot Studio and Agent 365. It highlights that agentic systems merge application, identity, and data risk and can act autonomously across workflows, amplifying the consequences of failures. The article lists ten failure modes — including goal hijack, tool misuse, identity abuse, memory poisoning, and rogue agents — and outlines development and operational controls such as containment, scoped permissions, observability, and lifecycle governance to reduce exploitation and cascading impact.
read more →

APIs Are the New Perimeter: How Security Leaders Secure Them

🔒 APIs are increasingly the enterprise perimeter, and recent breaches show traditional protections often miss API-layer abuse. Security teams report attacks that exploit business logic or use stolen credentials, which EDR and WAF tools can treat as legitimate traffic. CISOs are adopting API governance, centralized inventories, identity-aware access controls, and API gateways integrated into CI/CD to enforce least-privilege and reduce misconfiguration risk. As agentic AI and automated agents proliferate, stronger token handling, credential rotation, and real-time behavioral monitoring are becoming essential.
read more →

Agentic GRC Teams Have the Tech — Mindset Is Missing

🤖 Enterprise GRC teams often have the technical capability to deploy agentic AI but stall over a deeper concern: identity and role. Agents can replace operational tasks—evidence gathering, control testing, remediation tracking—but they still require human-defined logic for risk appetite, remediation criteria, and context. Anecdotes builds agentic GRC that automates operations while relying on practitioner judgment. The outcome is an opportunity for practitioners to reclaim time to focus on true risk management rather than program maintenance.
read more →

RSAC 2026 Wrap-Up: AI Agents and Security Trends Overview

🎥 RSAC 2026 concluded with AI agents taking center stage across sessions and discussions. ESET Chief Security Evangelist Tony Anscombe, on the ground for the conference, highlights that AI was discussed both as a strong defensive capability and, more urgently, as a growing risk many organizations have not yet fully addressed. Watch the video for concise, practical takeaways from the event, where ESET delivered a record six presentations.
read more →

Securing Agentic AI in Financial Services: Observability

🔒 This post explains how financial institutions should augment traditional security frameworks with AI-specific controls when deploying agentic AI. It emphasizes two foundational capabilities—comprehensive observability of agent workflows and fine-grained tool access controls—to preserve explainability and accountability. The author presents seven design principles and actionable implementation guidance, referencing SR 11-7 and practical AWS tooling such as Amazon Bedrock AgentCore and monitoring integrations.
read more →

AI Named Top Cybersecurity Priority as Threats Rise

🔒 A PwC report finds AI is now the top cybersecurity investment priority for defenders as criminals rapidly weaponize generative models. The firm's Annual Threat Dynamics 2026 study warns adversaries are using AI to accelerate malware development, automate reconnaissance and scale social engineering, including via dark‑web LLMs. PwC cites agentic tools like ReaperAI being repurposed in real campaigns, but also stresses that AI can empower defenders with faster detection, automated containment and intelligence‑led decision‑making when embedded into security strategies.
read more →

Agent Plugin for AWS Serverless Accelerates AI Dev Workflows

📦 AWS introduces the Agent Plugin for AWS Serverless, which integrates AI coding assistants like Kiro, Claude Code, and Cursor to simplify building, deploying, troubleshooting, and managing serverless applications. The plugin packages reusable agent skills, sub-agents, hooks, and MCP servers to provide contextual guidance across the development lifecycle. It supports Lambda integrations with common event sources, IaC workflows via SAM and CDK, long‑running stateful patterns with durable functions, and API design with API Gateway. Skills are distributed in the open Agent Skills format and are available in AI tooling that supports agent plugins or skills.
read more →