All news with #agentic ai tag

🔒 In conversations with Southeast Asia CISOs, leaders forecast 2026 as a year when AI and cloud become prime attack surfaces, forcing a shift from perimeter defenses to identity- and resilience-centered strategies. They emphasize hardening cloud and AI infrastructure, treating identity as the active perimeter, instrumenting browsers and agents for forensic clarity, and operationalizing resilience both as capability and — in some financial institutions — as a product. Supply‑chain fragility, agentic AI autonomy, session hijacking, and IT‑OT convergence are highlighted as priority risks demanding continuous verification, scoped agent controls, and stronger vendor governance.

🤖 Google is testing new Skills for its Gemini AI in Chrome that enable the assistant to perform tasks automatically inside the browser. A hidden page, chrome://skills, has been identified and appears to let users add Skills with a name and instructions while the feature is being internally tested. Currently, Gemini in Chrome acts as a helper on desktop in the US, summarizing pages, explaining content, and combining information from multiple tabs. Google plans to evolve Gemini into an agent that will work more closely with apps like Calendar, YouTube, and Maps, though rollout timing is still unclear.

🔍 CrowdStrike outlines an architectural approach to enable agentic defense across the Falcon platform. The blog highlights Enterprise Graph for semantic data unification, Charlotte AI expert agents for native reasoning, and Charlotte Agentic SOAR for adaptive orchestration. It stresses governed, auditable execution and the ability to build custom agents with Charlotte AI AgentWorks. The aim is a real-time digital twin so agents and analysts share a single, continuously updated context to accelerate triage and response.

⚠️ Economic pressures, mass layoffs, and rapid AI adoption have pushed insider risk to multi-year highs. In 2025 tech companies announced roughly 245,000 job cuts while US employers logged more than 1.17 million cuts, fueling resentment, negligence, and opportunistic exfiltration. Autonomous AI agents — highlighted by Palo Alto Networks — expand the attack surface, introducing risks like goal hijacking, prompt injection, and shadow deployments that require urgent governance and monitoring.

🔮 Cisco Talos outlines expectations for cybersecurity in 2026, warning of continued geopolitical-driven campaigns such as infostealers, phishing, and proxy-enabled destructive operations. The briefing highlights the growing risk posed by inadequately governed generative AI agents that could cause breaches or mimic insider threats through flawed design or prompt manipulation. Talos also emphasizes that familiar weaknesses — unpatched systems, leaked credentials, and absent MFA — will remain primary enablers of intrusion. The advisory specifically flags UAT-8837, a medium-confidence China-nexus APT targeting critical infrastructure since 2025, and urges patching, credential hygiene, and proactive hunting.

🧭 Microsoft Marketplace positions itself as the central catalog for organizations choosing how to adopt AI—whether to build, buy, or blend solutions. It hosts more than 11,000 prepackaged models and over 4,000 AI apps and agents, accessible via the storefront, Azure portal, and Microsoft Foundry. The platform supports both pro-code and low-code development workflows, including Copilot Studio, and emphasizes integration, governance, and faster time-to-value for enterprise deployments.

🤖 Google is testing integration of Gemini into Chrome for Android, with Chromium source references indicating an agentic feature codenamed Glic. A Google engineer noted the browser binary increases because of the added support code, suggesting significant new functionality. The integration may provide contextual, agent-like actions such as page summaries and follow-up queries, similar to mobile copilots. No release timetable has been announced.

🤖 Palo Alto Networks automated creation of its internal Document of Record (DOR) using an agent built with Google's open-source Agent Development Kit (ADK) and hosted on Vertex AI Agent Engine. The agent leverages Vertex AI RAG Engine, Vertex AI Discovery Search, Gemini models, and Cloud Storage to retrieve and synthesize grounded answers to a standardized set of 140+ questions. A FastAPI webserver on GKE orchestrates parallel processing, manages state, and publishes completed DORs back to Salesforce via Cloud Pub/Sub, reducing manual effort and improving consistency.

🔒 Organizational AI agents are increasingly embedded in critical workflows and often run under shared service identities with broad, long-lived permissions. Because actions execute under the agent identity, users can indirectly obtain access they don’t have, and audit logs typically attribute activity to the agent rather than the initiating user. This creates invisible privilege-escalation paths and complicates least-privilege enforcement. Wing is cited for continuously discovering agents, mapping their access to critical assets, and restoring visibility and accountability.

🔒 This webinar explains why MCPs — the control plane that governs what agentic AI can execute — are a critical but often overlooked security boundary. Drawing on recent incidents such as CVE-2025-6514, the session shows how trusted proxies and misconfigurations can convert automation into a remote code execution vector at scale. Participants will learn to detect shadow API keys, audit agent actions, and apply practical controls to secure agentic AI without slowing development.

🤖 Amazon Quick now supports invoking third‑party AI agents from Box, Canva, and PagerDuty, enabling chat and automation tasks—such as querying documents, generating presentations, and extracting incident insights—directly within the Quick workspace. Quick has also expanded its built‑in actions to include integrations with GitHub, Notion, Linear, Hugging Face, Monday.com, HubSpot, Intercom, and more, allowing users to create issues, summarize notes, and manage CRM workflows without switching apps. Customers can further connect thousands of additional applications using Model Context Protocol (MCP) and OpenAPI connectors. These features are available in all AWS Regions where Quick is offered.

🤖 Amazon Quick now supports invoking specialized third-party agents (Box, Canva, PagerDuty) and expands its built-in actions library with integrations for GitHub, Notion, Canva, Box, Linear, Hugging Face, Monday.com, HubSpot, and Intercom. Users can run agentic tasks—pull incident insights, generate presentations, or query documents—directly from a single workspace. Quick also continues to support custom MCP and OpenAPI connectors for broader application connectivity. These features are available in all regions where Amazon Quick is offered.

🔐 Corelight outlines six cyber threats to prioritize in 2026, driven by advances in AI, automation, and more sophisticated social engineering. Key concerns include agentic and shadow AI misuse, deepfakes in phishing, AI-orchestrated ransomware, accelerated vulnerability discovery, stale scanning practices, and multicloud blind spots. Recommendations focus on improved hybrid visibility, continuous scanning, Zero Trust access, digital identity verification, and deploying NDR alongside AI-enabled incident response to reduce detection gaps.

🤖 Organizations are adopting agentic AI—systems that coordinate multiple models and tools to act on tasks—but many leaders find limited benefit when bots misinterpret instructions or produce trivial results. The essay argues that agentic systems increasingly exhibit human-like group behaviors and that established management disciplines—delegation, iteration, effective information sharing, and measurement—remain central to success. Drawing on Anthropic’s Claude Research and other studies, it offers practical guidance for designing hybrid human–AI workflows.

🚀 The preview release of a fully managed, remote MCP server for BigQuery (Jan 2026) lets developers connect LLM-powered agents directly to analytics data via a standard HTTP endpoint without managing infrastructure. The blog demonstrates step‑by‑step integration with the Agent Development Kit (ADK) and the Gemini CLI, including OAuth client creation and Gemini API key setup, and loading a sample cymbal_pets dataset. It highlights compatibility with popular frameworks (ADK, LangGraph, Claude code, Cursor IDE) and reminds readers to follow AI security and production best practices.

🔍 As organizations embed AI and distribute workloads across cloud and edge environments, traditional security tooling increasingly misses hidden misconfigurations, inconsistent controls, and emergent AI-agent behaviors. Experts advise moving from reactive, tool-stacked approaches to a unified visibility strategy that normalizes telemetry, aligns people/processes/data, and continuously evaluates agentic behavior. Practical steps include using existing FinOps metrics, tagging, and cross-team audits to reveal anomalies, and applying AI-driven automation to integrate and extend current investments. A modern CMDB and enterprise knowledge graphs provide the contextual backbone needed for AI to correlate signals and surface risk without expanding the security stack.

🔐Agentic AI introduces a new class of identity that behaves with humanlike intent yet scales and persists like machines. Traditional IAM and PAM were designed for employees and predictable workloads; AI agents are decentralized, easy to create, cross‑platform, and often granted broad privileges, creating serious blind spots. CISOs should apply lifecycle management: assign clear ownership tied to the identity provider, define explicit measurable purpose and scope, enforce least privilege, maintain continuous visibility to detect privilege drift, and automate revocation when agents go idle.

🔒 As AI hype settles, CISOs are refocusing 2026 priorities on resilience, rapid detection, and measurable outcomes. They favor engineering-driven architecture for cloud stability, AI-enabled orchestration to cut dwell time, and broad identity and privilege governance for human and non-human accounts. Visibility and SaaS discovery will curb shadow AI use, while security baked into agentic AI and post-quantum preparedness (cryptographic inventories and vendor roadmaps) become essential. Turning security into a visible trust signal and linking spend to ROI rounds out the agenda.

🛡️ OWASP published the Agentic Applications Top 10 for 2026 to classify risks unique to autonomous AI agents. Koi Security summarizes multiple real incidents from the past year — malicious MCP servers, poisoned assistants, and RCEs in Claude Desktop extensions — that show how autonomy expands attack surfaces. The report stresses inventorying runtime dependencies, enforcing least privilege, and monitoring agent behavior to detect and contain attacks.

🔒 Many enterprises are racing to deploy autonomous agentic AI without establishing robust identity and authentication controls, creating an identity crisis for CISOs. Experts warn that fewer than 5–10% of organizations assign formal agent identities (for example via PKI) before wider release, leaving deployments vulnerable to hijacking and prompt-injection. Because agents routinely communicate with one another, a compromised agent can cascade malicious instructions across legitimate agents before revocation, and current vendor solutions and kill switches are incomplete or absent.