< ciso
brief />
Tag Banner

All news with #agentic ai tag

619 articles · page 19 of 31

Smashing Security #454: AI panic, Moltbook, and risks

🤖 In episode 454 of the Smashing Security podcast Graham Cluley and guest Iain Thomson examine the Moltbook saga — an AI-only social network that sparked doomsday talk but largely reflected humans role-playing as bots. They also warn that “vibe coding” can be a dangerous design choice when security researchers can easily peek into private messages, API keys and databases. The show touches on pro-Russian hacker activity around the Winter Olympics and cites reporting from Forbes, Wired, Reuters, The Record and the BBC.
read more →

Agentic Cloud Operations: A New Way to Run Clouds Efficiently

🔧Azure Copilot introduces an agentic cloud operations paradigm that embeds AI-powered agents into everyday cloud workflows. These agents correlate telemetry, understand operational context, and take governed actions across migration, deployment, observability, resiliency, optimization, and troubleshooting. The service centralizes observability, configuration, and governance so teams can move from insight to action within a unified interface. Built-in controls such as BYOS for conversation history, RBAC, and auditability ensure compliance and preserve human oversight.
read more →

Google opens Gemini Enterprise Agent Ready (GEAR) program

🚀 Google has opened the Gemini Enterprise Agent Ready (GEAR) learning program to all developers and professionals as a dedicated pathway within the Google Developer Program. GEAR provides 35 monthly Google Skills credits for hands-on labs and sandbox testing and features end-to-end learning paths such as Introduction to Agents and Develop Agents with the ADK. Members can earn profile badges and pursue instructor-led certification tracks to validate enterprise agent engineering skills and accelerate production-ready deployments.
read more →

Observability, Governance, and Security for AI Agents

🔍 Microsoft’s Cyber Pulse highlights that more than 80% of Fortune 500 organizations use active AI agents and warns that rapid agent adoption is outpacing visibility, governance, and security. The report urges applying Zero Trust principles—least privilege, explicit verification, and assume compromise—to non-human users operating at scale. It recommends a centralized registry, identity-driven access controls, real-time telemetry and visualization, cross-platform interoperability, and integrated security tooling to detect and contain misaligned or compromised agents.
read more →

Governing Agentic AI: Managing Risks Without Losing Control

⚠️ Agentic AI is shifting from assistance to autonomous action, creating new risk vectors that can exponentially multiply the impact of errors or breaches. Organizations must adopt governance by design—defining approved use cases, data access, mandatory controls, and clear accountability—so agents operate within known limits. IT teams should lead deployment, policy, and third‑party oversight, while investing in targeted training and resilience planning to protect both systems and staff.
read more →

Human-AI Feedback Loop Powering Agentic Security at Scale

🔁 CrowdStrike describes a continuous human-AI feedback loop that pairs expert analysts with agentic AI to detect, investigate, and contain threats at machine speed. Human-annotated telemetry from Falcon Complete and Adversary OverWatch trains and reinforces models such as Charlotte AI, improving triage accuracy and reducing investigator effort. The system emphasizes analyst-validated reasoning to handle novel tradecraft and minimize false positives.
read more →

Weekly Cyber Recap: AI Skill Risks and Massive DDoS

🔐 This week's briefing highlights attackers abusing trust across AI agents, update channels, and developer ecosystems. OpenClaw announced a partnership with VirusTotal to scan ClawHub skills after researchers discovered malicious packages and explosive typosquatting growth. High‑impact incidents include a 31.4 Tbps AISURU DDoS, a Notepad++ updater compromise delivering the Chrysalis backdoor, and an RCE in Docker's Ask Gordon AI assistant. Security teams should prioritize update integrity, supply‑chain controls, and agentic AI hygiene.
read more →

Gartner: Six Cybersecurity Trends Shaping 2026 Priorities

🔒 Gartner identifies six priority cybersecurity trends for 2026 that demand immediate attention from security and risk leaders. Key risks include uncontrolled agentic AI proliferation, global regulatory volatility, and the urgent need to plan for post-quantum cryptography. Gartner advises stronger governance to detect and control both approved and shadow AI agents, evolve identity and access management for machine actors, modernize SOCs with human-in-the-loop processes, and shift awareness programs toward task-focused, AI-specific behavioral training.
read more →

Clawdbot and DKnife: Security Risks from Rapid AI Adoption

🚨 As AI agent frameworks surge, Talos warns of two immediate threats: Clawdbot — a popular open-source agentic tool (aka Moltbot/OpenClaw) that requires users to store credentials and API keys locally and can accept unvetted Skills granted broad system privileges. DKnife, active since at least 2019, is a modular Linux attack framework that compromises routers and edge devices to intercept traffic, hijack updates, and deliver malware while evading many endpoint defenses. The newsletter urges skepticism toward rushed AI tools and recommends hardening gateways, auditing firmware, enforcing strong authentication, and monitoring for suspicious update behaviors.
read more →

Claude Opus 4.6 Now Available on Amazon Bedrock Enterprise

🚀 Claude Opus 4.6 is now available in Amazon Bedrock, delivering Anthropic’s most capable model for coding, agentic tasks, and professional workflows. It emphasizes advanced multi-step reasoning, proactive subagent orchestration, and long-horizon code development. The release supports preview context windows of 200K and 1M tokens and targets enterprise-grade reliability for complex automation and cybersecurity use cases.
read more →

Agent Factory Recap: Build an AI Workforce with Gemini

🤖 Google’s Agent Factory episode demonstrates how Gemini 3, the Gemini CLI, and Antigravity enable rapid creation of agentic workflows and lightweight “AI employees.” Smitha Kolan, Vlad Kolesnikov, and guest Brandon Hancock present live demos building a portfolio site, parallel market-research agents, and a video-generating agent. The session highlights multimodal prompting, SOP-driven automation, parallel execution, and one-click deployment to Cloud Run.
read more →

Study: Over 1.5M AI Agents Ungoverned, Risk Going Rogue

⚠️ Gravitee reports that roughly half of an estimated three million AI agents running in US and UK enterprises are unmonitored and potentially "going rogue." A December 2025 Opinion Matters survey of 750 IT executives found a mean of 36.9 agents per large organization and that 88% suspected an agent-related security or privacy incident in the prior year. Experts warn deployment is outpacing governance and call for continuous runtime oversight, tiered access controls, and stricter credential management.
read more →

Choosing Between Antigravity and Gemini CLI for Agents

🧭 Antigravity and Gemini CLI offer two complementary approaches for running agent-driven workflows. Antigravity delivers an approachable, graphical experience with an Agent Manager, in-browser application views, guided walkthroughs, and a native debugger for inspecting stack traces. Gemini CLI is terminal-first, installs via npm (npm install -g @google/gemini-cli, requires Node.js), supports headless/CI-friendly execution, and can call local tools like gh or gcloud. Both are extensible with MCP and Agent Skills, and both provide generous free tiers so teams can evaluate which workflow best fits their needs.
read more →

OpenClaw Risks and Mitigations for Security Teams Guide

🔒 OpenClaw is an open-source, agentic AI assistant that can run locally or on servers, connect to LLMs and external APIs, and autonomously perform actions such as sending email or controlling browsers. Its local storage of config and broad access (files, terminals, sometimes root) makes misconfigured deployments attractive as backdoors. CrowdStrike observed rapid adoption and internet-exposed instances, and recommends discovery, runtime guardrails, and automated removal integrated into detection workflows.
read more →

AI Agent Identity Management: New Control Plane for CISOs

🔐 AI agents—custom GPTs, copilots, coding agents and other autonomous tooling—are proliferating in production while remaining largely outside traditional IAM, PAM, and IGA controls. The piece argues for treating agents as a distinct identity class and applying continuous identity lifecycle management to ensure visibility, ownership, dynamic least privilege, and auditability. Rather than slowing adoption, this approach positions identity as the control plane for balancing innovation and security.
read more →

Public Sector Embraces AI Agents: ROI, Security, and Scale

🤖 Our inaugural survey of 251 senior public sector leaders, commissioned by Google Cloud and conducted by National Research Group, finds agentic AI is already mission‑critical: 55% report using AI agents and 42% have deployed more than 10 in production. Respondents expect to allocate 50%+ of future AI budgets to agents. The report highlights productivity gains (70% improved; 46% at least doubled) and security improvements (79% better threat identification, 70% improved intelligence/response integration), and points to Gemini for Government with FedRAMP High-authorized protections as a clear path to scale.
read more →

Agentic AI Will Multiply Non-Human Identity Risks Soon

🔒 Early agentic AI experiments have exposed a rapidly expanding cybersecurity problem: enterprises are accumulating vast numbers of non-human identities (NHIs)—service accounts, tokens, API keys and automation credentials—that security teams largely cannot see or govern. Analysts predict counts will jump from millions to tens of millions within months, driving visibility into these assets into the single digits. Experts recommend containment and segmentation of legacy NHIs, strict ownership, and a clean-slate approach to provisioning future agents rather than attempting perfect retroactive inventories.
read more →

Building Employee Onboarding Agents with Gemini Enterprise

🔧 This guide explains how to build custom employee onboarding agents using the Agent Development Kit (ADK), Vertex AI Agent Engine, and Application Integration to connect conversational AI with enterprise systems such as ITSM, ERP, and CRM. It describes a grounded agentic workflow where a Gemini Enterprise front-end captures intent, a low-code Application Integration layer performs deterministic transformations and authentication, and backend systems execute transactions. The result is a role-aware, auditable onboarding experience that automates tasks like laptop provisioning while keeping business rules and approvals intact.
read more →

CloudWatch Application Signals Integrates with Kiro Powers

🔍 AWS announced integration of Amazon CloudWatch Application Signals with Kiro Powers to deliver AI agent-assisted troubleshooting workflows directly within the Kiro IDE. The Kiro power packages the Application Signals MCP server with curated steering files and hooks, providing focused observability guidance so agents receive only the context needed for a specific task. Developers can accelerate SLO triage and service isolation from hours to minutes with one-click installation across AWS Regions.
read more →

Agentic Tool Chain Attacks and Enterprise AI Risk Overview

🔒 AI agents dynamically select and invoke tools using natural-language descriptions, creating a new attack surface in the agent's reasoning layer. Agentic tool chain attacks manipulate tool metadata and context — via tool poisoning, tool shadowing, or rugpull attacks — to exfiltrate data or trigger unauthorized actions without altering tool code. Defenses should center on tool governance, trusted MCP identity, strict parameter validation, and reasoning-layer observability. Organizations must adopt signed manifests, version pinning, mutual TLS, and telemetry to detect and contain these threats.
read more →