< ciso
brief />
Tag Banner

All news with #agentic ai tag

618 articles · page 2 of 31

Governing Identity for Agentic AI Operations

🛡️ Existing security controls weren’t built for autonomous AI agents, and static credentials and standing privileges are insufficient. Organizations must define agentic identity, secure agent-to-agent communication, adopt dynamic secrets management, enforce least privilege for delegated workflows, and unify workforce identity. Governance across the identity lifecycle is essential to ensure auditable, revocable, and context-aware access for agents.
read more →

Operationalizing agentic AI: From assistants to operators

🤖 Stephen Wilson of HashiCorp explains how enterprise AI is evolving from human-assisted tools to autonomous agents and operators, and why governance must mature accordingly. He describes three adoption patterns—AI as assistant, AI as agent, and AI as operator—and details the increasing needs for identity, access controls, auditability, and accuracy at each stage. As organizations grant agents more autonomy, security controls must expand from user-level boundaries to team and organizational governance.
read more →

LLM-Driven Ransomware JadePuffer Targets Langflow

🔒 Sysdig reports a novel ransomware campaign, dubbed JadePuffer, driven entirely by a large language model agent that exploited CVE-2025-3248 in an internet-facing Langflow instance. The automated attack conducted reconnaissance, credential harvesting, lateral movement, and destructive actions against production databases, encrypting and deleting Nacos configurations so they could not be recovered. Sysdig highlights automation of old vulnerabilities, agent narration that may aid detection, and the erosion of response time for defenders.
read more →

Identity lifecycle challenges posed by AI agents

🔒 This article explains how traditional identity lifecycle management — built around HR-driven joiner, mover, and leaver events — fails to govern AI agents. It describes how agents are created outside HR and IGA workflows, arrive with embedded credentials, and expand access dynamically at runtime. The piece highlights gaps in provisioning, access reviews, and offboarding when agents proliferate across parallel instances and orchestration layers.
read more →

Cursor IDE sandbox bypasses enable RCE via prompt injection

🛡️ Researchers discovered two vulnerabilities in the Cursor AI-enabled IDE that enable prompt-injection-driven remote code execution by escaping the command execution sandbox. The flaws, CVE-2026-50548 and CVE-2026-50549, allow attackers to change the working directory and exploit symlink canonicalization fallbacks to write or overwrite files outside the project scope. Cursor patched the issues in version 3.0, and the findings underscore broader risks in agentic AI workflows and the difficulty of defending against prompt injection.
read more →

Context-Aware Polymorphic Schema Validation

🛠️ This post outlines an architecture using Google's ADK and Gemini Flash to replace static prompt-driven agents with a just-in-time, metadata-driven orchestration. It externalizes JSON schema descriptors to a Central Metadata Registry and employs a lightweight discovery prompt plus dynamic validation hooks (Cloud Run) to ensure deterministic, schema-compliant payloads. The pattern reduces context bloat, lowers token costs, and prevents attention diffusion in multi-agent workflows.
read more →

Cloudflare Expands AI Bot Controls and Taxonomy

🛡️ Cloudflare updates its bot management to distinguish between three AI use cases—Search, Agent, and Training—so site owners can better control access and compensation for their content. The company will change defaults on September 15, 2026, blocking Training and Agent bots on ad-bearing pages while leaving Search allowed. Cloudflare also launched BotBase, a searchable directory of tracked bots, and added a new content-use signal for robots.txt to express preferences like use=reference.
read more →

Agentic Internet: Bot Traffic and Content Market

🧭 Cloudflare reports a rapid shift toward an agent-driven Internet where AI training and mixed-use crawlers dominate. Publishers face falling referral traffic as over 50% of Internet traffic is now non-human, and AI companies increasingly ingest content without compensation. Cloudflare highlights tools and marketplace developments that restore publisher control, enable attribution, and support licensing between content owners and AI firms.
read more →

Amazon WorkSpaces for AI agents now generally available

🖥️ Amazon WorkSpaces for agents is generally available, enabling AI agents to securely access and operate desktop applications inside managed WorkSpaces. The service lets agents interact with legacy ERP, CRM, mainframe, and proprietary tools without application modernization or custom integrations, while preserving identity controls, network isolation, and compliance boundaries. It supports any agent framework using the Model Context Protocol (MCP), and pricing is based on active session time.
read more →

June 2026 Microsoft Security product updates

🔒 This update summarizes June 2026 releases across Microsoft Security that strengthen identity, multicloud, data, and developer protections. Highlights include codename MDASH for multi-model agentic vulnerability scanning, expanded Microsoft Defender agent and MCP detection, GA for Microsoft Entra Backup and Recovery, and extended database threat protection for AWS RDS. New reporting, multicloud coverage, and a unified identity risk score help teams detect, prioritize, and recover faster.
read more →

GuardFall bypasses safety in open-source AI agents

🔒 New research from Adversa AI, dubbed GuardFall, shows a decades-old shell trick can bypass simple blocklist checks in open-source AI coding agents, letting hidden destructive commands run. The flaw arises because filters inspect the command as plain text while shells like bash rewrite and expand that text before execution. Ten of eleven tested agents were vulnerable; only Continue defended by parsing commands the same way the shell does.
read more →

Kiro adds GPT-5.4 and Nemotron 3 in GovCloud

🔒 Two new models are now available in the Kiro IDE and CLI for the AWS GovCloud (US-West) Region. OpenAI GPT-5.4 supports complex reasoning, coding, document analysis, and multi-step agentic workflows, running on Amazon Bedrock with a 272K context window and 1.2x credit multiplier. NVIDIA Nemotron 3 Super 120B is offered as an open weight, hybrid MoE option with a 256K context window, 32K max output, and 0.25x credit multiplier. Update your IDE or CLI and restart to access the new models.
read more →

AWS WAF Protects Amazon Bedrock AgentCore Gateway

🔒 AWS announces general availability of AWS WAF protection for Amazon Bedrock AgentCore Gateway, enabling protection of agentic AI workloads from common web exploits and abuse. You can associate an AWS WAF protection pack with your AgentCore Gateway to enforce IP-based access controls, rate-based throttling, and AWS Managed Rule Groups including Bot Control. Configure protections once at the Gateway and have them applied consistently to all targets behind it.
read more →

Google Cloud adopts agentic AI for secure SDLC

🔒 Google Cloud describes how it embeds modular AI agents across the software development lifecycle to create autonomous security guardrails. The approach includes centralized code analysis via the Mantis framework, multi-agent fuzz testing with self-reflection, and an autonomous patching pipeline that validates fixes before human review. Continuous reflection and a programmable posture management system help convert lessons into reusable skills that improve remediation speed and reduce false positives.
read more →

2026 Agent Confidence Index: Builders’ Trust Map

📊 The 2026 Agent Confidence Index summarizes findings from a survey of 300 technical experts across AI, data, and cloud domains, identifying where AI agents are already trusted and where confidence remains nascent. The analysis highlights high-confidence wins—automated report generation, boilerplate code creation, certificate renewal, and monitoring—while noting complex tasks like service mesh configuration remain frontier challenges. The piece frames trust, human oversight, and lifecycle evaluations as essential to safe delegation and enterprise adoption.
read more →

New VPC-SC Controls to Secure Agentic AI Workloads

🔒 Google Cloud announces new VPC Service Controls features to secure agentic AI deployments by enforcing network-level perimeters and integrating agent identities. These updates let administrators add agent principals and principalSets to ingress/egress rules, apply conditional rules based on MCP attributes like mcp.toolName and mcp.method, and automatically protect the Gemini Enterprise Agent Platform from public internet access. The enhancements are designed to complement IAM and resource policies to prevent exfiltration and tool misuse in production agent fleets.
read more →

Guardian Agents: The Next Layer of Identity

🛡️ This guide examines how agentic AI shifted enterprise identity risks and why existing IAM controls fall short. It explains how AI agents inherit human permissions, traverse systems at machine speed, and create an expanding population of autonomous identities often deployed without security review. The piece outlines the guardian agent concept: a purpose-built runtime control layer that inventories agents, baselines behavior, detects anomalies, and enforces least-privilege at execution time to close the governance gap.
read more →

Anthropic tests Claude Cowork mobile control features

🖥️ Anthropic appears to be testing mobile support for Claude Cowork, enabling users to start and monitor long-running Claude tasks from their phones. Cowork, a desktop-focused agentic mode that performs extended knowledge-work tasks, can access files, generate documents and continue working in the background. Screenshots shared on X indicate the mobile experience will act as a remote control while the heavy processing remains on the user’s PC. Anthropic has not officially announced full mobile rollout yet.
read more →

Kiro Achieves FedRAMP High and DoD IL-4/IL-5 on AWS

🔒 Kiro is now authorized for FedRAMP High and DoD CC SRG Impact Levels 4 and 5 within the AWS GovCloud (US) Regions. This enables federal agencies and public sector organizations with stringent compliance requirements to adopt Kiro for sensitive workloads. Kiro combines an IDE and CLI for agentic AI-driven, spec-driven development, translating prompts into code, documentation, and tests. It also supports native MCP integration to connect with documentation, databases, APIs, and enterprise resources.
read more →

OpenClaw AI supply chain risks and findings

🧭 OpenClaw is an AI agent executing third-party skills from ClawHub, and several malicious campaigns emerged after launch. Our Feb–May 2026 analysis identified five skills that bypassed screening and fell into three threat categories: macOS infostealers, an evasion technique using inflated file size, and novel agentic threats for financial gain. All five skills were reported and removed; OpenClaw and NVIDIA have since increased screening and analysis.
read more →