< ciso
brief />
Tag Banner

All news with #agentic ai tag

619 articles · page 20 of 31

Moltworker: Self-Hosted AI Agent on Cloudflare Edge

🤖 Cloudflare published Moltworker, an adaptation of the open-source Moltbot personal AI agent designed to run on the Cloudflare Developer Platform instead of dedicated local hardware. The implementation combines Workers, the Sandbox SDK, Browser Rendering, and R2 to run agent workloads at the edge with controlled persistence. Integration with AI Gateway adds centralized observability, BYOK support, unified billing and fallback behavior. The repo is open-source and the project is presented as a proof-of-concept that requires a paid Workers plan.
read more →

AWS launches Agent SOPs for MCP Server preview in US East

🚀 AWS has introduced deployment Standard Operating Procedures (SOPs) in the AWS MCP Server preview, enabling AI agents to perform multi-step web application deployments from MCP-compatible IDEs and CLIs using natural language prompts. The SOPs generate AWS CDK infrastructure, deploy CloudFormation stacks, and create CI/CD pipelines following recommended AWS security best practices. Supported frameworks include React, Vue.js, Angular, and Next.js. The preview in US East (N. Virginia) is available at no additional MCP cost; customers pay only for the AWS resources and data transfer they use.
read more →

NIST Tightens AI Cybersecurity Guidance for Enterprises

🛡️ NIST is moving from high-level AI risk principles toward operational cybersecurity expectations, focusing especially on AI agent systems that take autonomous actions. The agency’s CAISI center has issued a formal RFI on secure practices for AI agents and is adapting the Cybersecurity Framework into a Cyber AI Profile. NIST’s work—spanning the AI RMF, Dioptra testing, an adversarial ML taxonomy, and SSDF guidance for generative models—signals that CISOs must treat AI as a near-term security priority rather than “just software.”
read more →

AI Agents Are Rewriting Compliance Controls—CISOs Must Act

🛡️ AI agents are being embedded into regulated workflows and are forcing a rethink of controls designed for human actors, including SOX, GDPR, PCI DSS, and HIPAA. Because agents act, adapt, and drift, controls that once relied on predictable human behavior can silently fail, collapsing segregation of duties and exposing sensitive data. CISOs should treat agents as non-human identities with least‑privilege access, strong credential management, continuous monitoring, and robust logging and change governance to keep regulated workflows auditable and defensible.
read more →

AI SOC Agents Transforming Triage and Threat Hunting

🛡️ Agentic AI is reshaping SOC operations by automating contextual triage and correlating telemetry across EDR, identity, email, cloud, SaaS, and network sources so analysts review machine-validated verdicts instead of raw alerts. The approach reduces missed threats and eliminates the need to sample low-fidelity signals. It also provides structured feedback for detection engineering and enables natural-language threat hunting that democratizes proactive investigations. Prophet Security emphasizes depth, accuracy, transparency, and seamless workflow integration to build analyst trust.
read more →

How CISOs Can Overcome AI Fatigue and Govern Use Effectively

🤖 Many CISOs feel torn between moving quickly with AI and preventing new security risks. The article recommends breaking AI into categories by autonomy and potential impact to separate routine generative AI from higher-risk agentic systems. It stresses that data integrity is as important as data protection and proposes a tiered governance model: categorize use, apply baseline controls, assign review forums, and enforce unbreakable rules like kill switches. Practical measures such as acceptable-use policies, training, least-privilege and continuous monitoring are highlighted as table-stakes.
read more →

Top Agentic AI Risks 2026: Governance and Defenses

⚠️ Agentic AI systems introduce acute governance and security challenges because autonomous agents can plan, execute tools, and process sensitive data without human oversight. The OWASP Foundation's Top 10 catalog identifies threats such as goal hijack, tool misuse, privilege abuse, supply chain compromise, RCE, memory poisoning, insecure inter-agent communication, cascading failures, human-trust exploitation, and rogue agents, each with examples and mitigations. Kaspersky condenses those findings and emphasizes a layered, near-Zero Trust defense: least autonomy and privilege, short-lived credentials, human-in-the-loop for critical actions, execution isolation, intent gates, continuous logging, behavioral monitoring, supply chain controls, and targeted training.
read more →

Gemini for Government: Secure, Scalable AI for Agencies

🚀 Gemini for Government packages Google’s Gemini models, secure commercial cloud services, and agentic AI tools into a FedRAMP High-authorized platform for the public sector. It is positioned to accelerate adoption of AI agents across defense, health, transportation, and research by offering enterprise-grade compliance and scalability. Early adopters include the Department of War’s GenAI.mil rollout, the FDA, and the Department of Transportation, and Google is offering webinars and downloadable agent toolkits to help agencies start building and deploying solutions today.
read more →

Who Approved This Agent? Rethinking AI Access Controls

🔐 AI agents are accelerating enterprise work but create new ownership and approval gaps for security teams. Unlike human users or traditional service accounts, agents often operate autonomously, persistently, and with delegated authority, which can expand access beyond any single user's permissions. The article separates agents into personal, third-party, and organizational categories and highlights that organizational agents carry the greatest systemic risk. It recommends treating agents as distinct identities with defined owners, mapping user→agent interactions, and continuously reviewing agent access.
read more →

Runtime Risk and Real-Time Defense for AI Agents at Scale

🔒 Microsoft describes runtime protections that let organizations inspect and control AI agent behavior in real time by integrating Microsoft Defender with Copilot Studio. Webhook-based checks evaluate planned tool invocations, intent, context, and previous orchestration outputs before execution, enabling precise allow/block decisions without changing agent logic. The post demonstrates three attack scenarios—malicious invoice-triggered instructions, SharePoint prompt injection, and capability reconnaissance—and shows how runtime blocking, logging, and XDR alerts prevent data exposure.
read more →

Datadog Adds Automatic Observability for Google ADK

🔍 Datadog LLM Observability now automatically instruments Google’s Agent Development Kit (ADK), giving teams instant visibility into multi-step agent workflows without code changes. The integration traces planner decisions, tool calls, token usage, latency, and branching on a single timeline to simplify debugging and cost analysis. Built-in and custom evaluators detect hallucinations, PII leaks, and prompt injections, while replay and experiment features let teams iterate on prompts, models, and parameters before deployment.
read more →

FortiSIEM 7.5 Adds Agentic AI and Data Sovereignty

🤖 FortiSIEM 7.5 introduces agentic-AI incident management and data sovereignty options to help multinational SOCs balance centralized operations with localized data storage. The release debuts FortiAI-Assist agents — an investigation assistant and a companion assistant — to automate multi-step threat hunting, evidence enrichment, and response guidance. It also includes a free IT/OT Windows agent that requires no centralized management, enhanced federated search, pipeline enrichment, advanced agent templates, and Osquery support for Linux and Windows.
read more →

Agent Factory Recap: Antigravity and Nano Banana Pro

🛠 This episode of the Agent Factory podcast showcases Google’s new developer tools: Antigravity, an agent-first multi-window IDE, and Nano Banana Pro, the Gemini 3 Pro image model. Hosts Remik and Vlad demo building an agentic slide generator using the Agent Development Kit, Antigravity’s Agent Manager, and an MCP server, highlighting planning, testing, and high-fidelity image creation.
read more →

A New Era of AI Agents: Posture and Risk Management

🛡️ Microsoft outlines why the rise of autonomous AI agents requires a new security posture. Microsoft Defender delivers AI Security Posture Management across multi-cloud environments to provide visibility, risk prioritization, and tailored remediation for agent-specific threats such as data-connected exposures, indirect prompt injection (XPIA), and compromised coordinator agents. The guidance emphasizes hardening, attack path analysis, and human-in-the-loop controls to reduce blast radius.
read more →

Getting Started with Gemini 3 Flash on Google Cloud

🚀 This post introduces Gemini 3 Flash, Google’s low-latency, cost-efficient model in the Gemini 3 family, optimized for advanced reasoning, multimodal understanding, and agentic workflows. It guides developers through obtaining an API key from Google AI Studio and configuring it for local use or environment-based invocation. The article demonstrates interactive prompt testing in the Playground, explains toggles like Structured outputs and Thinking level, and shows how to export language-specific sample code via the "Get code" feature to run with the Google GenAI SDK.
read more →

Southeast Asia CISOs' Top 2026 Predictions: AI, Identity

🔒 In conversations with Southeast Asia CISOs, leaders forecast 2026 as a year when AI and cloud become prime attack surfaces, forcing a shift from perimeter defenses to identity- and resilience-centered strategies. They emphasize hardening cloud and AI infrastructure, treating identity as the active perimeter, instrumenting browsers and agents for forensic clarity, and operationalizing resilience both as capability and — in some financial institutions — as a product. Supply‑chain fragility, agentic AI autonomy, session hijacking, and IT‑OT convergence are highlighted as priority risks demanding continuous verification, scoped agent controls, and stronger vendor governance.
read more →

Google Chrome Tests Gemini 'Skills' to Automate Tasks

🤖 Google is testing new Skills for its Gemini AI in Chrome that enable the assistant to perform tasks automatically inside the browser. A hidden page, chrome://skills, has been identified and appears to let users add Skills with a name and instructions while the feature is being internally tested. Currently, Gemini in Chrome acts as a helper on desktop in the US, summarizing pages, explaining content, and combining information from multiple tabs. Google plans to evolve Gemini into an agent that will work more closely with apps like Calendar, YouTube, and Maps, though rollout timing is still unclear.
read more →

Architecture of Agentic Defense: Inside Falcon Platform

🔍 CrowdStrike outlines an architectural approach to enable agentic defense across the Falcon platform. The blog highlights Enterprise Graph for semantic data unification, Charlotte AI expert agents for native reasoning, and Charlotte Agentic SOAR for adaptive orchestration. It stresses governed, auditable execution and the ability to build custom agents with Charlotte AI AgentWorks. The aim is a real-time digital twin so agents and analysts share a single, continuously updated context to accelerate triage and response.
read more →

Insider Risk in an Era of Workforce Volatility and AI Agents

⚠️ Economic pressures, mass layoffs, and rapid AI adoption have pushed insider risk to multi-year highs. In 2025 tech companies announced roughly 245,000 job cuts while US employers logged more than 1.17 million cuts, fueling resentment, negligence, and opportunistic exfiltration. Autonomous AI agents — highlighted by Palo Alto Networks — expand the attack surface, introducing risks like goal hijacking, prompt injection, and shadow deployments that require urgent governance and monitoring.
read more →

Predicting 2026: Cyber Threats, AI Risks, and APTs

🔮 Cisco Talos outlines expectations for cybersecurity in 2026, warning of continued geopolitical-driven campaigns such as infostealers, phishing, and proxy-enabled destructive operations. The briefing highlights the growing risk posed by inadequately governed generative AI agents that could cause breaches or mimic insider threats through flawed design or prompt manipulation. Talos also emphasizes that familiar weaknesses — unpatched systems, leaked credentials, and absent MFA — will remain primary enablers of intrusion. The advisory specifically flags UAT-8837, a medium-confidence China-nexus APT targeting critical infrastructure since 2025, and urges patching, credential hygiene, and proactive hunting.
read more →