< ciso
brief />
Tag Banner

All news with #agentic ai tag

621 articles · page 8 of 32

Most Organizations Deploy AI Agents Despite Identity Risks

🔒 Semperis finds that 93% of global organizations use or plan to use AI agents for security tasks such as password resets and VPN access, while 92% report AI on endpoints with SSH and encryption key access. The survey of 1,100 organizations warns of over‑permissioned and abandoned 'zombie' non‑human identities that increase hijack risk. Semperis recommends treating agents as NHIs, enforcing least‑privilege, and improving observability and recovery readiness.
read more →

Palo Alto Launches Idira to Secure AI and Identities

🔒 Palo Alto Networks has unveiled Idira, an identity security platform designed to protect human users, machine identities, and autonomous AI agents by applying dynamic privilege controls across all identity types. The platform leverages Palo Alto’s integration of CyberArk and continuously discovers and enriches identities across SaaS, cloud, and developer environments. Idira elevates privileges only when required and revokes them immediately, aiming to close blind spots left by legacy IAM and PAM systems. Analysts say it targets gaps in offerings such as Auth0 and SailPoint but does not eliminate the need for layered security.
read more →

Microsoft May Patch: 17 Critical Flaws Including RCE

🔒 Microsoft released its May Patch Tuesday fixing 120 CVEs, including 17 critical flaws. The update addresses 14 RCEs, two elevation of privilege bugs and one information disclosure issue, with the majority of fixes covering EoP and RCE types. Microsoft credited its WARP team and an agentic AI system, MDASH, with discovering 16 of the issues. Administrators are urged to prioritize high-risk fixes such as CVE-2026-41089.
read more →

AI-Assisted Synthetic Attack Logs to Accelerate Detection

🔒 Microsoft researchers describe an AI-driven pipeline that translates attacker TTPs into realistic, structured security logs to accelerate detection engineering. The approach uses prompt engineering, collaborative agentic refinement, and data augmentation to generate semantically accurate telemetry (command lines, process ancestry, fields) without exposing sensitive customer data. Evaluation across multiple datasets shows agentic workflows and reasoning models notably improve recall and fidelity compared to prompt-only methods.
read more →

SAP SAPPHIRE 2026: Google Cloud AI Agents and Data

🔔At SAP SAPPHIRE, Google Cloud and SAP introduced a Unified Data Foundation to connect SAP business data directly into BigQuery and enable agentic AI workflows. Announcements include BDC Connect for BigQuery GA with zero-copy access, new 48TB X5 memory-optimized instances, a SecNumCloud-qualified Sovereign Cloud with S3NS, and Google SecOps for SAP in preview. The new Cortex Framework preview aims to accelerate building agentic solutions while maintaining enterprise governance and reducing data movement.
read more →

Agentic AI: The Next Blindspot for Security Teams and Risk

🔐 Agentic AI is already operating across enterprises, executing tasks and taking actions often without meaningful security involvement. Security teams must develop hands‑on fluency — build and test agents, understand integrations like the Model Context Protocol, and enforce scoped configurations — because policy alone won't close the gap. The piece distinguishes three agent classes (productivity, MCP‑connected vendor agents, and custom user agents) and emphasizes configuration, access scoping, and training such as SANS SEC545 to reduce exposure.
read more →

Architecting Resilient Foundations for the Agentic Era

🔐 At Google Cloud Next, Google outlined a resilient, scalable, and secure foundation to accelerate public sector adoption of the agentic era, highlighting infrastructure, data, and security innovations. Key infrastructure announcements include the AI Hypercomputer with eighth-generation TPUs (TPU 8t for training, TPU 8i for inference) and Virgo Networking, plus Google Distributed Cloud bringing Gemini to where data resides. On data, an AI-native architecture features Knowledge Catalog (FedRAMP High, DoD IL4 & IL5) and a cross-cloud Lakehouse to ground agents in trusted context. Security advances combine Google Threat Intelligence with Wiz, authorize Cloud Armor and Model Armor, and add defensive agents to protect models and sensitive data.
read more →

Lyrie.ai Joins Anthropic CVP, Releases Open ATP Standard

🔒 OTT Cybersecurity LLC — the team behind Lyrie.ai — announced acceptance into Anthropic’s Cyber Verification Program and the public release of the Agent Trust Protocol (ATP). ATP is an open cryptographic standard that enables real-time verification of an AI agent’s identity, authorized scope, attestation status, delegation, and revocation. The protocol is royalty-free, slated for IETF submission, and a reference implementation is published under an MIT license. Lyrie positions itself as the security layer for autonomous AI agents operating on the internet.
read more →

Autonomous Purple Teaming: Closing the Exploitation Gap

🛡️ Traditional purple teaming is failing because human handoffs and siloed toolchains make detection-to-fix cycles far slower than modern attackers. The author documents a collapse in the vulnerability-to-exploit window—from 56 days in 2024 to roughly 10 hours in early 2026 across CISA KEV, VulnCheck KEV, and ExploitDB—and warns that AI-assisted adversaries can act in seconds. Autonomous purple teaming pairs automated penetration testing, Breach and Attack Simulation, and AI-powered mobilization agents to close the loop at machine speed, converting red findings into blue tests and auto-deploying low-risk fixes while keeping every step auditable.
read more →

Eight Principles for Reskilling the SOC for Agentic AI

🤖 DXC Technology, Accenture, and other organizations are actively retraining SOC teams to integrate agentic AI by embedding vendor experts and building secure sandboxes. CISOs emphasize top-down leadership, rapid experimentation, and formal learning tracks to shift mindsets and roles. Governance, humans-in-the-loop, and clear escalation and audit paths are required while agents take on L1/L2 tasks.
read more →

Including MCP in Continuous Threat Exposure Management

🔒 Model Context Protocol (MCP), the emerging plugin layer for agentic AI, has become a significant blind spot for security teams, introducing new shadow-AI risks much like shadow IT. CTEM programs can close this gap by extending scoping, discovery, prioritization, validation and mobilization to cover developer workstations, AI toolchains and MCP server configurations. Practical actions include actively enumerating MCP endpoints, scanning agent configuration and markdown context files for hardcoded API keys, and prioritizing exposures by attacker impact to produce actionable remediation tickets for engineering teams.
read more →

Frontier AI Defense: Shifting Cybersecurity to Machine Speed

🔒 Palo Alto Networks introduces Frontier AI Defense, a platform initiative designed to counter next-generation, agentic AI threats that can autonomously discover and chain software flaws. Their testing of frontier models (including GPT-5.5-Cyber, Mythos, and Claude Opus 4.7) revealed a step-change in coding capability and attack automation. The program combines Unit 42 expertise, early model access, platform integration, and partner alliances to enable prioritized mitigation and autonomous remediation at machine speed.
read more →

Cloudflare Restructures Operations for the Agentic AI Era

🔧 Cloudflare announced a global workforce reduction of more than 1,100 employees as it reorganizes for the agentic AI era. Founders Matthew Prince and his co-sender emphasized transparency, notifying the entire global team directly by email and scheduling an all-hands and an earnings call to explain the change. The company characterized the move as a structural redesign to adapt to a 600% surge in internal AI usage, not a performance-based action. Departing employees will receive industry-leading severance, extended equity vesting through August 15, and U.S. healthcare support through year-end.
read more →

Gemini 3.1 Flash-Lite Now GA for Low-Latency Scale

🚀 Today Google Cloud announced that Gemini 3.1 Flash-Lite is generally available on Gemini Enterprise. Built for ultra-low latency, high-volume workloads, and maximal cost-efficiency, Flash-Lite is positioned for production deployments that require fast, iterative responses and precise agentic capabilities such as tool calling and orchestration. Early adopters report significant reductions in latency and operating cost while retaining robust reasoning for developer assistants, customer service agents, and multimodal creative pipelines.
read more →

Amazon Bedrock AgentCore Payments Preview for Agents

💳 Amazon Bedrock AgentCore now offers a preview of AgentCore payments, enabling AI agents to autonomously discover and pay for APIs, MCP servers, web content, and other agents. Built with Coinbase and Stripe, the feature manages wallet authentication, x402 protocol negotiation, stablecoin payment execution, and proof delivery without interrupting an agent's reasoning loop. Developers can attach a Coinbase CDP or Stripe Privy wallet, set session-level spending limits enforced at the infrastructure layer, and observe every transaction through AgentCore's existing logs, metrics, and traces. The Coinbase x402 Bazaar MCP server is accessible via AgentCore Gateway, and the preview is available in four AWS Regions.
read more →

Doist's Ramble: Stream-of-Consciousness AI Tasks with Gemini

🧠 Doist built Ramble to capture stream-of-consciousness speech and convert it into structured tasks using Gemini Enterprise Agent Platform. The feature streams raw PCM audio directly to the model for simultaneous language detection, speech recognition, and semantic parsing, enabling proactive tool calls (addTask, editTask, deleteTask) and robust session resumption across devices. A layered, provider-agnostic streaming architecture supports future voice features and easy provider substitution. Outcome: fast, multilingual, real-time task capture that tolerates messy speech and offline interruptions.
read more →

AWS launches Agent Toolkit for production-ready AI agents

🚀 AWS announced the Agent Toolkit for AWS, a production-ready suite of tools and guidance to help AI coding agents build on AWS with fewer errors, lower token costs, and enterprise-grade security controls. The toolkit includes validated agent skills, a fully managed MCP Server, and easy-to-install agent plugins. At launch AWS is shipping more than 40 skills across infrastructure-as-code, storage, analytics, serverless, containers, and AI, plus three plugin bundles for Core applications, Data Analytics, and Agent development. The Agent Toolkit is available at no additional charge; customers pay only for AWS resources consumed.
read more →

Public Sector Momentum and Mission Impact at Next '26

🤖 At Google Cloud Next '26, public sector leaders and academics demonstrated how the agentic era is moving from experimentation to enterprise-scale adoption across government, transportation, healthcare, and research. Featured speakers — including leaders from Google Public Sector, the City of Los Angeles, the FDA, and the Department of Transportation — shared blueprints for scaling AI and treating agents as force multipliers to improve productivity and mission outcomes. Hands-on demos, 28 Mission Talks and an interactive Public Sector Hub enabled attendees to create and test hundreds of agents across diverse use cases. Google invited organizations to continue engagement through follow-up webinars and partner pathways to accelerate adoption.
read more →

Amazon WorkSpaces Enables Secure AI Agent Desktop Access

🤖 Amazon WorkSpaces now lets AI agents securely access and operate desktop applications within managed, enterprise-grade WorkSpaces environments. Agents built on any framework and running in cloud, on-premises, or hybrid deployments can connect with minimal code using the industry-standard MCP integration, while IT retains centralized permissions, logging, and auditing identical to human desktops. Observability includes screenshots and metrics for full visibility, and pay-as-you-go pricing supports elastic scale.
read more →

Google Agent Gateway: ISV Ecosystem for AI Security

🔒 Google announced Agent Gateway, part of the Gemini Enterprise Agent Platform, to provide a programmable, secure connectivity plane for user-to-agent, agent-to-agent, and agent-to-tools interactions. The Gateway enables teams to inject custom logic and third-party security controls directly into the request path without changing application code. Google highlighted integrations with vendors such as Broadcom (Symantec DLP), Check Point, Cisco, CrowdStrike, Palo Alto Networks, and others to deliver runtime DLP, prompt-injection mitigation, identity governance, and behavioral analytics.
read more →