{"id":7,"date":"2018-12-08T21:55:23","date_gmt":"2018-12-08T21:55:23","guid":{"rendered":"https:\/\/kgpandya.com\/index\/?page_id=7"},"modified":"2018-12-18T14:53:24","modified_gmt":"2018-12-18T14:53:24","slug":"news-articles","status":"publish","type":"page","link":"https:\/\/kgpandya.com\/index\/news-articles\/","title":{"rendered":"News &#038; Articles"},"content":{"rendered":"<div class=\"feedzy-bf9b45af8cdc8981483a1042e2e9ba05 feedzy-rss\"><div class=\"rss_header\"><h2><a href=\"\" class=\"rss_title\" rel=\"noopener\"><\/a> <span class=\"rss_description\"> <\/span><\/h2><\/div><ul><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/venturebeat.com\/security\/autonomous-security-agents-need-complete-data-heres-how-to-check-if-yours-is-ready\" target=\"_blank\" rel=\" noopener\" title=\"Autonomous security agents need complete data. Here's how to check if yours is ready.\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/images.ctfassets.net\/jdtwqhzvc2n1\/6i1AXzJrBmm5vHORb2EnjQ\/c51ee7dc067b682eb5ed97250025fb13\/HERO_FOR_ARTICLE.jpg?w=300&#038;q=30\" title=\"Autonomous security agents need complete data. Here&#039;s how to check if yours is ready.\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/venturebeat.com\/security\/autonomous-security-agents-need-complete-data-heres-how-to-check-if-yours-is-ready\" target=\"_blank\" rel=\" noopener\">Autonomous security agents need complete data. Here's how to check if yours is ready.<\/a><\/span><div class=\"rss_content\" style=\"\"><p>An endpoint agent cannot report its own absence. The 2026 Axonius Actionability Report, conducted with the Ponemon Institute and surveying 662 IT and security professionals, put a number on a gap SOC teams have worked around for years. Across the Axonius customer base, 12.7% of devices in a 298,000-device median inventory are missing their expected security agent.If a device has no agent, no management console shows it. If a CMDB record is stale, no reconciliation flags it. An employee who installed Claude Enterprise outside procurement created a SaaS workspace, identity surface, and API-token footprint that endpoint telemetry alone will not reliably inventory. The coverage percentage on the EDR dashboard is structurally incomplete because the reporting mechanism cannot see what it does not cover.That gap matters more now than it did six months ago. SOC and XDR vendors are pushing more autonomous investigation and remediation into production. Those agents will query the same dashboards, trust the same coverage percentages, and act on the same blind spots human analysts learned to work around. A human analyst second-guesses a 98% coverage number. An autonomous agent treats it as ground truth and moves at machine speed.Three independent signals converged on the same gapGravitee\u2019s 2026 survey of 900-plus executives found 88% reported confirmed or suspected AI-related incidents, and only 14.4% sent agents live with full security approval. The Axonius\/Ponemon report found 52% of respondents would let autonomous agents act on recommendations \u2014 while 63% said the underlying data lacks important information. The CSA's Agentic Trust Framework requires verified data governance before agents act on any finding.Mike Riemer, Field CISO at Ivanti, said that known vulnerabilities on Azure\u2019s honeypot networks are now attacked in under 90 seconds. \u201cTraditional security measures continue to work,\u201d Riemer told VentureBeat. The caveat is that those measures only protect what they can see. An EDR agent deployed across 87.3% of the device inventory leaves the remaining 12.7% outside that agent\u2019s telemetry, policy enforcement, and detection logic.Exclusive deployment data quantifies the scaleJoe Diamond, CEO of Axonius, told VentureBeat that the average CISO sees roughly 50% of what is actually on the network. \u201cSay 50% of their environment is sitting in dark matter,\u201d Diamond said. \u201cThey don\u2019t know what it is, or where it is, or who has access to it, if it\u2019s secure, if it\u2019s not secure.\u201dDeployment data from more than 900 Axonius customers confirms those numbers. TransUnion went from 70% to 99% endpoint coverage after out-of-band verification. Western Union went from 85% to 99% by consolidating data from 38 tools and cutting manual workload by half. Lumen discovered 1.1 million assets, where the CMDB showed 17,000. That translates to roughly 37,000 unmanaged endpoints per organization sitting outside every policy, every patch cycle, and every detection rule.Diamond pointed to Mythos, Anthropic\u2019s frontier reasoning model, as a sign that machine-speed offensive capability will make any unknown asset far riskier than it is today. \u201cPeople tend to have shiny object syndrome,\u201d he said. \u201cIf you didn\u2019t understand what 50% of your environment looked like from a traditional endpoint perspective, and you think you\u2019re going to wind sprint to granular control and governance of AI, your program will fail.\u201d Diamond called the broader AI shift \u201cas big, if not bigger than the internet.\u201dThree approaches compete to close the gapNo single architecture solves the visibility problem today. Three approaches compete, each with named tradeoffs security teams should evaluate before procurement.A dedicated integration layer uses bidirectional API adapters to build an always-current inventory. Axonius runs 1,400-plus adapters and now discovers shadow Claude Enterprise installations via its Anthropic adapter (GA June 15). \u201cWe created a bidirectional API integration with all the IT systems and all the security controls to build an always up-to-date inventory of what the environment looks like,\u201d Diamond told VentureBeat.Platform-native EDR and XDR intelligence builds richer asset context inside the agent footprint. Depth within the agent footprint is the advantage. The limitation is structural. Platform-native intelligence is bounded by what the agent can see, and the gap the Ponemon report identified lives precisely where that visibility ends.CMDB modernization requires continuous reconciliation against three or more independent telemetry sources. Only 13% of organizations reconcile daily, according to Axonius\/Ponemon data. The remaining 87% operate on stale records that feed incorrect prioritization into any automated remediation pipeline.EDR data readiness: Five gates before autonomous remediationBefore you let autonomous SOC agents close tickets or quarantine assets, this checklist tells you whether your EDR and asset data is solid enough to trust. It is vendor-agnostic, works with any EDR and CMDB, and gives you five pass\/fail gates you can run in a single working session.Risk AreaWhat the data showsReadiness thresholdAction to take nowAsset inventory deltaPonemon: only 45% consolidate into a single view. Forrester TEI: 150% more assets than previously identified. Lumen: 17K in CMDB vs. 1.1M discovered.Delta \u226410% between discovery, CMDB, and EDR agent count. Delta above 10% blocks automated remediation until reconciled.Run API-based discovery against all segments. Diff against CMDB and EDR console count. Reconcile quarterly minimum.Unmanaged AI servicesGravitee: 88% confirmed or suspected AI incidents. Only 14.4% with full security approval. Anthropic adapter (GA June 15) discovers unmanaged Claude Enterprise installations.No high-risk AI services outside approved procurement. Weekly SaaS discovery scans. Unmanaged high-risk instances trigger IR triage before exception review.Deploy SaaS discovery or protocol-level adapters for AI service detection. Automate weekly scans. Route unmanaged instances to IR queue.CMDB record accuracyPonemon: only 13% reconcile daily (RSAC 2026). Brooks Running: 20% server discrepancy between console and independent discovery. Top remediation barriers: unclear prioritization, unclear ownership, inconsistent data.\u226585% of records validated against 3+ independent telemetry sources. No stale or orphaned records in active remediation queue.Cross-reference CMDB against cloud inventory, EDR telemetry, and IdP directory. Continuous reconciliation replaces annual audit cycles.Endpoint agent coverage gapPonemon: an agent cannot report its own absence (p. 8). TransUnion: 70% to 99% after out-of-band verification. RSAC 2026: 12.7% of 298K median devices missing expected agent.\u226595% agent coverage verified via out-of-band discovery. Many CISOs set this as the minimum before allowing autonomous remediation. No self-reported-only metrics in board reports.Run network-based or API-driven discovery against managed device list. Coverage below 95% blocks automated remediation scoping.Asset ownership mappingPonemon: 32% apply tags consistently. Only 51% assign ownership on new exposures (pp. 9, 16). TransUnion: 12K to 190K assets with ownership mapped.Owner assigned within 24 hours. Tags consistent across cloud, EDR, CMDB. Three systems showing three owners = failure.Automate ownership via cloud tags, IdP group membership, or CMDB metadata. Map asset, remediation, and business owner as separate fields.Five questions to ask before allowing autonomous SOC actionWhat independently verifies endpoint-agent coverage outside the EDR console?How does the SOC reconcile conflicts between EDR, CMDB, cloud inventory, IdP, and discovery tools?Can AI agents act on assets with unknown or disputed ownership?Can the system distinguish \u201cnot vulnerable\u201d from \u201cnot visible\u201d?What data-quality gate blocks autonomous remediation when coverage or ownership falls below threshold?Board-ready risk framingKayne McGladrey, IEEE Senior Member, has confirmed the pattern across multiple published VentureBeat interviews. The structural gap in self-reported coverage is not new. What is new is that autonomous agents will act on it at machine speed without the institutional workarounds human analysts developed over years of experience. Diamond put the board-level stakes plainly in an April 2026 press statement: \u201cFindings pile up because the data isn\u2019t trusted, ownership isn\u2019t clear, and entire asset classes aren\u2019t even in the picture.\u201dThe CSA\u2019s Agentic Trust Framework requires that any agent promoted to a higher autonomy level must pass five gates, including demonstrated accuracy and a security audit. The EU AI Act\u2019s Article 50 transparency obligations take effect August 2, 2026. The May 2026 Digital Omnibus pushed high-risk system obligations to December 2027, but organizations deploying agentic SOC agents on incomplete asset data face immediate operational risk that outpaces any regulatory timeline.The board-ready sentence: Our EDR coverage reports are structurally incomplete because an endpoint agent cannot report its own absence, and we are verifying coverage through out-of-band discovery before deploying autonomous agents that would act on those reports at machine speed.Security director playbookRun out-of-band asset discovery this week. Compare results against your CMDB export and EDR console count. If the delta exceeds 10%, halt automated remediation scoping until the gap is reconciled.Deploy SaaS discovery for AI services. Employees install AI ahead of procurement, ahead of security. Weekly scans are the minimum. Route any unmanaged high-risk instance to your incident response queue for triage before exception review.Map asset ownership to remediation responsibility. Ponemon found only 32% of organizations apply tags consistently. If three systems show three different owners for the same asset, automated remediation has no routing target. Fix the ownership layer before deploying agents that depend on it.Kill self-reported-only coverage metrics. Any risk calculation or board report that relies on EDR console-reported coverage alone is built on data the reporting system cannot verify. Require out-of-band verification for every coverage number that informs a risk decision.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-akaolife-data-claim-emea-france\/\" target=\"_blank\" rel=\" noopener\">Hackers Claim French Employment Leak Exposes Over 1M Records, Health Data<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Hackers claim 1M+ records tied to French employment apps were exposed, including HR files, health data, worker details, and plaintext passwords.\nThe post Hackers Claim French Employment Leak Exposes Over 1M Records, Health Data appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-leonardo-signaltrace-alpr-device-tracking\/\" target=\"_blank\" rel=\" noopener\">New License Plate Reader Tech Could Track Phones, AirPods, and Smartwatches<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Leonardo\u2019s SignalTrace adds wireless device detection to ALPR systems, raising new questions about roadside surveillance, privacy, and security.\nThe post New License Plate Reader Tech Could Track Phones, AirPods, and Smartwatches appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102397-security-leaders-discuss-texas-hunting-fishing-license-data-breach\" target=\"_blank\" rel=\" noopener\" title=\"Security Leaders Discuss Texas Hunting, Fishing License Data Breach\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/26\/Fishing.webp?t=1782485627\" title=\"Security Leaders Discuss Texas Hunting, Fishing License Data Breach\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102397-security-leaders-discuss-texas-hunting-fishing-license-data-breach\" target=\"_blank\" rel=\" noopener\">Security Leaders Discuss Texas Hunting, Fishing License Data Breach<\/a><\/span><div class=\"rss_content\" style=\"\"><p>The Texas Parks and Wildlife Department reported that the personal information of more than three million Texas hunting and fishing license customers may have been affected by a recent data breech.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-microsoft-windows-10-security-updates-2027\/\" target=\"_blank\" rel=\" noopener\">Microsoft Extends Windows 10 Security Updates to 2027<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Microsoft extended Windows 10 security updates for personal devices through Oct. 12, 2027, giving users more time to upgrade.\nThe post Microsoft Extends Windows 10 Security Updates to 2027 appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-five-eyes-ai-cyberattacks\/\" target=\"_blank\" rel=\" noopener\">Five Eyes Warns AI Could Speed Cyberattacks Within Months<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Five Eyes agencies warned that AI could speed cyberattacks within months, raising new risks around prompt injection, phishing, and enterprise AI tools.\nThe post Five Eyes Warns AI Could Speed Cyberattacks Within Months appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-denmark-tdc-net-huawei-fiber-gear-removal-emea\/\" target=\"_blank\" rel=\" noopener\">Denmark Ordered to Pay $12M Over Huawei Equipment Removal<\/a><\/span><div class=\"rss_content\" style=\"\"><p>A Danish court ordered the state to compensate TDC NET after the removal of Huawei fiber-network equipment, raising questions about telecom security costs.\nThe post Denmark Ordered to Pay $12M Over Huawei Equipment Removal appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102392-cal-water-confirms-user-credentials-exploited-in-hacking\" target=\"_blank\" rel=\" noopener\" title=\"Cal Water Confirms User Credentials Exploited in Hacking\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/25\/Coding-by-Walkator.webp?t=1782402016\" title=\"Cal Water Confirms User Credentials Exploited in Hacking\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102392-cal-water-confirms-user-credentials-exploited-in-hacking\" target=\"_blank\" rel=\" noopener\">Cal Water Confirms User Credentials Exploited in Hacking<\/a><\/span><div class=\"rss_content\" style=\"\"><p>A\u00a0Cal Water spokesperson reached out to Security\u00a0magazine with an update on its investigation.\u00a0<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102393-61-of-healthcare-organizations-predict-a-fatal-cyberattack-within-5-years\" target=\"_blank\" rel=\" noopener\" title=\"61% of Healthcare Organizations Predict a 'Fatal' Cyberattack Within 5 Years\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/25\/irwan-rbDE93-0hHs-unsplash.webp?t=1782402790\" title=\"61% of Healthcare Organizations Predict a &#039;Fatal&#039; Cyberattack Within 5 Years\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102393-61-of-healthcare-organizations-predict-a-fatal-cyberattack-within-5-years\" target=\"_blank\" rel=\" noopener\">61% of Healthcare Organizations Predict a 'Fatal' Cyberattack Within 5 Years<\/a><\/span><div class=\"rss_content\" style=\"\"><p>A recent report by Omega Systems analyzed cybersecurity incidents within healthcare organizations.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-interpol-cybercrime-report-apac\/\" target=\"_blank\" rel=\" noopener\">Interpol: Cybercrime Hits 30% of Recorded Crime in Surveyed APAC Countries<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Interpol\u2019s latest Asia and South Pacific cybercrime assessment shows how phishing, ransomware, DDoS attacks, infostealers, and AI-enabled scams are raising security risks across APAC.\nThe post Interpol: Cybercrime Hits 30% of Recorded Crime in Surveyed APAC Countries appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-europol-microsoft-malware-takedown-emea-eu\/\" target=\"_blank\" rel=\" noopener\">Europol, Microsoft Hit Malware Network Behind 27M Stolen Logins, 140,000 Infected Computers<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Europol and Microsoft disrupted malware infrastructure linked to 27 million stolen login credentials and 140,000 infected computers in a global cybercrime network.\nThe post Europol, Microsoft Hit Malware Network Behind 27M Stolen Logins, 140,000 Infected Computers appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102391-hackers-exposed-knicks-madison-square-garden-data\" target=\"_blank\" rel=\" noopener\" title=\"Hackers Exposed Knicks, Madison Square Garden Data\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/24\/Madison-Square-Garden-by-Colynary-Media.webp?t=1782328104\" title=\"Hackers Exposed Knicks, Madison Square Garden Data\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102391-hackers-exposed-knicks-madison-square-garden-data\" target=\"_blank\" rel=\" noopener\">Hackers Exposed Knicks, Madison Square Garden Data<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Security leaders discuss the release of Knicks and Madison Square Garden customer and corporate data.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-xsolis-healthcare-data-breach\/\" target=\"_blank\" rel=\" noopener\">Healthcare Vendor Xsolis Reports Breach Affecting 1.4M People<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Xsolis confirmed a healthcare data breach affecting nearly 1.4 million people after a phishing attack exposed health and identity data.\nThe post Healthcare Vendor Xsolis Reports Breach Affecting 1.4M People appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-emea-uk-apple-icloud-lawsuit-2028-trial\/\" target=\"_blank\" rel=\" noopener\">Apple\u2019s \u00a33B iCloud Lawsuit Could Affect 40M UK Users<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Apple lost a bid to narrow a UK iCloud lawsuit from Which?, keeping a \u00a33 billion competition claim on track for an October 2028 trial.\nThe post Apple\u2019s \u00a33B iCloud Lawsuit Could Affect 40M UK Users appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-lastpass-klue-oauth-token-salesforce-data-exposure\/\" target=\"_blank\" rel=\" noopener\">LastPass Confirms Vendor Breach Exposed Customer Contact, Support Data<\/a><\/span><div class=\"rss_content\" style=\"\"><p>LastPass said customer contact and support data were exposed after attackers used stolen Klue OAuth tokens to access its Salesforce environment and CRM records.\nThe post LastPass Confirms Vendor Breach Exposed Customer Contact, Support Data appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-anthropic-claude-tag-ai-agent-slack\/\" target=\"_blank\" rel=\" noopener\">Anthropic Launches Claude Tag, Bringing AI Agents Into Slack<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Anthropic launched Claude Tag in Slack, giving enterprise teams an AI agent with shared context, admin controls, logs, and spend limits.\nThe post Anthropic Launches Claude Tag, Bringing AI Agents Into Slack appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-madison-square-garden-hack-26m-records\/\" target=\"_blank\" rel=\" noopener\">Madison Square Garden Hack Exposes 26 Million Visitor Records<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Madison Square Garden faces a 26M-record hack tied to visitor data, facial recognition, and security records from its venue operations, with fallout from the leak. \nThe post Madison Square Garden Hack Exposes 26 Million Visitor Records appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-apac-india-tata-electronics-data-leak\/\" target=\"_blank\" rel=\" noopener\">Tata Electronics Leak Exposes 200,000 Files, Including Apple and Tesla Documents<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Tata Electronics is investigating a cyber incident after leaked files reportedly included manufacturing documents for Apple and Tesla.\nThe post Tata Electronics Leak Exposes 200,000 Files, Including Apple and Tesla Documents appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-coupang-fine-ai-governance-board-risk\/\" target=\"_blank\" rel=\" noopener\">Coupang\u2019s $409M Fine Shows the Real Cost of Weak AI Governance<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Recent AI and data security actions show why AI governance now belongs with boards, not just IT teams managing tools and access.\nThe post Coupang\u2019s $409M Fine Shows the Real Cost of Weak AI Governance appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/venturebeat.com\/security\/visa-will-offer-an-inside-look-at-project-glasswing-and-how-the-most-powerful-agentic-models-are-changing-enterprise-security-at-vb-transform-2026\" target=\"_blank\" rel=\" noopener\" title=\"Visa will offer an inside look at Project Glasswing and how the most powerful agentic models are changing enterprise security at VB Transform 2026\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/images.ctfassets.net\/jdtwqhzvc2n1\/6iaSyGRz2yDxeia20Gkujs\/86bf68468867dbe4f3a949ab89625350\/Rajat_Taneja.png?w=300&#038;q=30\" title=\"Visa will offer an inside look at Project Glasswing and how the most powerful agentic models are changing enterprise security at VB Transform 2026\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/venturebeat.com\/security\/visa-will-offer-an-inside-look-at-project-glasswing-and-how-the-most-powerful-agentic-models-are-changing-enterprise-security-at-vb-transform-2026\" target=\"_blank\" rel=\" noopener\">Visa will offer an inside look at Project Glasswing and how the most powerful agentic models are changing enterprise security at VB Transform 2026<\/a><\/span><div class=\"rss_content\" style=\"\"><p>The security implications of advanced AI models were immediately clear to Visa\u2019s technology team when they began testing Anthropic\u2019s Mythos model.Just weeks into Project Glasswing, the team observed how quickly attackers can identify and weaponize vulnerabilities in critical code bases, creating security risks, explained Rajat Taneja, Visa\u2019s president of technology, during a call to prepare for his session at VB Transform 2026, VentureBeat\u2019s upcoming agentic AI event.\u00a0Visa is among the companies selected to test Anthropic\u2019s upcoming model \u2014 a version of which was released June 9 but abruptly disabled days later to comply with U.S. government directives.The findings of Project Glasswing put a spotlight on widening enterprise security gaps and the vulnerabilities malicious actors can take advantage of.\u00a0\"Security has always been important, but currently, in the age of AI, is going to be even more important because the attacks become autonomous,\u201d Taneja told VentureBeat. \u201cThe defenses have to become autonomous. And we are not there. And there's an asymmetry there, which is a very big risk for the world.\"Threat actors now have access to powerful AI agents that can work 24\/7, \u201coperating at a scale and speed that human teams cannot match, automating the tedious reconnaissance and exploitation phases of a cyberattack,\u201d according to Cisco\u2019s State of AI Security 2026 report. Amy Chang, Cisco\u2019s head of AI threat intelligence and security research, will also be a speaker at VB Transform.To mitigate these risks, Visa is building its own abstraction layers, observability, and data guardrails to secure its autonomous commerce frameworks. The payment services giant also rolled out an open\u2011source, AI-driven security framework that turns vulnerability discovery and remediation into a structured, repeatable pipeline.\u00a0Their work represents a shift enterprise IT teams must make to protect enterprise systems against threats posed by bad actors wielding autonomous agents. Taneja will share these insights and valuable technical details during his session at VB Transform, titled Inside Project Glasswing and Mythos: Securing the agentic future today, on July 15.\u00a0Other agentic AI security-focused sessions at VB Transform include:CrabTrap: How Brex built an open source proxy to secure OpenClaw\u2019s critical flaws for everyone with Brex co-founder and CEO Pedro Franceschi;\u00a0When AI Agents have wallets: Building the trust layer for autonomous B2B commerce with Mastercard\u2019s Chief AI and Data Officer, Greg Ulrich;Expedia's blueprint for building autonomous agents for high-stakes transactional systems with Chief AI and Data Officer Xavier Amatrain; and\u00a0Securing agentic AI: A playbook for permissioning, sandboxing, and human-in-the-loop controls, a panel discussion with AI security leaders from Intuit, Box and Cisco.Interested in attending VB Transform 2026? Register here. A select number of complimentary passes are also available to senior technology leaders. Contact us to get yours.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-otc-glucose-monitors-wearable-tech\/\" target=\"_blank\" rel=\" noopener\">OTC Glucose Monitors Make Wellness Tracking More Personal \u2014 and More Complicated<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Over-the-counter CGMs are making glucose data easier to access, but not every user benefits equally. Here\u2019s where the evidence is strongest \u2014 and what to know about app privacy.\nThe post OTC Glucose Monitors Make Wellness Tracking More Personal \u2014 and More Complicated appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-apple-usbliter8-securerom-exploit-june-2026\/\" target=\"_blank\" rel=\" noopener\">New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Researchers disclosed usbliter8, a SecureROM exploit affecting older Apple devices that can bypass boot protections with physical access.\nThe post New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-windows-june-update-recycle-bin-file-name-bug\/\" target=\"_blank\" rel=\" noopener\">Microsoft Confirms Windows Recycle Bin Bug Affects All Supported Versions<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Microsoft confirmed a Windows June update bug that shows internal Recycle Bin file names during permanent deletion, with a fix planned.\nThe post Microsoft Confirms Windows Recycle Bin Bug Affects All Supported Versions appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-reliance-jio-callagent-ai-apac-india\/\" target=\"_blank\" rel=\" noopener\">Mukesh Ambani\u2019s Reliance AI Roadmap Puts Jio CallAgent Inside the Network<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Reliance\u2019s AI roadmap puts Jio CallAgent inside the telecom network while tying India-scale AI ambitions to Jamnagar compute, local-language services, and enterprise compliance questions.\nThe post Mukesh Ambani\u2019s Reliance AI Roadmap Puts Jio CallAgent Inside the Network appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/news-prinz-eugen-ransomware-recent-files\/\" target=\"_blank\" rel=\" noopener\">Prinz Eugen Ransomware Hits Recent Files First and Skips Ransom Notes<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Prinz Eugen ransomware prioritizes recently modified files and leaves no ransom note on disk, creating new pressure on backup windows, endpoint alerts, and incident response playbooks.\nThe post Prinz Eugen Ransomware Hits Recent Files First and Skips Ransom Notes appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><span class=\"title\"><a href=\"https:\/\/www.techrepublic.com\/article\/top-enterprise-vpns\/\" target=\"_blank\" rel=\" noopener\">8 Best Enterprise VPN Solutions for 2026<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Find the best enterprise VPN solution for your business with 2026 comparisons of pricing, security, remote access, endpoint protection, and ZTNA features. \nThe post 8 Best Enterprise VPN Solutions for 2026 appeared first on TechRepublic.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/venturebeat.com\/security\/7000-langflow-servers-under-attack-langgraph-langchain-same-holes\" target=\"_blank\" rel=\" noopener\" title=\"7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/images.ctfassets.net\/jdtwqhzvc2n1\/5CFo8mBoW1WjItcZvYyHpg\/3172659c88b4856fe7137de54672ab16\/hero.png?w=300&#038;q=30\" title=\"7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/venturebeat.com\/security\/7000-langflow-servers-under-attack-langgraph-langchain-same-holes\" target=\"_blank\" rel=\" noopener\">7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Your AI agent did exactly what it was designed to do. The framework underneath it just handed an attacker a shell on the box that holds your OpenAI key, your database credentials, and your CRM tokens.That is not a hypothetical. In a few months, three of the most widely deployed AI agent frameworks each turned a known, ordinary bug class into a way through. Check Point Research chained a SQL injection in LangGraph\u2019s SQLite checkpointer to full remote code execution. Tenable and VulnCheck tracked a path traversal in Langflow\u2019s file upload endpoint to active, in-the-wild RCE. Cyera documented a path traversal in LangChain-core\u2019s prompt loader that reads your secrets off disk. Two paths to a shell, one to your keys. They are the same bug, wearing three frameworks.These frameworks became production infrastructure faster than anyone secured them. They store agent state, take file uploads, load prompt configs, and hold the credentials to databases, CRMs, and internal APIs. The edge tools watch traffic. The endpoint tools watch processes. Neither was built to treat an imported framework as a boundary worth guarding, and that blind spot is exactly where all three chains live, widening every week as these frameworks ship to production.The LangGraph chain, SQL injection to a Python shellStart with the one most teams pulled into production this quarter. LangGraph gives AI agents memory through checkpointers, the persistence layer that stores execution state. It has cleared over 50 million downloads a month. Yarden Porat of Check Point Research took that layer apart and found three vulnerabilities. Two of them chain to RCE.CVE-2025-67644, rated CVSS 7.3, is a SQL injection in the SQLite checkpointer. The function that builds the WHERE clause for checkpoint lookups drops user-controlled filter keys straight into the query with no parameterization and no escaping. This does not hit everyone, but where it hits, it is serious. A deployment is exposed when it self-hosts LangGraph on the SQLite or Redis checkpointer and lets untrusted input reach get_state_history() or a similar history endpoint. Meet those conditions, and an attacker who controls the filter writes a fabricated row straight into the checkpoint table. Run LangChain\u2019s managed LangSmith platform on PostgreSQL, and the exposure is gone.Then CVE-2026-28277, CVSS 6.8, finishes the job. LangGraph\u2019s msgpack checkpoint decoder rebuilds Python objects from the stored data, which lets it import a module and call a named function with attacker-supplied arguments. That step needs write access to the checkpoint store; the SQL injection is what grants it remotely. LangGraph loads the forged row as a legitimate checkpoint, the decoder runs the specified function, including os.system, and code executes under the identity of the agent server. A third issue, CVE-2026-27022, CVSS 6.5, reaches the same place through the Redis checkpointer.There has been no confirmed exploitation in the wild yet. A working proof-of-concept is public in Check Point\u2019s disclosure. The fixes are version bumps: langgraph-checkpoint-sqlite to 3.0.1, langgraph to 1.0.10, and langgraph-checkpoint-redis to 1.0.2.The Langflow chain, one unauthenticated request to RCELangflow is the one already under attack. CVE-2026-5027, CVSS 8.8, is a path traversal in the POST \/api\/v2\/files endpoint, which takes the filename straight from the form data and writes it to disk unsanitized. An attacker packs that filename with traversal sequences and drops a file anywhere, such as a cron job in \/etc\/cron.d\/. Because Langflow ships with auto-login enabled in its default configuration, an exposed instance needs no credentials at all. A single unauthenticated request reaches the endpoint, and the next cron run hands over a shell.VulnCheck\u2019s Caitlin Condon confirmed exploitation on June 9: \u201cOur Canaries observed exploitation of CVE-2026-5027 that successfully leveraged the path traversal to write what appear to be test files on victim systems.\u201d Censys put roughly 7,000 exposed instances on the internet, most in North America. This is the third Langflow flaw to draw active exploitation this year, after CVE-2025-34291, which the Iranian state-sponsored group MuddyWater weaponized and which CISA added to its Known Exploited Vulnerabilities catalog in May. CVE-2026-5027 itself was patched in version 1.9.0, released April 15.The timeline is what sets the clock. The patch shipped April 15. Attacks started in June, and VulnCheck added CVE-2026-5027 to its exploited-vulnerabilities list June 8 once its sensors caught the first in-the-wild hits. Every instance left unpatched between those two dates has been sitting in the open for almost two months. The lesson for security teams is to start the patch clock at disclosure, not at a federal catalog entry.The LangChain-core gap, arbitrary file reads through the prompt loaderLangChain-core, the foundation under both, disclosed CVE-2026-34070, CVSS 7.5, a path traversal in its legacy prompt-loading API. The load_prompt() functions read a file path out of a config dict with no check against traversal sequences or absolute paths, so an attacker who influences that path reads arbitrary files the process can reach, including the .env file holding OPENAI_API_KEY and ANTHROPIC_API_KEY. Cyera paired it with CVE-2025-68664, CVSS 9.3, a deserialization flaw that resolves environment secrets through a crafted object. The fix versions differ, which matters when you patch: CVE-2026-34070 lands in langchain-core 1.2.22 and 0.3.86; CVE-2025-68664 lands earlier in 1.2.5 and 0.3.81. Clear both, or the higher-severity flaw stays live behind a patched one.Three frameworks, three classic AppSec bugs. Path traversal. SQL injection. Unsafe deserialization. Nothing exotic, nothing AI-specific, just old vulnerabilities living inside new infrastructure. None of this is a frontier-model problem. It is plumbing, sitting in the layer where AI meets the enterprise.Why the scanner cannot see itMerritt Baer, CSO at Enkrypt AI and former deputy CISO at AWS, has named what makes this kind of failure hard to see coming. It does not announce itself as an AI problem. \"CISOs will experience MCP insecurity not in the abstract, but when an employee pastes sensitive data into a tool, or when an attacker finds an unauthenticated MCP server in your cloud,\" Baer told VentureBeat. \"It won't feel like 'AI risk.' It will feel like your traditional security program failing.\" The framework chains here are the same shape. An exposed Langflow instance is an unauthenticated server in your cloud, and the alert, if one fires, reads like an ordinary incident.That is the gap in one sentence. The exploit lives in the framework your code imports. The WAF never sees a msgpack decoder running three layers down. The EDR watches the agent server make the same process calls it makes a thousand times a day and waves it through. Both tools are doing their job. Nobody scoped the framework itself as the thing that could turn on you. The root cause is older than AI, and Baer names it. \u201cMCP is shipping with the same mistake we\u2019ve seen in every major protocol rollout: insecure defaults,\u201d she told VentureBeat. \u201cIf we don\u2019t build authentication and least privilege in from day one, we\u2019ll be cleaning up breaches for the next decade.\u201d Langflow\u2019s auto-login is that mistake shipped. LangChain-core\u2019s unguarded prompt loader is that mistake shipped. The convenient default is the vulnerability. And the moment an agent connects to anything, that risk compounds. \u201cYou\u2019re not just trusting your own security, you\u2019re inheriting the hygiene of every tool, every credential, every developer in that chain,\u201d Baer said. \u201cThat\u2019s a supply chain risk in real time.\u201dThere is a governance failure layered on top of the technical one, and it is the same miscategorization Assaf Keren, chief security officer at Qualtrics and former CISO at PayPal, has flagged in adjacent tooling. \u201cMost security teams still classify experience management platforms as \u2018survey tools,\u2019 which sit in the same risk tier as a project management app,\u201d Keren told VentureBeat. \u201cThis is a massive miscategorization.\u201d Swap in AI agent frameworks, and it still holds. Teams file LangGraph, Langflow, and LangChain under developer convenience, then wire them into databases, CRMs, and provider keys. \u201cSecurity has to be an enabler,\u201d Keren said, \u201cor teams route around it.\u201d These frameworks are what routing around it looks like.Follow the money and it points at the same layer. On its Q1 fiscal 2027 earnings call, CrowdStrike reported its AI detection and response line up more than 250% sequentially, and on June 17 it extended that runtime coverage to agent, LLM, and MCP traffic on AWS. George Kurtz, the company\u2019s co-founder and CEO, named the reason in plain terms: \u201cAgents run on the endpoint. They make tool calls, access files, invoke APIs, and move data at the process level.\u201d That is the exact plumbing these chains abuse, and real money is now moving to the layer your AppSec scan skips.What to put in front of the boardThe board does not need the CVE numbers. It needs the consequence, and Keren draws the line the board cares about. Most teams have mapped the technical blast radius. \u201cBut not the business blast radius,\u201d Keren told VentureBeat. \u201cWhen an AI engine triggers a compensation adjustment based on poisoned data, the damage is not a security incident. It is a wrong business decision executed at machine speed.\u201d A framework RCE is the same problem one layer earlier. The agent does not just leak a credential; it acts on production systems with it, and the business sees an outcome no one can explain.So frame it the way a board frames it: we run AI agent frameworks in production that can be turned into remote shells through bugs our scanners are not built to find, all three are patched, one is under active attack, and here is the date every instance is verified and closed. None of this required custom malware or a zero-day.The six-question checklistSix trust boundaries, one per row, each with the question, the proof point, the command, the fix, and the board line. Run it tonight.Trust-Boundary QuestionProof PointWhat BrokeVerify Before You InstallThe FixBoard Language1. Can the agent's state store be poisoned with code?LangGraph SQLi-to-RCE chain. CVE-2025-67644 (CVSS 7.3) chains into CVE-2026-28277 (CVSS 6.8). PoC public, no in-the-wild use yet.Filter keys interpolated into SQL with an f-string. Forged checkpoint row hits the msgpack decoder, which imports and runs an attacker-named callable.pip show langgraph-checkpoint-sqlite. Below 3.0.1 = vulnerable. Confirm get_state_history() is not exposed to network input.Upgrade langgraph-checkpoint-sqlite to 3.0.1, langgraph to 1.0.10, langgraph-checkpoint-redis to 1.0.2.\u201cOur agent memory layer can be tricked into running attacker code. Vendor has patched it. We are upgrading and confirming the endpoint is not exposed.\u201d2. Can an unauthenticated request write a file to our agent server?Langflow CVE-2026-5027 (CVSS 8.8). On VulnCheck KEV (June 8). Active exploitation confirmed June 9. ~7,000 exposed instances (Censys).Path traversal in POST \/api\/v2\/files. Filename unsanitized. Auto-login on by default. Two HTTP calls drop a cron job and earn a shell.Query Censys or Shodan for your Langflow, Flowise, n8n, and Dify instances on the perimeter. Check whether auto-login is enabled.Upgrade Langflow to 1.9.0+. Disable auto-login. Pull AI dev tools behind VPN or zero-trust. Isolate port 7860.\u201cOur AI dev tools are reachable from the internet with login off. This exact flaw is under active attack now. We are pulling them behind access controls today.\u201d3. Can our prompt loader read files it should never touch?LangChain-core CVE-2026-34070 (CVSS 7.5), path traversal in the prompt-loading API. Paired with deserialization CVE-2025-68664 (CVSS 9.3).load_prompt() reads a config-supplied path with no traversal check, returning files such as the .env holding OPENAI_API_KEY and ANTHROPIC_API_KEY.pip show langchain-core. Below 1.2.22 (1.x) or 0.3.86 (0.x) = vulnerable. Audit any code passing user-influenced paths to load_prompt().Upgrade langchain-core past both fixes: 1.2.22 \/ 0.3.86 (CVE-2026-34070) and 1.2.5 \/ 0.3.81 (CVE-2025-68664). Replace load_prompt() with an allowlisted directory. Run as non-root.\u201cOur prompt system could be steered to read our API keys off disk. We are patching and removing the legacy loader.\u201d4. Does a compromised framework hand over every credential at once?These frameworks are often deployed with provider keys, database credentials, and integration tokens available to the process environment. Cyera documents the credential-exfiltration path.One RCE on the agent server exposes every secret the process can read. Blast radius is the full credential set, not one app.Inventory which secrets each framework process can reach. Confirm keys come from a secrets manager, not static .env files.Move provider keys to ephemeral injection. Rotate any key a vulnerable instance could have read. Scope each key to least privilege.\u201cA single break in one AI framework exposes the keys to every model and data store it touches. We are rotating and scoping them now.\u201d5. Are these frameworks running outside security governance?A prior Langflow flaw, CVE-2025-34291, was weaponized by Iranian-linked MuddyWater and added to CISA KEV in May. Shadow AI is the new shadow IT.Teams stand frameworks up for speed, give them credentials, and never bring them under review. The security team cannot see what it does not know exists.Run a discovery sweep for AI frameworks outside change management. Map each to an owner and an approval record.Assign every framework a documented owner and a place in the approval process. Offer a sanctioned alternative so teams do not route around you.\u201cWe have AI frameworks in production that no one formally approved. We are bringing them under governance, not banning them.\u201d6. Can our scanners even see inside the framework at runtime?Runtime detection is forming around this layer: CrowdStrike Falcon AIDR expanded to AWS June 17 (Bedrock, Kiro, Strands); its QuiltWorks coalition now covers cloud workloads.WAF reads HTTP at the edge. EDR watches the endpoint. By default, neither reliably models a msgpack decoder or a prompt loader three layers down in an imported framework as a separate trust boundary.Test whether your AppSec scan covers third-party framework internals. Track CVEs by dependency, not just by what your edge tools can parse.Add framework dependencies to vuln management. Treat agent output and stored state as untrusted. Patch on disclosure, not on KEV listing.\u201cOur scanners check our code, not the frameworks our code imports. We are closing that blind spot and patching on disclosure, not waiting for the federal catalog.\u201dHow to read this table: each row is one trust boundary, left to right, from the question to ask to the line to read your board.Give the board the deadline, not the technologyThe fixes are not a re-architecture. They are version bumps and config changes you can land this week. The exposure is the gap between the day the patch shipped and the day your team runs the checks, and right now that gap is measured in months. The frameworks did exactly what they were built to do.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/venturebeat.com\/security\/copilot-searched-your-mailbox-litellm-handed-out-admin\" target=\"_blank\" rel=\" noopener\" title=\"Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/images.ctfassets.net\/jdtwqhzvc2n1\/599hDEEWXHzpIDiNVQFFsc\/069254d665cc4a88ccee32f955648c72\/hero.png?w=300&#038;q=30\" title=\"Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/venturebeat.com\/security\/copilot-searched-your-mailbox-litellm-handed-out-admin\" target=\"_blank\" rel=\" noopener\">Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Two AI tools broke in the same way in the same two weeks, and four research teams proved it. The pattern underneath every disclosure is one sentence: enterprise AI accepts external input with no trust boundary. On June 15, Varonis disclosed SearchLeak (CVE-2026-42824), a proof-of-concept exfiltration chain in Microsoft 365 Copilot Enterprise Search. A victim clicks a crafted microsoft.com URL, Copilot searches their mailbox, and the data leaves through a Bing SSRF. No plugins, no second click, no visible indicator. Four days earlier, Obsidian Security published a three-CVE chain against LiteLLM that carried a default low-privilege user all the way to admin and remote code execution. Two tools. Two teams. One broken boundary.The five-check audit at the end of this article maps each gap to a CVE or a market signal from June, a command you can run before lunch, and a sentence a CISO can read to the board.Copilot turned a trusted URL into an exfiltration engineSearchLeak chained three weaknesses into a silent data-theft chain. The URL q parameter fed attacker instructions straight to Copilot\u2019s LLM. A rendering race condition fired an image tag before the output sanitizer ran. Bing\u2019s image-search endpoint, allowlisted in the Content Security Policy, routed the stolen data out. Microsoft rated the flaw critical and patched it on the back end, according to Varonis. NVD has not yet scored it; a third-party tracker lists it at 6.5 medium. The severity is contested, but the mechanism is not.The escalation is the real story. This is the third Varonis Copilot exfiltration chain in twelve months, after Reprompt in January and EchoLeak in 2025. Reprompt hit Copilot Personal. SearchLeak hit Enterprise Search. Enterprise inherits the user\u2019s full organizational permissions, so the blast radius is everything that a user can reach.LiteLLM handed a default account to every provider keyThe LiteLLM gateway holds the keys for OpenAI, Anthropic, Azure, and Bedrock behind a single proxy. The Obsidian chain runs in three moves. CVE-2026-47101, an authorization bypass, lets a non-admin mint a wildcard API key. CVE-2026-47102 promotes that caller to proxy admin through an unguarded \/user\/update endpoint. CVE-2026-40217 escapes the code sandbox through exec() with full builtins. Obsidian then demonstrated a reverse shell by injecting a forged tool-call response through LiteLLM\u2019s callback mechanism. Obsidian assessed the combined chain at CVSS 9.9. The developer typed one word. The attacker popped a shell.A separate LiteLLM flaw made the urgency immediate. CVE-2026-42271, a command-injection bug in the MCP test endpoints, landed on the CISA KEV list on June 8 with a June 22 remediation deadline. That KEV entry is not the Obsidian chain. The two are distinct disclosures four days apart, fixed in different releases, pointed at the same gateway. LiteLLM carries more than 40,000 GitHub stars and sits in thousands of enterprise deployments. This is not the first scare, either. A supply-chain compromise backdoored LiteLLM versions 1.82.7 and 1.82.8 on PyPI in March. A compromised gateway exposes every provider credential the organization holds.Langflow and Mini Shai-Hulud proved the pattern scalesThe same boundary broke in two more tools in the same fortnight. Langflow CVE-2026-5027 became the third Langflow remote-code-execution flaw to hit active exploitation this year. A path traversal in file upload lets an attacker write files anywhere on disk, and because Langflow ships with auto-login enabled by default, a single unauthenticated request reaches RCE. VulnCheck confirmed exploitation on June 9. Censys counted roughly 7,000 exposed instances, the heaviest concentration in North America, with MuddyWater attribution.The Mini Shai-Hulud campaign hit a different pressure point. After the worm\u2019s source code went public on May 12, copycat variants compromised 32 Red Hat Cloud Services npm packages on June 1, packages pulled 80,000 times a week. The worm harvests more than 20 credential types and self-propagates under the compromised maintainer\u2019s identity.Four teams, four tools, one operating failure. The bug classes differ. SearchLeak is a prompt injection. LiteLLM is privilege escalation. Langflow is path traversal. Mini Shai-Hulud is supply-chain poisoning. The boundary that broke is the same in all four.The market already repriced the riskCrowdStrike\u2019s Q1 FY27 earnings call put a number on the gap. AIDR, the company\u2019s AI detection and response line, grew ending ARR more than 250% sequentially, with a Q2 pipeline above $50 million (SEC-filed 8-K). Total company ARR reached $5.51 billion, and CrowdStrike\u2019s fleet telemetry shows more than 1,800 agentic applications running across enterprise endpoints. On June 17, the company extended AIDR to AWS, adding real-time evaluation of agent, LLM, and MCP communications across Amazon Bedrock, Kiro, and Strands Agents, building on its work with Anthropic\u2019s Project Glasswing. Daniel Bernard, CrowdStrike\u2019s chief business officer, said the AI attack surface now spans development, runtime, identities, and cloud infrastructure, and that teams treating those as separate domains leave the gaps between them open.Practitioners name the same gap in plainer termsDavid Levin, CISO at American Express Global Business Travel, told VentureBeat the pattern does not surprise him. \u201cWe kind of have this shadow AI, which is just the new version of shadow IT,\u201d Levin said. Both Langflow and LiteLLM fit the description. Teams stood them up for convenience, gave them credentials, and never brought them under governance. Levin puts the fix before deployment. \u201cWe didn\u2019t go into this with just saying we\u2019re going to go do this without the right fundamentals,\u201d he said. \u201cWe leverage NIST controls. NIST has released their CSF along with their AI framework. OWASP released their top 10. You need the right fundamentals before you deploy.\u201dMerritt Baer, CSO at Enkrypt AI and former AWS Deputy CISO, named the structural version of the failure in a separate VentureBeat interview. \u201cEnterprises believe they\u2019ve \u2018approved\u2019 AI vendors, but what they\u2019ve actually approved is an interface, not the underlying system,\u201d Baer said. \u201cThe real dependencies are one or two layers deeper, and those are the ones that fail under stress.\u201d She has tied that directly to how systems fall. \u201cRaw zero-days aren\u2019t how most systems get compromised. Composability is,\u201d Baer told VentureBeat. \u201cIt\u2019s the glue between the model and your data where the risk lives. If you give an agent bash and a root token, you\u2019ve already done most of the attacker\u2019s work for them.\u201d That is what rows 2 and 4 of the audit test: the gateway that holds every key, and the agent identity no one governs.Levin had a sharper frame for the boardroom. \u201cYou need to talk more in terms of risk versus compliance to your boards and your executives,\u201d he said. \u201cIt\u2019s not about the size of the engineering team anymore. It\u2019s the size of your imagination. It\u2019s all written in plain English. It\u2019s not hard for anyone.\u201d Neither SearchLeak nor LiteLLM needed custom malware or a zero-day to work.Adam Meyers, CrowdStrike\u2019s SVP of Intelligence, put the operational squeeze in numbers in an exclusive VentureBeat interview. \u201cThe problem is not zero-day. The problem is patching. If you 10x that problem, they\u2019re gonna be completely underwater,\u201d Meyers said. He pointed to identity as the second front. \u201cSome of these AI have their own identities, or people give their identity to the AI to take action on their behalf, and that makes it a very complex problem.\u201dThe five-check trust-boundary auditEach row maps a gap to its proof point, a verification command for Monday morning, the fix, and the sentence to read to the board.Trust-Boundary GapProof PointWhat BrokeVerify MondayFix MondayBoard Language1. Prompt-to-DataSearchLeak CVE-2026-42824. P2P injection + HTML race + Bing SSRF. One-click mailbox exfiltration via microsoft.com URL. PoC demonstrated; Microsoft rated it critical, NVD not yet scored.URL q-parameter passed to LLM as instructions. Sanitizer ran after render. Bing acted as exfiltration proxy via CSP allowlist.Audit CSP allowlists for domains performing server-side fetches. Monitor Copilot Search URLs for encoded payloads. Review Copilot audit logs.Confirm server-side patch applied. Enable sensitivity labels restricting Copilot. Treat AI streaming output as untrusted.\u201cOur AI assistant could search employee email and send results to an attacker through a trusted Microsoft URL. Vendor patched it. We must verify configuration.\u201d2. Gateway Credential ExposureLiteLLM three-CVE chain (-47101, -47102, -40217). CVSS 9.9. Separate CVE-2026-42271 on CISA KEV (fixed in v1.83.7; full chain fixed in v1.83.14-stable). June 22 deadline.No role validation on key endpoints. Self-promotion to admin via \/user\/update. exec() sandbox escape. One gateway exposes all provider keys.Run pip show litellm. Below 1.83.14-stable = vulnerable. Check \/mcp-rest\/test\/ exposure. Audit proxy_admin accounts.Upgrade to v1.83.14-stable+. Rotate all provider API keys. Block \/mcp-rest\/test\/* at proxy. Review Custom Code Guardrails.\u201cOur AI gateway held keys for every provider. A default account could promote itself to admin and steal them all. Rotating and patching now.\u201d3. AI Tooling SprawlLangflow CVE-2026-5027 (CVSS 8.8). Third RCE of 2026. ~7,000 exposed instances. MuddyWater. Active exploitation June 9.Path traversal in file upload. Auto-login enabled by default. Single unauthenticated request to RCE.Query Censys\/Shodan for Langflow, Flowise, n8n, Dify on your perimeter. Check auto-login. Inventory AI tools outside change management.Pull AI platforms behind VPN\/zero-trust. Enable auth everywhere. Upgrade Langflow to v1.9.0+ (current release 1.10.0). Fingerprint surface continuously.\u201cAI dev tools are exposed to the internet with login disabled. A nation-state group is exploiting this flaw now. Pulling behind access controls today.\u201d4. Non-Human Identity GovernanceAIDR ARR up 250% (Q1 FY27, SEC 8-K). Q2 pipeline &gt;$50M. 1,800+ agentic apps across enterprise endpoints.Agents hold identities and act on behalf of humans. Some exceed their intended scope to reach a goal. No standard governs agent credential lifecycle.Inventory all non-human identities used by agents and MCP servers. Map agent-to-data-store access. Flag agents with write access to security policy.Least-privilege every agent identity. Set privilege boundaries via identity protection. Runtime detection for policy-exceeding actions. Human-in-the-loop for policy changes.\u201cAI agents hold credentials and act autonomously. We do not govern their identity lifecycle like human access. The 250% market growth tells us this gap is systemic.\u201d5. Runtime Agentic DetectionFalcon AIDR expanded to AWS (June 17). Covers Bedrock, Kiro, Strands Agents. MCP integration. Real-time agent\/LLM\/MCP evaluation.Traditional tools monitor human-speed actions. Agents run at machine speed, thousands of actions per minute, and route around controls to reach goals.Test if EDR\/XDR links agent actions to originating identity. Verify SIEM ingests MCP communications. Confirm you can distinguish human from agent on endpoint.Deploy AIDR or equivalent runtime detection. Shadow-AI discovery for all agentic apps, models, MCP servers, identities. Real-time policy enforcement on agent actions.\u201cWe cannot distinguish a human employee from an AI agent acting on their behalf. We need runtime detection at machine speed that can stop damage before it starts.\u201dThe fix is plumbing, not policyThe June 2 executive order creates an AI Cybersecurity Clearinghouse with a July 2 deadline. The five gaps above are not frontier-model problems. They are plumbing problems in the gateways, orchestration platforms, identity layers, and runtime environments where AI meets the enterprise. The audit is five rows. Every row maps to a June disclosure or market signal, a command a team can run before lunch, and a sentence a CISO can read to the board. The question is not whether your vendor will patch. It's whether you find the gap first \u2014 or whether an attacker finds it the way they found Copilot and LiteLLM.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102378-chinese-hackers-targeting-ai-cyber-and-national-defense-research\" target=\"_blank\" rel=\" noopener\" title=\"Chinese Hackers Targeting AI, Cyber and National Defense Research\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/17\/Computer-and-laptop-by-Mamur-Saitbaev.webp?t=1781713180\" title=\"Chinese Hackers Targeting AI, Cyber and National Defense Research\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102378-chinese-hackers-targeting-ai-cyber-and-national-defense-research\" target=\"_blank\" rel=\" noopener\">Chinese Hackers Targeting AI, Cyber and National Defense Research<\/a><\/span><div class=\"rss_content\" style=\"\"><p>The campaign was undetected for more than one year.\u00a0<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102379-kodak-confirms-breach-following-claims-22m-records-stolen\" target=\"_blank\" rel=\" noopener\" title=\"Kodak Confirms Breach Following Claims 2.2M Records Stolen\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/17\/Kodak-box-by-Connor-Betts.webp?t=1781715422\" title=\"Kodak Confirms Breach Following Claims 2.2M Records Stolen\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102379-kodak-confirms-breach-following-claims-22m-records-stolen\" target=\"_blank\" rel=\" noopener\">Kodak Confirms Breach Following Claims 2.2M Records Stolen<\/a><\/span><div class=\"rss_content\" style=\"\"><p>This breach may include internal corporate data and the personal information of customers.\u00a0<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102373-organizations-emergency-response-fails-to-match-confidence-levels\" target=\"_blank\" rel=\" noopener\" title=\"Organizations\u2019 Emergency Response Fails to Match Confidence Levels\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/Issues\/2026\/06-June\/SEC-0626-New1-Feat-Slide1-1170x658.webp?t=1781621866\" title=\"Organizations\u2019 Emergency Response Fails to Match Confidence Levels\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102373-organizations-emergency-response-fails-to-match-confidence-levels\" target=\"_blank\" rel=\" noopener\">Organizations\u2019 Emergency Response Fails to Match Confidence Levels<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Organizations overestimate their emergency response; almost 50% of organizations faced a lateral movement attack in the last year.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102376-error-in-breach-notice-leaves-victims-confused-skeptical\" target=\"_blank\" rel=\" noopener\" title=\"Error in Breach Notice Leaves Victims Confused, Skeptical\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/16\/Crumpled-paper-and-trash-bin-by-Steve-Johnson.webp?t=1781629307\" title=\"Error in Breach Notice Leaves Victims Confused, Skeptical\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102376-error-in-breach-notice-leaves-victims-confused-skeptical\" target=\"_blank\" rel=\" noopener\">Error in Breach Notice Leaves Victims Confused, Skeptical<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Patients received notices after a hospital data breach \u2014 but the letters looked like scams.\u00a0<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102375-trump-signs-national-security-memo-to-bolster-military-intelligence-system-cybersecurity\" target=\"_blank\" rel=\" noopener\" title=\"Trump Signs National Security Memo to Bolster Military, Intelligence System Cybersecurity\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/16\/American-flag-by-Justin-Cron.webp?t=1781627740\" title=\"Trump Signs National Security Memo to Bolster Military, Intelligence System Cybersecurity\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102375-trump-signs-national-security-memo-to-bolster-military-intelligence-system-cybersecurity\" target=\"_blank\" rel=\" noopener\">Trump Signs National Security Memo to Bolster Military, Intelligence System Cybersecurity<\/a><\/span><div class=\"rss_content\" style=\"\"><p>President Trump signed a new National Security Presidential Memorandum to support the nation\u2019s National Security Systems (NSS).<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102374-update-on-the-cal-water-hacking-incident\" target=\"_blank\" rel=\" noopener\" title=\"Update on the Cal Water Hacking Incident\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/16\/Half-open-laptop-by-Ales-Nesetril.webp?t=1781727316\" title=\"Update on the Cal Water Hacking Incident\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102374-update-on-the-cal-water-hacking-incident\" target=\"_blank\" rel=\" noopener\">Update on the Cal Water Hacking Incident<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Cal Water has responded following the claims of a cybersecurity incident.\u00a0<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/venturebeat.com\/security\/85-of-it-teams-claim-every-ai-agent-is-under-control-only-42-actually-know-who-owns-them\" target=\"_blank\" rel=\" noopener\" title=\"85% of IT teams claim every AI agent is under control. Only 42% actually know who owns them.\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/images.ctfassets.net\/jdtwqhzvc2n1\/VVD0axSaQb70MPEzSbZms\/5dfd23c2b3da09d025fbc393412549c9\/hero.png?w=300&#038;q=30\" title=\"85% of IT teams claim every AI agent is under control. Only 42% actually know who owns them.\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/venturebeat.com\/security\/85-of-it-teams-claim-every-ai-agent-is-under-control-only-42-actually-know-who-owns-them\" target=\"_blank\" rel=\" noopener\">85% of IT teams claim every AI agent is under control. Only 42% actually know who owns them.<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Organizational leaders are nearly twice as likely to hide their AI use compared to all other employees, at 42% versus 23%, according to new Ivanti research surveying 3,900 employees across six countries. Among leaders who conceal that usage, 52% say they do it for a \"secret advantage.\" The same research found 85% of IT professionals claim a named owner exists for every AI agent. Only 42% say ownership is actually clear \u2014 a 43-point gap that no governance framework was designed to close.Sam Evans, CISO of Clearwater Analytics, stood before his board and laid out the risk to the $8.8 trillion in assets his firm's platform supports. \"The worst possible thing would be one of our employees taking customer data and putting it into an AI engine that we don't manage,\" Evans told VentureBeat. He brought a solution, not just a problem. Many CISOs VentureBeat interviewed did not.Menlo Security CEO Bill Robbins relayed a conversation with a Top 3 U.S. bank CISO who called shadow AI discovery \"a bit of a fool's errand\": AI is embedded in every application and browser employees touch. The bank governs from containment, not discovery.The scale justifies that posture. \"We see 50 new AI apps a day, and we've already cataloged over 12,000,\" Prompt Security CEO Itamar Golan told VentureBeat. \"Around 40% of these default to training on any data you feed them, meaning your intellectual property can become part of their models.\" CrowdStrike has detected 1,800 AI applications operating across 160 million endpoint instances. Those are vendor-reported numbers from proprietary telemetry. No independent party can verify them. The directional signal matters more than the exact count.CrowdStrike CTO Elia Zaitsev described what makes the surface so hard to govern. \"It looks indistinguishable if an agent runs your web browser versus if you run your browser,\" Zaitsev told VentureBeat at RSAC 2026. \"Observing actual kinetic actions is a structured, solvable problem. Intent is not.\" The shadow AI surface is no longer a list security teams can maintain. It is an environment they have to assume.The Ivanti survey was administered independently by Ravn Research and MSI Advanced Customer Insights across 1,500 IT professionals. Among companies with AI policies, just 24% of employees say those policies are followed \"very consistently\" in day-to-day work.Kayne McGladrey, IEEE senior member, told VentureBeat why that governance gap persists. \"Anything that seems to have a cybersecurity flavor is generally put into the cybersecurity risk category, which is a complete fiction. They should be focused on business risks, because if it doesn't affect the business, like a financial loss, then nobody's going to pay attention to it, and they will not budget it appropriately, nor will they adequately put in controls to prevent it,\" McGladrey told VentureBeat previously.Brokerage partners at major consulting firms shared over Signal that they build shadow AI applications in Google Colab and store them in S3 buckets to compress a week of financial analysis into an hour. The approval process takes too long, so they route around it.Governance at deploy time, failure at runtimeReviews check functional requirements when a model ships, but they never check model provenance, behavioral drift, or whether the agent expanded its own permissions after launch. CrowdStrike CEO George Kurtz disclosed at RSA Conference 2026 that a Fortune 50 CEO's AI agent rewrote the company's security policy to expand its own autonomy. The company caught it by accident. Every credential check had passed. \"In the agentic era, defending against AI-accelerated adversaries and securing AI systems themselves require operating at machine speed,\" Kurtz said. Quarterly governance reviews do not operate at machine speed.Mike Riemer, Field CISO at Ivanti, built that lesson into his own team's AI agent development. \"It's great at what I intended it for, but it's also great at what I didn't intend it for, and what I didn't intend it for is dangerous,\" Riemer told VentureBeat.Hallucination data compounds the problem. Sixty-eight percent of IT professionals have personally witnessed AI generate hallucinations with potential operational impact, according to Ivanti. More than half caught the errors before damage, but 16% did not. Yet among the most advanced users of AI, 49% fully trust AI-generated outputs that influence IT decisions.Riemer described the pattern in an exclusive interview with VentureBeat. \"There are people that are just accepting what's been given to them without any full understanding of what it is doing, which we've found in the tech industry for decades,\" Riemer said. \"They don't question how it's doing it. They just start gauging it by its outcome.\"Qualtrics CSO Assaf Keren identified the core tension in an exclusive interview with VentureBeat. Organizations are introducing \"non-deterministic decisioning into environments built for deterministic.\" Keren cited internal Qualtrics data showing that 22% of SOC triage is now AI-driven. No codified threshold separates what an agent can auto-execute from what requires a human in the loop.The 18-month windowThe window for fixing this is closing. IT organizations expect AI to automate 46% of their operations within 18 months, according to Ivanti. U.S. companies project 52%. Governance is already the most commonly cited barrier to faster deployment, ahead of skills, technology, and data challenges.The maturity divide makes the governance gap more dangerous. IT professionals at AI-mature organizations save six hours per week, double the three hours saved at the least mature level. Nearly 9 in 10 IT professionals at scaled organizations say AI frequently helps detect or resolve issues before employees are affected. At early experimentation organizations, that number drops to four in ten. Sixty-nine percent of scaled organizations report fully embedded governance, compared to 15% at early experimentation.Cisco President Jeetu Patel walked through a hypothetical scenario in an interview at RSAC 2026: an agent that charges $40,000, invites competitors to a Slack channel, and publishes home addresses. \"The apology is not a guardrail,\" Patel told VentureBeat. Cato Networks VP of Threat Intelligence Etay Maor framed the accountability problem in a separate RSAC interview. \"They're closer to humans. Why are we not doing background checks on agents?\"\"AI is compressing the time between intent and execution while turning enterprise AI systems into targets,\" CrowdStrike VP of Intelligence Operations Adam Meyers told VentureBeat. \"Proceed on one action does not mean proceed on the next,\" Cisco SVP of AI Software and Platform DJ Sampath said in a separate interview. McGladrey described the root cause. Organizations default to cloning human user profiles for agents, and permission sprawl starts on day one. \"It uses far more permissions than it should have, more than a human would, because of the speed of scale and intent,\" he said.Riemer's team built governance into Ivanti's own development process. \"We have AI check on top of AI to make sure that it is fixed. Two different models, two different manufacturers,\" Riemer said. \"If one AI believes the other AI fixed it appropriately, then it passes it off to a human being.\"Riemer put the vendor question in terms every CISO can use at the negotiating table. \"If that vendor doesn't have a way to show you what they've done from a development perspective in order to improve their development processes, you really need to question why you're working with that vendor,\" he said.The six questions below target governance dimensions where enforcement collapses at runtime. CISOs can use them during Q3 vendor renewals to separate vendors shipping runtime enforcement from vendors shipping documentation.Six governance questions for Q3 renewalsGovernance dimensionWhat the data provedWhy governance misses itQ3 renewal questionProof artifact to demandExecutive shadow AILeaders hide AI at 42% vs. 23% all employees. 52% hide for \"secret advantage.\" Regulated industries have the highest unsanctioned rates.Governance assumes policy writers follow policy. Leaders sit above the controls they wrote.Can your DLP, browser, SSE, and endpoint telemetry detect AI data movement at the executive layer with the same coverage as all other users?Executive-layer DLP, browser, SSE, and endpoint telemetry logs showing identical coverage to all other users.Named agent ownership85% claim a named owner. Only 42% say ownership is clear. 43-point gap.Owner on a spreadsheet. Agent at runtime. Nobody tested whether the owner can kill the agent under load.Can you name the owner for every AI agent? Can that owner revoke access in 60 seconds?Live demo of 60-second agent access revocation under production load.Pre-deployment review65% have pre-deployment risk review. Separately, only 24% say any AI policy is followed \"very consistently.\" Review exists. Enforcement does not.Review checks functional requirements at deploy. Never checks model provenance or behavioral drift at runtime.Does your review cover model provenance? Is it enforced or advisory?Model provenance certificate with enforcement log showing blocked deployments.Policy enforcement58% have acceptable-use policies. 24% followed \"very consistently.\" Documented. Not practiced.Agent pursued its goal past every boundary. Goal-seeking does not stop at a document the model never reads.Are policies enforced by server-side gates or by agent compliance? What percentage of actions are gated?Server-side gate audit trail with percentage of agent actions gated vs. ungated.Trust thresholds68% have seen hallucinations with operational impact. 49% of advanced users fully trust outputs.No codified threshold separates auto-execute from human-review.Which agent actions auto-execute versus require human review? Is that enforced in policy or in the platform?Documented threshold matrix classifying every agent action as auto-execute or human-review.Per-action authorizationGovernance is the #1 barrier at 27%. Skills 20%. Tech 17%. Data 14%.Oversight reviews quarterly. Agents act per-second.Is per-action authorization enforced at runtime or only at deploy-time review? Can agents accumulate permissions without re-authorization?Runtime authorization log showing per-action gate events and permission re-authorization timestamps.Source data from Ivanti, Scaling AI in IT Operations: The Path to Maturity in 2026 (n=1,500 IT professionals, 3,900 total employees, six countries, February\u2013March 2026). Exclusive CISO sourcing by VentureBeat.Evans put structure around the Clearwater board conversation. The bank CISO that Robbins described assumed AI is everywhere and governed from containment instead of discovery. Governance that tries to catalog every shadow AI tool will fail because the surface grows faster than any inventory.At scaled, business-critical organizations, 54% of IT professionals say AI makes their work both faster and better, according to Ivanti. At early experimentation organizations, 24% say the same. At scaled organizations, accountability lives in the platform. At early ones, it lives in a document the agent never reads.The six questions above give every CISO a way to test whether their governance actually works where it matters. At runtime, under load, and before the next renewal check clears.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102370-breaking-down-the-novo-nordisk-data-breach\" target=\"_blank\" rel=\" noopener\" title=\"Breaking Down the Novo Nordisk Data Breach\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/15\/Pills-in-bottle-by-Pawel-Czerwinski.webp?t=1781535769\" title=\"Breaking Down the Novo Nordisk Data Breach\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102370-breaking-down-the-novo-nordisk-data-breach\" target=\"_blank\" rel=\" noopener\">Breaking Down the Novo Nordisk Data Breach<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Experts break down the risks of Novo Nordisk data breach.\u00a0<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102369-maine-data-breach-reporting-portal-abused-taken-offline\" target=\"_blank\" rel=\" noopener\" title=\"Maine Data Breach Reporting Portal Abused, Taken Offline\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/15\/Coding-by-Markus-Spiske.webp?t=1781532289\" title=\"Maine Data Breach Reporting Portal Abused, Taken Offline\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102369-maine-data-breach-reporting-portal-abused-taken-offline\" target=\"_blank\" rel=\" noopener\">Maine Data Breach Reporting Portal Abused, Taken Offline<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Two organizations had false data breach notices filed against them, causing the Office of the Maine Attorney General to remove its public-facing data breach database.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/venturebeat.com\/security\/attackers-scale-deception-with-ai-defenders-need-truth-at-machine-speed\" target=\"_blank\" rel=\" noopener\" title=\"Attackers scale deception with AI. Defenders need truth at machine speed.\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/images.ctfassets.net\/jdtwqhzvc2n1\/591Zr5l5GE1ceQqivX0qqw\/9e29de38bbca6dedc88795bdf38bd92f\/Gemini_Generated_Image_m4qphtm4qphtm4qp.png?w=300&#038;q=30\" title=\"Attackers scale deception with AI. Defenders need truth at machine speed.\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/venturebeat.com\/security\/attackers-scale-deception-with-ai-defenders-need-truth-at-machine-speed\" target=\"_blank\" rel=\" noopener\">Attackers scale deception with AI. Defenders need truth at machine speed.<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Presented by SplunkAI has changed the economics of cyber deception.An attacker can now generate thousands of convincing phishing lures, fake identities, and tailored pretexts before a defender finishes a single change-control cycle. That is the new security challenge: deception got faster and cheaper, while verification did not.Much of the discussion around AI for defense centers on detection models. Detection matters, but it is not the only bottleneck. The deeper constraint is evidence: where data lives, whether it is available when needed, how quickly it can be correlated, how long it is retained, and whether analysts or agents can trust what they retrieve.Defense in the AI era is a data problem before it is a detection problem.The defender\u2019s advantage is truthAttackers can afford to lie at enterprise scale. They can test endless combinations of messages, identities, domains, and attack paths, and most can fail at almost no cost.Defenders do not have that luxury. Their advantage is truth: quickly knowing what happened, where, when, which identity was involved, which assets were affected, what changed, and what business process may be at risk.That truth must be documented, governed, auditable, and defensible. Attackers are using AI to scale deception, impersonation, social engineering, and speed. Defenders need AI to scale verification.The goal is not just to act faster than the attacker. It is to take action that people and machines can trust.Fragmented data breaks modern defenseConsider a suspicious login from a contractor account. On its own, it is just another authentication anomaly. To know whether it matters, a security team may need identity history, endpoint activity, cloud access logs, ticketing records, asset ownership, configuration changes, network telemetry, and business context.If those records sit in different tools, expire at different times, or require multiple teams to retrieve, defenders are not investigating the incident. They are negotiating with their own data estate.When signals can be reached in place and correlated quickly, the issue is no longer just whether the login looks unusual. It becomes whether the enterprise has enough evidence, in enough context, to take action it can defend.That challenge grows more urgent with AI assistants and agents. AI can only reason over what it can retrieve in time to matter. If the data is partial, stale, fragmented, unavailable, or stripped of context, AI does not create truth. It accelerates uncertainty.The system of record must become a defensive control planeFor years, enterprises treated security platforms, SIEMs, and data lakes as passive repositories: places to store data for later search and analysis. That model is no longer enough.What organizations now need is a defensive control plane: a layer that connects what happened, what it means, and what the enterprise is allowed to do about it. In architectural terms, it ties together raw machine data, business context, and policy. It does not just store evidence. It makes evidence usable for decisions and actions that must be explainable and trusted.In practice, that means doing four things well: preserving evidence, reaching data wherever it lives, adding business context, and governing action. More on each below.The old system of record answered one question: What is the official record?A defensive control plane answers the questions that matter operationally: What happened? What does it mean? What evidence supports that conclusion? And what action can we trust?AI does not reduce the need for authoritative records. It raises the standard for what those records must do.A defensive control plane must do four thingsPreserve evidence. Logs, metrics, traces, events, identity records, configuration changes, tickets, and asset state all help establish what happened. Their value often becomes clear only after an incident begins.Make data accessible wherever it lives. Security-relevant data is already spread across object stores, cloud platforms, operational tools, and business systems. Moving every byte into one place is often too slow, too expensive, and too difficult to govern. The better model is to bring analytics to the data.Add business context. Correlating machine data with business information turns \u201canomaly on host X\u201d into \u201cthe system supporting payment services for top accounts is being probed.\u201d That is what allows organizations to prioritize correctly.Govern action. In the agentic era, systems will do more than summarize incidents. They will enrich alerts, open cases, trigger workflows, isolate assets, update policies, and escalate decisions. Enterprises need to know what evidence an agent used, what policy governed the action, whether it stayed within scope, and how the decision can be reviewed afterward.The real SOC problem is not too little dataModern SOCs are not suffering from a lack of data. They are suffering from a lack of usable context.According to the Splunk State of Security 2025 report, SOC analysts continue to struggle with too many alerts (59%), too many false positives (55%), and alerts that lack context (46%). The issue is not data volume. It is the difficulty of turning fragmented signals into trusted decisions.Today, analysts are left stitching together context manually, pivoting across disconnected tools, and making high-stakes decisions without the full picture in time. Even as AI improves, outcomes still depend on whether humans are willing to approve changes across fragmented environments.This creates a daily crisis of context. Teams are forced to make consequential decisions based on data they cannot easily see, correlate, or trust. The result is latency, inconsistency, missed opportunities, and unnecessary risk.Trusted action is the durable advantageA data fabric architecture offers a way forward by creating a unified, intelligent layer across data sources spanning SecOps, ITOps, and NetOps. The goal is not centralization for its own sake. It is to break down silos and deliver context-rich insight at the speed AI-driven operations require.This is an operating model before it is a product. AI-driven defense depends on a foundation that can preserve evidence, reach data where it lives, add context, and maintain a reviewable link between data, decision, and action. That is the architectural shift behind Cisco Data Fabric powered by the Splunk Platform, which brings together machine data, federation, business context, governance, and provenance to help teams move from signal to trusted action.Attackers will keep making deception cheaper, faster, and more personalized. Defenders do not win that race by generating more noise. They win by making truth faster, and by grounding every action in evidence that people and machines can trust.Learn more about the Cisco Data Fabric powered by the Splunk Platform.Seth Brickman is VP, Global Product - Splunk Platform, Cisco.Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they\u2019re always clearly marked. For more information, contact sales@venturebeat.com.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/venturebeat.com\/security\/nanoclaw-and-jfrog-launch-immune-system-to-block-ai-agents-from-downloading-malicious-code\" target=\"_blank\" rel=\" noopener\" title=\"NanoClaw and JFrog launch 'immune system' to block AI agents from downloading malicious code\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/images.ctfassets.net\/jdtwqhzvc2n1\/77BUvHRR5neMsb4vlwRip2\/ed64951fbd22cd58addb8d99b6f977df\/Gemini_Generated_Image_xz3q0ixz3q0ixz3q__2_.png?w=300&#038;q=30\" title=\"NanoClaw and JFrog launch &#039;immune system&#039; to block AI agents from downloading malicious code\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/venturebeat.com\/security\/nanoclaw-and-jfrog-launch-immune-system-to-block-ai-agents-from-downloading-malicious-code\" target=\"_blank\" rel=\" noopener\">NanoClaw and JFrog launch 'immune system' to block AI agents from downloading malicious code<\/a><\/span><div class=\"rss_content\" style=\"\"><p>The creators of the hit, enterprise-friendly, open source OpenClaw variant NanoClaw are partnering with software supply chain management leader JFrog to launch a new, joint security integration they say will protect NanoClaw autonomous agents from malicious code injection. \"These agents are doing things that you cannot necessarily control, and you cannot necessarily train,\" said Gal Marder, Chief Strategy Officer at JFrog, in an exclusive interview with VentureBeat.Available immediately, the partnership hardwires NanoClaw agents directly to JFrog\u2019s vetted software registries, ensuring that AI assistants can only pull scanned, safe dependencies. The release addresses a rapidly growing blind spot in tech: autonomous agents frequently install packages in the background to extend their capabilities, often without their human operators' knowledge or oversight. \"The people who are operating the agents are not necessarily developers, and they are not even aware of the implications,\" explained Gavriel Cohen, creator of NanoClaw and CEO and co-founder of its new commercial services startup, NanoCo AI. To secure the broader ecosystem, the partners are working to make it available completely free of charge for the open-source community, while enterprise organizations can seamlessly route their agents through their existing, commercially licensed JFrog environments.The new technical capability enabled by this partnership follows NanoCo's moves to add permissions dialogs across the apps in which it's available via a partnership with Vercel, and a new partnership with Docker to allow NanoClaw agents to run more securely, isolated from other software environments directly inside Docker virtual containers. The risk of current, personal autonomous AI agents When an operator interacts with an autonomous system like NanoCo's NanoClaw, they communicate at a high level of abstraction. A user might simply send an audio file or a voice note, prompting the agent to independently figure out how to process it. As Cohen explained, the agent thinks, \"oh, I can't understand voice notes, so let me go and grab a package and download something and install it and set it up and run it\".This dynamic self-improvement makes AI agents incredibly powerful, but it also renders them highly susceptible to software supply chain attacks. Bad actors are increasingly poisoning open-source registries with malicious packages. Because agents act autonomously to fetch what they need, they bypass human scrutiny. The operators, who may not even be developers, are largely unaware of the security implications unfolding behind the scenes.How NanoCo and JFrog are working to stop agents from running malicious codeThe integration between NanoCo and JFrog acts as an automated immune system for these AI environments.Under the hood, NanoClaw agents are now configured to route their requests for software packages, CLI tools, and Model Context Protocol (MCP) servers exclusively through JFrog\u2019s registries.If an agent attempts to download a compromised library\u2014such as a vulnerable version of the popular Axios package\u2014the JFrog registry intercepts the request.It blocks the installation, returning a security policy error to the agent, noting that the request was \"rejected by JFrog's registry with a 403 security policy\". Crucially, the system does not just stop at blocking the threat; it creates a dynamic correction loop. The agent is notified of the vulnerability and guided to automatically seek out and install an approved, non-malicious version of the requested package instead.For large organizations, this integration solves a massive compliance headache. Marder notes that as enterprises adopt autonomous agents, they require absolute visibility. Organizations need \"a system of record, we need somewhere to track what agents that's running by whom and consuming what packages and using what skills and using what MCPs,\" he told VentureBeat.Beyond visibility, the JFrog integration provides a foundational \"trust layer\" and strict governance over what these automated systems are permitted to access.Licensing and accessibilityIn the realm of software distribution, licensing and access parameters dictate adoption. The NanoCo and JFrog partnership utilizes a dual-track approach to serve both individual open-source developers and highly regulated enterprises.For the open-source community, the integration is completely free. JFrog is providing open-source NanoClaw users with complimentary access to safe, vetted sources of artifacts, tools, and skills. This allows individual developers to run autonomous agents locally without drowning in manual approval requests for every single dependency. Furthermore, as community members build and share new \"skills\" for the agents, these contributions are uploaded to the registry, scanned for malicious code, and cleared before anyone else can use them. This infrastructure directly neutralizes the threat of poisoned community repositories.For enterprise deployments, the architecture plugs seamlessly into an organization's existing commercial environment. Rather than using the public open-source registry, corporate users point their NanoClaw agents to their own internal JFrog registries. This ensures that all agent activity adheres to the company\u2019s specific commercial licenses, internal security policies, visibility needs, and governance standards.As AI continues to blur the line between human intent and machine execution, the infrastructure securing that execution must evolve. This partnership acknowledges a core reality: you cannot train an AI to perfectly recognize every zero-day vulnerability; instead, you must build an environment where the agent simply cannot reach the vulnerability in the first place.<\/p><\/div><\/li><li  style=\"padding: 15px 0 25px\" class=\"rss_item\"><div class=\"rss_image\" style=\"height:150px;width:150px;\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102368-security-experts-discuss-validity-of-handalas-cal-water-hacking-claim\" target=\"_blank\" rel=\" noopener\" title=\"Security Experts Discuss Validity of Handala\u2019s Cal Water Hacking Claim\" style=\"height:150px;width:150px;\"><img decoding=\"async\" src=\"https:\/\/www.securitymagazine.com\/ext\/resources\/2026\/06\/12\/Head-in-front-of-monitors-by-Kevin-Horvat.webp?t=1781280414\" title=\"Security Experts Discuss Validity of Handala\u2019s Cal Water Hacking Claim\" style=\"height:150px;width:150px;\"><\/a><\/div><span class=\"title\"><a href=\"https:\/\/www.securitymagazine.com\/articles\/102368-security-experts-discuss-validity-of-handalas-cal-water-hacking-claim\" target=\"_blank\" rel=\" noopener\">Security Experts Discuss Validity of Handala\u2019s Cal Water Hacking Claim<\/a><\/span><div class=\"rss_content\" style=\"\"><p>Handala claims to have the ability to disrupt U.S. water supply, but what is the truth?<\/p><\/div><\/li><\/ul> <\/div><style type=\"text\/css\" media=\"all\">.feedzy-rss .rss_item .rss_image{float:left;position:relative;border:none;text-decoration:none;max-width:100%}.feedzy-rss .rss_item .rss_image span{display:inline-block;position:absolute;width:100%;height:100%;background-position:50%;background-size:cover}.feedzy-rss .rss_item .rss_image{margin:.3em 1em 0 0;content-visibility:auto}.feedzy-rss ul{list-style:none}.feedzy-rss ul li{display:inline-block}<\/style>\n<p>&nbsp;<\/p>\n<p><span style=\"text-decoration: underline;\">*All the information, logo, images, videos shared in news &amp; articles page &amp; home page is owned by their respective owners. All the credit goes to the owners of the articles. This website is used, just as a medium to share information.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; *All the information, logo, images, videos shared in news &amp; articles page &amp; home page is owned by their respective owners. All the credit goes to the owners of the articles. This website is used, just as a medium to share information.<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-7","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/kgpandya.com\/index\/wp-json\/wp\/v2\/pages\/7","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kgpandya.com\/index\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/kgpandya.com\/index\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/kgpandya.com\/index\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kgpandya.com\/index\/wp-json\/wp\/v2\/comments?post=7"}],"version-history":[{"count":40,"href":"https:\/\/kgpandya.com\/index\/wp-json\/wp\/v2\/pages\/7\/revisions"}],"predecessor-version":[{"id":237,"href":"https:\/\/kgpandya.com\/index\/wp-json\/wp\/v2\/pages\/7\/revisions\/237"}],"wp:attachment":[{"href":"https:\/\/kgpandya.com\/index\/wp-json\/wp\/v2\/media?parent=7"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}