Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trustworthy AI Starts with Better Agents

The difference between an AI feature and an AI-led operating model becomes clear the moment a security problem becomes difficult. In real-world security operations — where the signal is ambiguous, the evidence spans multiple domains, and the attacker is behaving in unfamiliar ways — architecture matters much more.

Non-Human Identity Sprawl Is the Hidden Cost of AI Velocity

In the current AI boom, we race to use copilots, orchestration scripts, CI workflows, retrieval pipelines, and background jobs. Sometimes, we take for granted that every one of these things needs an identity. Service accounts. OAuth apps. API keys. Short-lived tokens. As AI velocity increases, so does the number of these non-human identities (NHIs). Instead of obsessing over model quality, latency, hallucinations, and GPU costs, we also need to consider how these identities impact security.

Agentic commerce is happening now. Here's what we've learned.

We’ve been collaborating with others to explore when and how agentic commerce will work. Robin Gandhi is the CPO of Lithic, a leading card issuer that’s already seeing agents use its cards to make purchases. Below, he shares his thoughts on what’s changed, and what needs to change, for agentic commerce to become mainstream. Last year, I wrote about the opportunity for agentic payments to revolutionize travel bookings, ad spend management, procurement, and more.

The AI Malware Surge: Behavior, Attribution, and Defensive Readiness

Over the last year, AI-assisted malware development has evolved from an experimental practice into a common part of the attacker toolkit. In a rolling window from February 2025 to February 2026, Arctic Wolf Labs observed over 22,000 distinct files triggering AI-focused YARA rules across multiple malware repositories. These files included AI-generated code, large language model (LLM)-style scaffolding, runtime AI API integration, and DeepSeek-derived artifacts.

Agentic Context Security Platform Protecto is Now Available on Google Cloud Marketplace

Enterprise Agentic AI adoption faces a critical barrier: sensitive data exposure. AI agents perform tasks only as well as the context provided to them. However, context is precisely where enterprise data enters the workflow, introducing significant risk. Organizations need to deploy AI applications while maintaining strict data security, regulatory compliance, and privacy. This challenge stalls production deployments across enterprises, especially in healthcare and financial services.

Ep 35: RSAC FOMO? Dojo AI Demo

As we gear up for RSA Conference, we give viewers a sneak peek at Sumo Logic's SOC analyst agent, which turns a 45-minute analyst investigation into a five-minute AI-powered sprint. We walk through live demos showing how the agent automatically generates queries, maps threats to MITRE ATT&CK, and hands you recommended remediation actions all without making you switch tabs or tools. We also show off MCP integration that lets teams collaborate on active investigations right from Slack, because no one should be chained to their war room when there's dinner to be had.

WebPromptTrap - New Indirect Prompt Injection Vulnerability in BrowserOS

Cato researchers have discovered a new indirect prompt injection exploit pattern workflow in BrowserOS (an open-source agentic AI browser). We named it “WebPromptTrap” because the prompt originates from untrusted web content and it traps users into approving an authorization step through a trusted-looking AI summary.

Spring 2026 GenAI Code Security Update: Despite Claims, AI Models Are Still Failing Security

The last six months have been nothing short of revolutionary for AI-powered coding. OpenAI‘s “Code Red” release brought us GPT-5.1 and 5.2. Google unveiled Gemini 3 with its touted “unprecedented reasoning capabilities.” Anthropic rolled out Claude 4.5 and 4.6, powering the increasingly ubiquitous Claude Code features. Enterprise adoption of tools like OpenClaw has exploded, with developers praising unprecedented productivity gains.

The AI Control Gap: Why Partners Are Now on the Front Line

For channel partners, AI has quickly moved from a future conversation to a current customer problem. Clients are already using AI across their organisations, often faster than governance can keep up. What’s emerging is not just another technology trend, but a new class of risk that customers cannot fully see or control. Our latest research, based on insights from senior security leaders in highly regulated industries, highlights the scale of the issue.