Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Bringing more agent harnesses and frameworks to Cloudflare, starting with Flue

2026 is the year agent harnesses go to production. The software that controls the model’s access to the outside world — harnesses like Codex, Claude Code, OpenCode, Pi, and Project Think — has matured to the point where teams are deploying agents as real, load-bearing infrastructure, not just prototypes. But building agents that survive production is hard.

1Password + Kiro: Trusted Access for AI-Powered Development

AI agents now write code, fix bugs, and ship to production. But in order to do useful work, agents require credentials. At 1Password, one of our core AI security principles is that raw credentials should never be directly exposed to LLMs, but all too often, that’s exactly what happens: most teams sacrifice security for speed and hand agents secrets in plaintext.

Aembit Extends IAM for Agentic AI to Microsoft Copilot Studio

Aembit on Tuesday announced support for Copilot Studio, extending its identity and access management capabilities to Microsoft's enterprise AI agent platform. The integration, unveiled at Identiverse 2026, gives security teams the tools to manage what Copilot Studio agents can access, under what conditions, and with a complete record of every decision. The company also released an interactive enterprise AI readiness checklist to help organizations assess their agent deployments before they go into production.

Teleport Debuts Delegated Agentic Identity and LLM Proxy in Beams Public Beta, for Containing Agents in Production Infrastructure

Two foundational identity concepts - controlling the scope of agent roles and constraining what they can access - now have a production implementation in Beams, Teleport's trusted, ephemeral agent runtime.

Salt Code: Stop Reviewing Al Code Start Governing It

AI coding assistants are generating APIs, MCP integrations, agent tools, and application logic faster than your security team can review them. And none of them are trained on your internal security standards, industry frameworks, or regulatory requirements. Salt Code changes that. Join us for this product launch and see how Salt governs AI-generated code from the first prompt through runtime, without slowing your developers down.

Agentic IAM: The Complete Guide to Identity Security for Autonomous AI Agents

If you’ve deployed your first AI agent, then you must have given it access to your CRMs, ticketing systems, and your cloud storage. This AI agent is programmed to run 24/7, make decisions, call external APIs, and trigger actions (without a human in the loop). Now, answer these questions: If you cannot answer these questions, then you have an agentic AI identity issue. Traditional Identity and Access Management (IAM) was built for service accounts with static API keys and users with usernames.

How to build AI agents your security team will approve

A security engineer spends three weeks building an AI agent that triages phishing reports. The demo lands well. Then it hits the security review queue, and the questions start: Which tools can it call? What happens if it misclassifies? Who approves an account lockout at 2 a.m.? Where are the logs? Three more weeks pass, and the agent is still sitting in staging. This is the pattern most teams run into. The agent works, but the governance story doesn't.

Why Agentic AI Is Finance's Biggest Security Blind Spot

An AI agent with access to a customer’s brokerage account can begin executing trades. Not because the customer asked. Because someone, somewhere upstream, slipped a hidden instruction into a tool the agent loaded at startup. The agent is doing exactly what it was told. Just not by the customer. This is not a hypothetical. It is the attack class that financial security teams have exactly zero legacy tooling to catch and it is arriving precisely as banks accelerate their agentic AI ambitions.

The Role of Agentic AI in Phishing Security Training

Phishing attacks are evolving faster than traditional training programs can keep up. Advances in AI — including generative tools — are making attacks more dynamic, personalized, and harder to detect. At the same time, agentic AI for phishing security training is reshaping how programs improve, enabling them to adapt to user behavior and shifting risk in real time.

CERT-In's 12-Hour Patch Mandate: Is Your Organisation Ready to Respond at AI Speed?

CERT-In just published a risk-based remediation framework that resets expectations for every organisation operating in India. The timelines are worth reading twice: Now consider one question: if a known exploited vulnerability appeared on your internet-facing application at 11pm tonight, what would your team do in the next 12 hours?