Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

NetSuite AI Connector: The governance layer your roles and permissions aren't ready for

The NetSuite AI Connector Service enables external AI agents to authenticate directly into NetSuite using real user identities and MCP-based tool execution. While Oracle limits elevated actions at the platform level, AI agents still inherit the full permission scope of the connected role. That shifts longstanding governance weaknesses, including over-permissioned roles, SoD conflicts, and undocumented customizations, into active operational risk.

OpenAI and the environment AI inherits

AI inherits the access permissions that accumulated quietly in organizations for years. Frontier models eliminate the obscurity that once limited what attackers, and even employees, could reach. Sensitive data, stale service accounts, and unreviewed permissions now surface in seconds. Governing identity and access before connecting AI determines whether frontier models become a force multiplier or a compounding risk.

AI didn't create the identity problem. It exposed it. #netwrix #datasecurity #identitysecurity

As access changes constantly and sensitive data moves faster than security teams can track, visibility matters more than ever. Helen R., Director of Engineering at Netwrix, explains why identity and data security can’t operate in silos anymore, especially in the age of AI. Have questions about identity governance, AI, or protecting sensitive data? Experts at Netwrix, including Helen, are helping organizations navigate these challenges every day.

Automating Entra ID tenant destruction with AI

AI-assisted browser automation can turn Microsoft Graph Explorer into a destructive Entra ID administration interface when a signed-in account already holds privileged access. Using Claude for Chrome, browser-side JavaScript, and Microsoft Graph batch requests, destructive actions such as user deletion, account disablement, password resets, session revocation, and Conditional Access policy removal can be automated directly from the browser session.

Your AI coding assistant is leaking secrets

AI desktop assistants and coding tools need credentials to reach external services, and many of them store those credentials as plaintext JSON at predictable paths in the user's home directory. This research covers how credential storage works across 14 popular AI tools, where OS keychain integration is present or missing, and eight attack scenarios that turn that exposure into real risk, from malware-based theft to remote session hijacking to supply-chain compromise via MCP servers.

Your browser is not a vault. Please stop giving it the keys.

Built-in browser password managers are convenient. For enterprise secrets, convenience is not a security strategy. There are two kinds of password storage in the world: the kind that helps you log in to your favorite lunch-ordering site faster, and the kind that protects the credentials that can unlock your business. Sadly, many organizations treat both the same way.

You wish you were passwordless. But you're not.

It’s World Password Day again. Time for the reminders: update your passwords, make them longer, don’t reuse them. All good advice. But it misses something. Most of us don’t actually want passwords. We want them gone—replaced by something cleaner, invisible, safer by design. Passkeys, biometrics, devices that just know it’s you. That’s the direction, and it’s a good one. But here’s the part we don’t say out loud: we’re not there yet.

You still have passwords. Now enforce them.

So you still have passwords. Good to admit it, now let’s deal with them. The interesting problem isn’t whether passwords should exist. We know they shouldn’t. The practical problem, the one you’re living with every day, is what happens while your organization still does have them, on your endpoints, in every corner of your environment. Most organizations already have some form of password policy.

CIS benchmark tool: what it is, how it works, and why continuous monitoring matters

Here's a number worth sitting with: the CIS Microsoft Windows 11 Enterprise Benchmark v4.0.0 is 1,364 pages long and covers more than 500 individual configuration settings. That's one operating system. Add your Linux servers, network devices, databases, and cloud workloads, and you're looking at a configuration surface area no team can stay on top of manually. A CIS benchmark tool solves that problem at scale.