Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Late last week, GreyNoise published one of the clearest signals we have seen that AI systems are no longer just research targets. They are operational targets. Their honeypot infrastructure captured 91,403 attack sessions between October 2025 and January 2026, revealing two distinct campaigns systematically mapping AI deployments at scale. This is a meaningful inflection point.

MITRE ATLAS has become a critical resource for cybersecurity leaders navigating the rapidly evolving world of AI-enabled systems.Traditional threat models are built for human-initiated workflows, APIs, and infrastructure, so they are no longer sufficient to describe modern AI attacks..

MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is a globally recognized AI security framework that catalogs adversarial techniques targeting artificial intelligence systems. Similar in structure to MITRE ATT&CK but purpose-built for AI, machine learning, and agentic systems, ATLAS translates abstract AI risks into concrete, actionable attack techniques that security teams can monitor and mitigate.

AI agents are now acting across SaaS, cloud, and endpoint environments with identities and permissions that traditional controls cannot fully govern. Most enterprises already have more agents in production than they realize, many created without security review. Across the industry, the research aligns.

For security teams, the adoption of agents showed up operationally before it showed up strategically - creating new expectations and requirements. Risk is no longer tied to prompts or the model alone. It shows up in what agents do once they are connected to critical systems - coming from permissions they inherit, tools they invoke, and data they move.

The OWASP GenAI Security Project has officially released its Top 10 for Agentic Applications, the first industry-standard framework focused on the operational risks created by autonomous and semi-autonomous AI systems. AI has evolved in a way that directly changes how enterprises need to think about security. We started with machine learning systems designed to classify and predict.

AI agents are increasingly connecting to more systems and workflows. They read structured data, follow multi-step instructions, and can reach deep into applications and developer environments. The same capabilities that make them powerful also create new opportunities for attackers. As Zenity Labs continued to study these emerging attack classes, we noticed a pattern starting to appear.

Agentic browsers are quickly becoming part of everyday work. Tools like ATLAS, Comet, and Dia can read web content, navigate SaaS tools, interpret instructions, and act on behalf of a user. They promise faster execution and higher productivity but they also introduce new risks that traditional security tools are not designed to see. As these browser-based agents spread across both managed and unmanaged devices, the enterprise attack surface grows in ways that most teams can’t quantify.

Data is never the problem. Security teams rarely complain about having too much of it. The real danger comes from data that sits unconnected and unexplained. What teams actually need is data that is actionable and converges into meaning. Data that cuts deeper than surface level signals. Data that reveals what is unfolding and what needs to happen next.

In the first installment of our Inside the Agent Stack series, we examined the design and security posture of agents built with Azure Foundry. Continuing the series, we now focus on Amazon Bedrock AgentCore, a managed service for building, deploying, and orchestrating AI agents on AWS.