Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

salt security

The Agentic Stack Explained: How LLMs, MCP Servers, and APIs Work Together

Apr 2, 2026 By Eric Schwake In Salt Security
The term AI agent is dominant in current cybersecurity discourse. Vendors, analysts, and CISOs all use the label, yet technical confusion remains regarding how agents actually operate and where the security risks reside. Beneath the surface-level familiarity, there is often significant confusion about what an AI agent actually is, how it operates technically, and most importantly for security teams, where the risk actually lives.
Read Post

How does Sisense stay on top of API Attacks?

Apr 2, 2026 By Salt Security In Salt Security
Sisense powers analytics experiences inside the applications businesses rely on every day. As an API-first platform, securing those connections is critical, especially as AI agents increasingly operate through APIs to access data and trigger workflows. In this conversation, Sangram, CISO and VP of IT at Sisense, and Michael Callahan, CMO at Salt Security, discuss how Sisense approached API security strategically to protect their platform, maintain customer trust, and support innovation in the Agentic AI era.
View Video
salt security

Everyone Is Deploying AI Agents. Almost Nobody Knows What They're Doing.

Mar 18, 2026 By Roey Eliyahu In Salt Security
One constant I hear from CISOs I speak with is that AI agents are not coming. They are already inside organizations, reasoning through goals, selecting tools, and taking action through the same APIs that connect your most sensitive systems. And most security teams have no idea what those agents are doing.
Read Post
salt security

An AI Agent Didn't Hack McKinsey. Its Exposed APIs Did.

Mar 13, 2026 By Roey Eliyahu In Salt Security
This week’s McKinsey incident should be a wake-up call for every enterprise moving fast to deploy AI. Not because AI itself is inherently insecure. But because too many organizations are still thinking about AI security at the model layer, while the real enterprise risk sits in the action layer: the APIs, MCP servers, internal services, and shadow integrations that AI agents can reach, invoke, and manipulate. That is the part most companies still do not see.
Read Post
salt security

The Economic Argument: The Real Cost of Insecure APIs in the AI Era

Mar 10, 2026 By Eric Schwake In Salt Security
When cybersecurity teams talk about risk, they usually speak in technical terms like vulnerabilities, exploits, and attack vectors. But when they walk into the boardroom, they need to speak a different language. They need to speak about cost. In the era of AI, the cost of insecure APIs has shifted from a potential liability to a tangible line item on the balance sheet. It is no longer just about the cost of a data breach.
Read Post
salt security

The Coming Regulatory Wave for AI Agents & Their APIs

Feb 24, 2026 By Eric Schwake In Salt Security
For the past two years, the adoption of Generative AI has felt like a gold rush. Organizations raced to integrate Large Language Models and build autonomous agents to assist employees. They often bypassed standard governance processes in the name of speed and innovation. That era of unrestricted experimentation is rapidly drawing to a close. A massive regulatory wave is forming worldwide. Frameworks like the EU AI Act and the new ISO/IEC 42001 standard are forcing a corporate reckoning.
Read Post
salt security

Why Your SOC is Blind to Your Biggest Attack Surface (And How to Fix It)

Feb 23, 2026 By Eric Schwake In Salt Security
In many organizations, there is a dangerous unspoken rule: The SOC handles endpoints and networks; Engineering handles APIs. This silo creates a massive blind spot. We recently spoke with the Senior Manager of Security Engineering at a major insurance provider, who described this exact pain point.
Read Post
salt security

Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden

Feb 19, 2026 By Eric Schwake In Salt Security
Last month, Microsoft quietly confirmed something that should keep every CISO up at night. As first reported by BleepingComputer and later detailed by TechCrunch, a bug in Microsoft Office allowed Copilot, the AI assistant embedded in millions of enterprise environments, to summarize confidential emails and hand them to users who had no business seeing them. Sensitivity labels? Ignored. Data loss prevention (DLP) policies? Bypassed entirely. This wasn't the work of a hacker or malware.
Read Post
salt security

AI Agent-to-Agent Communication: The Next Major Attack Surface

Feb 10, 2026 By Eric Schwake In Salt Security
We are witnessing the end of the "Human-in-the-Loop" era and the beginning of the "Agent-to-Agent" economy. Until recently, most AI interactions were hub-and-spoke models where a human user prompted a central model, reviewed the output, and then took action. That model provided a natural safety brake. If the AI hallucinated or suggested a malicious action, a human was there to catch it. That safety brake is disappearing.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.