Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Earlier this year, AWS experienced a 13-hour outage that was reportedly linked to one of its own internal AI coding tools. Apparently, their Kiro agentic coding tool thought that there was an issue with the code in the environment, and that the best way to fix it was to simply burn it to the ground.

You track your web applications. You inventory your APIs. But is anybody monitoring your AI servers? Just last week research found that there were more than 175,000 exposed versions of Ollama, an AI server popular for self-hosting LLMs. Across enterprises, self-hosted model servers are being deployed on cloud VMs and GPU-backed instances to power copilots, internal automation, and experimental AI features.

Editor's note: The following guest contribution is by Tanium Domain Acrchitect, Jim Kelly Think about your last security event. Was your team confident nothing was missed? Were there questions about where else this could have left persistence? Most often we are left with uncertainty. That uncertainty can show up in every serious incident. An alert fires, the SOC responds. The immediate threat looks like it is contained.

How a routine calendar invite enabled silent local file access and data exfiltration Note: This post is part of a coordinated disclosure by Zenity Labs detailing the PleaseFix vulnerability family affecting the Perplexity Comet Agentic Browser. This blog focuses on browser-level autonomous agent execution and session compromise.

A sales rep opened Glean—an AI-powered enterprise search platform that connects to your company's SaaS apps and lets anyone query across all of them in natural language—typed "Who are my top 10 customers?" and got a clean, formatted list pulled from Salesforce, cross-referenced with HubSpot, and confirmed against data sitting in Google Drive. They copy-pasted that list into a personal Gmail draft. No alerts fired. No policies triggered. No one noticed. This isn't a hypothetical.

Recent incidents have proven that Continuous Integration (CI) workflows are the new battleground for software supply chain attacks. Security Pitfalls in GitHub Actions workflows, such as the unsanitized use of pull request (PR) data, can allow attackers to execute malicious code during CI runs with devastating consequences.

Automation platforms sit at the center of modern infrastructure. They connect APIs, databases, CI/CD pipelines, SaaS tools, and internal systems. But when automation engines become compromised, the blast radius can be enormous. In February 2026, n8n, a widely used open-source workflow automation platform, disclosed four critical vulnerabilities that can lead to remote code execution (RCE) by authenticated users with workflow creation or editing permissions.

You’re evaluating AI workload security tools and every demo looks the same. Vendor A shows you an AI-SPM dashboard. Vendor B shows you a nearly identical AI-SPM dashboard with slightly different branding. Vendor C shows you posture findings with an “AI workload” tag that wasn’t there last quarter.