Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The era of agentic commerce is coming, and it brings with it significant new challenges for security. That’s why Cloudflare is partnering with Visa and Mastercard to help secure automated commerce as AI agents search, compare, and purchase on behalf of consumers. Through our collaboration, Visa developed the Trusted Agent Protocol and Mastercard developed Agent Pay to help merchants distinguish legitimate, approved agents from malicious bots.

I have never been one to jump on most technology bandwagons early; I am very pragmatic about what technology can do rather than what it promises. This extends to generative AI. I was not the first to play with ChatGPT and Gemini when they came out in the early 2020s. Maybe it’s because I work in fields that use machine learning very effectively. Even though I was aware of the leap Google made in 2012, I wasn’t eager to dive into the new wave of AI when it first appeared.

AI agents aren’t waiting in the wings anymore. They’re approving payments, spinning up cloud resources, and pulling sensitive data at machine speed. Blink, and a swarm of them has already acted a thousand times before anyone can check the logs. But with all that speed and capability comes risk. For many teams, it’s the authentication model—not the tech—that’s breaking.

Data sovereignty means that data is subject to the laws and governance of the country where it is stored or processed. In simpler terms, if your AI system stores user data in Germany, you’re bound by EU’s GDPR rules — even if your company operates from the U.S. As AI and large language models (LLMs) become central to business operations, data sovereignty is no longer just a compliance checkbox.

“Is ChatGPT safe” is the headline question that nearly every team asks the moment AI enters the room. The better version is: safe for what, and under which controls? Safety is not a single switch. It combines technical security, data privacy, content safeguards, governance, and how your people use the tool. This guide breaks down how ChatGPT handles data, where privacy risks actually come from, and the practical steps to operate safely at home and at work.

Low-code workflow builders have flourished in the AI wave, providing the “shovels and picks” for non-technical users to make AI-powered apps. Flowise is one of those tools and, like others in its category, it has the potential to leak data when configured without user authentication. To understand the risk of misconfigured Flowise instances, we investigated over a hundred data exposures found in the wild.

Having joined visionary leaders and top practitioners at ZenityLabs’ AI Agent Security Summit in San Francisco, I came away inspired and laser-focused on the incredible opportunities and responsibilities ahead for any organization looking to adopt and secure AI agents.