Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

From resetting passwords and approving workflows to pulling HR data and orchestrating cloud infrastructure, AI agents now perform tasks that previously required a human with privileged access. AI has moved beyond the realm of passive chatbots into autonomous, persistent operations, performing work on behalf of an individual or entity. Like it or not, that makes AI agents a new part of your workforce. They hold credentials, trigger workflows, and make their own decisions.

We are living through the fourth industrial revolution: the age of AI. Just as with the steam, electricity, and the digital revolutions that preceded it, this leap forward requires a parallel leap in security. AI is transforming how businesses operate and how adversaries attack. They are moving at machine speed, compressing the defender’s response window from weeks to mere seconds.

The widespread availability of large language models (LLMs) has driven the rapid development of generative and agentic AI applications for business use cases. These systems can reason, plan, and act autonomously, creating security risks that traditional security tools weren’t built to handle. Their popularity has widened the attack surface, both for organizations using external LLMs and those building their own GenAI applications.

Eldad Livni is the Co-Founder and Chief Innovation Officer at Torq. Prior to founding Torq, Eldad co-founded and served as CPO of Luminate Security, a pioneer in Zero Trust/SASE. Following Luminate’s acquisition by Symantec, he went on to act as CPO of Symantec’s Zero Trust/Secure Access Cloud offering. The security industry has a new buzzword problem.

Today, almost all organizations use AI in some way. But while it creates invaluable opportunities for innovation and efficiency, it also carries serious risks. Mitigating these risks and ensuring responsible AI adoption relies on mature AI models, guided by governance frameworks. The OWASP AI Maturity Assessment Model (AIMA) is one of the most practical. In this article, we’ll explore what it is, how it compares to other frameworks, and how organizations can use it to assess their AI maturity.

If there’s one lesson security teams should take from recent disclosures, it’s this: AI agent attack techniques don’t disappear - they resurface, across vendors and platforms, with only small variations. What researchers called out months ago is showing up again, now in Salesforce as the ForcedLeak vulnerability.

The regulatory landscape for AI and privacy reached a turning point in 2025. The headlines are familiar: laws multiply, consumer expectations harden, and enforcement accelerates. What is different this year is the shift from occasional audits to always-on proof. Regulators and enterprise customers want to see working controls inside your pipelines, not just policy PDFs.