Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

salt security

AI Agent-to-Agent Communication: The Next Major Attack Surface

Feb 10, 2026 By Eric Schwake In Salt Security
We are witnessing the end of the "Human-in-the-Loop" era and the beginning of the "Agent-to-Agent" economy. Until recently, most AI interactions were hub-and-spoke models where a human user prompted a central model, reviewed the output, and then took action. That model provided a natural safety brake. If the AI hallucinated or suggested a malicious action, a human was there to catch it. That safety brake is disappearing.
Read Post

Manual API Security in 2026? Good Luck #apisecurity #automation #devsecops #aiautomation #api

Feb 5, 2026 By Wallarm In Wallarm
You're still doing API security manually in 2026? 2016: 100 APIs → Could handle with smart people doing manual pen testing 2020: 1,000 APIs → Difficult but possible 2025: 10,000+ APIs → Physically impossible Long ago we did API security manually. There weren't many APIs. We had smart people. We'd do some pen testing and move on. That worked in 2016. But let's be honest—this problem is getting EXPONENTIALLY bigger. Every organization will realize: we can't do this manually anymore.
View Video
wallarm

The Myth of "Known APIs": Why Inventory-First Security Models Are Already Obsolete

Feb 5, 2026 By Wallarm In Wallarm
You probably think the security mantra “you can’t protect what you don’t know about” is an inarguable truth. But you would be wrong. It doesn’t hold water in today’s threat landscape. Of course, it sounds reasonable. Before you secure APIs, you must first discover, inventory, and document them exhaustively. The problem is that this way of thinking has hardened into dogma and ignores how attackers actually attack modern systems.
Read Post
salt security

When AI Agents Create Their Own Reddit: Moltbook Highlights Security Risks in the Agentic Action Layer

Feb 3, 2026 By Jim Rose In Salt Security
A new platform, Moltbook, has attracted significant attention within the AI community. It is not famous because humans are posting there, but because autonomous AI agents are. Moltbook is a social network designed for AI agents to post, comment, upvote, and even form communities. Humans can observe these interactions but cannot participate. This experiment reveals a striking reality. AI agents are coordinating, sharing code, and developing complex cultures without human visibility.
Read Post
salt security

Why Your WAF Missed It: The Danger of Double-Encoding and Evasion Techniques in Healthcare Security

Feb 2, 2026 By Eric Schwake In Salt Security
If you ask most organizations how they protect their APIs, they point to their WAF (Web Application Firewall). They have the OWASP Top 10 rules enabled. The dashboard is green. They feel safe. But attackers know exactly how your WAF works, and, more importantly, how to trick it. We recently worked with a major enterprise customer, a global leader in healthcare technology, who experienced this firsthand.
Read Post

Fast, Secure, Resilient: Modernizing Application Security at Scale

Jan 30, 2026 By Wallarm In Wallarm
Software release cycles are now too fast for traditional security tools. Rapid iterations and reliance on open-source and cloud-native tech increase vulnerabilities, challenging AppSec teams to keep up. Attackers are taking advantage, targeting applications and exploiting misconfigurations, excessive permissions, and vulnerable plug-ins.
View Video
salt security

Measuring Agentic AI Posture: A New Metric for CISOs

Jan 29, 2026 By Eric Schwake In Salt Security
In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers indicate to the Board how quickly we respond when issues arise. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised, data exfiltration happens in milliseconds rather than days. If you are waiting for an incident to measure your success, you have already lost.
Read Post

Fast, Secure, Resilient: Modernizing Application Security at Scale

Jan 29, 2026 By Wallarm In Wallarm
Software release cycles are now too fast for traditional security tools. Rapid iterations and reliance on open-source and cloud-native tech increase vulnerabilities, challenging AppSec teams to keep up. Attackers are taking advantage, targeting applications and exploiting misconfigurations, excessive permissions, and vulnerable plug-ins.
View Video

AI is Actively LEAKING Your Data (And You Don't Know It) #apisecurity #airisks #dataprotection #ai

Jan 29, 2026 By Wallarm In Wallarm
AI agents don't think. They pattern-match. Critical to understand: Generative AI (ChatGPT, Claude, etc.) does NOT reason like humans. It: The API Security problem: When you give an AI agent access to an API, it will: AI agents can't reason. They recreate patterns based on weights. You need to be very careful: data in, data out. Practical example: text User: "Show me the account balance for user" AI agent → calls GET /api/account/123 API → returns { balance: 5000, name: "John", SSN: "123-45-6789" } AI agent → outputs EVERYTHING to user (including SSN!)
View Video

Copyright © 2026 OpsMatters™. All rights reserved.