Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI agents are rapidly evolving from simple text generators into powerful autonomous assistants that can browse the web, book travel, and extract complex data on our behalf. This new “agentic” AI, which operates in a “sense-plan-act” loop, promises to revolutionize how we interact with the digital world.

As the summer winds down and conversation around AI Security heats up, the Snyk team is in full swing planning mode for a double-header this October—with the return of DevSecCon’s Flagship conference, focusing this year on Securing the Shift to AI Native, and serving as the founding partner of the inaugural AI Security Summit.

AI marketing platforms have exploded in popularity, becoming everyday tools for creative teams in enterprises worldwide. Platforms like Simplified AI offer marketers the ability to generate content, clips, and campaigns at scale. For CISOs and IT leaders, approving such services often seems straightforward: allow access, whitelist the domain, and enable the marketing team to innovate.

A widespread supply chain attack has impacted hundreds of organizations through the marketing software-as-a-service (SaaS) product, Drift, owned by Salesloft. The campaign, attributed to a threat group tracked by Google as UNC6395, is believed to have occurred between August 8 and August 18, 2025. The attackers used stolen OAuth and refresh tokens associated with Drift's AI chat agent to access the systems of impacted companies.

You’ve built an arsenal of security tools, but they aren’t even fighting the same war. Today, the average company balances 83 different security systems from 29 vendors. This massive tool sprawl has created a costly problem: fragmented defenses. Although each of your legacy endpoint solutions once served a specific purpose, their lack of integration and communication makes them insufficient today.

Many security teams struggle to see the full scope of threats because network, endpoint, and cloud data remain siloed. Without unified visibility, detecting hidden attacks or spotting lateral movement is tough. Gaps between tools lead to fragmented signals, low-fidelity alerts, and slower investigations. That fragmented view can let attackers linger longer—and SOC analysts bounce between multiple interfaces just to piece together a coherent incident narrative.

Future hacks won’t trigger alarms or leave traces. No security measures will be violated. The systems are functioning normally – but the loss is real. As automated defenses improve, attackers must target what machines can’t: the business processes. By exploiting flaws in workflow logic, hackers can steal data and funds in a way no one expected. Business logic vulnerabilities are now a serious cybersecurity blind spot, and a leading method for breaching even the most secure systems.

2025 is the year privacy becomes the competitive layer of AI. If you’re rolling out GenAI privacy is no longer a compliance chore; it’s a trust-building strategy that accelerates adoption, partnerships, and revenue. This report distills the most important AI privacy issues, statistics, and trends shaping 2025: what they mean, and how to respond with practical guardrails that protect people and performance.

Every week, I hear from firms eager to explore how artificial intelligence can speed up workflows, improve quality, and unlock new ways of working. But here’s the reality: AI is only as good as the data behind it. Without a solid foundation of structured, governed, and secure information, AI’s potential quickly crumbles.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! If you have Salesforce I hope you are being cautious of any strange requests…