Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Picture this: Unusual card-present transactions, processed through a POS tap terminal that shouldn’t even exist on your network, suddenly light up your fraud-monitoring dashboard. Your heart sinks as you realize you’re dealing with something far more dangerous than a stolen card. It turns out that a rogue terminal has been siphoning funds — and evading detection — for days.

Remember when we thought the application layer was where all the fun happened? Firewalls, WAFs, EDR, dashboards galore — the entire security industrial complex built around watching what apps do. Well, with “agentic AI” running the show, that middle ground is turning into a bypass lane. Instead of clicking through UIs or APIs, your AI buddy is making direct system calls, automating workflows at the OS and hardware level.

In our last post, we introduced the Model Context Protocol (MCP), the "brain" or "mission briefing" that guides an AI agent's actions. Most security teams are just getting familiar with prompt injection, the equivalent of tricking an AI with a single, misleading command. But that's like stopping a pickpocket at the door when a master spy is already inside, rewriting the mission plans. As AI agents become autonomous, the attacks become more profound.

Initially established in 1968, TransUnion was set up as a holding company for the Union Tank Car organization. It entered the credit reporting industry in 1969, following an acquisition of the Cook County Credit Bureau. Over time, TransUnion developed from solely credit reporting to information and insights on a global scale. The official mission of the company is to help people globally access capital and services, thereby emphasizing its role as a consumer advocate.

At the RSAC Conference this year, it seemed that every cybersecurity company had suddenly become an agentic AI company. According to such vendors, AI agents were the solution to every security problem keeping CISOs up at night. The audience, however, was understandably skeptical. Concerns over vendor promises fell into two camps. The first camp: companies that took whatever AI capabilities they had and slapped the word ‘agentic’ on them (aka ‘agent-washing’). Or even worse.

Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.

Microsoft has also been enhancing cloud security by ensuring that multi-factor authentication (MFA) is enabled for all of its Azure and Microsoft 365 administrative accounts. The rollout will begin with Azure portals in October 2025 and progressively to command-line tools, APIs, and Infrastructure-as-Code (IaC) environments in October of that year. For organizations, it means adapting their authentication workflows to align with Microsoft’s phased enforcement plan or risk disruption.

When Kubernetes workloads need to connect to the outside world, whether to access external APIs, integrate with external systems, or connect to partner networks, they often face a unique challenge. The problem? Pod IP addresses inside Kubernetes clusters are dynamic and non-routable. For external systems to recognize and trust this traffic, workloads need a consistent, dependable identity. This means outbound connections require fixed, routable IP addresses that external services can rely on.

Quantum computing is no longer a distant threat on the horizon. It is rapidly materializing into a real, operational risk to the foundations of our cybersecurity ecosystem.

The cybersecurity industry woke up to yet another supply chain nightmare this week. Cloudflare, one of the world's largest web infrastructure companies, confirmed that attackers accessed 104 of their API tokens through the cascading Salesloft Drift breach. This incident perfectly illustrates why modern organizations need to rethink their approach to third-party vendor security.