Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On November 13, 2025, Anthropic disclosed the first known case of an AI agent orchestrating a broad-scale cyberattack with minimal human input. The Chinese state-sponsored threat actor GTG-1002 weaponized Claude Code to carry out over 80% of a sophisticated cyber espionage campaign autonomously. This included reconnaissance, exploitation, credential harvesting, and data exfiltration across more than 30 major organizations worldwide. The impact was real. And the AI was in control.

OpenAI’s AgentKit has democratized AI agent development in a big way. Tools like Agent Builder, ChatKit, and the Connector Registry make it possible for teams to spin up autonomous agents without writing custom code. That kind of accessibility changes everything, including the AI agent security threat model. The easier it becomes to build agents, the harder it gets to secure them.

Defining AI Security: Zenity Named in Fortune’s Cyber 60 If you follow cybersecurity innovation, you’ve probably seen the Cyber60 list - an annual snapshot of the 60 most promising companies shaping the future of security.

At the AI Agent Security Summit in San Francisco, some of the brightest minds in AI security and top industry leaders gathered to tackle one of the most challenging problems in tech nowadays - how do we secure super smart systems that change at runtime and are designed to think, adapt, and compete? As someone who spends every day turning AI security challenges into tangible solutions, I left the summit both inspired by the innovation on display and concerned by the magnitude of what’s still ahead.

Having joined visionary leaders and top practitioners at ZenityLabs’ AI Agent Security Summit in San Francisco, I came away inspired and laser-focused on the incredible opportunities and responsibilities ahead for any organization looking to adopt and secure AI agents.

Zenity Labs worked in collaboration with MITRE ATLAS to incorporate the first 14 agent-focused techniques and subtechniques, extending the framework beyond LLM threats to cover the unique risks posed by AI agents.

Last week, I had the honor of emceeing the AI Agent Security Summit in San Francisco, a gathering of some of the brightest minds exploring the intersection of artificial intelligence, security, and human responsibility. Having moderated a panel at the first Summit in New York City earlier this year, stepping into the emcee role this time around was a different experience, but just as enjoyable. On-demand recordings of the sessions will be available soon.

When the day wrapped up at the Commonwealth Club, one thing was clear: we are in a moment unlike anything the security community has faced before. Hundreds of practitioners and thought leaders from around the world came together, and the turnout alone showed just how urgent and relevant this topic has become. Michael Bargury opened his keynote with a question that lingered well past the event: Are we actually making progress in securing agents?

Let me be the first to say it, this space - AI agent security and governance - can be confusing. When I joined Zenity, I was new to “agents”; so new that I thought we were talking about endpoint agents (to be fair, my background is in XDR/SIEM). Laughs aside, if you’re still figuring it out, you’re in good company.

We’re thrilled to share that Zenity is included in the unveiling of the Microsoft Security Store Partner Ecosystem. The Security Store is a new marketplace offering from Microsoft that brings together trusted, curated security solutions and AI agents to help organizations navigate the evolving landscape of cybersecurity in the age of AI. The Microsoft Security Store is a strategic leap forward in how security teams discover, deploy, and operationalize technologies that protect their environments.