Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI agents are on the rise. They can spin up, act independently, use tools, and make decisions—often without real-time human oversight. They promise incredible productivity but also introduce new risks and challenges that can’t be ignored. As these agents become more autonomous and integrated into enterprise operations, they blur the lines between human and machine responsibilities. This raises critical questions: How do we ensure they act ethically?

When you hand over the keys to your cloud, you’d better know who’s holding them—and for how long. In a world where speed is everything and complexity is the norm, organizations need more than visibility. They need assurance. That’s why we’re proud to share that CyberArk achieved CSA STAR Level 1 certification for its Secure Cloud Access (SCA) solution.

Modern applications have undergone a paradigm shift, with containers becoming the default choice for deployment. While their flexibility and scalability are well-recognized, their adoption has also surfaced new and complex security challenges. Organizations are now grappling with how to embed trust across their software supply chains, maintain compliance, and mitigate risks—especially as they increasingly incorporate open-source components and AI-generated code into their workflows.

Cloud complexity is growing. So are the risks—and the opportunities. As organizations scale their infrastructure across hybrid environments to innovate quickly, security strategies must evolve just as fast. The rapid adoption of multi-cloud environments and the proliferation of human and machine identities have intensified the challenge.

What does “secure by default” really mean—and is it enough? In this episode of CyberArk’s Security Matters, host David Puner sits down with Scott Barronton, Chief Information Security Officer (CISO) at Diebold Nixdorf, to explore the often-overlooked risks of cloud default settings and how assumptions can lead to vulnerabilities.

Enterprise security teams commonly focus on controlling AI agent conversations through prompt filters and testing edge cases to prevent unauthorized information access. While these measures matter, they miss the bigger picture: the real challenge is granting AI agents necessary permissions while minimizing risk exposure. This isn’t a new problem—it’s the same fundamental challenge we’ve faced with human users for years.

A newly discovered exploit, “ToolShell,” is fueling a wave of targeted attacks against on-premises Microsoft SharePoint servers. The zero-day exploit chains two vulnerabilities—CVE-2025-53770, a remote code execution (RCE) vulnerability and CVE-2025-53771, a spoofing vulnerability that allows attackers to bypass authentication. When combined, this critical zero-day vulnerability gives attackers persistent unauthenticated remote access to on-premises SharePoint servers.

When attackers gain access to a single endpoint—like a developer’s workstation or an HR system—it’s often game over. With some skill and patience, that foothold can escalate into full-blown disruption: stolen data, operational downtime, and brand damage. For years, technologies like application control have served as the frontline defense against this. But in a world rife with rapid change and evolving threats, traditional approaches are showing their age.

The June 2025 disclosure that over 16 billion passwords were leaked has raised significant concerns in the digital community. Reports suggest that many of these credentials are recycled from previous breaches, with a significant number used for business access. This massive data breach highlights the urgent need to strengthen password security. Don’t wait for the next breach to act. Follow these steps to safeguard your data today.

Developers now chart courses through environments as dynamic and unpredictable as open skies, plotting efficient courses through shifting clouds of technology to reach ambitious goals. Increasingly, AI assistants are copilots on these journeys—streamlining workflows, reducing repetitive tasks, and enabling teams to navigate more complex terrain with speed.