Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Two Months After PocketOS: What a 9-Second Database Deletion Taught Us About Agentic AI Security

Nine seconds. One API call. A car rental software company’s production data was gone. That’s the headline from the PocketOS incident, and it’s the reason this story spread across engineering and security circles the way it did in late April. Two months later, the incident is no longer breaking news. But it hasn’t aged out of relevance; it has aged into a pattern.

MCP Supply Chain Security: How Malicious MCP Servers Are Infiltrating Enterprise AI Environments

Every enterprise deploying AI agents is building on a foundation of third-party MCP servers they don’t control, can’t verify, and barely track. The security conversation keeps focusing on the model – prompt injection, jailbreaks, hallucinations. That’s the wrong place to look. We’ve covered why that framing falls short elsewhere too – see System Prompts Are Not Security Boundaries. Business Logic Graphs Are.

The Four Attack Patterns Traditional Security Tools Miss at FIFA-Scale Events

Every major tournament cycle, ticketing platforms brace for a traffic spike. Most security teams plan for volume. The attack data tells a different story: the traffic that does the most damage isn’t the loudest traffic. It’s the traffic that looks like a real fan, on a real device, doing something a real fan would plausibly do, just millions of times, in a pattern no single fan ever would.

OWASP Top 10 for Agentic Applications 2026: What It Means for Enterprise AI Security

OWASP, the Open Worldwide Application Security Project, has published Top 10 lists for over two decades to help security teams prioritize the risks that matter most. The original OWASP Top 10 for web applications became the industry’s default checklist for application security. When large language models moved into production, OWASP followed with the Top 10 for LLM Applications, addressing risks like prompt injection and sensitive information disclosure in single-turn model responses.

ServiceNow, Then PeopleSoft: Why the Same Endpoint Failure Keeps Repeating

Three weeks ago, it was ServiceNow: an endpoint that never asked who was calling, exposing customer data to anyone who asked. This time it’s Oracle PeopleSoft, exploited at scale by the threat actor ShinyHunters. Two platforms, two different vendors, the same root failure: an endpoint that skipped the one question it existed to ask. That’s not a coincidence you write off as bad luck at two companies.

What Is Agentic AI Security? Why AI Agents Need a New Security Model

AI systems are starting to do more than generate answers. Across customer support, IT operations, software development, and internal business workflows, organizations are deploying AI agents that can retrieve information, use tools, interact with applications, and complete tasks with limited human involvement. This shift is happening quickly. According to a McKinsey Report, 62% of organizations are already experimenting with AI agents, while 23% are actively scaling them across parts of their business.

5 Agentic AI Security Use Cases Every Security Leader Must Know in 2026

A human employee who wants to delete a customer record, issue a refund, or push a config change has to ask, click, and confirm. An AI agent doing the same thing can plan, decide, and execute the action in one pass, often through a tool it picked itself, in a sequence no one explicitly approved. That shift, from systems that respond to systems that act, is why most application security stacks fall short the moment agentic AI enters the picture.

Top Continuous API Discovery Tools for 2026 (Enterprise SaaS & AI-First Apps)

Not all API discovery tools solve the same problem. Some help teams discover APIs once. Others help maintain a live inventory as APIs change across cloud services, microservices, third-party integrations, and increasingly, AI-driven applications. That is where continuous API discovery stands apart. In this guide, we compare the top platforms using shared capability tags instead of forcing each tool into a single “best for” category.

Visibility Isn't Security: Why Agentic AI Requires Business Logic Enforcement

Organizations are investing heavily in securing their AI initiatives. New governance frameworks are being established, AI usage policies are being drafted, and security teams are deploying tools that provide visibility into AI agents, models, APIs, MCP servers, and connected applications. Across the industry, visibility has become the first priority in securing agentic AI. This focus is understandable. Most organizations are still trying to answer foundational questions.

Why Agentic AI Is Finance's Biggest Security Blind Spot

An AI agent with access to a customer’s brokerage account can begin executing trades. Not because the customer asked. Because someone, somewhere upstream, slipped a hidden instruction into a tool the agent loaded at startup. The agent is doing exactly what it was told. Just not by the customer. This is not a hypothetical. It is the attack class that financial security teams have exactly zero legacy tooling to catch and it is arriving precisely as banks accelerate their agentic AI ambitions.