|
By Chris Martinez
America's cybersecurity agency left its production credentials sitting in a public GitHub repo for six months. The same failure pattern is now being automated by AI agents in every enterprise running Cursor, Claude Desktop, or Copilot.
|
By Chris Martinez
Your AI agents had a productive day. Nobody can tell you what data they touched. A developer opens Cursor and connects it to a GitHub MCP server and a Postgres MCP server. The agent reads the repo to understand a schema change, finds an AWS access key in a config file, and uses it to run a migration against staging. The key now lives in the agent's context, in the Postgres query log, in the chat history, and in whatever artifact the developer copies out. No alert fired. No policy triggered.
|
By Chris Martinez
What you need to know: MCP can evade traditional DLP, IAM, and SIEM controls because agent traffic looks like authorized API calls, sensitive data is semantically transformed before it leaves the perimeter, and exfiltration happens through tool invocations rather than file transfers.
|
By Chris Martinez
What you need to know: MCP bypasses traditional DLP, IAM, and SIEM controls because agent traffic looks like legitimate API calls, sensitive data is semantically transformed before it leaves, and exfiltration happens through tool calls rather than file transfers.
|
By Chris Martinez
Somewhere in your environment right now, an AI agent is reading files, querying a database, and passing output through a channel your DLP has never seen. It's running under a legitimate user credential, inside a sanctioned tool, and it will not trigger a single alert. When it's done, there will be no record of what it accessed or where that data went. This is not an edge case. It is the default state of most enterprise environments in 2026.
|
By Chris Martinez
Most organizations have a reasonable handle on their sanctioned SaaS apps. Model Context Protocol - hit 10,000 public servers within a year of launch, with 97 million monthly SDK downloads. None of those numbers capture the servers your developers configured locally. Those don't appear in any registry. They were added at the IDE level, one developer at a time, with no approval step and nothing that touches a central system. That's the inventory problem. It comes before any question of enforcement.
|
By Chris Martinez
AI agents create data exfiltration risk by combining three capabilities that are dangerous together: access to private data, exposure to untrusted content, and the ability to communicate externally. When all three exist in one agent, an attacker can hide instructions inside an email, document, or webpage the agent processes and trick it into sending sensitive data out. No software vulnerability is required. The attacker doesn't need to break in. They just need to talk to your agent.
|
By Chris Martinez
In April 2026, Vercel disclosed that attackers had accessed internal systems and customer credentials — not by breaking into Vercel directly, but by compromising a third-party AI tool one of its employees had connected to their corporate account.
|
By Chris Martinez
On March 24, 2026, thousands of development pipelines ran a routine vulnerability scan. What they actually executed was a credential stealer.
|
By Nightfall AI
See how security teams reconstruct insider risk investigations with Nightfall's new Forensic Search feature, going beyond policy alerts to uncover the complete story behind every potential threat. In this 15-minute demo, watch three real-world investigation scenarios: Departing engineer exfiltrating code to personal cloud storage Sales associate moving customer data to USB devices CFO accidentally using shadow IT with sensitive financial data.
|
By Nightfall AI
Get a first look at Nightfall's revolutionary new features that transform how security teams handle insider risk investigations and Gen AI governance. In this product demo, we walk through.
|
By Nightfall AI
See the future of data loss prevention in action. This live demo showcases Nightfall's breakthrough session differentiation technology that intelligently blocks sensitive file uploads to personal cloud accounts while seamlessly allowing them in corporate environments.
|
By Nightfall AI
Tired of drowning in false positives? See how Nightfall's AI-powered detection achieves human-level accuracy and makes DLP automation possible. See three breakthrough capabilities from Nightfall: Prompt-based entity detectors - Protect custom IDs with natural language (no regex!) 23+ AI file classifiers - Detect source code, HR files, customer lists automatically Custom classifiers - Build your own in minutes with one sample file.
|
By Nightfall AI
Your security tools can detect credit card numbers, but they are blind to the files that actually matter. In this demo, we show how sensitive documents like: Internal source code Financial forecasts Performance reviews Customer lists are automatically detected and blocked in Slack, Google Drive, SharePoint, Gmail, and even ChatGPT using Nightfall’s new AI-powered file classifiers. No regex. No keywords. No training data.
|
By Nightfall AI
See how to build a prompt-based custom entity detector in Nightfall that understands context, not just patterns. Using a real healthcare example, you’ll see how prescription numbers are detected accurately while similar-looking data like purchase order numbers are ignored. You’ll see: Why regex breaks down in real workflows How prompt-based detection reduces false positives Creating a custom detector with positive and negative examples Deploying it to Slack and validating results across files.
|
By Nightfall AI
Many sensitive documents don’t fit cleanly into standard categories, and traditional approaches like regex or broad classifiers often create noise and false positives. In this video, we walk through how to use Nightfall’s prompt-based file classifiers to detect business-critical documents based on intent, not brittle patterns or custom model tuning.
|
By Nightfall AI
ZenBusiness has empowered over 850,000 business owners to launch and grow their businesses. And they’re doing it without letting data protection slow them down. With Nightfall AI’s automation-first DLP, ZenBusiness secures critical enterprise apps, resolves issues efficiently, and keeps their focus on delivering value to business owners. Chris Chipman, Enterprise IT Architect at ZenBusiness, calls Nightfall “that extra IT staff member” that runs 24/7, protecting data wherever it goes.
|
By Nightfall
Discover how Nightfall's advanced AI-based detection is transforming the way organizations protect their most valuable digital assets: API keys and passwords. This short demo illustrates where traditional DLP systems fall short and how Nightfall's innovative approach achieves industry-leading precision.
|
By Nightfall
Discover how Nightfall AI's new insider risk feature tackles the growing challenge of shadow AI and unsecured use of generative AI tools in the workplace in our short demo: Experience how Nightfall can help your organization.
- May 2026 (5)
- April 2026 (6)
- March 2026 (4)
- February 2026 (6)
- January 2026 (10)
- December 2025 (7)
- November 2025 (8)
- October 2025 (5)
- September 2025 (6)
- August 2025 (4)
- July 2025 (5)
- June 2025 (2)
- May 2025 (5)
- April 2025 (5)
- March 2025 (8)
- February 2025 (3)
- January 2025 (2)
- December 2024 (2)
- November 2024 (2)
- October 2024 (3)
- September 2024 (5)
- August 2024 (7)
- July 2024 (5)
- May 2024 (7)
- April 2024 (10)
- March 2024 (10)
- February 2024 (2)
- January 2024 (3)
- December 2023 (5)
- November 2023 (4)
- October 2023 (6)
- September 2023 (4)
- August 2023 (7)
- July 2023 (2)
- June 2023 (3)
- May 2023 (9)
- April 2023 (3)
- March 2023 (8)
- February 2023 (3)
- January 2023 (6)
- December 2022 (8)
- November 2022 (10)
- October 2022 (8)
- September 2022 (7)
- August 2022 (5)
- July 2022 (10)
- June 2022 (2)
- May 2022 (9)
- April 2022 (5)
- March 2022 (11)
- February 2022 (8)
- January 2022 (9)
- December 2021 (14)
- November 2021 (15)
- October 2021 (6)
- September 2021 (6)
- August 2021 (12)
- July 2021 (11)
- June 2021 (14)
- May 2021 (6)
- April 2021 (4)
- March 2021 (6)
- February 2021 (13)
- January 2021 (7)
- December 2020 (5)
- November 2020 (8)
- October 2020 (13)
- September 2020 (9)
- August 2020 (1)
Nightfall™ uses machine learning to identify business-critical data, like customer PII, across your SaaS, APIs, and data infrastructure, so you can manage & protect it.
Our deep learning-based classifiers are trained on massive volumes of data to yield high accuracy. Unlike traditional methods, Nightfall considers the context surrounding a given token in order to accurately classify it. This means Nightfall performs well on unstructured and ambiguous data, which is increasingly common in enterprises today. Nightfall parses and scans 100+ file types, including images, screenshots, compressed folders, PDFs, etc.
Nightfall does not store or track your sensitive data. Our classifications are fed into the Nightfall platform so you can review & remediate the findings, or leverage them in your own way via our REST API.
Discover, classify, and protect your sensitive data:
- Discover: Integrate in minutes with cloud services via APIs to monitor data without agents.
- Classify: Machine learning classifies your sensitive data & PII with high accuracy, so nothing gets missed.
- Protect: Setup automated workflows for quarantines, deletions, alerts, and more - saving you time and keeping your business safe.
Join some of the world's leading enterprises who trust us to protect their mission-critical data.