|
By Chris Martinez
Somewhere in your environment right now, an AI agent is reading files, querying a database, and passing output through a channel your DLP has never seen. It's running under a legitimate user credential, inside a sanctioned tool, and it will not trigger a single alert. When it's done, there will be no record of what it accessed or where that data went. This is not an edge case. It is the default state of most enterprise environments in 2026.
|
By Chris Martinez
AI agents create data exfiltration risk by combining three capabilities that are dangerous together: access to private data, exposure to untrusted content, and the ability to communicate externally. When all three exist in one agent, an attacker can hide instructions inside an email, document, or webpage the agent processes and trick it into sending sensitive data out. No software vulnerability is required. The attacker doesn't need to break in. They just need to talk to your agent.
|
By Chris Martinez
In April 2026, Vercel disclosed that attackers had accessed internal systems and customer credentials — not by breaking into Vercel directly, but by compromising a third-party AI tool one of its employees had connected to their corporate account.
|
By Chris Martinez
On March 24, 2026, thousands of development pipelines ran a routine vulnerability scan. What they actually executed was a credential stealer.
|
By Chris Martinez
A recently patched Google Chrome vulnerability is a signal security leaders cannot ignore. But it's only the beginning of a much larger story. In January 2026, a high-severity vulnerability was disclosed in Chrome's Gemini AI integration: CVE-2026-0628. The flaw allowed a malicious browser extension with only basic permissions to escalate privileges and gain access to a user's camera, microphone, local files, and the ability to screenshot any website, all without user consent. Google patched it quickly.
|
By Chris Martinez
A DLP solution is only as strong as what it can detect. Gaps in detector coverage aren't just a technical inconvenience; they're exposure windows. Every format that goes unrecognized is a policy that can't fire, a remediation that can't happen, and a breach waiting to occur. Three new detectors are now available in Nightfall: personal photos (selfies and headshots), Malaysian Driver's License numbers, and South African National ID numbers.
|
By Chris Martinez
Every new AI feature that ships into a platform your employees already use is a security question your stack probably can't answer yet. It sounds like hyperbole, but it's the structural reality of how AI adoption works in 2026. A recent update to WhatsApp is a useful illustration of why.
|
By Chris Martinez
A sales rep opened Glean—an AI-powered enterprise search platform that connects to your company's SaaS apps and lets anyone query across all of them in natural language—typed "Who are my top 10 customers?" and got a clean, formatted list pulled from Salesforce, cross-referenced with HubSpot, and confirmed against data sitting in Google Drive. They copy-pasted that list into a personal Gmail draft. No alerts fired. No policies triggered. No one noticed. This isn't a hypothetical.
|
By Chris Martinez
When Anthropic announced Claude Code Security on February 20th—a tool that scans codebases for vulnerabilities and suggests patches for human review—the reaction from markets was swift and brutal. Major cybersecurity names watched their stock prices fall by double digits within days. The implied thesis behind the selling: AI can now do what these companies do, so why pay for them? It's a compelling fear and an inaccurate conclusion at the same time. The DLP space is a clear example of why.
|
By Chris Martinez
For 83 days, attackers moved freely through Conduent's systems and exfiltrated 8 terabytes of healthcare records, Social Security numbers, and personal data belonging to tens of millions of Americans. No alarm sounded. No transfer was blocked. The breach was discovered when systems stopped working. Not because anyone detected the data leaving.
|
By Nightfall AI
See how security teams reconstruct insider risk investigations with Nightfall's new Forensic Search feature, going beyond policy alerts to uncover the complete story behind every potential threat. In this 15-minute demo, watch three real-world investigation scenarios: Departing engineer exfiltrating code to personal cloud storage Sales associate moving customer data to USB devices CFO accidentally using shadow IT with sensitive financial data.
|
By Nightfall AI
Get a first look at Nightfall's revolutionary new features that transform how security teams handle insider risk investigations and Gen AI governance. In this product demo, we walk through.
|
By Nightfall AI
See the future of data loss prevention in action. This live demo showcases Nightfall's breakthrough session differentiation technology that intelligently blocks sensitive file uploads to personal cloud accounts while seamlessly allowing them in corporate environments.
|
By Nightfall AI
Tired of drowning in false positives? See how Nightfall's AI-powered detection achieves human-level accuracy and makes DLP automation possible. See three breakthrough capabilities from Nightfall: Prompt-based entity detectors - Protect custom IDs with natural language (no regex!) 23+ AI file classifiers - Detect source code, HR files, customer lists automatically Custom classifiers - Build your own in minutes with one sample file.
|
By Nightfall AI
Your security tools can detect credit card numbers, but they are blind to the files that actually matter. In this demo, we show how sensitive documents like: Internal source code Financial forecasts Performance reviews Customer lists are automatically detected and blocked in Slack, Google Drive, SharePoint, Gmail, and even ChatGPT using Nightfall’s new AI-powered file classifiers. No regex. No keywords. No training data.
|
By Nightfall AI
See how to build a prompt-based custom entity detector in Nightfall that understands context, not just patterns. Using a real healthcare example, you’ll see how prescription numbers are detected accurately while similar-looking data like purchase order numbers are ignored. You’ll see: Why regex breaks down in real workflows How prompt-based detection reduces false positives Creating a custom detector with positive and negative examples Deploying it to Slack and validating results across files.
|
By Nightfall AI
Many sensitive documents don’t fit cleanly into standard categories, and traditional approaches like regex or broad classifiers often create noise and false positives. In this video, we walk through how to use Nightfall’s prompt-based file classifiers to detect business-critical documents based on intent, not brittle patterns or custom model tuning.
|
By Nightfall AI
ZenBusiness has empowered over 850,000 business owners to launch and grow their businesses. And they’re doing it without letting data protection slow them down. With Nightfall AI’s automation-first DLP, ZenBusiness secures critical enterprise apps, resolves issues efficiently, and keeps their focus on delivering value to business owners. Chris Chipman, Enterprise IT Architect at ZenBusiness, calls Nightfall “that extra IT staff member” that runs 24/7, protecting data wherever it goes.
|
By Nightfall
Discover how Nightfall's advanced AI-based detection is transforming the way organizations protect their most valuable digital assets: API keys and passwords. This short demo illustrates where traditional DLP systems fall short and how Nightfall's innovative approach achieves industry-leading precision.
|
By Nightfall
Discover how Nightfall AI's new insider risk feature tackles the growing challenge of shadow AI and unsecured use of generative AI tools in the workplace in our short demo: Experience how Nightfall can help your organization.
- April 2026 (5)
- March 2026 (4)
- February 2026 (6)
- January 2026 (10)
- December 2025 (7)
- November 2025 (8)
- October 2025 (5)
- September 2025 (6)
- August 2025 (4)
- July 2025 (5)
- June 2025 (2)
- May 2025 (5)
- April 2025 (5)
- March 2025 (8)
- February 2025 (3)
- January 2025 (2)
- December 2024 (2)
- November 2024 (2)
- October 2024 (3)
- September 2024 (5)
- August 2024 (7)
- July 2024 (5)
- May 2024 (7)
- April 2024 (10)
- March 2024 (10)
- February 2024 (2)
- January 2024 (3)
- December 2023 (5)
- November 2023 (4)
- October 2023 (6)
- September 2023 (4)
- August 2023 (7)
- July 2023 (2)
- June 2023 (3)
- May 2023 (9)
- April 2023 (3)
- March 2023 (8)
- February 2023 (3)
- January 2023 (6)
- December 2022 (8)
- November 2022 (10)
- October 2022 (8)
- September 2022 (7)
- August 2022 (5)
- July 2022 (10)
- June 2022 (2)
- May 2022 (9)
- April 2022 (5)
- March 2022 (11)
- February 2022 (8)
- January 2022 (9)
- December 2021 (14)
- November 2021 (15)
- October 2021 (6)
- September 2021 (6)
- August 2021 (12)
- July 2021 (11)
- June 2021 (14)
- May 2021 (6)
- April 2021 (4)
- March 2021 (6)
- February 2021 (13)
- January 2021 (7)
- December 2020 (5)
- November 2020 (8)
- October 2020 (13)
- September 2020 (9)
- August 2020 (1)
Nightfall™ uses machine learning to identify business-critical data, like customer PII, across your SaaS, APIs, and data infrastructure, so you can manage & protect it.
Our deep learning-based classifiers are trained on massive volumes of data to yield high accuracy. Unlike traditional methods, Nightfall considers the context surrounding a given token in order to accurately classify it. This means Nightfall performs well on unstructured and ambiguous data, which is increasingly common in enterprises today. Nightfall parses and scans 100+ file types, including images, screenshots, compressed folders, PDFs, etc.
Nightfall does not store or track your sensitive data. Our classifications are fed into the Nightfall platform so you can review & remediate the findings, or leverage them in your own way via our REST API.
Discover, classify, and protect your sensitive data:
- Discover: Integrate in minutes with cloud services via APIs to monitor data without agents.
- Classify: Machine learning classifies your sensitive data & PII with high accuracy, so nothing gets missed.
- Protect: Setup automated workflows for quarantines, deletions, alerts, and more - saving you time and keeping your business safe.
Join some of the world's leading enterprises who trust us to protect their mission-critical data.