|
By Chris Hughes
On April 25th, a Cursor AI coding agent running Anthropic's Claude Opus 4.6, one of the most capable models in the industry, deleted the production database for PocketOS, a software platform used by car rental businesses across the country to manage their entire operations. The deletion took 9 seconds.
|
By Ben Kliger
A few years ago, we made a call that most of our industry was not ready to hear. AI agents were going to become the primary way enterprises get work done. Not as a concept, not as a research project, but as the operational reality of how the modern business runs. And the security infrastructure being built around them was designed for something fundamentally different. Prompt filtering. Model safety. Input guardrails.
|
By Greg Zemlin
For years, conversations about AI security risks were framed as forward-looking. Organizations were told to prepare for a future where autonomous agents would act on their behalf, access sensitive systems, and make consequential decisions without human intervention at every step. That future, it turns out, is now.
|
By Tomer Teller
Gartner published the inaugural Hype Cycle for Agentic AI last week (and yes, we’re included in two subcategories - Agentic AI Security and Guardian Agent). A few things worth noting. It's inaugural, Gartner publishes over 130 Hype Cycles a year, and standing up a new one signals that a space has earned its own map. And it dropped in April, months ahead of the June - August window when these things usually appear.
|
By Rock Lambros
The agentic AI security standards your enterprise will adopt in the next 18 months are being written right now, inside working groups most CISOs have never heard of. The Coalition for Secure AI (CoSAI), an OASIS Open Project with more than 45 sponsor organizations, including Google, Microsoft, NVIDIA, IBM, and Meta, is producing the frameworks, reference architectures, and secure design patterns that will define how autonomous agents operate inside enterprise environments.
|
By Chris Hughes
The hype is deafening, the booths were packed, but most of what the industry is calling "agentic AI security" is point products wearing platform clothes. Here is what the real thing requires.
|
By Greg Zemlin
One man’s perspective on RSA 2026 and what the AI agent security market actually looks like up close. Every year at RSA, there's a theme, not the official one printed on the lanyards, but the real one. The one that shows up in every booth conversation, every hallway argument, every dinner where people finally say what they wouldn't say on a panel. A few years back, it was cloud. Then zero trust took over and held the room for a while. XDR came through and confused everyone. Identity had its moment.
|
By Dina Durutlic
Conversations at RSA 2026 circled back to the same topic: identity is the foundation of AI agent security. While it’s understandable, it’s the wrong way to look at things. Identity tells you who showed up. It says nothing about whether what they did made sense.
|
By Rock Lambros
Cisco polled its major enterprise customers before RSA 2026 and found something astounding. 85% of large enterprises are experimenting with AI agents. Only 5% have moved them into production. That's not a technology gap. The models work. The tools exist. The 80-point spread between experimentation and production is a governance gap. It's also a context gap.
|
By Ben Hanson
Organisations deploying agents face a challenge: the predominant AI frameworks most organisations rely on do not explicitly address agentic AI. This is true for the big three: ISO 42001, NIST's AI Risk Management Framework (RMF), and the EU AI Act.
|
By Zenity
Zenity's low-code security research team is exposed to real world low-code applications on a daily basis, and we're glad to share our knowledge in this domain in order to help you to design and develop secure low-code applications.
- April 2026 (11)
- March 2026 (9)
- February 2026 (3)
- January 2026 (6)
- December 2025 (7)
- November 2025 (6)
- October 2025 (8)
- September 2025 (7)
- August 2025 (1)
- July 2025 (2)
- June 2025 (7)
- May 2025 (5)
- April 2025 (6)
- March 2025 (1)
- February 2025 (3)
- January 2025 (4)
- December 2024 (5)
- November 2024 (2)
- October 2024 (2)
- September 2024 (4)
- July 2024 (3)
- June 2024 (2)
- May 2024 (6)
- April 2024 (2)
- March 2024 (2)
- February 2024 (2)
- January 2024 (3)
- December 2023 (2)
- November 2023 (4)
- October 2023 (1)
- September 2023 (5)
- July 2023 (2)
- June 2023 (3)
- May 2023 (7)
- April 2023 (4)
- March 2023 (3)
- February 2023 (3)
- January 2023 (1)
- December 2022 (1)
- November 2022 (2)
- September 2022 (2)
- August 2022 (1)
- July 2022 (2)
- June 2022 (1)
- May 2022 (3)
- April 2022 (2)
- February 2022 (1)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (3)
Continuously protecting all low-code/no-code applications and components! Design and implement governance policies, identify security risks, detect emerging threats and drive automatic mitigation and response.
Low-code/no-code development and automation platforms are the wave of the future. The largest companies in the world are already adopting low-code/no-code development for their core business units. But with all their benefits, low-code/no-code development brings with it a host of governance challenges and risks that are unaddressed by existing InfoSec and AppSec solutions.
Zenity, the first and only governance and security platform for low-code/no-code applications, creates a win-win environment where IT and information security can give business and pro developers the freedom and independence they want in order to continue pushing their business forward while retaining full visibility and control.
Our Platform:
- Discover: Identify shadow-IT business applications across your low-code/no-code fleet and track sensitive and business data movement.
- Mitigate: Identify insecure, vulnerable and risky configurations. Drive mitigation and remediation immediately.
- Govern: Design policies and implement automatic enforcement. Eliminate risks without disrupting business.
- Protect: Detect suspicious and malicious activity, such as supply-chain attacks, malware obfuscation and data leakage.
Governance and Security for Low-Code/No-Code Applications.