|
By Cinthia Portugal
If there's one idea that shaped RSA 2026, it was identity. Vendor booths, keynotes, conversations. All roads led back to the same instinct: control identity, control access, control risk. That instinct is directionally correct. Identity governance is foundational. But identity answers only part of the question agentic AI is asking. Here's the part it doesn't answer: authorization tells you what an agent was permitted to do. It says nothing about whether what it actually did was appropriate.
|
By Ben Kliger
A couple of years ago, AI agent security was a niche conversation. The practitioners who took it seriously were a small group of researchers, a handful of forward-looking CISOs, and a few founders who had watched the attack surface forming in real time. The broader market hadn't caught up yet. It has now. Enterprises are deploying AI agents at scale across platforms. The productivity gains are real. The competitive pressure to adopt is real.
|
By Taylor Roberts
When the US Center for AI Standards and Innovation (CAISI) asked for public input on securing agentic AI systems, the response was massive: over 500 detailed submissions from Fortune 500 companies, defense contractors, AI startups, and cybersecurity firms. The result is substantial insight into how industry views the regulatory challenges of autonomous AI agents and what they think policymakers should do about it.
|
By Greg Zemlin
Gartner named Zenity the company to beat in the AI Agent Governance category in its AI Vendor Race: Zenity Is the Company to Beat in AI Agent Governance report as of 17 April 2026. The evaluation covered technical capabilities, customer implementations, business model, and ecosystem strength. That methodology matters because for us, it means the recognition reflects what the platform actually does in production, not just how well a demo lands.
|
By Chris Hughes
On April 25th, a Cursor AI coding agent running Anthropic's Claude Opus 4.6, one of the most capable models in the industry, deleted the production database for PocketOS, a software platform used by car rental businesses across the country to manage their entire operations. The deletion took 9 seconds.
|
By Ben Kliger
A few years ago, we made a call that most of our industry was not ready to hear. AI agents were going to become the primary way enterprises get work done. Not as a concept, not as a research project, but as the operational reality of how the modern business runs. And the security infrastructure being built around them was designed for something fundamentally different. Prompt filtering. Model safety. Input guardrails.
|
By Greg Zemlin
For years, conversations about AI security risks were framed as forward-looking. Organizations were told to prepare for a future where autonomous agents would act on their behalf, access sensitive systems, and make consequential decisions without human intervention at every step. That future, it turns out, is now.
|
By Tomer Teller
Gartner published the inaugural Hype Cycle for Agentic AI last week (and yes, we’re included in two subcategories - Agentic AI Security and Guardian Agent). A few things worth noting. It's inaugural, Gartner publishes over 130 Hype Cycles a year, and standing up a new one signals that a space has earned its own map. And it dropped in April, months ahead of the June - August window when these things usually appear.
|
By Rock Lambros
The agentic AI security standards your enterprise will adopt in the next 18 months are being written right now, inside working groups most CISOs have never heard of. The Coalition for Secure AI (CoSAI), an OASIS Open Project with more than 45 sponsor organizations, including Google, Microsoft, NVIDIA, IBM, and Meta, is producing the frameworks, reference architectures, and secure design patterns that will define how autonomous agents operate inside enterprise environments.
|
By Chris Hughes
The hype is deafening, the booths were packed, but most of what the industry is calling "agentic AI security" is point products wearing platform clothes. Here is what the real thing requires.
|
By Zenity
Zenity's low-code security research team is exposed to real world low-code applications on a daily basis, and we're glad to share our knowledge in this domain in order to help you to design and develop secure low-code applications.
- May 2026 (4)
- April 2026 (11)
- March 2026 (9)
- February 2026 (3)
- January 2026 (6)
- December 2025 (7)
- November 2025 (6)
- October 2025 (8)
- September 2025 (7)
- August 2025 (1)
- July 2025 (2)
- June 2025 (7)
- May 2025 (5)
- April 2025 (6)
- March 2025 (1)
- February 2025 (3)
- January 2025 (4)
- December 2024 (5)
- November 2024 (2)
- October 2024 (2)
- September 2024 (4)
- July 2024 (3)
- June 2024 (2)
- May 2024 (6)
- April 2024 (2)
- March 2024 (2)
- February 2024 (2)
- January 2024 (3)
- December 2023 (2)
- November 2023 (4)
- October 2023 (1)
- September 2023 (5)
- July 2023 (2)
- June 2023 (3)
- May 2023 (7)
- April 2023 (4)
- March 2023 (3)
- February 2023 (3)
- January 2023 (1)
- December 2022 (1)
- November 2022 (2)
- September 2022 (2)
- August 2022 (1)
- July 2022 (2)
- June 2022 (1)
- May 2022 (3)
- April 2022 (2)
- February 2022 (1)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (3)
Continuously protecting all low-code/no-code applications and components! Design and implement governance policies, identify security risks, detect emerging threats and drive automatic mitigation and response.
Low-code/no-code development and automation platforms are the wave of the future. The largest companies in the world are already adopting low-code/no-code development for their core business units. But with all their benefits, low-code/no-code development brings with it a host of governance challenges and risks that are unaddressed by existing InfoSec and AppSec solutions.
Zenity, the first and only governance and security platform for low-code/no-code applications, creates a win-win environment where IT and information security can give business and pro developers the freedom and independence they want in order to continue pushing their business forward while retaining full visibility and control.
Our Platform:
- Discover: Identify shadow-IT business applications across your low-code/no-code fleet and track sensitive and business data movement.
- Mitigate: Identify insecure, vulnerable and risky configurations. Drive mitigation and remediation immediately.
- Govern: Design policies and implement automatic enforcement. Eliminate risks without disrupting business.
- Protect: Detect suspicious and malicious activity, such as supply-chain attacks, malware obfuscation and data leakage.
Governance and Security for Low-Code/No-Code Applications.