Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The most dangerous attacker inside your OT network right now may not have brought a single piece of malware with them. They’re using your own tools. Your own administrative credentials. Your own scheduled tasks and remote management utilities to execute malicious commands, move laterally, and quietly pre-position for a future disruption. This is living-off-the-land (LOTL), the dominant attack technique in critical infrastructure targeting today.

Let’s be honest. EDR has improved endpoint security dramatically over the last few years. It catches malware, blocks suspicious processes, and alerts on abnormal behavior. But no tool is perfect. Every detection model has blind spots. Attackers know this. They test environments. They move carefully. They use living-off-the-land techniques, stolen credentials, and legitimate tools. Sometimes, they move in ways that don’t immediately trigger alarms.

LimaCharlie's Agentic SecOps Workspace (ASW) is a platform where AI doesn't just advise, it acts. By connecting to your security infrastructure via API, the ASW executes operations end-to-end at a fraction of the cost of traditional AI SOC platforms. The result is genuine AI security automation that operates independently and serves as a force multiplier, giving every analyst on your team access to senior-level expertise. Alert fatigue is one of the most persistent challenges in security operations.

Earlier this year, AWS experienced a 13-hour outage that was reportedly linked to one of its own internal AI coding tools. Apparently, their Kiro agentic coding tool thought that there was an issue with the code in the environment, and that the best way to fix it was to simply burn it to the ground.

You track your web applications. You inventory your APIs. But is anybody monitoring your AI servers? Just last week research found that there were more than 175,000 exposed versions of Ollama, an AI server popular for self-hosting LLMs. Across enterprises, self-hosted model servers are being deployed on cloud VMs and GPU-backed instances to power copilots, internal automation, and experimental AI features.

Editor's note: The following guest contribution is by Tanium Domain Acrchitect, Jim Kelly Think about your last security event. Was your team confident nothing was missed? Were there questions about where else this could have left persistence? Most often we are left with uncertainty. That uncertainty can show up in every serious incident. An alert fires, the SOC responds. The immediate threat looks like it is contained.

How a routine calendar invite enabled silent local file access and data exfiltration Note: This post is part of a coordinated disclosure by Zenity Labs detailing the PleaseFix vulnerability family affecting the Perplexity Comet Agentic Browser. This blog focuses on browser-level autonomous agent execution and session compromise.

A sales rep opened Glean—an AI-powered enterprise search platform that connects to your company's SaaS apps and lets anyone query across all of them in natural language—typed "Who are my top 10 customers?" and got a clean, formatted list pulled from Salesforce, cross-referenced with HubSpot, and confirmed against data sitting in Google Drive. They copy-pasted that list into a personal Gmail draft. No alerts fired. No policies triggered. No one noticed. This isn't a hypothetical.