Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The term AI agent is dominant in current cybersecurity discourse. Vendors, analysts, and CISOs all use the label, yet technical confusion remains regarding how agents actually operate and where the security risks reside. Beneath the surface-level familiarity, there is often significant confusion about what an AI agent actually is, how it operates technically, and most importantly for security teams, where the risk actually lives.

Microsoft Entra ID Privileged Identity Management is designed to bring structure to privileged access inside Microsoft environments. It allows organizations to make roles eligible, require activation, and enforce approval workflows. Within Azure, it performs that role predictably. The challenge begins when engineering workflows extend beyond Azure. Modern infrastructure rarely lives in a single ecosystem.

For a brief window, a widely used open source package in the AI ecosystem was compromised with credential-stealing malware. LiteLLM, a model gateway used to route requests to more than 100 LLM providers, has been downloaded millions of times per day. In that short window, the malicious versions were likely pulled tens of thousands of times before being caught.

A recently patched Google Chrome vulnerability is a signal security leaders cannot ignore. But it's only the beginning of a much larger story. In January 2026, a high-severity vulnerability was disclosed in Chrome's Gemini AI integration: CVE-2026-0628. The flaw allowed a malicious browser extension with only basic permissions to escalate privileges and gain access to a user's camera, microphone, local files, and the ability to screenshot any website, all without user consent. Google patched it quickly.

Walking the halls of Moscone Center last week, the energy was high, but the conversation had a notably different edge than last year. In 2025, everyone was asking, "What can AI do?" This year, "How can we trust it?" As the theme "The Power of Community" echoed across the keynotes, one thing became clear: a community is only as strong as its foundation. For network and cybersecurity professionals to truly operate as one, we must move beyond fragmented data to a single, trusted source of truth.

Amazon GuardDuty enhances detection efficacy with Sophos threat intelligence Amazon has integrated Sophos threat intelligence into Amazon GuardDuty, expanding the breadth and accuracy of malicious threat detection for customers running workloads on Amazon Web Services (AWS). Threat intelligence is a cornerstone of effective cyber defenses. The higher the quality of intelligence, the faster security teams can detect, investigate, and block malicious activities.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo John White is the Field CISO for EMEA at Torq. A respected security executive with more than 20 years of leadership experience, John previously served as CISO at Virgin Atlantic, where he led a multi-year transformation deploying the Torq AI SOC Platform to modernize cyber operations.

Effective January 1, 2026, Mexico’s Ley Aduanera (Customs Law) has dramatically increased documentation requirements for anyone importing or exporting through Mexico. If you move goods through Mexico, the increased documentation requirements can become a compliance risk if you’re not set up to both collect and verify the validity of documents.

Welcome to the team! New hires hear this phrase often during their first few weeks on the job. Onboarding new employees is essential as it sets the tone for company culture, expectations, and values. You use this time to teach new employees about their roles, workplace conduct, and benefits. But one critical value often gets left off the HR checklist: cybersecurity awareness. Protecting sensitive data is no longer just the IT department’s job.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Be careful of what you commit to version control.