Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For this Cybersecurity Awareness Month, we thought it important to draw attention to some of the most common and dangerous API vulnerabilities. This week, we’re starting with Broken Object Level Authorization (BOLA). BOLA vulnerabilities top the OWASP API Top Ten. And for good reason: they’re startlingly prevalent, remarkably easy to exploit, and can have devastating consequences. So, let’s explore what they are, why they matter, and how you can mitigate them.

The AI boom has introduced intelligent tools into most industries, not just in tech-first organizations. But the rising adoption also opens the door to new risks. ‍ Vanta’s AI governance survey found that 63% of organizations rate data privacy and protection as the top concern with AI, followed by security and adversarial threats at 50%. These numbers emphasize how urgently organizations want to prioritize defenses for AI-specific attack vectors.

We are living through the fourth industrial revolution: the age of AI. Just as with the steam, electricity, and the digital revolutions that preceded it, this leap forward requires a parallel leap in security. AI is transforming how businesses operate and how adversaries attack. They are moving at machine speed, compressing the defender’s response window from weeks to mere seconds.

From resetting passwords and approving workflows to pulling HR data and orchestrating cloud infrastructure, AI agents now perform tasks that previously required a human with privileged access. AI has moved beyond the realm of passive chatbots into autonomous, persistent operations, performing work on behalf of an individual or entity. Like it or not, that makes AI agents a new part of your workforce. They hold credentials, trigger workflows, and make their own decisions.

Imagine autonomous agents negotiating and acting on your behalf—no manual hand-offs, just an efficient, policy‑driven communication. That’s the promise of Google’s Agent2Agent (A2A) Protocol, unveiled at Google Cloud Next in April 2025. Developed with input from over 50 partners, A2A is now open-sourced under the Apache 2.0 license and governed by the Linux Foundation.

Eldad Livni is the Co-Founder and Chief Innovation Officer at Torq. Prior to founding Torq, Eldad co-founded and served as CPO of Luminate Security, a pioneer in Zero Trust/SASE. Following Luminate’s acquisition by Symantec, he went on to act as CPO of Symantec’s Zero Trust/Secure Access Cloud offering. The security industry has a new buzzword problem.

In technology, the proof of a lasting relationship is in the infrastructure — the pipelines, security services, and log plumbing have to work seamlessly together long before anyone sees the outcome. That’s precisely what Sumo Logic and AWS have built. Aligned around open standards like OCSF (Open Cybersecurity Schema Framework), integrated with services like Security Hub and GuardDuty, and connected through shared telemetry, it makes cloud security and observability possible at scale.