Technology

Shadow MCP Servers: The AI Infrastructure You Can't See

May 20, 2026 By Shane Moosa In UpGuard

In 2012, the "Shadow IT" crisis was employees putting files in Dropbox for convenience. In 2026, the crisis is Shadow MCP. Instead of a simple file storage app, security teams are now facing unvetted AI agents with the power to read from and write to internal systems. These servers are often running on infrastructure that was never reviewed, never approved, and remains entirely invisible to governance.

Read Post

UpGuard

Read more about Shadow MCP Servers: The AI Infrastructure You Can't See

Next.js Vulnerability Exposes Credentials and Protected Data - Why Runtime API Security Matters

May 20, 2026 By AppSentinels In AppSentinels

A newly disclosed security issue, tracked as CVE-2026-44578, affecting Next.js applications is raising concerns across the developer and security communities after researchers identified multiple authorization bypass and middleware evasion paths that could expose protected application data and credentials. The vulnerabilities impact several versions of Next.js and allow attackers to bypass middleware-based authorization controls using crafted requests and route manipulation techniques.

Read Post

AppSentinels

Read more about Next.js Vulnerability Exposes Credentials and Protected Data - Why Runtime API Security Matters

Stanford's AI Index Report 2026 meets the security reality in financial services

May 20, 2026 By Karen Mcdermott In Elastic

AI is transforming banking. But without security and data readiness, it accelerates risk as much as innovation.

Read Post

Elastic

Read more about Stanford's AI Index Report 2026 meets the security reality in financial services

Why AI Alone Isn't Improving Vulnerability Remediation

May 20, 2026 By Jessica Amado In Seemplicity

AI is widely used in exposure management, but most implementations stop at prioritization and analysis. While AI improves visibility and decision-making, remediation still depends heavily on manual ownership, coordination, and inconsistent processes. To truly improve vulnerability remediation outcomes, AI needs to extend into the execution layer, helping identify owners, define remediation plans, and deliver fix-ready work that turns decisions into action.

Read Post

Seemplicity

Read more about Why AI Alone Isn't Improving Vulnerability Remediation

LLM Access Controls and Audit Logging for Security Teams: A Practitioner's Guide

May 20, 2026 By Cyberhaven In Cyberhaven

Most organizations have an acceptable use policy for AI tools. Very few have controls that actually enforce it. The gap between what the policy says and what security teams can detect is where insider risk lives when it comes to large language model (LLM) usage.

Read Post

Cyberhaven

Read more about LLM Access Controls and Audit Logging for Security Teams: A Practitioner's Guide

Why AI-era attacks demand deterministic defense

May 20, 2026 By Thomas Kinsella In Tines

The security industry spent a good chunk of early 2026 debating whether Anthropic’s Mythos and OpenAI’s Daybreak are truly dangerous or just good marketing. It's a reasonable debate. But while we're having it, attackers are asking a different question: how do we use tools like this to move faster than defenders can respond?

Read Post

Tines

Read more about Why AI-era attacks demand deterministic defense

What it took to get 90% of Tines using AI workflows in production

May 20, 2026 By Blake Coolidge In Tines

Every conversation I have with CIOs and IT leaders right now starts the same way. They're not short on activity. They've got pilots running, tools deployed, teams experimenting. What they don't have is much to show for it. The data backs it up: 92% of companies are ramping AI investment right now. Only 1% consider themselves mature.

Read Post

Tines

Read more about What it took to get 90% of Tines using AI workflows in production

AI Agents, Enterprise Scale, No Compromises: Now via AWS

May 20, 2026 By Ben Kliger In Zenity

A couple of years ago, AI agent security was a niche conversation. The practitioners who took it seriously were a small group of researchers, a handful of forward-looking CISOs, and a few founders who had watched the attack surface forming in real time. The broader market hadn't caught up yet. It has now. Enterprises are deploying AI agents at scale across platforms. The productivity gains are real. The competitive pressure to adopt is real.

Read Post

Zenity

Read more about AI Agents, Enterprise Scale, No Compromises: Now via AWS

The Authorization Trap: Why Your IAM Controls Don't Cover AI Agent Risk

May 20, 2026 By Cinthia Portugal In Zenity

If there's one idea that shaped RSA 2026, it was identity. Vendor booths, keynotes, conversations. All roads led back to the same instinct: control identity, control access, control risk. That instinct is directionally correct. Identity governance is foundational. But identity answers only part of the question agentic AI is asking. Here's the part it doesn't answer: authorization tells you what an agent was permitted to do. It says nothing about whether what it actually did was appropriate.

Read Post

Zenity

Read more about The Authorization Trap: Why Your IAM Controls Don't Cover AI Agent Risk

Govern AI agents the right way with Identity Manager by One Identity

May 20, 2026 By One Identity In One Identity

AI agents are becoming an inseparable part of identity governance, sometimes being created by other AI agents and acting proactively across platforms at machine speed — but who’s watching them? Identity Manager 10.0 by One Identity answers that question. Hear Ingrid Thorpe, director of product management for Identity Manager, explore how the solution governs agentic workflows, tackles agent-specific risks and integrates across cloud and enterprise platforms, holding non-human identities (NHIs) accountable.

View Video