Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CrowdStrike

AI Tool Poisoning: How Hidden Instructions Threaten AI Agents

Jan 9, 2026 By Vanessa Villa In CrowdStrike
As AI agents become increasingly prevalent across business environments, their security is a pressing concern. Among the insidious threats facing AI agents is tool poisoning, a type of attack that exploits the way AI agents interpret and use tool descriptions to guide their reasoning. In this blog, we explain how AI tool poisoning works, the different forms it can take, and how organizations can strengthen their defenses against this type of attack.
Read Post

Cyber Resilience, AI Threats & Business Impact: Findings from 2025 LevelBlue Futures Report

Jan 9, 2026 By LevelBlue In LevelBlue
Cyberattacks are evolving fast; powered by AI, deepfakes, ransomware, phishing, and growing software supply chain risk. So how prepared is your organization? In this webcast, we breakdown key findings from the 2025 LevelBlue Futures Report (in partnership with FT Longitude). The report is based on a global survey of 1,500 C-suite and senior executives across 16 countries and seven industries, including healthcare, financial services, energy, and manufacturing.
View Video

Jeremy Brown, CTO at GitGuardian, on AI, NonHuman Identities, and the Governance Gap in 2026

Jan 9, 2026 By GitGuardian In GitGuardian
AI isn’t creating new security problems, it’s exposing existing ones at scale. GitGuardian saw 24M secrets leaked on public GitHub last year (+25%), and private repos are far more likely to contain secrets because people get careless when they feel safe. AI also enables more non-developers to ship apps without security training and generates oversized PRs that can’t be realistically reviewed, increasing leak risk. Attackers increasingly don’t “hack”, they use leaked credentials to log in and blend in like normal users, making traditional incident response less effective.
View Video
knowbe4

Defending Against Modern Email Threats With Layered, AI-Driven Security

Jan 8, 2026 By KnowBe4 Team In KnowBe4
Email has been the backbone of business communication for decades and as such, it remains the attacker’s favorite doorway into an organization. Phishing, Business Email Compromise (BEC) and supply-chain attacks continue to rise, with adversaries leveraging AI and compromised accounts to bypass legacy defenses. This presents many challenges for CISOs, IT Directors and SOC teams alike: it seems pretty clear that threats are evolving faster than traditional email security can keep up.
Read Post

Why the Target Breach Wasn't a Detection Failure - It Was Prioritization | Garrett Hamilton at UCI

Jan 8, 2026 By Reach Security In Reach Security
Nicole Perlroth asks Garrett how Reach's involvement would have impacted the breach with Target. Attackers came in through a third-party HVAC vendor. Credentials were compromised. Alerts fired. But nothing rose to the level of urgency it deserved. As Garrett Hamilton explains at UCI, this is where security breaks down—not detection, but prioritization. Most teams keep investing in reacting faster inside the SOC. The harder (and more effective) shift is upstream: reducing the exhaust before it ever hits the console.
View Video
levelblue

When AI Becomes the Insider Threat

Jan 8, 2026 By James Prince In LevelBlue
Remember that annoying ‘paperclip’ in Microsoft Word 97? The one that was always trying to help you…Fast forward nearly 30 years and we now have AI. In the race to adopt artificial intelligence, businesses are embedding AI systems into their daily operations, streamlining workflows, enhancing productivity, and centralizing knowledge. But what happens when that very system becomes an attacker’s most valuable asset?
Read Post
cyberark

Inside CyberArk Labs: the evolving risks in AI, browsers and OAuth

Jan 8, 2026 By Andy Thompson In CyberArk
In 2025, we saw attackers get bolder and smarter, using AI to amplify old tricks and invent new ones. The reality is, innovation cuts both ways. If you have tools, AI is going to make them even more dangerous. Last year proved that every leap forward in technology brings new risks right alongside the rewards. At CyberArk Labs, our mission is to uncover hidden vulnerabilities and provide actionable insights that help organizations fortify their defenses.
Read Post

How to Stop Sensitive Documents From Leaking in Slack, Gmail, and ChatGPT (Demo)

Jan 8, 2026 By Nightfall AI In Nightfall
Your security tools can detect credit card numbers, but they are blind to the files that actually matter. In this demo, we show how sensitive documents like: Internal source code Financial forecasts Performance reviews Customer lists are automatically detected and blocked in Slack, Google Drive, SharePoint, Gmail, and even ChatGPT using Nightfall’s new AI-powered file classifiers. No regex. No keywords. No training data.
View Video
CrowdStrike

CrowdStrike to Acquire SGNL to Secure Every Identity in the AI Era

Jan 8, 2026 By Michael Sentonas In CrowdStrike
I’m excited to announce CrowdStrike’s agreement to acquire SGNL, a leader in identity-first security. This acquisition will extend CrowdStrike Falcon Next-Gen Identity Security to deliver continuous, context-aware authorization for human, non-human, and AI agent identities across SaaS and hyperscaler cloud environments. As risk conditions and threats change, access to applications, data, and AI agents should change with them.
Read Post
protecto

How OWASP Top 10 Maps to Data Exposure Risks: 5 Hidden Threats Explained

Jan 8, 2026 By Protecto In Protecto
Most teams learn the OWASP Top 10 as a list of application security failures. Injection flaws. Broken access control. Security misconfiguration. Items to scan for, remediate, and close before the next audit or penetration test. But data exposure rarely arrives neatly packaged as a single OWASP finding. When sensitive data leaks, it is almost never because one category failed in isolation.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.