Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For much of security history, one metric dominated: recall. Recall means: of all the sensitive data that exists, how much did you catch? If there are 100 pieces of PII in a document and your system finds 95, your recall is 95 percent. This made sense in the old security world. If a firewall missed a real threat, the company had a serious problem. If it blocked something safe, someone could investigate and fix it.

AI is reshaping the modern workplace. From automating tasks to generating in-depth research in seconds, AI tools are enhancing productivity at a lightning pace. GenAI assistants, agentic browsers, and automation platforms are everyday tools that employees are interweaving into their daily workflows. However, with this powerful new capability comes the serious risk of data loss.

There’s a conversation happening in boardrooms, security operations centers, and developer standups that I find both thrilling and concerning: the conversation about AI-assisted development. Engineering teams are shipping features in hours that once took months. Products that would have required six-month roadmaps are being prototyped in a weekend.

The terminal output was still scrolling when Jer Crane, the founder of PocketOS, realized what had happened. Nine seconds. That is how long it took a coding AI agent to delete his production database, his backups, and three months of operational records. PocketOS was using Cursor for what should have been a routine task in a test environment.

Every week, someone in your organization stands up an AI service. Maybe they told security about it, but probably not. By the time it shows up in your inventory, it has been running for weeks, processing data, calling external APIs, and doing things nobody formally reviewed.

AI adoption in business has moved at a staggering pace. According to a major survey from The Conversation, 58% of global employees are intentionally using AI at work. That same study revealed an alarming trend: 66% of global employees have used unapproved AI tools, while only 34% say their company has put in place rules to govern AI usage. This use — and potential misuse — of AI systems is the latest and most complex threat facing businesses today.

Clinicians are pasting patient summaries into ChatGPT to draft discharge instructions. Billing staff are uploading claim data to AI writing tools to speed up appeals letters. Nurses are using consumer AI assistants to look up drug interactions between patient visits. None of this was approved by the security team, and most of it would surprise the compliance officer.

On May 25, 2026, the maintainer of jqwik, a Java property-based testing library, released version 1.10.0 to Maven Central with a hidden instruction intended for AI coding agents. The payload told agents to disregard previous instructions and delete all jqwik tests and code. It was hidden from humans with ANSI terminal codes but left fully readable to any tool that captures raw output.

Single Sign-On (SSO) means fewer password headaches, faster access, and better security for human users. But the same cannot be said for AI agents. SSO, a core part of Identity and Access Management (IAM), which was initially built for humans, can no longer be used for AI agents. For humans, it was quite simple - just log in once, and authenticate across connected apps. However, when an AI agent tries to authenticate the same way, the traditional access model breaks fast.