Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Enterprise AI agent adoption has created a massive blind spot: 83% of organizations have no visibility into what their AI agents are doing, while 86% lack visibility into their AI data flows. With 1 in 3 enterprise employees now using an AI assistant daily — mostly without security governance — this visibility gap has become a critical enterprise risk. The security industry's response splits into two distinct layers.

As we speak, bad actors are using AI agents to do their dirty work. Our own research tells us 85.8% of phishing attacks were AI-driven in the past 12 months. Agentic power is helping social engineering and malware get smarter, faster and harder to detect. But enough of what you probably already know. Let’s talk about how we can address these risks. Our CISO Advisor Dr. Martin Kraemer wrote recently about AI agents being used for good.

Phishing attacks are evolving faster than traditional training programs can keep up. Advances in AI — including generative tools — are making attacks more dynamic, personalized, and harder to detect. At the same time, agentic AI for phishing security training is reshaping how programs improve, enabling them to adapt to user behavior and shifting risk in real time.

When the weather starts to get warmer, it is a sign that summer time is around the corner. But just as the weather heats up and travel plans get booked, scammers capitalize on the season by performing nefarious schemes to separate victims from their money and other valuables. Recent McAfee research found that more than one in three Americans have experienced a travel-related cyberthreat, with 41% of those affected losing money, often costing victims over $500.

You can add verified AI skills to your LinkedIn profile. Certifications proving you know how to use the latest tools. This shows progress, but it is only half the problem. While we are getting very good at verifying what people know, we still have almost no way to verify how they behave. In hiring, we obsess over skills and experience, and ponder cultural fit. We run background checks. We validate credentials.

Organizations are rapidly deploying autonomous and semi-autonomous AI agents that can make decisions, execute tasks and interact directly with systems without constant human oversight. That shift is driving investment, with the global agentic AI in cybersecurity market projected to grow to $322.39 billion by 2033. The surge represents enormous gains in efficiency and agility — and also signals a dramatic increase in risk.

AI-generated fraud schemes are now the dominant type of fraud, according to a new report from AU10TIX. AI-assisted forgeries overtook physical manipulation for the first time, as these tools allow attackers to fool humans and technology with very little manual effort.

Email is one of the primary ways people share information, connect with customers and get work done. It is also one of the easiest channels for risk to slip in. A mistyped address, an exposed attachment, a missed opt-out, or a rushed response to a phishing message can all lead to serious problems. That is why email compliance matters. It helps define how your organization handles email, what is allowed and how to report on activity when something goes wrong.

Imagine you give an AI agent permission to triage support tickets. A few weeks later, it’s accessing a system no one intended it to reach, putting the data within at risk of exposure or misuse. Nothing dramatic happens at the moment. That’s what makes the risk tricky. AI agents don’t wait for approval the way traditional systems do, and they move faster than the controls you’ve set around them.

Researchers at Malwarebytes warn that a fake ChatGPT download site is delivering malware. The attackers use sponsored results and SEO manipulation to target users who search for “ChatGPT download.” The phishing page is a convincingly spoofed version of the legitimate ChatGPT website, which delivers malware tailored to Windows or Mac users.