Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Apr 2, 2026 Mastering Software Supply Chain Management in 2026 Read More Natalie Tischler Mar 31, 2026 Why Security Debt Should Be a Board-Level Priority Read More Natalie Tischler Mar 26, 2026 Prioritize, Protect, Prove: A Roadmap for Application Security Transformation Read More Natalie Tischler.

To support enterprise workflows like monitoring systems, triaging support tickets, and automating routine work, AI agents need access to the same sensitive systems employees use, including databases, APIs, SaaS tools, and internal infrastructure. However, many of these systems still rely on shared passwords, API keys, tokens, and other credential-based access paths that are difficult to manage and control.

Most organizations already have the policies they need in place. The problem is enforcement.

The term AI agent is dominant in current cybersecurity discourse. Vendors, analysts, and CISOs all use the label, yet technical confusion remains regarding how agents actually operate and where the security risks reside. Beneath the surface-level familiarity, there is often significant confusion about what an AI agent actually is, how it operates technically, and most importantly for security teams, where the risk actually lives.

Microsoft Entra ID Privileged Identity Management is designed to bring structure to privileged access inside Microsoft environments. It allows organizations to make roles eligible, require activation, and enforce approval workflows. Within Azure, it performs that role predictably. The challenge begins when engineering workflows extend beyond Azure. Modern infrastructure rarely lives in a single ecosystem.

For a brief window, a widely used open source package in the AI ecosystem was compromised with credential-stealing malware. LiteLLM, a model gateway used to route requests to more than 100 LLM providers, has been downloaded millions of times per day. In that short window, the malicious versions were likely pulled tens of thousands of times before being caught.

A recently patched Google Chrome vulnerability is a signal security leaders cannot ignore. But it's only the beginning of a much larger story. In January 2026, a high-severity vulnerability was disclosed in Chrome's Gemini AI integration: CVE-2026-0628. The flaw allowed a malicious browser extension with only basic permissions to escalate privileges and gain access to a user's camera, microphone, local files, and the ability to screenshot any website, all without user consent. Google patched it quickly.

Walking the halls of Moscone Center last week, the energy was high, but the conversation had a notably different edge than last year. In 2025, everyone was asking, "What can AI do?" This year, "How can we trust it?" As the theme "The Power of Community" echoed across the keynotes, one thing became clear: a community is only as strong as its foundation. For network and cybersecurity professionals to truly operate as one, we must move beyond fragmented data to a single, trusted source of truth.

Amazon GuardDuty enhances detection efficacy with Sophos threat intelligence Amazon has integrated Sophos threat intelligence into Amazon GuardDuty, expanding the breadth and accuracy of malicious threat detection for customers running workloads on Amazon Web Services (AWS). Threat intelligence is a cornerstone of effective cyber defenses. The higher the quality of intelligence, the faster security teams can detect, investigate, and block malicious activities.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo John White is the Field CISO for EMEA at Torq. A respected security executive with more than 20 years of leadership experience, John previously served as CISO at Virgin Atlantic, where he led a multi-year transformation deploying the Torq AI SOC Platform to modernize cyber operations.