Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your AI Agent just updated a vendor’s payment details in your Enterprise Resource Planning (ERP) system based on a seemingly harmless prompt. No data was exfiltrated. No access policy was violated. But now, a $250,000 payment is sitting in a fraudulent bank account. This is the new face of AI risk. As enterprises adopt AI Agents - either off the shelf or custom built, security teams are facing a fast-moving shift.

For years, vulnerability scanners have been the cornerstone of enterprise security programs. But as organizations scaled, and as infrastructure, applications, and attack surfaces diversified, the single-scanner model broke down. Security teams now face a fragmented reality. Data pours in from dozens of sources: endpoint detection tools, cloud security platforms, application security testing, and more. Each of these systems generates findings with its own schema, priorities, and assumptions. The result?

Chroma is an open-source vector store–a database designed to allow LLM chatbots to search for relevant information when answering a user’s question–and one of many technologies that have seen adoption grow with the recent AI boom. Like many databases, Chroma can be configured by end users to lack authentication and authorization mechanisms.

How many times have you experienced this scenario at work? A hot new AI tool emerges, promising game-changing productivity and innovative features. You can’t wait to try it out in your own workflow. But what is often your security team’s first instinct? Block it.

‍Cybersecurity governance, risk, and compliance (GRC) programs are gaining institutional support, with 61% of respondents from Sprinto's "Pulse of Cyber GRC Report 2025" claiming that embedding GRC into their business strategy is one of their organization's top priorities. Even so, only 53% state that they are doing so effectively, highlighting the prevalent gap that exists in the cybersecurity world between intention and execution.

‍ ‍The European Central Bank (ECB), tasked with maintaining financial stability in the region, is changing how it supervises institutional resilience. According to a July 2025 Reuters report, banks across the Eurozone are being asked explicitly to model how large-scale disruptions, including geopolitical conflict, potential dollar shortages, and cyber incidents, could impact their capital reserves.

Your vendors are essential partners, but they could also be your organization's biggest hidden security risk. A robust vendor review process is the key to ensuring onboarded vendors align with your cybersecurity standards and don't increase your likelihood of suffering a data breach. This guide outlines everything you need to know to build a structured, repeatable, and scalable vendor security review process.

Welcome to 2025, where thousands of internet-connected cameras meant to protect us are actually putting us at risk. In our latest research at Bitsight TRACE, we found over 40,000 exposed cameras streaming live on the internet. No passwords. No protections. Just out there. We first raised the alarm in 2023, and based on this latest study, the situation hasn’t gotten any better.