MITRE ATLAS catalogs sixteen tactics and eighty-four techniques adversaries use against AI systems, including fourteen agent-focused techniques added through the October 2025 Zenity Labs collaboration. It is the canonical taxonomy a security architect’s CISO, auditor, or RFP will name. It is not a detection plan. ATLAS organizes around adversary objectives.

Empowering your team starts long before a project kickoff or a performance review. It starts with clarity. A comprehensive employee handbook is one of the simplest ways to give people that clarity, and this template makes it much easier to do well. Companies typically give the handbook to new hires during onboarding so they understand their role, rights, and responsibilities from day one.

Five years ago, enterprise ransomware risk was mostly a perimeter problem. Today it’s an identity problem, a visibility problem, and a cloud configuration problem, all at once. Hybrid work and cloud adoption didn’t just shift where people work. They fundamentally changed where ransomware attacks begin, how far they reach, and how long they go undetected.

Security leaders don't struggle to justify the need for insider risk management (IRM). They struggle to justify the budget. When the CFO or board asks why you're spending seven figures on a program to monitor your own employees, "because insider threats are real" isn't enough. Cyberhaven data shows office-based employees are 77% more likely to exfiltrate sensitive data than remote workers, and that risk spikes further during offsite logins and workforce transitions.

AI tools are moving faster than the security controls meant to govern them.In this episode of Defender Fridays, Cisco's Cybersecurity Technical Solutions Architect Katherine McNamara walks through changes in the threat landscape as organizations rush to integrate AI without applying basic security discipline. When Katherine meets with customers to discuss AI security, the conversation almost always starts and ends in the same place: data leakage. Someone might upload sensitive files to a public LLM.

A newly disclosed privilege-escalation flaw in Microsoft Active Directory Domain Services (AD DS) is a timely reminder that identity infrastructure continues to be one of the most consequential attack surfaces in any enterprise. CVE-2026-25177, rated HIGH with a CVSS score of 8.8, allows an authenticated domain user to escalate their privileges over the network without any elevated starting point or user interaction.

It usually starts the same way. The CISO comes back from a board meeting having signed off on agentic AI for production. The SOC lead is told, in roughly that many words, to build detection for the agents. And the security stack she has — CNAPP for posture, EDR on the nodes, container runtime sensors, a SIEM ingesting everything — was architected before AI agents existed as a workload class.