Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We recently published a series of polls across our social channels to get a pulse on some of today’s application security concerns with AI. These recent conversations with our community reveal a clear and urgent shift in the application security landscape. Results show that while established challenges like software supply chain security remain top of mind, the rapid pace of AI has created a new center of gravity for anxiety.

Managing access can become tedious and clunky. Someone always ends up with too much power, someone else is locked out when something’s on fire, and no one remembers who approved what in the first place. It’s the slow creep of “we’ll fix it later.” However, that “later” is catching up.

SOAR was created to help security teams work faster and more consistently by automating and orchestrating core security operations. It has always had to adapt to new and evolving technologies, but our current AI era has brought about a turning point. As cloud environments scale, manual playbooks can’t keep up. Now, it’s not enough to automate. We need systems that can understand the context they’re running in and adapt accordingly.

The Securonix Threat Research team has analyzed a sophisticated web-based multi-stage malware campaign. The attack chain unfolds across three distinct stages: (1) an obfuscated JavaScript loader injected into a compromised website, (2) a stealthy HTA (HTML Application) that executes encrypted PowerShell stagers via mshta.exe, and (3) a final PowerShell payload that downloads, extracts, executes, and establishes persistence for a Windows-based remote access Trojan.

Agentic browsers are quickly becoming part of everyday work. Tools like ATLAS, Comet, and Dia can read web content, navigate SaaS tools, interpret instructions, and act on behalf of a user. They promise faster execution and higher productivity but they also introduce new risks that traditional security tools are not designed to see. As these browser-based agents spread across both managed and unmanaged devices, the enterprise attack surface grows in ways that most teams can’t quantify.

AI agents are increasingly connecting to more systems and workflows. They read structured data, follow multi-step instructions, and can reach deep into applications and developer environments. The same capabilities that make them powerful also create new opportunities for attackers. As Zenity Labs continued to study these emerging attack classes, we noticed a pattern starting to appear.

Data is never the problem. Security teams rarely complain about having too much of it. The real danger comes from data that sits unconnected and unexplained. What teams actually need is data that is actionable and converges into meaning. Data that cuts deeper than surface level signals. Data that reveals what is unfolding and what needs to happen next.

Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits a high level of technical sophistication, advanced operations security (OPSEC) skills, and extensive knowledge of cloud and virtual machine (VM) environments.

The rapid adoption of AI has introduced a new, semantic attack vector that many organizations are ill-prepared to defend against: prompt injection. While many security teams understand the threat of direct prompt injection attacks against AI agents developed by their organizations, another more subtle threat lurks in the shadows: indirect prompt injection attacks.

Technology is part of everyday life, offering connection and convenience. For many women and girls experiencing gender based violence in the UK, that same technology is increasingly used as a tool of control, surveillance and harm. Understanding how this abuse works is essential for safeguarding and accountability.