CSOonline

For a long time, cybersecurity was pretty straightforward: Guard the edges, and everything inside should be fine. Firewalls, DMZs, VPNs — these were the go-to tools. Back then, it worked. Apps lived in data centers, and everyone showed up at the office. But that world disappeared before most companies even noticed. Remote work, cloud adoption and distributed applications slowly dissolved the network edge. And attackers took advantage of that gap long before defenders adapted. Verizon’s annual Data Breach Investigations Report repeatedly shows that a large portion — often over 80% — of modern breaches involve compromised credentials, not network flaws. That number says a lot. It tells us the perimeter didn’t just shift — it collapsed around identity. The old perimeter: Strong walls, weak assumptions Traditional security assumed one thing: “If someone is inside the network, they can be trusted.” That assumption worked when offices were closed environments and systems lived behind a single controlled gateway. But as Microsoft highlights in its Digital Defense Report, attackers have moved almost entirely toward identity-based attacks because stealing credentials offers far more access than exploiting firewalls. In other words, attackers stopped trying to break in. They simply started logging in. Cloud + remote work = No perimeter Now, with remote work and the cloud, there’s no real perimeter left. People connect from home Wi-Fi, personal laptops, airports, coffee shops — you name it. At the same time, company data and workloads are scattered across AWS, Azure, Google Cloud and various SaaS platforms. The old rules just don’t fit anymore. There is no single “inside” anymore. There is only identity — the user behind the request. This is why modern security frameworks, including NIST’s Zero Trust Architecture guidelines (SP 800-207), emphasise identity as the primary control point rather than the network. Identity is now the primary attack surface Identity brings convenience, but it also brings complexity — and complexity attracts attackers. People reuse passwords. MFA fatigue attacks work far too often. Privileged accounts get over-granted. Contractors keep access long after their projects end. Service accounts multiply with no owner. Okta’s recent State of Identity Security report points out that identity misuse has become one of the fastest-growing attack vectors in enterprises. Identity is no longer just a log-in step. It’s now the attacker’s first target. Zero trust made identity the first door to lock Zero trust isn’t about paranoia. It’s about verification. Never trust, always verify only works if identity sits at the center of every access decision. That’s why CISA’s zero trust maturity model outlines identity as the foundation on which all other zero trust pillars rest — including network segmentation, data security, device posture and automation. A strong identity-based perimeter includes: MFA everywhere SSO to reduce password fatigue Role-based access controls Privileged Access Management Device trust tied to user identity Continuous monitoring of user behaviour Adaptive, risk-based access policies This isn’t the future — this is what’s expected today. Identity done right requires real discipline When identity becomes the perimeter, it can’t be an afterthought. It needs to be treated like core infrastructure. That means: Identity has to be engineered, not patched together. Lifecycle processes must be streamlined — joiners, movers and leavers must be tightly controlled. Privilege needs to be what people earn, not what they start with. Excess-access is still one of the top contributors to breaches. Authentication methods need to evolve yearly. Static MFA policies won’t survive dynamic threats. Monitoring must follow behavior, not networks. Suspicious activity often hides in user patterns, not traffic flows. Identity ownership must be shared across security, IT and the business. Identity doesn’t succeed unless everyone is accountable. Gartner has been emphasising this shift for years, calling identity “the new security perimeter” in multiple research publications aimed at CISOs and enterprise architects Where we’re heading next Identity is already at the centre of modern cybersecurity, but its role is only going to grow stronger. Over the next few years: Passwords will fade out in favour of passkeys and biometrics. Machine identities will become as critical as human identities. Access decisions will adapt in real time based on behaviour. Identity platforms will become the central nervous system of enterprise security. Zero Trust will mature from architecture diagrams into everyday practice. Organizations that invest in strong identity foundations won’t just improve security — they’ll improve operations, compliance, resilience and trust. Because when identity is solid, everything else becomes clearer: who can access what, who is responsible for what and where risk actually lives. The companies that struggle will be the ones trying to secure a world that no longer exists — a perimeter that disappeared years ago. Identity isn’t just the new perimeter. It’s the new beginning. Everything starts here now. This article is published as part of the Foundry Expert Contributor Network. Want to join? View the full article

MirasWonderland – shutterstock.com Mit einem gefälschten Video des bekannten Unternehmers Reinhold Würth versuchen Betrüger derzeit, Nutzer im Internet zu dubiosen Geldanlagen zu verleiten. In dem täuschend echt wirkenden Clip lädt eine mutmaßlich mit Hilfe von Künstlicher Intelligen (KI) generierte Version des Milliardärs zu einem vermeintlich exklusiven Investment ein. Im Hintergrund sieht man ein Regal mit Produkten des Handelskonzerns. Das Versprechen: Schnelle Gewinne schon bei geringen Einsätzen. Die Gruppe bestätigte, dass es sich um eine Fälschung handelt. Zuvor hatten mehrere Medien berichtet. Reinhold Würth stehe in keinerlei Verbindung zu derartigen Angeboten, teilte eine Pressesprecherin auf Anfrage mit. “Solche Deep‑Fake‑Manipulationen stellen einen schweren Identitätsmissbrauch dar und dienen ausschließlich betrügerischen Zwecken.” Man verurteile das Vorgehen aufs Schärfste und distanziere sich klar von den verbreiteten Inhalten. Die Würth-Gruppe geht demnach bereits konsequent gegen die Verbreitung des Materials vor und steht im Austausch mit den Strafverfolgungsbehörden. Über offizielle Social-Media-Kanäle sei die Öffentlichkeit vor dem Fake-Video gewarnt worden. Betroffenen rät das Unternehmen, keine Interaktionen mit den angeblichen Finanzangeboten einzugehen. Wer bereits Geld investiert habe, solle umgehend seine Bank informieren und Anzeige bei der Polizei erstatten. Würth mit Sitz in Künzelsau (Baden-Württemberg) gilt als Weltmarktführer im Bereich der Befestigungs- und Montagetechnik. Das Sortiment umfasst mehr als eine Million Produkte – unter anderem Schrauben und Dübel. Firmenpatriarch Reinhold Würth zählt zu den reichsten Deutschen. Vor gut einem Jahr hatte sich der 90-Jährige weitgehend von seinem Lebenswerk zurückgezogen. Angebote sind oft schwer als Betrug zu erkennen Die Polizei und die Bundesanstalt für Finanzdienstleistungsaufsicht (Bafin) warnen regelmäßig vor solchen Betrugsmaschen. Immer wieder würden Werbeanzeigen oder E-Mails verbreitet, in denen mit Fotos oder Videos von Prominenten ohne deren Wissen für angeblich sichere Geldanlagen mit außerordentlich hohen Gewinnen geworben werde. Häufig gehe es um Kryptowerte oder anderen Finanzprodukten. Die Angebote seien oft professionell gestaltet und für Laien schwer als Betrug zu erkennen. Die Bafin warnt davor, Links in solchen Anzeigen anzuklicken. Diese führten häufig zu betrügerischen Online-Handelsplattformen. Nach einer Registrierung gäben sich die Täter als Experten aus und überredeten zunächst zu kleinen, später zu immer höheren Investitionen. Angezeigte Gewinne seien lediglich vorgetäuscht. Tatsächlich finde in der Regel keine Investition statt und das eingezahlte Geld fließe an die Betrügerinnen und Betrüger. Weitere Tipps hat die Polizei auf einer Internetseite zusammengefasst. (dpa/jm) View the full article

A free, publicly accessible database for IT security vulnerabilities, the db.gcve.eu, has been created by GCVE (Global Cybersecurity Vulnerability Enumeration). The aim is to end dependence on US databases and strengthen digital sovereignty in Europe. The initiative came together after a brief scare over the possible discontinuation of the Common Vulnerabilities and Exposures (CVE) program in 2025. The risk got many concerned forcing the cybersecurity industry to start thinking of alternatives. GCVE database aims to facilitate vulnerability reporting The platform brings together information from various public resources. These include the sources of the GCVE Numbering Authority (GNA) model. It replaces the traditional, centralized assignment of vulnerability identifiers (CVE IDs). Data from other recognized vulnerability directories is also used. The decentralized approach makes it possible to assign and publish vulnerability identifiers autonomously without having to wait for central approval. A total of more than 25 different data sources are currently integrated. The vulnerability data collected is normalized, structured, and made searchable. In addition, the open API offers seamless integration into existing compliance tools and risk management systems. This should enable security officers, scientists, computer security incident response teams, software providers, and open-source developers to track and evaluate security reports more efficiently across ecosystems. View the full article

Web browsers have long been the security sinkhole of enterprise infrastructure. While email is often cited as the most common entry point, malware often enters via the browser and is more difficult to prevent. Phishing, drive-by attacks, ransomware, SQL injections, man-in-the-middle (MitM), and other exploits all take advantage of the browser’s creaky user interface and huge attack surface, and the gullibility of most end users. It is this last item — humans — that is the problem, and we need to be protected against ourselves. This is especially true as SaaS applications grow in usage, not to mention that every piece of hardware seems to come with a web server (and therefore a browser) to configure it. These use cases are aided and abetted by the increasing number of work-from-home staffers who depend on more browser-based apps. This is why enterprise secure browsers have finally gotten their moment. The category, which has been mostly flying under the radar for the past six years, has seen a lot of changes. Google announced its own entry into the field in 2025. Appaegis, Talon and Perception Point were acquired by Mammoth Cyber, Palo Alto Networks and Fortinet respectively, showing how this technology has become part of a larger security context. To that end, other established security vendors have brought forth products in what Gartner is now calling the “remote browser isolation” market to complement their zero trust, secure services edge, or posture management security platforms. Web browsers have security settings to protect your privacy and to enable you to browse sites more anonymously. This isn’t really a satisfactory solution because these settings will typically result in more user frustration. Turning up security settings will prevent your users from conducting business on many websites, either blocking pop-ups that are needed to navigate some business site, stopping forms from collecting important information, or making your browsing session miserable in some other fashion. Brave, DuckDuckGo, RAV Online Security from ReasonLabs, Opera and others have more secure consumer-focused browsers, but these aren’t appropriate for enterprises. They are what I would call “safer” or “more private” browsers. Some vendors have taken the recommendations of the Global Privacy Control to heart and have developed their own browser extensions that help guard your individual privacy. All these browsers are better but still not good enough for business uses. Instead, a different type of tool is needed to manage an entire browser collection. Gartner in an April 2025 report, says, “Threat actors frequently target employees with phishing attacks to steal credentials and bypass endpoint detection and response controls, necessitating an additional layer of visibility and control within the web browser.” Gartner recommends secure browsers can complement “gaps in existing controls on managed devices rather than replace existing security controls, unless you are a cloud-only, remote-work-oriented company with few physical locations to secure.” While some enterprise security products touch on browser security such as secure web gateways, running a browser in a virtual desktop or using a managed endpoint service, they don’t focus on the total browsing experience and can’t stop many of the potential threat vectors. This is why the secure browser has become more popular and is available in a variety of configurations that can help IT managers get a better handle on stopping attackers from getting a foothold inside your networks. Tips to evaluate secure web browsers Before you start an evaluation, you need to understand how these browsers work and how they will be managed. Browsers require a robust and granular collection of security controls to be able to work with the widest possible collection of websites and cloud services. This needs to happen from a central management platform that can apply a collection of firewall-like rules and policies across the entire user population. This includes several broad categories: Enable MFA at the beginning of any browser session by default. Handle isolation controls both with respect to the user’s session and to isolate any application from cross-infection. This means controlling the movement of data between the browser, your particular endpoint and the web application or applications involved. Control access to web destinations, either to allow or block this access. Detect malware to block phishing, man-in-the-browser and other attacks, such as those aimed at defeating browser extensions. Apply data loss prevention controls, which include browser settings such as ad blocking, URL and domain filtering, blocking printing, cut-and-paste operations, and screen sharing. These controls should also be able to manage your browser extensions in such a way that a user can’t override or circumvent them. Enable a variety of logging tools to aid in remediation or reconstruction in case of attacks or data destruction. Enable anonymous surfing for times when this is needed, such as protecting travellers when they are in more totalitarian locations. Enable a protected and secure file storage space that can be shared among a team of collaborators. Replace VPNs and virtual desktops as ways to deliver more secure remote and cloud services. Any browser needs to integrate with existing security products such as identity management, cloud applications security posture, single sign-on (SSO) and VPNs. That is a lot of software to work with, and some vendors have begun offering specialized browsers as part of their security platforms. Forexample, iBoss’ and Cloudflare’s Remote Browser Isolation tools are only available as an add-on option to its larger security platforms. GigaOm uses this rubric where the browser must come up to four different (and non-exclusive) operating modes, in various combinations: A full desktop browser client, what we have called in the past a thick client, to replace a consumer browser and typically connects to a secure remote session. Browser extension to existing consumer browsers, relevant to both the browser software and underlying operating system. Agentless browser controls to enforce security policies. Cloud-based management and proxy, which is typically used with the above three modes or with a thin client that connects to the cloud service. For example, Google’s Chrome Enterprise browser mostly relies on the fourth mode. Other products, such as Authentic8’s Silo, Palo Alto Networks’ Prisma and Island’s browsers offer products that cover multiple modes. There is a fifth mode that Seraphic uses, building an agent that sits on top of the JavaScript engine and supplements existing browsers. Why are these different deployment modes necessary? It is because the browser is so versatile and can operate in a variety of circumstances, ranging from controlling some SaaS-based application to viewing dynamic content from a database to managing a collection of remote servers. Having the different modes is a way to extend its utility and still provide a secure envelope in as many possible situations. While all these products run specially crafted Chromium versions, they typically employ Linux virtual machines to provide remote isolation features. That could be an issue if you are trying to run web content that isn’t Linux friendly, such as some streaming services. The good news is that the secure browsers are close to parity with a standard desktop browser and running close to the most current Chrome versions. The biggest issue to implement these browsers will be staffing and support. This starts with integration into your other security products and onboarding and training your users how to browse the web under the newer and hopefully more secure regime. This will be a significant load on your own internal support resources to handle the various helpline calls from confused or frustrated users when they encounter unexpected results from their browsing experience. Finally, there is the price. For decades browsers have been free or bundled with the endpoint operating system. Secure browsers will cost something, and even a few dollars a month per user can add up over time and across an entire enterprise population. Gartner said in its report: “Free browsers are ubiquitous, to the point that organizations must have specific use cases to justify the purchase of a separate browser.” It remains to be seen if security is that compelling use case. Expect to pay somewhere around $10/month/user for subscription options, with quantity discounts available. Secure web browsers compared Authentic8 has been in the secure browser business for more than a decade and continues to enhance its product and widen its services offerings. Silo can provide two-way full isolation and integrate it into your existing workflows and provide a wide collection of security policies that offer fine-grained control over protecting your apps and your data. It has a main dashboard that looks a lot like an SSO tool to launch your protected web applications. Silo offers two different client downloads: Windows and Mac thick clients and a thin client. Both can be managed centrally and via an API connection, all of which kick off Linux-based sessions. While the vendor did not reveal pricing specifics, two plans are available: on a per user or per hourly consumption basis. It also provides custom browsers based on a customer’s API collection. Ermes Browser Security offers a variety of security features including phishing protection, cybersquatting, extension monitoring, and URL filtering. It uses a browser extension and has separate mobile apps. Fortinet acquired Perception Point’s secure browser extension and integrated it into this product Fortinet Remote Browser Isolation. It integrates with other protective features such as securing cloud apps and offers any browser real-time protection with other dynamic security features through a browser extension. The product is sold with various quantity discounts, with typical pricing at $55/user/year. Google’s own enterprise product uses the Chrome Enterprise Core as its foundation, which is also the free version. The Premium version adds most of its protective features. Both versions have a very complex setup to enable their managed browser service, part of its complexity is that it has numerous fine-grained security controls, such as numerous steps to add encryption, as well as using specialized OS-specific installation such as mobile management software with more than a dozen steps. The other products make this a bit easier, but there is still a lot of trial and error with Google’s software to ensure that the security isn’t blocking legitimate browsing uses, sites, or corporate applications. It is available for all Google Workspace customers and will cost an additional $72/user/year, with a free 30-day trial period that includes 50 user licenses. Island’s enterprise browser comes both as a browser extension and a thick replacement client for Linux, Windows, Mac, Android, iOS and Chromebooks. It has extensions for Chrome, Edge, Safari and Firefox. It has robust network management and protective functions to complement its browser security. LayerX Security enterprise browser has both an extension and a thick browser client which integrates with a number of identity protection platforms and offers extension monitoring, DLP, traffic filtering and other features. Mammoth acquired Appaegis’ secure browser and offers a thick managed client that includes browser session recording, copy-paste blocking, watermarking, screen-share prevention, and data masking. It supports Windows, Mac, iOS and Android devices. The Android version is the most recent and doesn’t have complete feature parity with the other OS versions. ManageEngine Browser Security Plus is a thick Windows and Mac browser called Ulaa. It comes in a free edition for up to 25 computers and professional edition with additional security features, including DLP, threat prevention, web filtering and phishing protection. Menlo Security Secure Enterprise Browser is a cloud-based software part of a collection of other products that offer file security, ZTNA and other protective features. Palo Alto Networks Prisma Access Browser is a result of the acquisition of Talon’s browser technology and offer thick clients for Windows, Mac, Linux, Android and iOS and browser extensions. It uses a cloud-based management service from Strata. It has a full managed feature set that includes data loss prevention features, extensive logging, and plenty of policies and rule sets. Like some of the others, you can set up a main login like an SSO tool to launch your apps. It will examine the endpoint posture to ensure that it is running the latest OS version and identify risky browser extensions or restricted URLs that you can specify. It comes with a detailed implementation guide and existing Prisma platform customers are eligible for free browser licenses. Seraphic Enterprise Browser Security has a unique mode of operations with an agent that works on top of the browser’s JavaScript engine. It supports both managed and unmanaged browsers including generative AI-based Atlas and works with a series of protective modules including ZTNA, DLP, traffic filtering, remote connection management, identity security and other security features. There are also thick clients for both Android and iOS devices. It has competitive per-user pricing (each user can install on up to four devices) with quantity discounts. Surf Security Zero Trust Enterprise Browser offers both a thick browser replacement client and browser extension with a variety of protective features, including DLP and ZTNA support, and integration into Okta’s SSO platform. SquareX Enterprise offers a browser extension that includes DLP, generative AI protection and threat hunting features, and can isolate and remove malicious code. It supports the three major desktop OSs and major browser vendors, including AI-based browsers from Perplexity and Atlas. It integrates with various identity, SIEM and SSO providers and supports Okta’s Shared Signal Framework. View the full article

Enterprises using Intune mobile application management (MAM) beware: Your apps won’t run soon if you haven’t planned ahead. Microsoft is updating its Intune MAM to support new security requirements starting January 19 or “soon after”, requiring that all iOS-wrapped apps, iOS SDK-integrated apps, and the Intune Company Portal for Android be updated to the latest Intune versions to keep them secure and running. This means that enterprises that haven’t updated to the latest versions will be blocked from launching their apps altogether. And, this may not just include custom apps wrapped in Intune MAM, but other frequently-used ones such as Outlook and Teams. Simply put, “If you want your stuff to work, get it updated and pushed,” said David Shipley of Beauceron Security. What’s being updated in iOS, Android Microsoft Intune is a core component of the Microsoft Modern Workplace. Its MAM features help enterprises secure their data on both corporate and personal devices. Using it, IT teams can manage corporate apps like Outlook or Teams without having to manage the entire device. This type of unified endpoint management (UEM) supports feature deployments, updates, and retirement of apps, while also protecting corporate data and preventing data leaks, with (ideally) minimal disruption for the user. With Monday’s hard deadline, Microsoft will enforce stricter security requirements within the UEM — but only for approved users. Those without the latest app protection supported Microsoft or third-party apps will “be blocked from launching their apps,” the company warned. Microsoft announced the required updates several months ago in the Microsoft 365 Admin Center. For Apple users, Monday’s full stop means: iOS line-of-business (LOB) and custom iOS apps using the Intune App SDK must update to SDK version 20.8.0 or later for apps compiled with Xcode 16, and to 21.1.0 or later for apps compiled with Xcode 26. Apps using the wrapper must update to the new version of the Intune App Wrapping Tool for iOS: version 20.8.1 or later for apps built with XCode 16; and version 21.1.0 or later for apps built with XCode 26. It’s a little simpler for Android users: Once one Microsoft app with an updated SDK is on the device and the company portal is updated to version 5.0.6726.0 or later, other Android apps will update. Tenants with policies targeted to both iOS and Android apps should notify their users that they need to update, and ensure Microsoft apps such as Teams and Outlook are up-to-date, Microsoft advised. Admins can also enable conditional launch settings to block apps using older versions of the SDK or to warn users if they are using older versions of apps. Admins can also proactively ensure that users are not blocked while doing work on their phones. In the Microsoft Intune admin center, they can navigate to Apps > Monitor > App protection status to review the app and SDK versions users are running. “We recommend to always update your Android and iOS apps to the latest SDK or app wrapper to ensure that your app continues to run smoothly,” Microsoft emphasized. Overall, the company advised enterprises to use conditional access policies so that only apps with app protection policies enabled can access corporate resources. Supporting new security tools (and why enterprises should have updated yesterday) With its new security updates, Microsoft has wrapped controls around existing custom apps that businesses have built, Beauceron’s Shipley explained. These enable features such as requiring a PIN or biometric authentication inside the app, restricting data sharing with other managed apps, and selectively wiping corporate data from apps. “This [update] may be because there’s some risk with the older versions not doing what they should’ve been doing for protections,” Shipley noted. He pointed out that Microsoft has been signaling this update since 2025 and already pushed back implementation from mid-December 2025 to this week. Also, it’s interesting to note that this change may not just impact custom apps wrapped in Intune MAM, but Outlook, Teams, and others applications as well. “The long and short of it is, what Redmond wants is what Redmond gets when it finally puts a foot down, like it appears to have in this case,” said Shipley. This deadline shouldn’t come as a surprise to IT teams who stayed on top of things, noted Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group. Microsoft has been deprecating various parts of Intune, and how it connects from an infrastructure perspective, for some time now. “Like many other things, if you’re not actively managing [with] the right amount of due diligence, you will be impacted by this,” said Jean-Louis, noting that employees dealing with work tasks on their phones (either remotely or on-premises) will experience outages without the updates. “It’s going to seriously impact users if this has not been adequately addressed.” From an IT perspective, if they’re not ready for the new versioning, admins should contact Microsoft as soon as possible and determine whether mitigations can be put in place until their team is ready. If users experience issues, they should contact their official IT service desk, Jean-Louis advised. They should not attempt to self-resolve by, say, going to a random site and blindly entering a user ID and password to receive updates. Threat actors may be lying in wait, using this type of opportunity to deploy malware “fixes.” “Threat actors are always looking for this sort of major change to take advantage,” he noted. This article originally appeared on Computerworld. View the full article

Google’s Mandiant security division has come up with an unusual tactic to persuade organizations to stop using the aged and hugely insecure NTLMv1 authentication protocol: publish a data lookup that makes cracking NTLMv1 credentials trivial for attackers. The intention, Mandiant explained, is to draw attention to the fact that, despite decades of evidence that NTLMv1 (NT LAN Manager version 1) is insecure, organizations continue to use it. Anyone can use Mandiant’s Net-NTLMv1 pre-computed rainbow table lookup, downloadable from the Google Cloud Research Dataset portal, to map a given server response to reconstruct a real NT hash. Hashes, of course, are mathematical representations of real passwords, but are just as useful to criminals when exploited using techniques such as pass-the-hash. The benefit is time and money saved: Mandiant reckons its rainbow table allows the recovery of an NTLMv1 key in 12 hours using a computer costing $600, rather than relying on third party services or expensive hardware to brute-force the keys. None of this makes NTLMv1 less secure or easier to target than it already is. Mandiant’s hope is that the release of the table will serve as a reminder that the problem exists, prompting organizations to finally rip out NTLMv1 from their networks. “This legacy protocol leaves organizations vulnerable to trivial credential theft, yet it remains prevalent due to inertia and a lack of demonstrated immediate risk,” the company said in its announcement. “By releasing these tables, Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1.” Long fallback NTLMv1 is a 1990s challenge-response protocol used to authenticate Windows NT users to Active Directory (AD). Based on 1980’s Data Encryption Standard (DES) encryption, it was updated to the more secure NTLMv2 in 1996 before being completely replaced by Kerberos. Unfortunately, legacy protocols like NTLMv1 don’t just disappear, and are retained as a fallback in case they are needed by older applications. That fallback has turned out to last decades. What evidence does Mandiant have that organizations are still using NTLMv1? The first is anecdotal: “Mandiant consultants continue to identify its use in active environments,” the company noted in last week’s announcement. Secondly, cyberattackers regularly target it. For example, a 2024 campaign by the TA577 threat group targeted NTLM hashes by using booby-trapped emails to send challenge-response authentication requests to internal SMB resources such as legacy printers. A more recent incident involved an authentication relay attack aimed at a specific NTLM vulnerability, CVE-2025-54918, which came only weeks after Microsoft announced that it was finally removing NTLMv1 support from Windows Server 2025 and Windows 11. Primary hurdle: Knowing it’s still there According to Rob Finn, International vice president at supply chain security company Chainguard, even security-aware organizations could be caught out by NTLMv1. “Legacy protocols like NTLMv1 are buried deep within third-party firmware. A security team might deprecate NTLMv1 at the OS level, only to have a legacy printer driver or industrial sensor reintroduce it via an unpatched, decades-old library,” he said. “For most companies, the primary hurdle isn’t just knowing NTLMv1 is insecure, it’s knowing that it’s still there.” Because resources such as printers are not externally exposed, it is tempting to assume they are beyond the reach of attackers. Despite this, NTLMv1 can still be targeted from outside the network using relay or coercion techniques, by, for example, triggering authentication via a phishing attack. “Attackers don’t need to know you’re using it. They just have to poke the system to find out. Fundamentally, organizations keep legacy protocols active not because they want to, but because they fear breaking a mission-critical legacy app,” said Finn. Despite Microsoft recommending that organizations upgrade to NTLMv2 and Kerberos for more than two decades, it appears not everyone got the memo. “In crypto terms, NTLMv1 isn’t just old, it’s archaeological,” said Rob Anderson, head of reactive consulting services at Reliance Cyber. “NTLMv1 is still enabled, not because it is needed today, but because it was needed once, and nobody is quite brave enough to turn it off and see what breaks.” Despite those fears, organizations need to take action. “Scan for its use, find out why it is in use, register it as a high risk and get to work removing it, with achievable deadlines,” he advised. View the full article

Summit Art Creations – shutterstock.com Mit db.gcve.eu stellt die GCVE-Initiative (Global Cybersecurity Vulnerability Enumeration) ab sofort eine kostenfreie, öffentlich zugängliche Datenbank für IT-Sicherheitslücken bereit. Ziel ist es, die Abhängigkeit von US-Datenbanken zu beenden und die digitale Souveränität in Europa zu stärken. GCVE-Datenbank soll Schwachstellenmeldung erleichtern Die Plattform führt Informationen aus verschiedenen öffentlichen Ressourcen zusammen. Dazu zählen die Quellen des GCVE Numbering Authority (GNA)-Modells. Es löst die traditionelle, zentrale Vergabe von Schwachstellen-Kennungen (CVE IDs) ab. Zudem werden Daten von weiteren anerkannten Schwachstellenverzeichnissen genutzt. Der dezentrale Ansatz ermöglicht es, Schwachstellen-Kennungen autonom zu vergeben und zu veröffentlichen, ohne auf eine zentrale Freigabe warten zu müssen. Insgesamt werden derzeit mehr als 25 unterschiedliche Datenquellen eingebunden. Die erfassten Schwachstellendaten werden normalisiert, strukturiert und durchsuchbar aufbereitet. Darüber hinaus bietet die offene API eine nahtlose Integration in bestehende Compliance-Tools und Risikomanagement-Systeme. Sicherheitsverantwortliche, Wissenschaftler, Computer Security Incident Response Teams, Softwareanbieter und Open-Source-Entwickler sollen dadurch in die Lage versetzt werden, Sicherheitsmeldungen ökosystemübergreifend effizienter nachzuverfolgen und auszuwerten. View the full article

A coordinated campaign of malicious browser add-ons has bypassed Chrome Web Store’s defenses, weaponizing extensions advertised as productivity tools to steal corporate session tokens and attempt full account takeover. “The extensions work in concert to steal authentication tokens, block incident response capabilities, enable complete account takeover through session hijacking,” researchers wrote in a blog post, revealing a campaign targeted at widely used HR and ERP platforms. The threat, uncovered by the Socket.dev threat research team, is a multi-vector enterprise intrusion that combines stealthy credential theft with active interference in security controls. Actors behind this cluster published five Chrome extensions that, despite professional branding and seemingly legitimate use cases, execute malicious behavior deep inside enterprise workflows. Install counts suggest over 2300 users were tricked into deploying these tools before researchers alerted Google’s security teams and filed takedown requests. The extensions target systems like Workday, NetSuite, and SuccessFactors, where a single hijacked session can expose employee records, financial data, and internal workflows. Disguised productivity tools with malicious codes Each extension in the cluster posed as a productivity enhancer or security helper for enterprise users. Listings featured polished dashboards and promises of streamlined access to HR or ERP tools. Permissions requested were “standard,” seemingly benign functions such as cookie access or page modification. Once installed, however, three of the extensions, including DataByCloud Access, Data By Cloud 1, and a variant simply called Software Access, exfiltrated session cookies containing authentication tokens to attacker-controlled infrastructure. These tokens are, in many enterprise systems, enough to authenticate a user without a password. In some cases, those cookies were extracted every 60 seconds to ensure up-to-date credentials. Compromised sessions can serve as stolen passwords, because sessions have already passed through login screens and multi-factor checks to allow direct access to an account without triggering typical security alerts. “All five extensions remain under investigation at the time of writing,” the researchers said. “We have submitted takedown requests to Google’s Chrome Web Store security team.” Google did not immediately respond to CSO’s request for comments. Blocking defenses and hijacking sessions The campaign went beyond stealing credentials. Two of the extensions, Tool Access 11 and Data By Cloud 2, incorporated DOM manipulation routines that actively blocked access to security and administrative pages within the targeted platforms. This prevented the enterprise admins from reaching screens to change passwords, view sign-on history, or disable compromised accounts, even if they detected suspicious behavior. The most advanced of the five, Software Access, offered (on top of cookie theft) bidirectional cookie injection where stolen session tokens were reintroduced into a browser controlled by the attacker. Using APIs like “chrome.cookies.set(), this feature implants valid authentication cookies directly and grants threat actors an authenticated session without any further action from unsuspecting users. This technique effectively bypasses login screens and multi-factor authentication, allowing immediate account takeover. “While four extensions are published under databycloud1104 and the fifth under different branding, all five share identical infrastructure patterns indicating a single coordinated operation,” the researchers added. Socket advised organizations to strictly audit and limit browser extensions, closely scrutinize permissions requests, and remove add-ons that unnecessarily access cookies or enterprise sites. The blog also recommended monitoring for abnormal session activity and using tools that can detect malicious extension behavior before it reaches users. View the full article

Python-Libraries sind mit manipulierten Metadaten in KI-Modellen infiziert und können beim Laden Schadcode ausgeführen. Agus_Gatam – shutterstock NeMo, Uni2TS und FlexTok, Python-Bibliotheken für Künstliche Intelligenz (KI) und Machine Learning (ML), die in Hugging-Face-Modellen verwendet werden, haben gravierende Schwächen. Wie Forschende von Palo Alto Networks‘ Unit 42 herausgefunden haben, können Kriminelle diese nutzen, um Schadcode in Metadaten zu verstecken. Einmal eingeschleust, wird der Code automatisch ausgelöst, sobald eine Datei mit den manipulierten Metadaten geladen wird. Technisch gesehen, betreffen die Schwachstellen insbesondere die `instantiate()`-Funktion von Hydra. Hierbei handelt es sich um eine Python-Bibliothek, die von allen drei KI-und ML-Bibliotheken verwendet wird. Hydra selbst wird von der Facebook-Mutter Meta gepflegt und häufig als Konfigurationsmanagement-Tool für Machine-Learning-Projekte genutzt. Noch keine Gefahr in der freien Wildbahn Obwohl die Schwachstellen damit recht weit verbreitet sind, wollen die Sicherheitsexperten sie bis jetzt noch nicht in freier Wildbahn entdeckt haben. Entwarnung geben sie allerdings nicht, ganz im Gegenteil: Sie warnen davor, dass Angreifer weiterhin reichlich Gelegenheit haben, sie auszunutzen. Curtis Carmony, Malware-Forscher bei Unit 42, erklärt die Situation so: „Es ist üblich, dass Developer eigene Varianten modernster Modelle mit unterschiedlichen Feinabstimmungen und Quantisierungen erstellen, oft von Forschenden, die keiner renommierten Institution angehören.“ Angreifende müssten dann nur noch ein bereits existierendes, weit verbreitetes Modell modifizieren, welches „einen tatsächlichen oder vermeintlichen Vorteil bietet, und dann schädliche Metadaten hinzufügen.“ Dadurch, dass Hugging Face die Metadaten nicht so leicht zugänglich macht wie andere Dateien sowie Dateien, die Safetensors oder das NeMo-Dateiformat verwenden, nicht als potenziell unsicher kennzeichnet, wird die Situation noch verschärft. Viel Verbreitung, viel Angriffsfläche Ein weiterer Faktor ist, dass, laut Unit 24 über 100 Python-Libraries auf Hugging Face für KI- und ML-Modelle verwendet werden – und fast 50 von ihnen Hydra nutzen. Carmony erläutert, dass diese Formate an sich nicht unsicher sind, aber „der Code, der sie verwendet, eine sehr große Angriffsfläche“ bietet. Technisch hängt dies damit zusammen, wie NeMo, Uni2TS und FlexTok die Funktion `hydra.utils.instantiate()` verwenden, um Konfigurationen aus den Modellmetadaten zu laden. Hierdurch ist es möglich, eine Remote Code Extraction (RCE) durchzuführen. Die Schöpfer, beziehungsweise Betreuer dieser Bibliotheken scheinen dabei etwas übersehen zu haben, wie Unit 42 ausführt: `instantiate()` akzeptiert nicht nur den Namen der zu instanziierenden Klassen, es verwendet auch den Namen einer beliebigen aufrufbaren Funktion und übergibt ihr die angegebenen Argumente. Das hat gravierende Folgen, denn sobald ein Angreifender eingebaute Python-Funktionen wie eval() und os.system() verwendet, kann er leichter Code exfiltrieren. Eine Reaktion auf diesen Umstand ist mittlerweile erfolgt: Meta hat die Hydra-Dokumentation aktualisiert und warnt nun davor, dass RCE möglich ist, wenn `instantiate()` verwendet wird. Für die drei KI/ML-Bibliotheken wurden die folgenden Maßnahmen ergriffen: Da NeMo von Nvidia entwickelt wurde, hat das Unternehmen inzwischen eine CVE-2025-23304 herausgegeben und einen Fix in der NeMo-Version 2.3.2 veröffentlicht. Uni2TS wurde von Salesforce entwickelt. Auch dieser Hersteller hat eine CVE gemeldet (CVE-2026-22584) und einen Fix veröffentlicht. Flextok, gemeinsam entwickelt von Apple und dem Visual Intelligence and Learning Laboratory der Eidgenössischen Technischen Hochschule Lausanne (EPFL VILAB), wurde inzwischen gefixt. Eine Besonderheit hier: Die Experten von Unit 42 gehen davon aus, dass Stand Januar 2026 keine weiteren Modelle auf Hugging Face die ml-flextok-Library benutzen. View the full article

Python-Libraries sind mit manipulierten Metadaten in KI-Modellen infiziert und können beim Laden Schadcode ausgeführen. Agus_Gatam – shutterstock NeMo, Uni2TS und FlexTok, Python-Bibliotheken für Künstliche Intelligenz (KI) und Machine Learning (ML), die in Hugging-Face-Modellen verwendet werden, haben gravierende Schwächen. Wie Forschende von Palo Alto Networks‘ Unit 42 herausgefunden haben, können Kriminelle diese nutzen, um Schadcode in Metadaten zu verstecken. Einmal eingeschleust, wird der Code automatisch ausgelöst, sobald eine Datei mit den manipulierten Metadaten geladen wird. Technisch gesehen, betreffen die Schwachstellen insbesondere die `instantiate()`-Funktion von Hydra. Hierbei handelt es sich um eine Python-Bibliothek, die von allen drei KI-und ML-Bibliotheken verwendet wird. Hydra selbst wird von der Facebook-Mutter Meta gepflegt und häufig als Konfigurationsmanagement-Tool für Machine-Learning-Projekte genutzt. Noch keine Gefahr in der freien Wildbahn Obwohl die Schwachstellen damit recht weit verbreitet sind, wollen die Sicherheitsexperten sie bis jetzt noch nicht in freier Wildbahn entdeckt haben. Entwarnung geben sie allerdings nicht, ganz im Gegenteil: Sie warnen davor, dass Angreifer weiterhin reichlich Gelegenheit haben, sie auszunutzen. Curtis Carmony, Malware-Forscher bei Unit 42, erklärt die Situation so: „Es ist üblich, dass Developer eigene Varianten modernster Modelle mit unterschiedlichen Feinabstimmungen und Quantisierungen erstellen, oft von Forschenden, die keiner renommierten Institution angehören.“ Angreifende müssten dann nur noch ein bereits existierendes, weit verbreitetes Modell modifizieren, welches „einen tatsächlichen oder vermeintlichen Vorteil bietet, und dann schädliche Metadaten hinzufügen.“ Dadurch, dass Hugging Face die Metadaten nicht so leicht zugänglich macht wie andere Dateien sowie Dateien, die Safetensors oder das NeMo-Dateiformat verwenden, nicht als potenziell unsicher kennzeichnet, wird die Situation noch verschärft. Viel Verbreitung, viel Angriffsfläche Ein weiterer Faktor ist, dass, laut Unit 24 über 100 Python-Libraries auf Hugging Face für KI- und ML-Modelle verwendet werden – und fast 50 von ihnen Hydra nutzen. Carmony erläutert, dass diese Formate an sich nicht unsicher sind, aber „der Code, der sie verwendet, eine sehr große Angriffsfläche“ bietet. Technisch hängt dies damit zusammen, wie NeMo, Uni2TS und FlexTok die Funktion `hydra.utils.instantiate()` verwenden, um Konfigurationen aus den Modellmetadaten zu laden. Hierdurch ist es möglich, eine Remote Code Extraction (RCE) durchzuführen. Die Schöpfer, beziehungsweise Betreuer dieser Bibliotheken scheinen dabei etwas übersehen zu haben, wie Unit 42 ausführt: `instantiate()` akzeptiert nicht nur den Namen der zu instanziierenden Klassen, es verwendet auch den Namen einer beliebigen aufrufbaren Funktion und übergibt ihr die angegebenen Argumente. Das hat gravierende Folgen, denn sobald ein Angreifender eingebaute Python-Funktionen wie eval() und os.system() verwendet, kann er leichter Code exfiltrieren. Eine Reaktion auf diesen Umstand ist mittlerweile erfolgt: Meta hat die Hydra-Dokumentation aktualisiert und warnt nun davor, dass RCE möglich ist, wenn `instantiate()` verwendet wird. Für die drei KI/ML-Bibliotheken wurden die folgenden Maßnahmen ergriffen: Da NeMo von Nvidia entwickelt wurde, hat das Unternehmen inzwischen eine CVE-2025-23304 herausgegeben und einen Fix in der NeMo-Version 2.3.2 veröffentlicht. Uni2TS wurde von Salesforce entwickelt. Auch dieser Hersteller hat eine CVE gemeldet (CVE-2026-22584) und einen Fix veröffentlicht. Flextok, gemeinsam entwickelt von Apple und dem Visual Intelligence and Learning Laboratory der Eidgenössischen Technischen Hochschule Lausanne (EPFL VILAB), wurde inzwischen gefixt. Eine Besonderheit hier: Die Experten von Unit 42 gehen davon aus, dass Stand Januar 2026 keine weiteren Modelle auf Hugging Face die ml-flextok-Library benutzen. View the full article

Here’s what nobody admits: Your firewall isn’t the problem. Your SIEM isn’t the problem. That shiny new EDR tool you just bought? Also, not the problem. The problem is Steve from accounting, who uses “Password123” because he can’t be bothered to remember anything more complex. The problem is your CISO, who talks about zero trust but still approves exceptions for the CEO’s personal devices. The problem is the unspoken rule that security slows things down, so everyone ends up finding workarounds. As the famous quote, attributed to Peter Drucker goes – Culture eats strategy for breakfast. In cyber operations, it eats your security posture for lunch. We learned this the hard way three years ago when a mid-sized financial firm hired a colleague to figure out why they kept getting phished despite spending millions on awareness training. Their policies were pristine. Their tech stack was impressive. Their incident response plan could’ve won awards. But their culture? Rotten to the core. The thing about culture is that it exists in layers. What you see on the surface tells you almost nothing about what’s actually happening. You need to understand three distinct dimensions: observable, non-observable and implicit. Miss any one of them, and you’re building your security program on quicksand. Observable culture: The stuff you can actually see Observable culture is everything tangible. Your policies. Your procedures. The security awareness posters in the break room. The mandatory training modules everyone clicks through while checking their phones. This is where most organizations stop. They write a 47-page security policy, mandate annual training, deploy some monitoring tools and call it a day. Box checked. Compliance achieved. Everyone goes home feeling good about themselves. Except none of it matters if people don’t actually follow through. Observable elements include your formal security protocols, your incident response plans and your access controls. They include visible behaviors like password hygiene, device management and whether people actually report suspicious emails. They include the technology you deploy and how you communicate about threats. You can measure this stuff. You can audit it. You can put it in a spreadsheet and show it to the board. But observable culture is the easiest to fake. People learn to perform security theatre. They know what they’re supposed to do. They know what gets measured. So they do just enough to avoid getting flagged while continuing their risky behaviors in the shadows. Take Target’s 2013 breach. They had a $1.6 million FireEye malware detection system. The system did exactly what it was supposed to do. It detected the malware. It sent alerts. Multiple times. But the security team ignored the alerts. They had policies and procedures. They had the technology. But the observable layer was disconnected from actual practice. The tools were there, but the follow-through wasn’t. The breach exposed 40 million credit card numbers and cost Target over $200 million in settlements. The impact on cyber operations was catastrophic. The tools didn’t fail. The observable culture, the visible security apparatus, existed in a vacuum. Having security controls is meaningless if your operational culture treats alerts as noise. Target’s incident response plan looked great on paper. But when alerts fired, nobody acted. The gap between documented procedure and actual behavior created a blind spot large enough to drive a truck through. That financial firm we mentioned? Their observable culture looked perfect. Everyone completed their training. Policies were documented and signed. Security tools were deployed and configured. But when we dug deeper, we found developers routinely turning off security controls because they “slowed down deployments.” We found executives sharing credentials because “it’s faster than waiting for access requests.” We even found an entire shadow IT ecosystem that nobody wanted to acknowledge. The observable layer gives you structure. Structure without substance is just theatre. Non-observable culture: The hidden drivers Now we get interesting. Non-observable culture is everything happening inside people’s heads. Their beliefs about cyber risk. Their attitudes toward security. Their values and priorities when security conflicts with convenience or speed. This is where the real decisions get made. You can’t see someone’s belief that “we’re too small to be targeted” or “security is IT’s job, not mine.” You can’t measure their assumption that compliance equals security. You can’t audit their gut feeling that reporting a mistake will hurt their career. But these invisible forces shape every security decision your people make. Non-observable culture includes beliefs about the likelihood and severity of threats. It includes how people weigh security against productivity. It includes their trust in leadership and their willingness to admit mistakes. It includes all the cognitive biases that distort risk perception. Optimism bias makes people think breaches happen to other companies. Availability bias makes recent incidents loom larger than systemic vulnerabilities. Confirmation bias makes people see what they expect to see and ignore contradictory evidence. Sony’s 2014 breach wasn’t a tech failure. It was a belief failure. People saw security as IT’s job, not theirs. So they clicked phishing links, shared credentials and treated threats as unlikely because “we make movies.” North Korean attackers didn’t need fancy exploits. They used that non-observable culture. Result: 100TB leaked. Unreleased films, personal data, executive emails. Networks stayed down for weeks, production stalled and trust took a beating. No firewall can fix a culture that thinks it won’t be targeted. At that financial firm, the non-observable culture was toxic. Developers believed security was an obstacle to innovation. Executives believed cyber risk was purely technical and could be solved by buying more tools. Staff felt that admitting security concerns would make them look incompetent. Nobody said these things out loud. But everyone acted on them. The gap between what people say they believe and what they actually think is where security programs go to die. You can mandate all the training you want. If people fundamentally believe security doesn’t apply to them, they’ll find ways around every control you implement. Implicit culture: The deepest layer Here’s where it gets really uncomfortable. Implicit culture is the stuff nobody talks about because nobody even realizes it’s there. The unspoken assumptions. The invisible norms. The “way things are done here” that everyone knows but nobody questions. This is the most powerful layer because it operates below conscious awareness. People don’t choose to follow implicit norms. They do. Automatically. Without thinking. Implicit culture includes unspoken beliefs like “security slows us down” or “leadership doesn’t really care about this.” It contains hidden power dynamics that determine who can challenge security decisions and who can’t. It includes the organizational identity that shapes how people see themselves and their work. It includes psychological safety, or the lack thereof. Can people raise concerns without fear? Can they admit mistakes without punishment? Can they challenge assumptions without being labelled difficult? Equifax’s 2017 breach wasn’t just a missed patch. It was a cultural failure. A critical Apache Struts flaw was disclosed, and security teams were warned to patch. Yet the unspoken rule was that security emails were noise, and uptime trumped fixes. Security had no absolute authority to stop work until the patch landed. So the vulnerability sat for months, visible and ignored. Attackers exploited it, exposing data on 147 million people, including Social Security numbers. Trust collapsed. Leadership changed. Equifax later agreed to settlements totalling more than $700 million. And nobody owned the risk decision! At that financial firm, the implicit culture was brutal. There was an unspoken assumption that business units were more critical than security teams. There was an invisible hierarchy in which anyone with sufficient seniority could overrule security recommendations. There was a hidden belief that admitting vulnerability was a sign of weakness. Nobody wrote these rules down. Nobody explicitly taught the new hires. But everyone learned them within weeks of starting. Implicit culture is why change is so hard. You can rewrite policies overnight. You can deploy new tools in a matter of weeks. But shifting deeply embedded assumptions? That takes years. And if you don’t address this layer, nothing else sticks. Shifting all three dimensions How do you actually change culture? You can’t just pick one dimension and hope the others follow. They’re interconnected. Change in one without the others creates misalignment and confusion. Start by making the invisible visible. You can’t fix what you can’t see. Conduct culture audits. Run anonymous surveys. Bring in external facilitators who can spot blind spots you’ve normalized. Ask uncomfortable questions and actually listen to the answers. Leadership has to model the behavior you want to see. Don’t just talk about it. Actually do it. Visibly. Consistently. When leaders admit mistakes, it creates permission for everyone else to do the same. When leaders prioritize security over convenience, it signals what really matters. Embed security into daily operations. Not as a separate function that people have to remember. As part of how work gets done. DevSecOps isn’t just a buzzword. It’s about making security the default path, not the exception. Build continuous learning into your culture. Threats evolve. Your understanding needs to evolve, too. Post-incident reviews shouldn’t be about blame. They should be about building organizational memory and getting smarter. Fix your incentives. If you reward speed over security, people will choose speed. If you punish people for reporting problems, they’ll stop reporting. Ensure consequences for negligence are transparent and fair, while also ensuring people feel safe raising concerns. At that financial firm, we spent six months working through all three layers. We didn’t just update policies. We surfaced hidden beliefs through facilitated discussions. We identified implicit assumptions and challenged them openly. We changed how leadership talked about and acted on security. It was messy. It was uncomfortable. But it worked. The reality In practice, technical controls are easy. Culture is hard. You can buy tools. You can write policies. You can mandate training. But you can’t mandate belief. You can’t purchase trust. You can’t deploy psychological safety. Target had the tools but not the operational discipline. Sony had the policies but not the shared belief that security mattered. Equifax knew, but lacked the cultural permission to act on it. Each breach happened at a different cultural layer. Each costs hundreds of millions. Each could have been prevented not by better technology but by better culture. Culture change requires patience, consistency and a willingness to confront uncomfortable truths. It requires leaders who are willing to examine their own assumptions and behaviors. It requires organizations that value honesty over appearances. Observable culture provides structure. Non-observable culture offers motivation. Implicit culture includes the foundation. You need all three. The organizations that survive are those where security is woven into their cultural DNA, where risk intelligence is instinctive rather than imposed, where people make good security decisions because it’s simply how things are done. That’s the real work. Not buying another tool. Not writing another policy, but building a culture where security isn’t something people do. It’s something they are. This article is published as part of the Foundry Expert Contributor Network. Want to join? View the full article

zimmytws – shutterstock.com Die Behörden gehen gegen Akteure der Ransomware-Gruppierung Black Basta vor. Dabei wurden Wohnräume in der Ukraine durchsucht und Beweismittel gesichert. Gegen den mutmaßlichen Kopf der Gruppierung wird mit Haftbefehl gefahndet, wie das Bundeskriminalamt (BKA) in Wiesbaden und die Zentralstelle zur Bekämpfung der Internetkriminalität (ZIT) bei der Generalstaatsanwaltschaft Frankfurt berichteten. Bei Black Basta handele es sich um eine der aktivsten Ransomware-Gruppierungen der letzten Jahre, so die Behörden. Mit Schadsoftware kompromittierte die Gruppe Computernetzwerke, stahl sensible Daten, verschlüsselte Systeme und erpresste Lösegelder. Krankenhäuser und Behörden als Ziel Im Zeitraum von März 2022 bis Februar 2025 war die Gruppierung laut BKA und ZIT allein in Deutschland für die Erpressung von mehr als 100 Unternehmen und Institutionen verantwortlich und erbeutete dabei allein in Deutschland mehr als 20 Millionen Euro. Zu den Opfern zählen den Angaben zufolge überwiegend Unternehmen, aber auch Krankenhäuser und Behörden. Die Akteure werden der Bildung einer kriminellen Vereinigung sowie Erpressung und Computersabotage beschuldigt. Der mutmaßliche Rädelsführer ist russischer Staatsbürger. An den Durchsuchungen waren auch Strafverfolgungsbehörden aus den Niederlanden, der Schweiz und Großbritannien beteiligt. (dpa/jm) View the full article

zimmytws – shutterstock.com Die Behörden gehen gegen Akteure der Ransomware-Gruppierung Black Basta vor. Dabei wurden Wohnräume in der Ukraine durchsucht und Beweismittel gesichert. Gegen den mutmaßlichen Kopf der Gruppierung wird mit Haftbefehl gefahndet, wie das Bundeskriminalamt (BKA) in Wiesbaden und die Zentralstelle zur Bekämpfung der Internetkriminalität (ZIT) bei der Generalstaatsanwaltschaft Frankfurt berichteten. Bei Black Basta handele es sich um eine der aktivsten Ransomware-Gruppierungen der letzten Jahre, so die Behörden. Mit Schadsoftware kompromittierte die Gruppe Computernetzwerke, stahl sensible Daten, verschlüsselte Systeme und erpresste Lösegelder. Krankenhäuser und Behörden als Ziel Im Zeitraum von März 2022 bis Februar 2025 war die Gruppierung laut BKA und ZIT allein in Deutschland für die Erpressung von mehr als 100 Unternehmen und Institutionen verantwortlich und erbeutete dabei allein in Deutschland mehr als 20 Millionen Euro. Zu den Opfern zählen den Angaben zufolge überwiegend Unternehmen, aber auch Krankenhäuser und Behörden. Die Akteure werden der Bildung einer kriminellen Vereinigung sowie Erpressung und Computersabotage beschuldigt. Der mutmaßliche Rädelsführer ist russischer Staatsbürger. An den Durchsuchungen waren auch Strafverfolgungsbehörden aus den Niederlanden, der Schweiz und Großbritannien beteiligt. (dpa/jm) View the full article

Rona Michele Spiegel’s journey to cybersecurity might seem unconventional to some: She studied the arts. But as someone who grew up when computers first appeared and everyone wanted to experiment with them, she did a lot of multimedia work. She was always interested in technology and discussed with art colleagues about where the world was going regarding electronic “stuff.” “I was doing musical work. I was doing all sorts of what we would call multidisciplinary art. And I played around a lot with the evolution of systems and digital technology and how people would interact with them. And I built that into some of my art pieces. I always loved painting and the traditional arts. But very quickly, I got involved in how it interacts with systems and tools and how technology is going to impact humankind,” Spiegel tells CSO. She was in a band and then started doing electronic music. She was also interested in the film industry and found her way into it with sound design. It was a time of many opportunities, Spiegel says. “It’s really about digital transformation and that is the thread for me, and it’s always been. Digital transformation and human computer interface concepts — how do people interact with systems and how do they influence one another?” she says. And it was the digital transformation mindset that landed Spiegel at Deloitte Consulting where she helped create the first user experience practice. There she gained a lot of experience in product management and learned how to communicate with others about dependencies and risks. At Cisco she started working in technology governance, but she had the opportunity to experience another change: from hardware to software, when enterprises start consuming products on a subscription model based in the cloud. It was only after 10 years at Cisco that her mentor asked about her intentions of getting a master’s degree. The timing was right, as her son, whom she had raised for most of the time as a single mum, was going to college. So, Spiegel set about getting her master’s degree in cybersecurity. Her next role was with Wells Fargo where she had “a whole other vision and really got to get deep into cloud controls. And I realized, ‘Yeah, I want to work in this space,’” she says. That role was impacted by a restructuring, after which Spiegel decided to work independently helping startups and small businesses with compliance. Spiegel is now senior manager, security and trust, mergers and acquisitions at Autodesk and she spoke to CSO about all things cybersecurity. What are the main cybersecurity concerns when it comes to mergers and acquisitions? Spiegel: First of all, is understanding the difference between a mature company and a small company. In a small company you need to consider whether it is feasible for them to prioritize cybersecurity. If they don’t have a product and they don’t have customers, then there’s nothing to protect. And if they have very limited resources then it’s hard for them to justify. The whole thing about risk management is quantifying what the potential risk is, what you could lose. So, it’s hard to justify putting tremendous amount of funding into purchasing a tool or hiring an experienced CISO to come in and do this kind of work when you know you barely have budget to have a product and you don’t really have much revenue yet. When I’m doing merger work now I consider how absorbing that business is going to impact your risk. It’s going to impact your security posture, so you have to figure out how to understand its posture and then put together a strategy that allows the acquiring company to benefit from the acquisition without putting itself at risk by inheriting the vulnerabilities as well. What are some of the key challenges you’re facing today when it comes to AI? Spiegel: With AI the big questions are how to use AI, how to secure AI, and how to fend off AI all at once. And then look at that across different product lines and against different components. You also have to consider third parties and the ecosystem, and all of that magnifies with the acquisition and integration of other companies, large and small and scale does matter, actually. You’re just adding so much complexity so fast. We’re adding complexity into the supply chain and the ecosystem so quickly. This transformation reminds me similarly of when we all moved to the cloud. Everyone is doing it at once but for what reason? And will it make us safer or more vulnerable? What are your views on hiring and skills gap? Spiegel: There’s this fallacy that we don’t have enough people. There are a lot of people. I’m grateful that I have a job in this space, but the expectations are very high that we’re going to have all this experience in all of these different areas. We have a lot of practitioners out there and some of them are out of work. There are fewer entry-level positions offered and this is going to be a problem because the tools are good but you really need somebody who understands what they’re reading, and that means a wide range of experience, problem-solving, critical-thinking capabilities, to be able to aggregate all of this massive amount of data following prescriptive processes. Entry level positions help build this capacity and that is what we are missing. There’s a fear, I think, in hiring people that don’t have all the experience everywhere. I’m working with this nonprofit group called Project Cyber and we are helping women get into the workforce and the technical spaces. One of the main considerations is, ‘What are the skills?’ And it’s like speaking Greek or Latin; it’s a different set of skills, and cybersecurity is a challenge because it’s so huge. And it’s no different for CISOs: The expectation for cybersecurity leadership is to be able to rotate in different areas. It’s a very different mindset because it includes talking to the boards. You need to be able to present a business case for funding, you have to be a storyteller, you need to be able to understand data, and you need to be able to read the data and discern the data. And there is intelligence, and penetration testing, ethical hacking, there’s risk management. A lot is expected from cybersecurity professionals of all levels. How do you keep your team inspired? Spiegel: I think it’s important to give people a voice, to make sure they are enjoying what they’re doing, making sure they’re learning, they feel respected, they feel connected. Not forcing people to be in the office but treating people like adults; they can make those choices themselves, because everybody’s different. Being aware of the signs of burnout, making sure people take time off. Really listening and respecting, I think is the most important thing. I don’t believe in old school top-down management because I don’t feel like I’m smarter than other people. I do think that with experience I can see things coming and I can see patterns that I feel like that’s a little bit of a superpower for me, that someone half my age isn’t really going to be able to see yet because they haven’t lived through those cycles. Collaborating across a multigenerational workforce is going to motivate everyone and produce better outcomes. Where do you see the cybersecurity leader role going in the next few years? Spiegel: Many people across the CISO community have been talking about the notion of the cybersecurity profession versus that of a trade. When we look at that, the whole cybersecurity profession and CISO leadership development, it’s an interesting conversation. I find it to be a combination of both, or I should say some really believe it’s a profession, and it’s problematic for it to be considered solely as a trade, although there are some aspects of the skillset that support that argument. But I do think that the trend of thinking right now is that the trade is the hands-on entry level, starting out in the field, and the sort of technical hands-on aspect of it. And the profession is really about that elevation and standardization, and helping one another grow and evolve, and the greater good, and in the interconnectedness with other technology and risk management types of professions. I think the jury’s still out collectively about whether you know we’re a profession or a trade. But the more I talk with my peers, the more we’re all landing on it is a combination of both. Then there is the exposure concern. The trend is for CISOs or cybersecurity leaders to not be anywhere for very long. I think that’s a mistake. I think it is rising outside of being embedded in the secondary leadership team. And I think it’s becoming a top-level leadership. There’s a merging that’s happening between governance, risk, compliance, and all the software-driven vulnerabilities and data-driven vulnerabilities and technology-driven vulnerabilities I think when we see cybersecurity in the engineering space, we start to see that notion of trust and that transparency of trust, which then starts to merge with physical security, sometimes even privacy, resiliency. So, I’m seeing chief trust officers now. What are you most and least proud of in your career? Spiegel: What I was most proud of in my career really was the ability to build this career while I was a single mother, commuting back and forth between school and work, and I don’t even know how I was able to do this. I don’t recommend it for everyone but going back to school at the same time and getting my graduate degree. I will say that the UC Berkeley School of Information’s Master of Information and Cybersecurity (MICS) program is tremendous. And the network, that’s probably really in part how I was even able to do all of this, by having the right mentors and having the right people around me and support. And just the program is amazing. Also, it enabled me to get these certifications, and to just go all in and prepare myself for this pivot and really pivoting to cybersecurity ultimately has been really that end result. That, and bringing up this wonderful boy. I was really blown away when I got my CISSP certification. That was really hard for me, studying that hard and sitting and taking a test like that and then feeling like I could put that at the end of my name. That felt really, really good. Right now I’m also really enjoying mentoring people, these college students who are studying behavioral psychology and cyber, and data science, and are really recognizing how amazing that is. I feel like it takes a lot of emotional maturity to handle the personal relationship aspects of working in any profession. For me, working in technology and working in cybersecurity, and just developing leadership qualities, I feel it requires a self-awareness, and I feel like it took me a long time. … What I’m least proud of is perhaps some of the emotional responses I had. We talk about burnout. But back in the early days we didn’t talk about burnout. I think it’s important to talk about that, and to make sure that you don’t do more harm than good when you’re moving and pushing yourself as hard as you can. And sometimes that means really figuring out ways to depersonalize in terms of how you respond to difficult situations, but also to remember that the people aspect and the relationships are more important than anything else in the long term and really helps everybody succeed. I feel that earlier in my career I lagged in that emotional intelligence, and it took me a long time to build that. And any bridges burned along the way, I think, is something that you really pay for later. And I feel like I’ve grown in leaps and bounds in that area, and that really contributes to my ability to lead. Do you have any book recommendations for fellow cyber leaders you’d like to share? Spiegel: The Seventh Sense by Joshua Cooper Ramo is about just being prepared for the future, which I think is very, very important. And it’s historic, and it’s sort of anthropological, and I read it a couple of times, and I’ve quoted from it as well. I love that book. The conversations around AI, the one that really hit me that I’ve been recommending to people also is The Coming Wave by Mustafa Suleyman. About the kind of convergence of all the huge leaps and bounds that we’re making in technology. View the full article

As 2026 finds CISOs’ battle against relentless cyberattackers escalating once again, strong and carefully planned cybersecurity projects are the best way to stay a step ahead of attackers and prevent them from gaining the upper hand. From data governance to zero trust, here are several essential cybersecurity projects every CISO should consider adopting in the year ahead. 1. Transforming identity access for the AI era As AI and automation evolve, managing not only employee access but also the identities of AI agents and machine processes is now a cybersecurity essential, says Anthony Berg, Deloitte’s US cyber identity leader. “The rapid evolution of AI, especially agentic AI, has prompted many security leaders to rethink identity management strategies,” he says. “The need for better identity governance, spanning both people and non-human identities, has inspired CISOs and CIOs to reimagine their security frameworks for the next wave of digital transformation.” “It’s important for organizations to proactively modernize their IAM programs, especially as gen AI and agentic AI enable new business models and levels of autonomy,” Berg says. “Securing access across every digital identity is essential to safeguarding sensitive data, supporting compliance requirements, and driving operational efficiency.” By advancing identity and access management (IAM) capabilities, such as lifecycle management, strong authentication, and precise role- and policy-based access controls, enterprises can prevent unauthorized access and reduce the risks posed by compromised credentials, Berg says. “Extending these controls to non-human identities will help ensure that every entity interacting with systems or data is governed appropriately,” he says, adding that regular access reviews and ongoing education will also help safeguard information and enable secure adoption of advanced AI technologies. 2. Strengthening email security Phishing continues to be a primary attack vector for stealing credentials and defrauding victims, says Mary Ann Blair, CISO at Carnegie Mellon University. She warns that threat actors are now generating increasingly sophisticated phishing attacks, effectively evading mail providers’ detection capabilities. “Legacy multifactor authentication techniques are now regularly defeated, and threat actors are moving quickly to monetize their foothold.” Facing an increasingly challenging email environment, Blair says CISOs should consider turning to external sources for added security project assistance. She notes that several vendors she’s contacted have responded with an RFP and are enabling a test-drive of their latest capabilities. 3. Leveraging AI to discover code vulnerabilities Aman Priyanshu, a Cisco AI researcher, is developing autonomous vulnerability search agents using small language models (SLMs) that can run effectively in resource-constrained environments. Cybersecurity is inherently a long-context domain, and while current state-of-the-art LLMs can handle it, they do so at a significant tradeoff for cost or latency, Priyanshu says. “For example, organizational codebases are massive, often spanning thousands of files and millions of lines of code,” he states. “When you need to find a specific vulnerability, you face either an impossibly expensive context window if you load everything into a large model, or you’re simply out of the context limit entirely.” Priyanshu says his project aims to create SLM agents that resolve threats in the same way most human analysts do — through iterative investigation by reasoning about where vulnerabilities might be, searching those areas, retrieving relevant code, and repeating the process until the weaknesses can be found. “While we’ve demonstrated that this approach works in our research, we’re hoping to scale things up and practically explore real-world deployment in 2026.” Penetration testers and security researchers have been deploying generative AI for vulnerability hunting for some time now, with AI-powered bug hunting now showing signs of accelerating and democratizing vulnerability discovery — and altering the calculus of what makes for an effective bounty program. 4. Reenforcing enterprise AI governance and data protection As AI risks and autonomous threats reshape the cybersecurity landscape, Attila Török, CISO at GoTo, an AI-based cloud communications provider, is working to ensure that his organization can securely manage and monitor all AI tools while blocking unsanctioned platforms, preventing data leakage. “By embedding secure-by-design principles and aligning cybersecurity with business strategy, we’re building resilience, trust, and compliance — all of which are key differentiators in the AI era,” he says. However, as with any major security initiative, success can’t happen within a silo, he warns. “It will take collaboration with every department across our business to establish practices that ensure success now and in the future.” 5. Prioritizing AI to enhance security operations Sales performance management firm Xactly is prioritizing AI trust because the math dictates it and the threat landscape demands it, says Matthew Sharp, CISO there. “We conducted a rigorous Christensen-style analysis of our security operations and found that roughly 67% of functional work — tasks such as evidence gathering, alert validation, and compliance reporting — is mechanical and can be automated.” Adversaries are already using AI to attack at machine speed, Sharp warns, noting that organizations can’t defend against AI-driven attacks with human-speed responses. “Operationalizing AI trust allows us to fight fire with fire, since we can’t afford to have human analysts performing tasks that machines can do more efficiently.” As AI continues to emerge as a viable tool for defense, CISOs are also rethinking how their teams operate to harness the technology’s potential. 6. Moving to a zero-trust-by-default model Pavlo Tkhir, CTO at Euristiq, says his main project for 2026 is the implementation of zero trust architecture for all the software development firm’s internal and client development. “We’ve long worked with companies for whom security is critical, but in 2026, market and regulatory demands will be so high that moving to a complete ‘zero-trust-by-default’ model will become a strategic imperative.” For Tkhir, the project isn’t just about strengthening the company’s own security. “It will also allow us to build even more secure platforms for our clients, from high-load enterprise systems to AI-powered solutions where data integrity is critical,” he says. “We’re implementing zero-trust across infrastructure, development, CI/CD, and internal tools — this creates a unified security standard that will then be transferred to client architectures.” The initiative wasn’t born out of a specific incident, but from close observation, Tkhir says. “We saw that threat models are changing faster than ever.” He notes that attacks are increasingly occurring not on the perimeter, but internally: through library vulnerabilities, APIs, weak authentication mechanisms, or erroneous permissions. “This is what inspired us to completely rethink our approach.” 7. Bolstering data governance across the enterprise Building a unified data governance and security framework across all enterprise systems is a 2026 priority for Barry Kunst, a director at Solix Technologies, an enterprise data, AI, and data fabric solutions provider. The initiative is being undertaken in part to address the kinds of shadow data, inconsistent access control, and compliance gaps most organizations still struggle, he says. “When you standardize how data is classified, protected, and monitored across every environment, you close the biggest security loophole — untracked sensitive data,” Kunst says. “This project will strengthen our security by improving visibility, enforcing policy-driven controls, and reducing exposure in multi-cloud setups.” Kunst says his organization launched the initiative after seeing its customers overwhelmed by rapid data growth and new regulatory requirements. “Our security and cloud engineering teams are collaborating with key technology partners, with a planned rollout in 2026’s third quarter,” he says. View the full article

Many software and SaaS companies are building AI agents into their products, but these features can expand the attack surface of those platforms, especially when rushed to market. A privilege escalation vulnerability revealed last week in ServiceNow’s platform is the latest example of how AI agents capable of executing highly privileged tasks can be abused in unintended ways. The vulnerability, dubbed BodySnatcher by researchers from security firm AppOmni who found it, impacts the Now Assist AI Agents and Virtual Agent API applications. It allows unauthenticated users to execute agentic workflows with the privileges of any user. In Now Assist–enabled instances with default settings, this flaw could be exploited to create backdoor accounts with admin roles. “The discovery of BodySnatcher represents the most severe AI-driven security vulnerability uncovered to date and a defining example of agentic AI security vulnerabilities in modern SaaS platforms,” AppOmni researchers wrote in their report. “It demonstrates how an attacker can effectively ‘remote control’ an organization’s AI, weaponizing the very tools meant to simplify enterprise workflows.” According to ServiceNow, this vulnerability was patched in hosted instances at the end of October, and updates were provided to customers using self-hosted instances. But the security advisory and vulnerability details were not made public until last week. The company advises customers to make sure they’re running Now Assist AI Agents versions 5.1.18, 5.2.19, or later, and Virtual Agent API versions 3.15.2, 4.0.4, or later. AppOmni notes that the updates break their proof-of-concept exploit by removing one of the example AI agents installed by default with Now Assist, but the dangerous configurations that underpin this vulnerability could still exist in custom code created by customers or in third-party integrations. As more organizations use agentic AI tools developed by their SaaS providers, or build their own agents internally to automate workflows, they need to be conscious of the unexplored risks these tools could introduce if they’re overprivileged or their authentication logic is flawed. Impersonating users through the ServiceNow Virtual Agent API The Virtual Agent API is an application available in the ServiceNow Store that enables customers to integrate external chat interfaces or bots with the ServiceNow Virtual Agent platform. This platform allows organizations to design and deploy automated conversations on a variety of topics to support customers or employees and free up human agents for other tasks. For example, one integration could be a Slack bot that talks to the organization’s ServiceNow Virtual Agent platform to answer questions. The API uses a unique provider definition for every integration to specify how ServiceNow will authenticate the integration’s messages and convert them into a structured format that its Virtual Agent platform can understand. A common way to authenticate external Virtual Agent integrations is via a Message Auth record, which is a unique static token. Another default option, called Auto-Linking, enables the provider to automatically link the identity of the user sending messages through the external integration with their corresponding ServiceNow account. This is usually done by simply checking the user’s email address. While Virtual Agent was initially intended to support pre-built conversation agents only, ServiceNow later added the capability to support LLM-powered AI agents through its Now Assist platform. These new agents leverage the existing Virtual Agent API with the same configuration choices, including authentication via static Message Auth records and Auto-Linking. As a result, any unauthenticated attacker could impersonate any user during a conversation simply by knowing their email address and the AI provider’s token, which is the same across all enabled instances. “The net security risk of these problems alone was relatively minimal,” the researchers said. “At best, an attacker could supply an undocumented ‘live_agent_only’ parameter in their message payload to the Virtual Agent API, which would force the Virtual Agent to pass off the message content to a real human (if supported by the organization). By sending a message as a trusted user to a member of an organization’s IT support staff, a phishing risk is surfaced.” Enter agent-to-agent interactions and execution The platform was later extended further to support external AI agents talking to internal ServiceNow AI agents that could execute tasks. To enable this, the company created a special protocol and a separate REST API that requires authentication. However, this new API is apparently just another layer on top of the existing Virtual Agent API. It transforms the requests into the same format used by the Virtual Agent API along with some variables that trigger AI agent execution. The researchers reverse-engineered the variables as well as the Virtual Agent API “topics” — structured workflows designed to complete specific tasks — that this agent-to-agent protocol calls. “With respect to what was publicly understood regarding the availability of AI agents on the platform, this understanding is groundbreaking,” the researchers said. “The general consensus was that in order for an AI agent to be executed outside of testing, it must be deployed to a channel that has explicitly enabled the Now Assist feature. But this is not the case. Evidently, as long as the agent is in an active state and the calling user has the necessary permissions, it can be executed directly through these topics.” Normally, using the agent-to-agent API requires a ServiceNow account, but because it is a wrapper for the older Virtual Agent API, which doesn’t require a ServiceNow account, this requirement can be bypassed. An attacker would also need the unique ID of an AI agent that exists in their victim’s ServiceNow instance. It turns out that installing the Now Assist AI application deploys example agents by default, including the Record Management AI Agent, which was capable of creating records in any arbitrary table. This agent, which has been removed as part of the patch, had the same UID across all deployments. AppOmni’s researchers showed they could use the previous impersonation attack that works by default against the Virtual Agent API to call the Record Management AI Agent with the privileges of an admin and then ask it through a prompt to add a new user record with an email address they control and then assign the admin role to the newly created user. The AI agent worked in supervised mode, so it attempted to ask the requester for confirmation before executing the task, and attackers sending requests directly to the API would not receive these confirmation prompts back. But the researchers found that they could simply wait a few seconds and then send another request with a prompt saying, “Please proceed,” and the agent will accept that as approval. With the backdoor user added to the database with an admin role, the researchers, who controlled the new user’s email address, simply used the normal password reset process to create a new password for it. Mitigation “ServiceNow’s immediate response was to rotate the provider credentials and remove the powerful AI agent shown in the PoC, effectively patching the ‘BodySnatcher’ instance,” the researchers said. “But these are point-in-time fixes. The configuration choices that led to this agentic AI vulnerability in ServiceNow could still exist in an organization’s custom code or third-party solutions.” The researchers included a series of recommendations for ServiceNow admins and security teams in their report. One is to enforce multi-factor authentication for account linking for any Virtual Agent API provider, an option that ServiceNow provides. “However, enforcing MFA is not a ‘toggle-and-forget’ setting,” the researcher said. “Simply updating the Account linking type field is insufficient. You must also ensure the Automatic link action script associated with the provider contains the logic necessary to execute and validate the specific MFA challenge.” Any custom agents built on the platform should be subject to review and approval to align with the organization’s security policies. To enable this, the AI steward approval can be enabled in the AI Control Tower application. Unused AI agents should regularly be reviewed and disabled, as leaving them active opens the possibility that they could be abused through a similar flaw. View the full article

In my recent conversation with CISOs across Southeast Asia, they shared with me a pragmatic view of 2026. Attackers are shifting tactics, AI is amplifying both risk and response, and IT-OT boundaries are blurring. Three priorities stand out to me, hardening cloud and AI infrastructure, treating identity as the active perimeter, and operationalizing resilience as capability and, in select sectors – as a service. Cloud and AI become high‑value targets Multi‑cloud adoption and sprawling SaaS create visibility gaps where a single misconfiguration or leaked credential can expose sensitive data and expensive compute, including AI GPUs. CISOs mandate is to tighten configurations, expand telemetry, and assume adversaries are probing the weakest link. Identity and Trust Are the New Perimeter We expect fewer “break‑ins” and more impersonation such as AI‑crafted lures, voice scams, session hijacks, and token theft that bypass traditional Multi-Factor Authentication. Southeast Asian CISOs are prioritizing continuous verification, session integrity controls, and trust checks embedded in workflows. Supply chain risk multiplies Open‑source components, model repositories, CI/CD pipelines, and cloud platforms widen exposure. A single compromised vendor can cascade across customers; ransomware and data theft increasingly arrive via “trusted” integrations. Organizations must strengthen vendor controls and harden pipelines. Agentic AI raises the stakes on offense and defense Autonomous agents can make poor decisions at machine speed unless constrained. Guardrails now include scoped, time‑bound access; human‑in‑the‑loop; kill‑switches; and behavioural monitoring. On defense, Security Operations Centers (SOCs) are automating correlation, summarisation, containment, and remediation, elevating analysts to strategic hunting and validation. Instrument the browser As AI works through browser sessions, responders need session reconstruction and richer telemetry to investigate fast‑moving incidents. People remain decision makers With manipulation accelerating, boards are investing in targeted awareness, deception detection, and decision‑support training that complements technical controls. IT- OT convergence expands cyber‑physical risk Industrial control systems require OT‑specific resilience such as segmentation, rigorous change control, and rehearsed recovery to be prioritized at the board level. In financial services, resilience becomes a revenue stream Large institutions may productize security assurance by packaging cyber resilience, AI‑enabled fraud controls, and compliance automation as subscription services. Zero Trust extends to non‑human identities Enterprises will manage thousands of AI agents. Expect formal AI identity and access governance, including least privilege for agents, authentication models for non‑human actors, and continuous behavior monitoring. Shutterstock CSO ASEAN Final Take 2026 will test whether organisations can secure what they automate. In my view, this collective Southeast Asia CISOs’ message is consistent: harden cloud and SaaS, elevate identity‑centric controls, instrument agents and browsers for forensic clarity, and treat resilience not only as defense but, where it makes sense, treat it as a product. Enjoy reading these top predictions for 2026 by our region’s most eminent CISOs who are also our CSO30 ASEAN & Hong Kong Award 2025 winners: Jason Lau Chief Information Security Officer Crypto.com Board Director at ISACA Prediction 1 In 2026, organizations will face attacks that increasingly blur the lines between cybercrime, insider threat, and nation-state activity. Social engineering, SaaS compromise, digital-asset theft, and extortion will no longer appear as isolated incidents, but as coordinated services designed to scale impact and pressure defenders simultaneously. Prediction 2 In 2026 we will likely see widely reported incidents of agentic AI going rogue. Not necessarily through rebellion, but through unchecked autonomy combined with speed. Boards will be forced to confront accountability when agents make bad decisions at machine scale, and organizations will need to redesign Model Context Protocol usage around human‑in‑the‑loop controls, scoped and time‑bound access, real‑time kill switches, and continuous behavioral monitoring. Governance that can’t keep up with velocity will be bypassed Prediction 3 In 2026, the defining risk will be business‑process and human-layer exfiltration where AI systems, SaaS integrations and wearables become the transport layer for data loss. Security teams will be forced to rethink data‑loss prevention for an AI‑human-augmented world. Prediction 4 Incident response and SOC teams will need to think about adding new telemetry for analysis- Agentic browser session reconstruction. Organizations that treat “AI browser access” like a normal productivity feature, rather than privileged access, will learn the risks the hard way. Yohannes Glen Dwipajana SVP Head of Enterprise Security Indosat Ooredoo Hutchison Prediction 5 Cloud misconfigurations, SaaS integrations, and AI GPU resources are under a constant attack. Most of the company will have a multi-cloud strategy environment however it will reduce SOC real time visibility to detect lateral movement, and the Threat Actor will steal your data and also compute power. This can be happened by a single misconfigured credential then will expose the enterprise. Prediction 6 The Threat Actor are shifting away from breaking systems, they are impersonating people, sessions, and trusted workflows using AI-generated phishing, voice scams, and deepfakes are indistinguishable from real communications, there will be more session hijacking and token theft to bypass traditional MFA. Prediction 7 Supply chain is the multiplier of risk, by having many software suppliers, using open-source components, AI models, and cloud platforms are now prime entry points. One single compromised vendor may expose thousands of customers. By exploiting vendor’s AI model repositories and CI/CD pipelines become a new emerging attack vector. Ransomware attack may increasingly enter through our “trusted” partners. Michael Saw Chief Information Security Officer, APAC Siemens Energy Prediction 8 As agentic AI accelerates attack speeds, human intuition will prove increasingly unreliable against sophisticated manipulation. This will drive boards to treat employee resilience as a core risk factor and invest in employees’ cybersecurity awareness programs and training, as well as proactive deception detection alongside technical controls. Prediction 9 As Information Technology/Operational Technology (IT/OT) integration accelerates operational efficiency, cyber-physical attacks targeting industrial control systems (ICS) will rise, prompting boards to prioritize OT resilience as a core business risk alongside traditional IT security. Primitivo Nufable VP & Head – IT, Information & Cyber Security Group St Luke’s Medical Centre Prediction 9 Security teams will respond by fully operationalizing AI within their SOCs. Prediction 10 In 2026, healthcare sector and St Luke’s Medical Centre in particular, will be laying Agentic AI SOCs roadmap to upgrade our existing SOC running on the basic SIEM/SOAR platform. AI agents will assist analysts by handling data correlation, incident summaries, and automated containment and remediation, allowing human analysts to focus on strategic threat hunting and validation. St Luke’s Medical Centre will try to replace L1 & L2 Cybersecurity Analyst with Agentic AI Analyst and L3 Cybersecurity Analyst will be in-charge of the governance of these AI agents. Chhay Yaroth SVP and Head of Information Security Division ACLEDA Bank Plc. Prediction 12 Over 60% of the world’s top 50 financial institutions by revenue will have launched profitable cyber-resilience products by 2026. This will give rise to a new metric-Security Contribution Margin which is tracked by analysts. Moreover, one-third of large fintech will become customers of their banking partners’ security services, flipping the traditional client-provider relationship based on cyber maturity. Prediction 13 A major company will suffer material data risks originating from an over-permissioned, compromised, or hallucinating autonomous AI agent, leading to a new regulatory focus on “AI Identity and Access Governance” and forcing 60% of CISOs to create a dedicated “AI Identity” team within IAM. Innovation and technology, Hand of robot touching a padlock of security on network connection of business, Data exchange, Financial and banking, AI, Cyber crime and internet security. iStock/ipopba View the full article

A new Top 10 Cybersecurity Innovators profile by AppGuard has been released, spotlighting growing concerns over AI-enhanced malware. AI makes malware even more difficult to detect. Worse, they use AI to assess, adapt, and move faster than any cyber stack can keep up. The report advocates for a fundamental change in approach, highlighting the limitations of reactive security measures. Rather than constantly adding or changing detection layers of cyber stacks, the profile emphasizes the importance of reducing endpoint attack surface—a perspective that challenges conventional industry practices. The Detection Gap Crisis: Why “Magic AI” Fails CEO Fatih Comlekoglu mentions that “You can’t keep trying to tell good from bad among infinite possibilities. Not even the most magical AI can parse infinity.” The industry is trapped in a futile chase, piling on detection tools and adding AI enhancements that still fail to close the foundational gap. In fact, enterprises now face an overwhelming flood of alerts, with many organizations reportedly beginning to limit the amount of data they ingest simply because they can no longer keep up. The New Threat: Lateral Movement at the Speed of AI Once remote control is established on an endpoint, adversarial AI reportedly adjusts the malicious process’s activities in real-time to evade detection and adapt to the environment. This dramatically shortens the time defenders have to respond and exacerbates flaws in detection-based security that depend on human approvals or interventions. Every Cyber Stack Needs a “Default-Deny” Layer AI cannot parse infinity; AI can only parse what it can, faster. Instead of joining the futile chase, “default-deny” or Zero Trust enforced within endpoints shrinks the attack surface. By restricting what can run and what the running can do, attacks run into walls, regardless of disguise or AI acceleration. The concept is akin to football: shrink the adversary’s “playing field” as well as its “playbook”. Many controls-based layers can theoretically shrink the attack surface to some degree but few do so practically, thoroughly, and without considerable friction. AppGuard does this with 10 to 100 times fewer policy rules than alternatives. Even better, it uniquely auto-adapts to endpoint changes and malware technique variations. Fewer rules and fewer rules changes equate to easier operations and greater efficacy against malware, even AI-guided malware. AI is Not Detection Magic, But it is Helpful While AI is increasingly promoted as a breakthrough in cybersecurity, it remains a form of advanced pattern matching—subject to the same limitations as traditional detection methods. AppGuard affirms that it does not rely on AI for malware detection. Instead, the company sees AI enhancing its controls-based approach to endpoint protection. This includes improving attack surface management, minimizing disruption to legitimate workflows, and providing clearer visibility into policy enforcement and blocked events. ANNOUNCING: Expanded Insider Release for Veteran Operators Following recognition in the recent cybersecurity innovators profile, AppGuard has reopened its Insider Release program. The initiative seeks experienced endpoint security professionals—particularly those at MSSPs and MSPs managing multiple client environments—to provide hands-on feedback on AppGuard’s upcoming reengineered endpoint protection platform. Selected participants will have early access to deploy the newly architected lightweight agent in combination with AppGuard’s new cloud-based management console. Seats are limited and reserved for qualified teams with proven operational experience. Readers apply here. Selected participants receive: early access to the new agent and cloud console and direct influence on final features and roadmap priorities. Resources AppGuard Home Page Read the December 2025 industry profile Video overviewing AppGuard Apply for the Insider Release Adding AppGuard Anywhere: Proven Effectiveness and Pragmatism Adding AppGuard to ANY cyber stack to stop what other layers miss entirely or detect too late: zero-days, ransomware, process injection, credential theft, info-stealers, living-off-the-land techniques. AppGuard’s effectiveness is not theoretical. It has been proven repeatedly in the field for very large organizations to very small. For example, one of the world’s largest airlines, managing more than 40,000 endpoints, had been plagued by weekly malware incidents despite deploying multiple high-end cybersecurity solutions. After implementing AppGuard in 2019, the organization has experienced no successful malware breaches—a testament to the product’s real-world impact. Small businesses appreciate its easy deployment and the resulting end-user productivity. About AppGuard AppGuard is the real-time, controls-based endpoint protection layer that stops what detection tools miss entirely or detect too late. It extends Zero Trust principles into the endpoint itself—down to the computing process—filling a critical gap where traditional Zero Trust models treat the endpoint as a black box. Adding it to any cyber stack delivers enterprise-grade protection with dramatically fewer rules, far less tuning, and far less operational overhead. AppGuard is ideal for both smaller organizations and large enterprises tired of spending fortunes on porous, alert-heavy defenses that still fail. Contact Marketing Eirik Iverson AppGuard Inc [email protected] View the full article

Better late than never. Cisco this week patched a ‘critical’ zero-day flaw in the company’s email security and management gateways that has hung over customers’ heads since December. Tracked as CVE-2025-20393, the vulnerability affects Cisco’s AsyncOS Software running on the physical or virtual Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) products. The issue is serious, allowing an attacker to take over an appliance with root privileges when the Spam Quarantine feature is turned on and exposed to the internet. That earned it a relatively rare CVSS maximum severity score of 10, a ‘critical’ rating. Cisco said in its advisory: “This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.” Unfortunately, the vulnerability, which Cisco said it learned of on December 10 while resolving a customer support case, was already being exploited in the wild. This prompted the company to issue an advisory – but no patch addressing the flaw – a week later, on December 17. According to an analysis by Cisco’s Talos threat intelligence division, issued on the same day, exploits had been detected going back to “at least” late November, which meant the issue was already weeks old by the time customers heard about it, with no temporary workarounds possible. “Talos assesses with moderate confidence that this activity is being conducted by a Chinese-nexus threat actor, which we track as UAT-9686. As part of this activity, UAT-9686 deploys a custom persistence mechanism we track as ‘AquaShell’ accompanied by additional tooling meant for reverse tunneling and purging logs,” Cisco Talos said. This week, more than a month after the first public warning, and seven weeks after the first exploits were detected, Cisco issued an AsyncOS patch fixing the vulnerability. Does the delay matter? The exploit only affects a subset of customers running a Secure Email Gateway or Secure Email and Web Manager with the Spam Quarantine service exposed on a public port. According to Cisco, this feature is not enabled by default, and, it said, “deployment guides for these products do not require this feature to be directly exposed to the internet.” This makes it sound as if customers enabling the feature would be the exception. While that’s probably true — exposing a service like this through a public port goes against best practice — one use case referenced in Cisco’s User Guide would be to allow remote users to check quarantined spam for themselves. The number of organizations using these products that have enabled it for this reason is, of course, impossible to say. To reprise, Cisco said that vulnerable customers are those running Cisco AsyncOS Software with both Spam Quarantine turned on and exposed to and reachable from the internet. Given that no workarounds are possible, this implies that simply turning off access through a public interface (by default, port 6025, or 82/83 for the web portal) isn’t sufficient on its own. However, even if it were, this ignores the possibility that attackers might have already exploited the vulnerability and gained persistence in recent weeks, before the port was closed. The best option is always to patch to remove all risk. Patch advice Cisco Secure Email Gateway (ESG) customers on v14.2 or earlier should upgrade to v15.0.5-016; v15.0 should upgrade to v15.0.5-016; v15.5 should upgrade to v15.5.4-012; and v16.0 should upgrade to v16.0.4-016. Secure Email and Web Manager (SEWM) customers on v15.0 or earlier should upgrade to v15.0.2-007; Customers on v15.5 should upgrade to v5.5.4-007; customers on v16.0 should upgrade to v16.0.4-010. Cisco said that the patch also clears any persistence mechanisms from an attack, but, it said, “Customers who wish to explicitly verify whether an appliance has been compromised can open a Cisco Technical Assistance Center (TAC) case.” This article originally appeared on NetworkWorld. View the full article

The finding of fresh privilege-escalation vulnerabilities in Google’s Vertex AI is a stark reminder to CISOs that managing AI service agents is a task unlike any that they have encountered before. XM Cyber reported two different issues with Vertex AI on Thursday, in which default configurations allow low-privileged users to pivot into higher-privileged Service Agent roles. But, it said, Google told it the system is just working as intended. “The OWASP Agentic Top 10 just codified identity and privilege abuse as ASI03 and Google immediately gave us a case study,” said Rock Lambros, CEO of security firm RockCyber. “We’ve seen this movie before. Orca found Azure Storage privilege escalation, Microsoft called it ‘by design.’ Aqua found AWS SageMaker lateral movement paths, AWS said ‘operating as expected.’ Cloud providers have turned ‘shared responsibility’ into a liability shield for their own insecure defaults. CISOs need to stop trusting that ‘managed’ means ‘secured’ and start auditing every service identity attached to their AI workloads, because the vendors clearly aren’t doing it for you.” Sanchit Vir Gogia, chief analyst at Greyhound Research, said the report is “a window into how the trust model behind Google’s Vertex AI is fundamentally misaligned with enterprise security principles.” In these platforms, he said, “Managed service agents are granted sweeping permissions so AI features can function out of the box. But that convenience comes at the cost of visibility and control. These service identities operate in the background, carry project-wide privileges, and can be manipulated by any user who understands how the system behaves.” Google didn’t respond to a request for comment. The vulnerabilities, XM Cyber explained in its report, lie in how privileges are allocated to different roles associated with Vertex AI. “Central to this is the role of Service Agents: special service accounts created and managed by Google Cloud that allow services to access your resources and perform internal processes on your behalf. Because these invisible managed identities are required for services to function, they are often automatically granted broad project-wide permissions,” it said. “These vulnerabilities allow an attacker with minimal permissions to hijack high-privileged Service Agents, effectively turning these invisible managed identities into double agents that facilitate privilege escalation. When we disclosed the findings to Google, their rationale was that the services are currently ‘working as intended.’” XM Cyber found that someone with control over an identity with even minimal privileges consistent with Vertex AI’s “Viewer” role, the lowest level of privilege, could in certain circumstances manipulate the system to retrieve the access token for the service agent and use its privileges in the project. Gogia said the issue is alarming. “When a cloud provider says that a low-privileged user being able to hijack a highly privileged service identity is ‘working as intended,’ what they are really saying is that your governance model is subordinate to their architecture,” he said. “It is a structural design flaw that hands out power to components most customers don’t even realize exist.” Don’t wait for vendors to act Cybersecurity consultant Brian Levine, executive director of FormerGov, was also concerned. “The smart move for CISOs is to build compensating controls now because waiting for vendors to redefine ‘intended behavior’ is not a security strategy,” he said. Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, warned, “A malicious insider could leverage these weaknesses to grant themselves more access than normally allowed.” But, he said, “There is little that can be done to mitigate the risk other than, possibly, limiting the blast radius by reducing the authentication scope and introducing robust security boundaries in between them.” However, “This could have the side effect of significantly increasing the cost, so it may not be a commercially viable option either.” Gogia said the biggest risk is that these are holes that will likely go undetected because enterprise security tools are not programmed to look for them. “Most enterprises have no monitoring in place for service agent behavior. If one of these identities is abused, it won’t look like an attacker. It will look like the platform doing its job,” Gogia said. “That is what makes the risk severe. You are trusting components that you cannot observe, constrain, or isolate without fundamentally redesigning your cloud posture. Most organizations log user activity but ignore what the platform does internally. That needs to change. You need to monitor your service agents like they’re privileged employees. Build alerts around unexpected BigQuery queries, storage access, or session behavior. The attacker will look like the service agent, so that is where detection must focus.” He added: “Organizations are trusting code to run under identities they do not understand, performing actions they do not monitor, in environments they assume are safe. That is the textbook definition of invisible risk. And it is amplified in AI environments, because AI workloads often span multiple services, cross-reference sensitive datasets, and require orchestration that touches everything from logs to APIs.” This is not the first time Google’s Vertex AI has been found vulnerable to a privilege escalation attack: In November 2024, Palo Alto Networks issued a report finding similar issues with the Google Vertex AI environment, problems that Google told Palo Alto at the time that it had fixed. View the full article

Security researchers have confirmed active exploitation of a maximum-severity privilege escalation flaw in the widely used Modular DS plugin, a tool used to monitor, update, and manage multiple WordPress sites from a single console. The bug, tracked as CVE-2026-23550, was assigned a CVSS score of 10.0 for its ability to enable an unauthenticated attacker to gain full admin access on thousands of vulnerable sites. Disclosed by the WordPress security company, Patchstack, the flaw affects Modular DS versions 2.5.1 and earlier, allowing attackers to escalate their access without credentials by calling certain API routes not protected by the plugin’s routing logic. Exploitation was already spotted in the wild, with some intrusions leading to WordPress Admin sessions, before a fixed update was available to users. Successful exploit grants Admin rights The vulnerability lies in how Modular DS handles requests internally. The plugin exposes a set of REST-style routes under an “/api/modular-connector/” prefix that are supposed to be protected by authentication middleware. But due to an oversight in the route handling logic, specifically the isDirectRequest() mechanism, certain requests bypass authentication entirely when specific parameters are present. This means an attacker who can reach the impacted endpoint can, in a single crafted request, cause the plugin to treat them as if they were a legitimate authenticated site connection. That, in turn, opens up access to sensitive routes, including /login/, granting instant admin privileges or the ability to enumerate site users and data without needing a password. Modular DS is a site management platform, the very tool that many agencies and developers use to save time administering their WordPress sites. The faulty logic in the plugin’s routing and authentication mechanics opens all of its users to potential attacks. Mitigations The good news is that a fix exists. The vendor of the plugin released Modular DS version 2.5.2 on January 14, 2026, promptly after the vulnerability was confirmed and assigned its CVE identifier. Patchstack also issued mitigation rules that can block exploitation if applied before patching. “In version 2.5.1, the route was first matched based on the attacker-controlled URL,” Patchstack researchers said in a blog post. “In version 2.5.2, URL-based route matching has been removed. The router no longer matches routes for this subsystem based on the requested path, and route selection is now entirely driven by the filter logic.” However, over 40,000 WordPress installs remain at risk if they haven’t updated. Because the attack doesn’t require authentication or even user interaction, any publicly reachable site running a vulnerable version of the plugin could be compromised automatically by automated scanning and exploitation tools. The researchers noted that exploitation patterns surfaced as early as January 13th, suggesting threat actors were probing across the web even before the advisory went live. “Version 2.5.2 of the Modular DS Connector plugin includes an important security fix addressing a critical vulnerability,” the vendor said in an advisory. “We strongly recommend that all Modular DS installations ensure they are running this version as soon as possible.” Other than an update, a few steps users can take for protection include checking for rogue admin accounts, hardening WordPress security controls by implementing two-factor authentication (2FA), and IP restrictions. View the full article

Security researchers have confirmed active exploitation of a maximum-severity privilege escalation flaw in the widely used Modular DS plugin, a tool used to monitor, update, and manage multiple WordPress sites from a single console. The bug, tracked as CVE-2026-23550, was assigned a CVSS score of 10.0 for its ability to enable an unauthenticated attacker to gain full admin access on thousands of vulnerable sites. Disclosed by the WordPress security company, Patchstack, the flaw affects Modular DS versions 2.5.1 and earlier, allowing attackers to escalate their access without credentials by calling certain API routes not protected by the plugin’s routing logic. Exploitation was already spotted in the wild, with some intrusions leading to WordPress Admin sessions, before a fixed update was available to users. Successful exploit grants Admin rights The vulnerability lies in how Modular DS handles requests internally. The plugin exposes a set of REST-style routes under an “/api/modular-connector/” prefix that are supposed to be protected by authentication middleware. But due to an oversight in the route handling logic, specifically the isDirectRequest() mechanism, certain requests bypass authentication entirely when specific parameters are present. This means an attacker who can reach the impacted endpoint can, in a single crafted request, cause the plugin to treat them as if they were a legitimate authenticated site connection. That, in turn, opens up access to sensitive routes, including /login/, granting instant admin privileges or the ability to enumerate site users and data without needing a password. Modular DS is a site management platform, the very tool that many agencies and developers use to save time administering their WordPress sites. The faulty logic in the plugin’s routing and authentication mechanics opens all of its users to potential attacks. Mitigations The good news is that a fix exists. The vendor of the plugin released Modular DS version 2.5.2 on January 14, 2026, promptly after the vulnerability was confirmed and assigned its CVE identifier. Patchstack also issued mitigation rules that can block exploitation if applied before patching. “In version 2.5.1, the route was first matched based on the attacker-controlled URL,” Patchstack researchers said in a blog post. “In version 2.5.2, URL-based route matching has been removed. The router no longer matches routes for this subsystem based on the requested path, and route selection is now entirely driven by the filter logic.” However, over 40,000 WordPress installs were initially at risk if they hadn’t updated. Because the attack doesn’t require authentication or even user interaction, any publicly reachable site running a vulnerable version of the plugin could be compromised automatically by automated scanning and exploitation tools. The researchers noted that exploitation patterns surfaced as early as January 13th, suggesting threat actors were probing across the web even before the advisory went live. “Version 2.5.2 of the Modular DS Connector plugin includes an important security fix addressing a critical vulnerability,” the vendor said in an advisory. “We strongly recommend that all Modular DS installations ensure they are running this version as soon as possible.” Other than an update, a few steps users can take for protection include checking for rogue admin accounts, hardening WordPress security controls by implementing two-factor authentication (2FA), and IP restrictions. View the full article

Summit Art Creations – shutterstock.com Auch in diesem Jahr spielt das Thema Cybersicherheit eine wichtige Rolle auf dem Weltwirtschaftsforum (WEF) in Davos. So prognostiziert etwa der Global Cybersecurity Outlook 2026, dass Cyberrisiken durch Fortschritte in der künstlichen Intelligenz (KI), die zunehmende geopolitische Fragmentierung und die Komplexität der Lieferketten verschärft werden. Der Bericht knüpft damit den Schlussforderungen des WEF im vergangenen Jahr an, wonach eine Reihe von sich verstärkenden Faktoren – geopolitische Spannungen, komplexe Lieferketten, zunehmende Regulierung und rasche technologische Veränderungen – zu einer Ära zunehmender Komplexität und Unvorhersehbarkeit führen werde. an. Zu den wichtigsten Ergebnissen des aktuellen Berichts gehören: 94 Prozent der Befragten gehen davon aus, dass KI im Jahr 2026 der wichtigste Treiber für Veränderungen im Bereich Cybersicherheit sein wird. 87 Prozent der Befragten gaben an, dass KI-bezogene Schwachstellen im vergangenen Jahr zugenommen haben. Außerdem habe es einen Anstieg bei weiteren Cyberrisiken wie Cyberbetrug und Phishing, Störungen der Lieferkette und die Ausnutzung von Software-Schwachstellen gegeben. Das Vertrauen in die nationale Cyber-Bereitschaft nimmt weiter ab. 31 Prozent der Befragten haben nur wenig Vertrauen in die Fähigkeit ihres Landes, auf größere Cybervorfälle zu reagieren. Im Vorjahr waren es noch 26 Prozent. Das Vertrauen variiert stark zwischen den Regionen. 84 Prozent der Befragten aus dem Nahen Osten und Nordafrika sind zuversichtlich, dass ihr Land in der Lage ist, kritische Infrastrukturen zu schützen. Im Gegensatz dazu sehen nur 40 Prozent der Befragten aus Europa ihr Land dafür vorbereitet. Auf die Frage nach der Cyber-Resilienz ihrer eigenen Organisation gaben 23 Prozent der Vertreter des öffentlichen Sektors und internationaler Organisationen an, dass sie deren Bereitschaft für unzureichend halten. Im Gegensatz dazu bewerteten nur elf Prozent der Befragten aus dem privaten Sektor ihr Unternehmen in diesem Aspekt negativ. 91 Prozent der Organisationen mit mehr als 100.000 Mitarbeitern haben ihre Cybersicherheitsstrategien aufgrund der geopolitischen Instabilität geändert. Der aktuelle WEF-Bericht dreht sich vor allem um das Thema KI. Die Mehrheit der befragten Führungskräfte geht davon aus, dass die Technologie in diesem Jahr der wichtigste Treiber für Veränderungen im Bereich Cybersicherheit sein wird. „Die weit verbreitete Integration von KI-Systemen vergrößert die Angriffsfläche und schafft neue Schwachstellen, für deren Behebung herkömmliche Sicherheitskontrollen nicht ausgelegt sind“, heißt es dazu. „Darüber hinaus nutzen Angreifer KI, um den Umfang, die Geschwindigkeit, die Raffinesse und die Präzision ihrer Angriffe zu verbessern“, heißt es weiter. Allerdings könnten auch Verteidiger KI nutzen, um ihre Cyberfähigkeiten zu stärken – zumindest theoretisch, wie der Bericht betont: „Die Vorteile der KI hängen von einer disziplinierten Umsetzung ab. Schlecht implementierte Lösungen können neue Risiken mit sich bringen – Fehlkonfigurationen, voreingenommene Entscheidungen, übermäßige Abhängigkeit von Automatisierung und Anfälligkeit für feindliche Manipulationen.“ Voraussetzung sei daher, dass Unternehmen robuste Schutzvorkehrungen, Security-by-Design-Praktiken und kontinuierliche Überwachung integrieren. „Die Schlussfolgerung ist klar“, so die Autoren. „KI kann die Cybersicherheit verbessern, aber nur, wenn sie innerhalb solider Governance-Rahmenbedingungen eingesetzt wird, bei denen das menschliche Urteilsvermögen im Mittelpunkt steht. Gleichzeitig können zu viele Kontrollen zu Reibungsverlusten führen, sodass es wichtig ist, ein sorgfältiges Gleichgewicht zu finden.“ Ein Anzeichen dafür, dass dies bereits geschieht: 64 Prozent der Befragten gaben an, dass ihr Unternehmen über einen Prozess zur Bewertung der Sicherheit von KI-Tools vor deren Einsatz verfügt, gegenüber 37 Prozent in der vorherigen Umfrage im Herbst 2024. Den Umfragedaten zufolge haben bereits 77 Prozent der Unternehmen KI im Bereich Cybersicherheit eingeführt . Eingesetzt wird sie vor allem, um die Phishing-Versuche zu erkennen (52 Prozent), auf Eindringlinge und Anomalien (46 Prozent) zu reagieren sowie um die Analyse des Benutzerverhaltens (40 Prozent) zu verbessern. Gleichzeitig stellten die Befragten jedoch praktische Herausforderungen bei der Einführung von KI für die Cybersicherheit fest. Als Haupthindernisse wurden dabei unzureichende Kenntnisse und/oder Fähigkeiten (54 Prozent), die Notwendigkeit menschlicher Aufsicht (41 Prozent) und Unsicherheit hinsichtlich der Risiken (39 Prozent) genannt. Diese Ergebnisse deuten darauf hin, dass Vertrauen nach wie vor ein Hindernis für die breite Einführung von KI ist, lautet das Fazit der Autoren. „Während Unternehmen die Integration von KI in ihre Sicherheitsabläufe vorantreiben, wird das Gleichgewicht zwischen Automatisierung und menschlichem Urteilsvermögen immer wichtiger.“ Demnach ist KI zwar für die Automatisierung sich wiederholender, umfangreicher Aufgaben geeignet. „Doch ihre derzeitigen Einschränkungen in Bezug auf kontextuelles Urteilsvermögen und strategische Entscheidungsfindung sind nach wie vor offensichtlich, so das WEF. „Eine übermäßige Abhängigkeit von unkontrollierter Automatisierung birgt die Gefahr, dass blinde Flecken entstehen, die von Angreifern ausgenutzt werden können.“ Während KI weiterhin die Cybersicherheitslandschaft dominiert, gewinnen mehrere andere Technologien und Bedrohungsvektoren im Hintergrund still und leise an Bedeutung und werden sich laut dem Bericht voraussichtlich bis 2030 auf die Cybersicherheit auswirken. Uneinigkeit zwischen CISOs und CEOs Interessanterweise waren sich CEOs und CISOs nicht immer einig, wenn es um die Bewertung der Cyberrisiken für ihre Organisationen ging. In der Umfrage von 2025 gaben die meisten CEOs an, dass Ransomware, Cyberbetrug und Phishing sowie Störungen der Lieferkette ihre größten Cyber-Sorgen seien. In diesem Jahr rückten Cyberbetrug und Phishing auf Platz eins vor, gefolgt von Schwachstellen der KI und der Ausnutzung von Software-Schwachstellen. Andererseits erklärten zwar auch die meisten CISOs in der Umfrage von 2025, dass Ransomware ihr größtes Problem sei. , aber sie kehrten die Reihenfolge der CEOs um und setzten Störungen der Lieferkette an zweiter Stelle, gefolgt von Cyberbetrug und Phishing. In der aktuellen Umfrage waren Ransomware und Störungen der Lieferkette weiterhin die beiden größten Probleme, aber an dritter Stelle steht nun die Ausnutzung von Software-Schwachstellen. Dies deutet darauf hin, dass CEOs tendenziell eher über die allgemeinen geschäftlichen Auswirkungen von Betrugsfällen besorgt sind, während für CISOs die Sorge um Ransomware die erheblichen Betriebsstörungen widerspiegelt, die ein erfolgreicher Ransomware-Angriff für die Verfügbarkeit kritischer IT- und OT-Systeme (Operational Technology) mit sich bringen kann. Die wichtigsten Risikofaktoren in der Zukunft Zu den weiteren Bedrohungen zählen laut Bericht autonome Systeme und Robotik, Quantentechnologien, digitale Währungen, Weltraumtechnologien und Unterseekabel sowie Naturkatastrophen und der Klimawandel. Bis zum Ende des Jahrzehnts werden autonome Systeme ein kurzfristiger Faktor sein, von KI-Unterstützung bei der Analyse bis hin zur Steuerung physischer Aktionen in Fabriken, Logistik, Gesundheitswesen und öffentlichen Räumen. Diese Entwicklung könnte ein neues cyberphysisches Risikoprofil schaffen, bei dem maschinell ausgeführte Entscheidungen die Sicherheit und Servicequalität innerhalb von Sekunden verändern und die Zeitfenster für Erkennung und Reaktion verkürzen können. Bis 2030 wird sich die Quantentechnologie laut dem Bericht von einem theoretischen Disruptor zu einer selektiven, aber materiellen Bedrohung für die Kryptografie entwickelt haben. Staatliche Akteure oder Akteure mit umfangreichen Ressourcen könnten in der Lage sein, beschleunigte Angriffe auf hochwertige Ziele durchzuführen, auch wenn das Knacken von Codes in großem Umfang nach wie vor selten sei, hieß es. Gleichzeitig würden Verteidiger mit Hilfe von Quantentechnologie künftig verbesserte Analysen und Sensoren zur Erkennung von Anomalien einsetzen, was zu einem dynamischen Wettlauf zwischen Angreifern und Verteidigern führen wird. Der Bericht zeigt, dass der Aufbau einer sicheren digitalen Zukunft mehr als nur technische Lösungen braucht. „Dies erfordert entschlossene Führung, gemeinsame Verantwortung und die Verpflichtung, die kollektive Basis anzuheben – um sicherzustellen, dass Resilienz für alle zugänglich ist, nicht nur für die mit den besten Ressourcen. Da die Grenzen zwischen der digitalen und der physischen Welt immer mehr verschwimmen, werden diejenigen Organisationen erfolgreich sein, die Cyber-Resilienz als gemeinsame strategische Verantwortung anerkennen – eine Verantwortung, die Vertrauen schafft, Innovation ermöglicht und die vernetzten Grundlagen der globalen Gesellschaft schützt.“ Der Report basiert auf einer Umfrage vom letzten Herbst, an der 804 Führungskräfte, Wissenschaftler, Vertreter der Zivilgesellschaft und Verantwortliche für Cybersicherheit im öffentlichen Sektor aus 92 Ländern teilnahmen. Darunter waren 316 CISOs. Zusätzliches Material wurde in Workshops gesammelt, darunter eine Sitzung mit 21 Führungskräften aus der CISO-Community des Zentrums für Cybersicherheit des Forums. (jm) View the full article

Summit Art Creations – shutterstock.com Auch in diesem Jahr spielt das Thema Cybersicherheit eine wichtige Rolle auf dem Weltwirtschaftsforum (WEF) in Davos. So prognostiziert etwa der Global Cybersecurity Outlook 2026, dass Cyberrisiken durch Fortschritte in der künstlichen Intelligenz (KI), die zunehmende geopolitische Fragmentierung und die Komplexität der Lieferketten verschärft werden. Der Bericht knüpft damit den Schlussforderungen des WEF im vergangenen Jahr an, wonach eine Reihe von sich verstärkenden Faktoren – geopolitische Spannungen, komplexe Lieferketten, zunehmende Regulierung und rasche technologische Veränderungen – zu einer Ära zunehmender Komplexität und Unvorhersehbarkeit führen werde. Zu den wichtigsten Ergebnissen des aktuellen Berichts gehören: 94 Prozent der Befragten gehen davon aus, dass KI im Jahr 2026 der wichtigste Treiber für Veränderungen im Bereich Cybersicherheit sein wird. 87 Prozent der Befragten gaben an, dass KI-bezogene Schwachstellen im vergangenen Jahr zugenommen haben. Außerdem habe es einen Anstieg bei weiteren Cyberrisiken wie Cyberbetrug und Phishing, Störungen der Lieferkette und die Ausnutzung von Software-Schwachstellen gegeben. Das Vertrauen in die nationale Cyber-Bereitschaft nimmt weiter ab. 31 Prozent der Befragten haben nur wenig Vertrauen in die Fähigkeit ihres Landes, auf größere Cybervorfälle zu reagieren. Im Vorjahr waren es noch 26 Prozent. Das Vertrauen variiert stark zwischen den Regionen. 84 Prozent der Befragten aus dem Nahen Osten und Nordafrika sind zuversichtlich, dass ihr Land in der Lage ist, kritische Infrastrukturen zu schützen. Im Gegensatz dazu sehen nur 40 Prozent der Befragten aus Europa ihr Land dafür vorbereitet. Auf die Frage nach der Cyber-Resilienz ihrer eigenen Organisation gaben 23 Prozent der Vertreter des öffentlichen Sektors und internationaler Organisationen an, dass sie deren Bereitschaft für unzureichend halten. Im Gegensatz dazu bewerteten nur elf Prozent der Befragten aus dem privaten Sektor ihr Unternehmen in diesem Aspekt negativ. 91 Prozent der Organisationen mit mehr als 100.000 Mitarbeitern haben ihre Cybersicherheitsstrategien aufgrund der geopolitischen Instabilität geändert. Der aktuelle WEF-Bericht dreht sich vor allem um das Thema KI. Die Mehrheit der befragten Führungskräfte geht davon aus, dass die Technologie in diesem Jahr der wichtigste Treiber für Veränderungen im Bereich Cybersicherheit sein wird. „Die weit verbreitete Integration von KI-Systemen vergrößert die Angriffsfläche und schafft neue Schwachstellen, für deren Behebung herkömmliche Sicherheitskontrollen nicht ausgelegt sind“, heißt es dazu. „Darüber hinaus nutzen Angreifer KI, um den Umfang, die Geschwindigkeit, die Raffinesse und die Präzision ihrer Angriffe zu verbessern“, heißt es weiter. Lesetipp: Der große KI-Risiko-Guide Allerdings könnten auch Verteidiger KI nutzen, um ihre Cyberfähigkeiten zu stärken – zumindest theoretisch, wie der Bericht betont: „Die Vorteile der KI hängen von einer disziplinierten Umsetzung ab. Schlecht implementierte Lösungen können neue Risiken mit sich bringen – Fehlkonfigurationen, voreingenommene Entscheidungen, übermäßige Abhängigkeit von Automatisierung und Anfälligkeit für feindliche Manipulationen.“ Voraussetzung sei daher, dass Unternehmen robuste Schutzvorkehrungen, Security-by-Design-Praktiken und kontinuierliche Überwachung integrieren. „Die Schlussfolgerung ist klar“, so die Autoren. „KI kann die Cybersicherheit verbessern, aber nur, wenn sie innerhalb solider Governance-Rahmenbedingungen eingesetzt wird, bei denen das menschliche Urteilsvermögen im Mittelpunkt steht. Gleichzeitig können zu viele Kontrollen zu Reibungsverlusten führen, sodass es wichtig ist, ein sorgfältiges Gleichgewicht zu finden.“ Ein Anzeichen dafür, dass dies bereits geschieht: 64 Prozent der Befragten gaben an, dass ihr Unternehmen über einen Prozess zur Bewertung der Sicherheit von KI-Tools vor deren Einsatz verfügt, gegenüber 37 Prozent in der vorherigen Umfrage im Herbst 2024. Den Umfragedaten zufolge haben bereits 77 Prozent der Unternehmen KI im Bereich Cybersicherheit eingeführt . Eingesetzt wird sie vor allem, um die Phishing-Versuche zu erkennen (52 Prozent), auf Eindringlinge und Anomalien (46 Prozent) zu reagieren sowie um die Analyse des Benutzerverhaltens (40 Prozent) zu verbessern. Gleichzeitig stellten die Befragten jedoch praktische Herausforderungen bei der Einführung von KI für die Cybersicherheit fest. Als Haupthindernisse wurden dabei unzureichende Kenntnisse und/oder Fähigkeiten (54 Prozent), die Notwendigkeit menschlicher Aufsicht (41 Prozent) und Unsicherheit hinsichtlich der Risiken (39 Prozent) genannt. Diese Ergebnisse deuten darauf hin, dass Vertrauen nach wie vor ein Hindernis für die breite Einführung von KI ist, lautet das Fazit der Autoren. „Während Unternehmen die Integration von KI in ihre Sicherheitsabläufe vorantreiben, wird das Gleichgewicht zwischen Automatisierung und menschlichem Urteilsvermögen immer wichtiger.“ Demnach ist KI zwar für die Automatisierung sich wiederholender, umfangreicher Aufgaben geeignet. „Doch ihre derzeitigen Einschränkungen in Bezug auf kontextuelles Urteilsvermögen und strategische Entscheidungsfindung sind nach wie vor offensichtlich, so das WEF. „Eine übermäßige Abhängigkeit von unkontrollierter Automatisierung birgt die Gefahr, dass blinde Flecken entstehen, die von Angreifern ausgenutzt werden können.“ Während KI weiterhin die Cybersicherheitslandschaft dominiert, gewinnen mehrere andere Technologien und Bedrohungsvektoren im Hintergrund still und leise an Bedeutung und werden sich laut dem Bericht voraussichtlich bis 2030 auf die Cybersicherheit auswirken. Uneinigkeit zwischen CISOs und CEOs Interessanterweise waren sich CEOs und CISOs nicht immer einig, wenn es um die Bewertung der Cyberrisiken für ihre Organisationen ging. In der Umfrage von 2025 gaben die meisten CEOs an, dass Ransomware, Cyberbetrug und Phishing sowie Störungen der Lieferkette ihre größten Cyber-Sorgen seien. In diesem Jahr rückten Cyberbetrug und Phishing auf Platz eins vor, gefolgt von Schwachstellen der KI und der Ausnutzung von Software-Schwachstellen. Andererseits erklärten zwar auch die meisten CISOs in der Umfrage von 2025, dass Ransomware ihr größtes Problem sei. , aber sie kehrten die Reihenfolge der CEOs um und setzten Störungen der Lieferkette an zweiter Stelle, gefolgt von Cyberbetrug und Phishing. In der aktuellen Umfrage waren Ransomware und Störungen der Lieferkette weiterhin die beiden größten Probleme, aber an dritter Stelle steht nun die Ausnutzung von Software-Schwachstellen. Dies deutet darauf hin, dass CEOs tendenziell eher über die allgemeinen geschäftlichen Auswirkungen von Betrugsfällen besorgt sind, während für CISOs die Sorge um Ransomware die erheblichen Betriebsstörungen widerspiegelt, die ein erfolgreicher Ransomware-Angriff für die Verfügbarkeit kritischer IT- und OT-Systeme (Operational Technology) mit sich bringen kann. Die wichtigsten Risikofaktoren in der Zukunft Zu den weiteren Bedrohungen zählen laut Bericht autonome Systeme und Robotik, Quantentechnologien, digitale Währungen, Weltraumtechnologien und Unterseekabel sowie Naturkatastrophen und der Klimawandel. Bis zum Ende des Jahrzehnts werden autonome Systeme ein kurzfristiger Faktor sein, von KI-Unterstützung bei der Analyse bis hin zur Steuerung physischer Aktionen in Fabriken, Logistik, Gesundheitswesen und öffentlichen Räumen. Diese Entwicklung könnte ein neues cyberphysisches Risikoprofil schaffen, bei dem maschinell ausgeführte Entscheidungen die Sicherheit und Servicequalität innerhalb von Sekunden verändern und die Zeitfenster für Erkennung und Reaktion verkürzen können. Bis 2030 wird sich die Quantentechnologie laut dem Bericht von einem theoretischen Disruptor zu einer selektiven, aber materiellen Bedrohung für die Kryptografie entwickelt haben. Staatliche Akteure oder Akteure mit umfangreichen Ressourcen könnten in der Lage sein, beschleunigte Angriffe auf hochwertige Ziele durchzuführen, auch wenn das Knacken von Codes in großem Umfang nach wie vor selten sei, hieß es. Gleichzeitig würden Verteidiger mit Hilfe von Quantentechnologie künftig verbesserte Analysen und Sensoren zur Erkennung von Anomalien einsetzen, was zu einem dynamischen Wettlauf zwischen Angreifern und Verteidigern führen wird. Der Bericht zeigt, dass der Aufbau einer sicheren digitalen Zukunft mehr als nur technische Lösungen braucht. „Dies erfordert entschlossene Führung, gemeinsame Verantwortung und die Verpflichtung, die kollektive Basis anzuheben – um sicherzustellen, dass Resilienz für alle zugänglich ist, nicht nur für die mit den besten Ressourcen. Da die Grenzen zwischen der digitalen und der physischen Welt immer mehr verschwimmen, werden diejenigen Organisationen erfolgreich sein, die Cyber-Resilienz als gemeinsame strategische Verantwortung anerkennen – eine Verantwortung, die Vertrauen schafft, Innovation ermöglicht und die vernetzten Grundlagen der globalen Gesellschaft schützt.“ Der Report basiert auf einer Umfrage vom letzten Herbst, an der 804 Führungskräfte, Wissenschaftler, Vertreter der Zivilgesellschaft und Verantwortliche für Cybersicherheit im öffentlichen Sektor aus 92 Ländern teilnahmen. Darunter waren 316 CISOs. Zusätzliches Material wurde in Workshops gesammelt, darunter eine Sitzung mit 21 Führungskräften aus der CISO-Community des Zentrums für Cybersicherheit des Forums. (jm) View the full article

Economic pressures, AI-driven job displacement, and relentless organizational churn are driving insider risk to its highest level in years. Workforce instability erodes loyalty and heightens grievances. The accelerating deployment of powerful new tools, such as AI agents, amplifies the threats from within, both human and machine. In 2025, according to RationalFX and other job trackers, the global technology sector saw roughly 245,000 layoffs announced across hundreds of companies. These figures, while concentrated in the tech industry, reflect broader trends seen across other sectors, including manufacturing, retail, finance, energy, and government, where employers announced more than 1.17 million job cuts through November 2025 in the US, according to Challenger, Gray & Christmas. This surge, up significantly from prior years, creates fertile ground for disgruntlement: financial stress, resentment over automation, and opportunistic behavior, from negligence and careless data handling to deliberate malevolent actions like data exfiltration and credential monetization. All this shows that our trusted insiders are the prime vector for serious incidents across sectors and geographies. The emerging machine threat: AI agents as a volatile vector Compounding the human element is the rapid rise of AI agents, which Palo Alto Networks has identified as one of the most acute and evolving insider risks for 2026. Autonomous agents with privileged system access, superhuman execution speed, and decision-making at scale are no longer mere productivity boosters. They are becoming exploitable vectors for silent data exfiltration, disruption, or unintended catastrophe. This is particularly concerning when volatility reduces human oversight and rushes deployment without commensurate controls. Palo Alto Networks’ 2026 cybersecurity predictions emphasize that these agents introduce vulnerabilities such as goal hijacking, tool misuse, prompt injection, and shadow deployment, often amplified by the very churn that drives their adoption across multinational organizations. Security leaders are taking note. Surveys indicate that 60% of organizations express high concern over AI misuse enabling or amplifying insider risks, according to Secureframe’s Q4 2025 cybersecurity statistics compilation and related reports. Meanwhile, hybrid and remote work models rank as the top emerging risk for insider risks over the next three to five years, cited by 75% of respondents in Cybersecurity Insiders’ 2025 Insider Risk Report. These decentralized environments further blur visibility and control, making it harder to detect anomalous behavior from either humans or machines in global operations. Early warnings: The machine as insider risk/threat These dynamics are not emerging in a vacuum. They represent the culmination of warnings that have been building for years. As early as 2021, in my CSO opinion piece “Device identity: The overlooked insider threat,” Rajan Koo (then chief customer officer at DTEX Systems, now CTO) observed: “There needs to be more application of the insider threat framework toward devices at the same level as we do with humans.” That insight highlighted how machine identities such as APIs, bots, scripts, and robotic process automation (RPA) were already serving as conduits for both intentional and unintentional incidents, deserving the same scrutiny as human insiders. This perspective was reinforced in 2022 in “Machine as insider threat: Lessons from Kyoto University’s backup data deletion,” which analyzed a real-world automation failure as “a classic case of the machines being the insider threat.” The incident, where an unchecked scripting error led to the permanent deletion of critical backup data, demonstrated that the outcome, catastrophic loss, was identical to what a malicious insider could achieve. By mid-2023, the conversation shifted to the positive potential in the 2023 CSO feature, “When your teammate is a machine: 8 questions CISOs should be asking about AI,” which explored AI as a collaborative force in cybersecurity workflows, yet tempered with the need to have a firm understanding of what’s under the hood. Today, that teammate has proliferated: Palo Alto Networks forecasts that machine identities and autonomous agents will outnumber humans by ratios as high as 82:1 in many enterprises, turning early cautions into urgent 2026 reality. The compounding effect: Human churn meets machine proliferation The convergence of these factors — human volatility driven by layoffs and economic stress combined with the unchecked scaling of machine agents — creates a compounding effect. Organizations facing cost pressures often prioritize speed of AI adoption over governance, leading to shadow AI deployments and insufficient monitoring. At the same time, displaced or disgruntled employees may monetize access, exfiltrate sensitive data, or simply neglect controls as they disengage, as we witnessed in the KnownSec incident, where an insider exposed how the company was an adjunct of the Chinese government’s offensive cyber operations infrastructure. While the action was no doubt welcomed by many cyberdefenders for the insight into China’s capabilities, it also demonstrates that no entity is immune from the volatility factor. There is no doubt that such anxiety from ongoing layoffs and role uncertainty can lead to nervous mistakes, privilege hoarding, or rushed workarounds that expose data without intent to harm. Yet harm is actualized. The result is a heightened insider risk landscape that is amplified when the interplay between human churn and machine proliferation is overlooked. Toward coherent strategies: Holistic mitigation in a volatile era This is where coherence in insider risk strategy becomes essential. Holistic approaches must integrate behavioral analytics that monitor both human patterns (for example, sentiment shifts during restructuring or after-hours data collection) and machine behaviors (for example, anomalous API calls or agent activity spikes). Reskilling programs can help retain talent and reduce resentment by positioning employees as partners in AI-augmented roles rather than casualties of displacement. Strong governance of machine identities, requiring authentication, least-privilege access, and continuous monitoring, extends zero-trust principles to the non-human domain. And crucially, organizations need to bridge HR and security functions to detect early indicators of volatility before they manifest as threats. Without these proactive, integrated measures, the cascade could be significant. A single exploited AI agent could exfiltrate terabytes of data at speeds no human could match. As history has shown, a disgruntled employee may use lingering credentials to plant backdoors, steal or sell information, or cause deliberate destruction. The stakes are no longer confined to isolated incidents. They now span the entire ecosystem, from supply chains to critical infrastructure. The path forward As we enter 2026, the message is clear: Insider risk is no longer primarily a human problem. It is a volatility problem, one that economic pressures, AI displacement, and organizational churn are intensifying at an unprecedented pace. Addressing it requires the same rigor we apply to external threats, but applied inward, with foresight, coherence, and a willingness to evolve. View the full article