AI Agents Are a New Kind of Identity — and Most Organizations Aren't Ready
If you're handling AI agents like a service account or API token, consider yourself behind. AI agents need a fundamentally different approach.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
If you're handling AI agents like a service account or API token, consider yourself behind. AI agents need a fundamentally different approach.
Someone used AI to build an entire Web platform, which then did something predictable and preventable: It exposed all its data through a publicly accessible API.
Malware used in a months-long attack demonstrates how bad actors are misusing generative AI services in unique and stealthy ways.
Hardcoded credentials, access tokens, and API keys are ending up in the darnedest places, prompting a call for organizations to stop over-privileging secrets.
Using the API Connections for Azure Logic Apps, a security researcher found unauthenticated users could access sensitive data of other customers.
Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.
Researchers discovered an attack chain that uses several layers of obfuscated batch files and PowerShell scripts to deliver an advanced and persistent rootkit.
The new The F5 Application Delivery Controller and Security Platform combines BIG-IP, NGNIX and Distributed Cloud Services and new AI Gateway and AI Assistants.
The secret use of other people's generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill, is getting quicker and stealthier by the month.
Third-party API security requires a tailored approach for different scenarios. Learn how to adapt your security strategy to outbound data flows, inbound traffic, and SaaS-to-SaaS interconnections.
The attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department's Office of Foreign Assets Control.
The number of DDoS-related incidents targeting APIs have jumped by 30x compared with traditional Web assets, suggesting that attackers see the growing API landscape as the more attractive target.
Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.
Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.
Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.
Misconfigurations, weak authentication and logic flaws are among the main drivers of API security risks at many organizations.
The weaknesses gave attackers an avenue to take over millions of photovoltaic devices connected to Solarman and Deye's cloud-hosted management systems.
You're only as strong as your weakest security link.
An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.