SecurityInfoWatch
The Hidden Identity Threat Lurking Behind APIs and Automation
Machine identities now significantly outnumber human users in many enterprises, with API keys, OAuth tokens, and service accounts often unmanaged, overprivileged, or poorly rotated. The article explains how attackers exploit these vulnerable machine identities and highlights their emergence as a rapidly expanding attack surface that traditional IAM programmes struggle to govern.
CIO
Your next insider threat doesn't have a badge. It has an API token
AI agents and automated components can effectively become insiders because they hold powerful API tokens and can act autonomously beyond the visibility and control of traditional user-centric security models. The article focuses on understanding and limiting what agents are permitted to do, and reconstructing what an agent was allowed to do and actually did after an incident.
Forbes Technology Council
Cutting Through AI Hype: Building A Pragmatic Cybersecurity Strategy
Cybercriminals are rapidly adopting AI to produce convincing, personalised scams, social engineering, and other attacks at scale, increasing both frequency and sophistication. The article offers guidance on separating genuinely valuable security applications of AI from hype, so teams can prioritise practical use cases when building an AI-enabled cyber strategy.