Back to all editions
Edition#99·

Machines Gain Access. Leaders Carry the Risk.

Cyber This Week Edition 99 explores machine identities, API-token risk, autonomous AI agents, strategic cyber leadership, ransomware response, data breaches, collaboration security, and defence-in-depth.

Cybersecurity is moving beyond human users, traditional access controls, and purely technical risk. This edition of Cyber This Week explores how machine identities, API tokens, AI agents, and automated systems are creating new forms of insider risk, while security teams work to separate practical AI use cases from hype and rethink rigid controls that may fail in dynamic environments. At the same time, cyber risk is becoming a core business and governance issue. From the evolving role of the CISO and board-level strategy to ransomware response, collaboration security, major breaches, and defence-in-depth for critical infrastructure, the focus is shifting towards accountability, resilience, and better-informed decisions.

Cyber This Week Edition 99 — Machines Gain Access. Leaders Carry the Risk.
July 12, 2026 10 articles

This Week's Articles

  1. 01
    SecurityInfoWatch

    The Hidden Identity Threat Lurking Behind APIs and Automation

    Machine identities now significantly outnumber human users in many enterprises, with API keys, OAuth tokens, and service accounts often unmanaged, overprivileged, or poorly rotated. The article explains how attackers exploit these vulnerable machine identities and highlights their emergence as a rapidly expanding attack surface that traditional IAM programmes struggle to govern.

    Why it matters

    Unmanaged machine identities can quietly gain excessive access across critical systems. Organisations need stronger ownership, rotation, monitoring, and governance of non-human credentials.

  2. 02
    CIO

    Your next insider threat doesn't have a badge. It has an API token

    AI agents and automated components can effectively become insiders because they hold powerful API tokens and can act autonomously beyond the visibility and control of traditional user-centric security models. The article focuses on understanding and limiting what agents are permitted to do, and reconstructing what an agent was allowed to do and actually did after an incident.

    Why it matters

    Autonomous agents can cause insider-like harm without human intent. Security teams need enforceable permissions, activity records, and clear accountability for non-human actors.

  3. 03
    Forbes Technology Council

    Cutting Through AI Hype: Building A Pragmatic Cybersecurity Strategy

    Cybercriminals are rapidly adopting AI to produce convincing, personalised scams, social engineering, and other attacks at scale, increasing both frequency and sophistication. The article offers guidance on separating genuinely valuable security applications of AI from hype, so teams can prioritise practical use cases when building an AI-enabled cyber strategy.

    Why it matters

    AI investments should solve real security problems rather than follow market hype. Clear use cases and measurable outcomes help organisations direct resources effectively.

  4. 04
    SC World

    Stop trying to 'lock down' your AI: Why rigid guardrails are a gift to hackers

    This article challenges the assumption that maximally restrictive guardrails are always the safest approach for AI agents accessing sensitive data or performing critical actions. It explores how overly rigid and static controls can become predictable, brittle, and exploitable when agents operate in dynamic environments with changing threats and data.

    Why it matters

    AI security controls must be adaptive as well as restrictive. Static rules can create blind spots when systems, data, and attacker behaviour change.

  5. 05
    Cybersecurity Dive

    US enterprises incorporate cyber risk into larger strategic focus

    Large US enterprises are reassessing business risk amid rising AI use and aggressive cloud adoption, with cyber risk becoming deeply integrated into top-level strategic discussions. Boards and executives are embedding cyber considerations into wider decisions, including transformation programmes and ecosystem partnerships.

    Why it matters

    Cyber risk is increasingly shaping investment, transformation, and partnership decisions. It must be included early in enterprise strategy rather than reviewed after decisions are made.

  6. 06
    CSO Online

    The modern CISO is becoming the next CFO

    Cyber risk is now treated as business risk, expanding the CISO's responsibilities beyond technical security into enterprise-wide decision-making. The modern CISO is described as an executive who quantifies cyber risk financially, influences investment choices, and participates in core governance processes.

    Why it matters

    CISOs need financial, governance, and communication skills in addition to technical expertise. Their influence increasingly depends on translating cyber exposure into business terms.

  7. 07
    Dark Reading

    European Organizations Have a Collaboration Security Confidence Gap

    European organisations report significant difficulty securing collaboration with external parties, particularly when using multiple internal collaboration platforms. A lack of simple, unified tools for granting selective and controlled access is contributing to low confidence in collaboration security.

    Why it matters

    External collaboration can create fragmented access controls and unclear data exposure. Organisations need simpler and more consistent ways to govern third-party access.

  8. 08
    Ars Technica

    Ransomware negotiator hired to represent victims was working for the attackers

    A former ransomware negotiator has been sentenced to 70 months in prison for secretly collaborating with the BlackCat ransomware group. He helped extort organisations that had engaged him to negotiate on their behalf during ransomware incidents, betraying his clients for the attackers' benefit.

    Why it matters

    Incident-response partners operate in highly sensitive positions of trust. Organisations need due diligence, contractual controls, oversight, and clear conflict-of-interest safeguards.

  9. 09
    Security Magazine

    6 Data Breaches to Know About (June 2026)

    Security Magazine provides a concise round-up of six notable data breaches disclosed in June 2026, summarising the key facts of each incident. It offers a snapshot of current breach patterns and developments rather than a deep technical analysis.

    Why it matters

    Regular breach reviews help security leaders identify recurring weaknesses, affected sectors, and emerging patterns that may influence their own risk priorities.

  10. 10
    Hydrocarbon Engineering

    Defence-in-depth cybersecurity

    This special report examines how oil, gas, and chemical facilities can define tolerable risk levels while maintaining uptime by combining safety, reliability, and cyber resilience. It considers supply-chain vulnerabilities alongside cybersecurity exposure in industrial control and operational technology environments, advocating a defence-in-depth approach.

    Why it matters

    Critical infrastructure cannot rely on a single security control. Layered protection must balance cyber resilience with operational safety, reliability, and availability.

Newsletter

Get the next edition every Sunday