Collecting Cyber-News from over 60 sources

Tag: identity

CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
Why patching SLAs should be the floor, not the strategy

May 12, 2026 12:19 PM

Tags: attack, authentication, business, cisa, ciso, compliance, control, cve, cvss, cyber, exploit, flaw, grc, identity, kev, metric, risk, service, strategy, tool, update, vulnerability, vulnerability-management

SLAs measure discipline, not risk: Here’s the mental model I’ve been pushing with my peers. Think of patching SLAs the way you think of fire drills. Fire drills are necessary. They prove that, on a predictable cadence, your organization can execute a known procedure. No one in charge of a building full of people would…
Identity security firm SailPoint discloses GitHub repository breach

May 11, 2026 9:19 PM

Tags: access, breach, control, cybersecurity, data, github, governance, identity

SailPoint disclosed a GitHub repository breach on April 20. The company contained the incident and said no customer data was affected. SailPoint is a cybersecurity company that provides identity security and identity governance solutions for enterprises. Its products help organizations manage and control user access to systems, applications, and sensitive data. SailPoint revealed a cybersecurity…
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program

May 11, 2026 6:18 PM

Tags: ai, cyber, cybersecurity, identity, infrastructure

Dubai, UAE, May 11th, 2026, CyberNewswire Dubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification, slated for IETF submission. OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced two milestones that together position the company as foundational infrastructure for […]…
Identity is the new perimeter as rapid NHI proliferation threatens visibility and control

May 11, 2026 5:20 PM

Tags: control, identity, technology

NHIs are linked to diverse assets across the enterprise technology ecosystem, creating a highly fragmented architecture and making it challenging for security teams to maintain visibility and control. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/identity-is-the-new-perimeter-as-rapid-nhi-proliferation-threatens-visibili/819411/
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program

May 11, 2026 5:20 PM

Tags: ai, attack, ceo, cyber, cybersecurity, exploit, framework, github, Hardware, identity, infrastructure, Internet, penetration-testing, RedTeam, risk, threat, tool, vulnerability, zero-day

Identity, who the AI agent is.Scope, what it is authorized to do.Attestation, whether it or its instructions have been tampered with.Delegation, who delegated authority.Revocation, whether that authority has been revoked.”Every AI agent on the internet today is a stranger. You don’t know who it is, what it’s authorized to do, or whether it’s been tampered…
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution

May 11, 2026 5:20 PM

Tags: ai, attack, authentication, breach, cloud, control, credentials, data, data-breach, defense, exploit, framework, governance, identity, infrastructure, Internet, LLM, malicious, monitoring, network, risk, service, supply-chain, threat, tool, vulnerability, zero-trust

The epistemological chasm: What renders MCP vulnerabilities particularly vexatious is the fundamental asymmetry they exploit between machine cognition and human oversight.Tool poisoning attacks insert malevolent instructions into tool metadata that LLMs process with complete fidelity but that remain utterly invisible to human operators. The machine perceives everything; its ostensible supervisors perceive nothing. We have unwittingly…
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program

May 11, 2026 5:20 PM

Tags: ai, cyber, cybersecurity, identity

OTT Cybersecurity LLC has unveiled the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/press-release/lyrieai-joins-anthropics-cyber-verification-program/
WatchGuard Strengthens Cloud Detection With Perimeters Buy

May 8, 2026 12:48 AM

Tags: attack, cloud, detection, identity, saas, startup, threat

WatchGuard Aims to Reduce Alert Fatigue Through Telemetry Correlation. WatchGuard acquired SaaS security startup Perimeters to strengthen cloud detection and response capabilities spanning identity threat detection, cloud posture management and shadow IT discovery as enterprises face escalating attacks targeting cloud applications and distributed environments. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/watchguard-strengthens-cloud-detection-perimeters-buy-a-31630
Omada Identity stellt mit <> eigene Private-Cloud vor

May 7, 2026 5:48 PM

Tags: cloud, identity, microsoft, risk, saas

Omada Identity stellt ‘Omada Identity Cloud Private” für regulierte Unternehmen und Behörden vor. Die neue Bereitstellungsoption bietet regulierten Unternehmen und Regierungsorganisationen die gesamte Omada-Identity-Cloud-Plattform innerhalb ihres eigenen Microsoft-Azure-Tenants. Sie beseitigt damit den Kompromiss zwischen Cloud-nativer IGA und der Tenant-Eigentümerschaft, die ihre Prüfer, Aufsichtsbehörden und Risiko-Analysten erwarten. Kunden haben nun drei Möglichkeiten, Omada-Identity-Cloud zu nutzen: Multi-Tenant-SaaS,…
Omada löst ein Cloud-Dilemma: Identity Security für regulierte Unternehmen ohne Kontrollverlust

May 7, 2026 1:48 PM

Tags: cloud, identity, microsoft

Mit Omada Identity Cloud Private wird die vollständige Omada Identity Cloud-Plattform innerhalb des kundeneigenen Microsoft Azure-Tenants bereitgestellt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/omada-loest-ein-cloud-dilemma-identity-security-fuer-regulierte-unternehmen-ohne-kontrollverlust/a45033/
Multi-model AI is creating a routing headache for enterprises

May 7, 2026 6:48 AM

Tags: ai, business, control, identity

Application teams are moving AI inference into production systems that support business operations. Enterprises are expanding traffic management, identity controls, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/07/f5-ai-inference-operations-report/
Global Push for Digital KYC Faces a Trust Problem

May 6, 2026 8:48 PM

Tags: compliance, finance, identity

Portable KYC Remains Elusive Despite Digital Identity Growth in UAE, Europe, Asia. The United Arab Emirates recently launched a national digital Know Your Customer platform under the oversight of the UAE Central Bank, aiming to standardize customer onboarding, streamline compliance checks and strengthen anti-money laundering enforcement. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/global-push-for-digital-kyc-faces-trust-problem-a-31614
Majority of IT Leaders Struggle to Manage Growing Identity Footprint Amid AI Expansion

May 6, 2026 5:48 PM

Tags: ai, cybersecurity, identity

New research from Keeper Security reveals that 89% of IT leaders struggle to manage the growing identity footprint amid AI expansion. The Identity Security at Machine Speed Report features insight from 200 cybersecurity decision-makers and senior IT leaders across Europe, the United States, Asia-Pacific and the Middle East. The study examines the challenges cybersecurity decision-makers…
Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?

May 6, 2026 3:47 PM

Tags: access, ai, gartner, governance, guide, identity

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide…
Iran-Linked Hackers Target Oman Ministries in Webshell and Data Theft Campaign

May 6, 2026 10:49 AM

Tags: cyber, data, data-breach, espionage, hacker, identity, intelligence, iran, sql, theft

Iran-linked operators have mounted a broad espionage operation against multiple Omani ministries, abusing exposed webshells, SQL escalation scripts, and a poorly secured C2 server to steal judicial and identity data at scale. Attacker’s own open directory strongly suggests a Ministry of Intelligence and Security (MOIS) nexus compromised a mailbox , but there are not enough unique…
Attackers Bypass Azure AD Conditional Access Using Phantom Device Registration

May 6, 2026 8:49 AM

Tags: access, attack, cloud, compliance, cyber, identity, microsoft, RedTeam, risk

A recent authorized red team operation by Howler Cell has demonstrated a critical attack path that completely bypasses Microsoft Entra ID (Azure AD) Conditional Access. Azure Conditional Access acts as the primary gatekeeper for cloud identity security, enforcing access rules based on user location, device compliance, and calculated risk scores. However, by starting with a…
Ransomware Gangs Escalate Attacks on Aviation and Aerospace Sector

May 6, 2026 7:47 AM

Tags: access, attack, credentials, cyber, data, exploit, extortion, group, identity, ransomware, risk, theft

Ransomware and data extortion groups are increasingly targeting the aviation and aerospace sector, exploiting interconnected systems, shared platforms, and identity-based access models to cause operational disruption and data compromise. Cyber risk across aviation has shifted beyond traditional IT incidents toward ransomware attacks, credential theft, and platform-level compromise. The aviation ecosystem relies heavily on shared IT…
Proof of Concept: Anatomy of a Breach – Cyber Readiness

May 5, 2026 11:47 PM

Tags: attack, breach, cyber, governance, identity

Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures. In part one of the Anatomy of a Breach series, Equifax’s Jeremy Koppen and Rapid7’s Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses. First…
Proof of Concept: Anatomy of a Breach – Cyber Readiness

May 5, 2026 10:48 PM

Tags: attack, breach, cyber, governance, identity

Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures. In part one of the Anatomy of a Breach series, Equifax’s Jeremy Koppen and Rapid7’s Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses. First…
IdentityPath-Management gewinnt ab operativer Reife

May 5, 2026 2:48 PM

Tags: attack, identity, software

Specterops, die Entwickler der Bloodhound-Software, veröffentlicht die Ergebnisse einer neuen, vom Analystenhaus Omdia im Auftrag von Specterops durchgeführten Studie. Die Untersuchung beleuchtet, wie Führungskräfte aus den Bereichen Sicherheit und Identitätsmanagement das Identity-Attack-Path-Management (APM) im Rahmen umfassender Strategien der Identitätssicherheit einführen und in der Geschäftspraxis verankern. Die Ergebnisse zeigen, dass Identity-Attack-Path-Management das Experimentierstadium hinter sich gelassen…
Cisco Acquisition of Astrix Security Signals to Strengthen on Non-Human Identity Security

May 5, 2026 2:48 PM

Tags: ai, cisco, cyber, identity

Networking and security leader Cisco has announced its intent to acquire Astrix Security, a pioneer in Non-Human Identity (NHI) management. Announced in May 2026, this acquisition is designed to help enterprises secure the rapidly expanding >>agentic workforce<<, the growing ecosystem of autonomous AI agents that operate alongside human employees. As organizations integrate AI into their…
Five Eyes Sound Alarm on Autonomous AI Security Risks

May 5, 2026 12:49 AM

Tags: ai, control, cyber, defense, identity, monitoring, risk, zero-trust

Guidance Warns Autonomous Systems Expand Enterprise Exposure. Federal and Five Eyes cyber agencies warn that agentic AI systems – capable of autonomous action across enterprise environments – are introducing identity, visibility and control risks that could outpace existing defenses without continuous monitoring, zero trust enforcement and human oversight. First seen on govinfosecurity.com Jump to article:…
5 Capabilities of Workload Access Managers And Why WAM Isn’t WIM

May 4, 2026 9:48 PM

Tags: access, ai, iam, identity

10 min readLegacy IAM can’t govern autonomous AI agents that spin up, execute and terminate in seconds. New identity patterns are now emerging. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/5-capabilities-of-workload-access-managers-and-why-wam-isnt-wim/
AI Security vs AI Governance Explained

May 4, 2026 8:49 PM

Tags: ai, governance, identity, saas

Understand the difference between AI security and AI governance and why both fail without identity and SaaS control. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/ai-security-vs-ai-governance-explained/
SaaS Identity Is the New Security Perimeter

May 4, 2026 8:49 PM

Tags: ai, identity, network, saas

Learn why SaaS identity, not the network, is now the true security perimeter in AI-driven environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/saas-identity-is-the-new-security-perimeter/
Cisco To Acquire Astrix To Boost Identity Security For AI Agents

May 4, 2026 6:48 PM

Tags: ai, cisco, identity, startup

Cisco Systems announced Monday it has reached an agreement to acquire identity protection startup Astrix Security, in a bid to bolster the tech giant’s offerings for securing AI agents. First seen on crn.com Jump to article: www.crn.com/news/security/2026/cisco-to-acquire-astrix-to-boost-identity-security-for-ai-agents
Omada Identity als ‘Strong Performer” im Gartner® Voicethe-Customer-Bericht 2026 ausgezeichnet

May 4, 2026 6:48 PM

Tags: gartner, identity

Die starke Platzierung im Gartner-Report zeigt, dass Kundenerfahrung zunehmend zum entscheidenden Differenzierungsfaktor im IGA-Markt wird. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/omada-identity-als-strong-performer-im-gartner-voice-of-the-customer-bericht-2026-ausgezeichnet/a44974/
Security for AI: A strategic framework for closing the AI exposure gap

May 4, 2026 5:48 PM

Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, control, data, data-breach, detection, endpoint, exploit, flaw, framework, governance, identity, infrastructure, injection, jobs, least-privilege, LLM, malicious, microsoft, risk, risk-analysis, saas, service, software, threat, tool, unauthorized, vulnerability

As AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to achieve the productivity benefits of AI. Key takeaways Get a five-step framework to help…