Search results for AI Agent Security DLP | Breaking Cybersecurity News | The Hacker News

In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code, and attempting lateral movement at machine speed. This incident is worrying, but there's a scenario that should concern security teams even more: an attacker who doesn't need to run through the kill chain at all, because they've compromised an AI agent that already lives inside your environment. One that already has the access, the permissions, and a legitimate reason to move across your systems every day. A Framework Built for Human Threats The traditional cyber kill chain assumes attackers have to earn every inch of access. It's a model developed by Lockheed Martin in 2011 to describe how adversaries move from initial compromise to their ultimate objective, and it's shaped how secu...

If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today's reality is different. Modern security operations teams face a sprawling and ever-changing landscape of alerts. From cloud to endpoint, identity to OT, insider threats to phishing, network to DLP, and so many more, the list goes on and is continuously growing. CISOs and SOC managers are rightly skeptical. Can this AI actually handle all of my alerts, or is it just another rules engine in disguise? In this post, we’ll examine the divide between two types of AI SOC platforms. Those built on adaptive AI, which learns to triage and respond to any alert type, and those that rely on pre-trained AI, limited to handling predefined use cases only. Understanding t...

Data is the lifeblood of productivity, and protecting sensitive data is more critical than ever. With cyber threats evolving rapidly and data privacy regulations tightening, organizations must stay vigilant and proactive to safeguard their most valuable assets. But how do you build an effective data protection framework? In this article, we'll explore data protection best practices from meeting compliance requirements to streamlining day-to-day operations. Whether you're securing a small business or a large enterprise, these top strategies will help you build a strong defense against breaches and keep your sensitive data safe. 1. Define your data goals When tackling any data protection project, the first step is always to understand the outcome you want. First, understand what data you need to protect. Identify your crown jewel data, and where you THINK it lives. (It's probably more distributed than you expect, but this is a key step to help you define your protection ...

There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team swears by. For years, this looked like security. But in 2026, "Doctor No" is no longer just a management headache – it is a systemic security liability. Because when you block the work, users don’t stop. They reroute. The Tax-Evaders of Productivity When security feels like a tax on efficiency, employees find a way to "evade" it. The industry has long relied on Endpoint Agents to enforce control. But as any CISO knows, these agents come with a heavy "tax." They hook into the OS kernel, they’re invasive, they notoriously break during macOS updates, and they make high-performance machines run hot. The result? Users find workarounds. Files move into personal Gmail. Prompts are...

Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear shift: cybercrime is evolving fast, and the lines between technical stealth and strategic coordination are blurring. It’s worth your time. Every story here is about real risks that your team needs to know about right now. Read the whole recap. ⚡ Threat of the Week Curly COMrades Abuses Hyper-V to Hide Malware in Linux VMs — Curly COMrades, a threat actor supporting Russia's geopolitical interests, has been observed abusing Microsoft's Hyper-V hypervisor in compromised Windows machines to create a hidden Alpine Linux-based virtual machine and deploy malicious payloads. This method allows the malware to run completel...

Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to include other genAI, email, collaboration, and social media apps. "With the new inline protection capability for Edge for Business, you can prevent data leakage across the various ways that users interact with sensitive data in the browser, including typing of text directly into a web application or generative AI prompt," the tech giant said. The Microsoft Purview browser data loss prevention ( DLP ) controls come as the company announced the General Availability of collaboration security for Microsoft Teams in an effort to tackle phishing attacks against users of the enterprise com...

This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance. Scale amplified the damage. A single weak configuration rippled out to millions. A repeatable flaw worked again and again. Phishing crept into apps people rely on daily, while malware blended into routine system behavior. Different victims, same playbook: look normal, move quickly, spread before alarms go off. For defenders, the pressure keeps rising. Vulnerabilities are exploited almost as soon as they surface. Claims and counterclaims appear before the facts settle. Criminal groups adapt faster each cycle. The stories that follow show where things failed—and why those failures matter going forward. ⚡ Threat of the Week Maximum Severity Security Flaw Disclosed in n8n — A maximum-severity vulnerability ...