ai security

CrowdStrike’s latest Falcon update marks a clear strategic pivot: the endpoint is no longer being treated as just one control point among many, but as the operational hub for AI security across devices, browsers, SaaS, and cloud environments. That is a meaningful shift because AI agents are...

CrowdStrike is making a very deliberate bet on where the next cybersecurity battleground will be fought: not in a perimeter appliance, not in a network tunnel, but at the endpoint and the increasingly crowded execution layers around it. The company’s newest Falcon platform innovations extend AI...

CrowdStrike’s latest push into AI security makes strategic sense because the endpoint is still where so much enterprise risk becomes real. If AI assistants, copilots, and browser-based tools are increasingly touching sensitive data, then the place to enforce policy is often the device layer, not...

CrowdStrike is using RSAC 2026 to make a clear strategic argument: AI security has moved from a niche governance issue to a runtime control problem, and the company believes the Falcon platform is the right place to solve it. The new announcements broaden Falcon across endpoints, SaaS, cloud...

Bonfy’s launch of Adaptive Content Security 2.0 lands squarely in the center of the enterprise AI security debate: how do you protect sensitive data when AI agents can read, write, and move information across email, collaboration suites, SaaS apps, browsers, and cloud storage without behaving...

Rajesh Jha’s announced departure — described in an internal memo circulating this morning — marks what would be one of the most consequential leadership transitions in Microsoft’s modern history: after 35 years at the company, the executive who presided over Office, Windows, Surface and the...

Microsoft is moving AI observability from a nice-to-have diagnostics layer to a security requirement for enterprise-grade GenAI and agentic systems. In its latest Security Blog post, the company argues that as AI agents gain the power to browse, retrieve, call tools, and collaborate across...

The AI security gap is no longer a theoretical footnote—it is now a definable risk vector that sits between the workflows enterprises want to automate and the controls security teams need to enforce, and closing that gap is the central challenge Mark Polino addressed on the AI Agent & Copilot...

Microsoft’s new operations-focused post takes the hard step beyond threat models and into the trenches: how to detect, investigate, and respond to prompt abuse in real-world AI deployments by instrumenting telemetry, hardening input handling, and turning product signals into actionable incident...

DataBahn’s newly announced deep integration with Microsoft Sentinel promises to collapse SIEM onboarding timeframes and materially lower analytics‑tier ingestion costs — claims that, if realized broadly, would change how security teams plan SIEM migrations and manage long‑term telemetry...

Mark Russinovich's thirty‑plus‑year‑old Apple II utility has become an unlikely canary in a rapidly evolving threat: modern large language models can reverse engineer raw machine code and surface latent bugs — even in 6502 binaries typed into a magazine in 1986 — and that capability both helps...

Michael Parekh’s latest RTZ dispatch, “AI: Weekly Summary. RTZ #1018,” lands as a compact but trenchant briefing for anyone who needs a practical read on where generative AI, platform risk, and the hardware market are converging this week. (michaelparekh.substack.com) Background / Overview...

Microsoft’s new guidance on threat modeling for AI applications arrives at a moment when enterprises are scrambling to put generative and agentic systems into production — and it does something important: it forces security teams to stop treating AI as “just another component” and start modeling...

IBM’s X‑Force now says infostealers exposed roughly 300,000 ChatGPT credentials last year — a number that changes how enterprises must think about identity, secrets, and the very idea of what constitutes a “sensitive” SaaS account. Background AI chatbots moved from novelty to daily work tool in...

The U.S. government’s tug-of-war with Anthropic, a new class of malware tradecraft that weaponizes web-capable AI assistants, and a blunt forecast from Gartner that generative AI may cost more than the human agents it was supposed to replace together mark a turning point: AI is now a...

Microsoft’s flagship productivity AI for Microsoft 365 has a glaring privacy problem: for weeks a code error allowed Copilot Chat to read and summarize emails that organizations had explicitly labelled as confidential, bypassing Data Loss Prevention (DLP) controls and undermining a core tenant...

Enterprise IT is hurtling toward an inflection point where AI is no longer an optional productivity layer but a persistent, machine‑speed conduit for both business value and cyber risk—and the latest ThreatLabz analysis from Zscaler makes that danger unmistakably clear. Released January 27...

Security researchers say a new wave of prompt‑injection techniques can coerce mainstream AI assistants — including Microsoft Copilot and xAI’s Grok — into behaving as covert command‑and‑control (C2) relays, exfiltrating data or executing attacker‑supplied workflows after a single crafted input...

Check Point Research’s demonstration that web-accessible AI assistants can be turned into covert command-and-control relays is a practical wake-up call: by using browsing and URL-fetch features exposed in services such as Grok and Microsoft Copilot, attackers can hide C2 traffic inside otherwise...

Enterprise leaders who treat AI as a feature will fail; those who treat AI as the fabric of how people work must secure the workplace differently — not by bolting old defenses onto new tools, but by redesigning controls, governance, and operational practices for an AI-native era. Background...