Cybersecurity Hacking News

Defensive agents, blueprints & adversarial testing

Defensive agents, blueprints & adversarial testing

Key Questions

What is Project Glasswing and which companies are involved?

Project Glasswing is a collaborative initiative launched by major tech firms to advance AI security defenses. It includes contributions from Zscaler, Cisco, Microsoft, and others focused on agent security, identity, and governance frameworks.

How does Zscaler AI Protect address adversarial threats?

Zscaler AI Protect adds MCP red teaming and prompt hardening capabilities to its platform. This helps organizations test and strengthen AI systems against prompt-based attacks and other adversarial techniques.

What is the CoSAI shared responsibility model?

CoSAI provides a five-layer accountability matrix and implementation playbook for AI security. It clarifies roles across organizations deploying AI agents and related infrastructure.

Why are device-based AI agents considered a defensive blind spot?

EDR and DLP tools cannot observe the behavior of device-based AI agents, creating visibility gaps. This limitation allows agent actions to bypass traditional endpoint controls.

What did NIST prove about static AI guardrails?

NIST mathematically demonstrated that static guardrails cannot cover all possible adversarial prompts. The research supports a shift toward behavior-based AI security approaches.

What is the key insight regarding execution layer control in AI security?

Execution layer control serves as the primary security boundary because model safeguards alone are insufficient. Incidents like the Fable 5 jailbreak show that prompt-based attacks remain inevitable without deeper controls.

How are Palo Alto Networks and Koi Security involved in an AI-related lawsuit?

They face a lawsuit after an AI error in a cyber threat report falsely flagged MeetingTV's domain as a Chinese espionage IOC. The incident led to global blocking and underscores risks of relying on AI without human oversight.

What new service did BlueVoyant release for Microsoft environments?

BlueVoyant launched an AI agent security service offering 90-day engagements to address inventory, identity, and detection gaps. It targets organizations using Microsoft ecosystems for agent governance.

Project Glasswing launched with major tech firms. Zscaler AI Broker and Endpoint AI Security; Zscaler AI Protect update adds MCP red teaming and prompt hardening (June 12). Cisco AI defense guidance; Microsoft agentic AI maturity model. Xage Zero Trust for AI scales to 50M agents. NewCore ($66M) for AI agent identity security; SailPoint acquires Entro; CrowdStrike Continuous Identity; Anthropic Claude Security product. Opal Security AI agents for access governance. Mitiga launches Agentic Runtime Security for cloud/SaaS/identity/AI agents. Radware and Dataiku partner. F5 acquires SurePath AI for network-based shadow AI detection. ISC2 releases AI security incident exercises. AI SOC false negatives: 45-50% accuracy drop from lab to production. Device-based AI agents are a critical defensive blind spot—EDR/DLP cannot see agent behavior. CoSAI shared responsibility model provides five-layer accountability matrix and implementation playbook. NVIDIA benchmarks show only ~2% overhead on Blackwell for hardware-rooted AI security. Data Theorem launches AI security platform with discover-fix-protect approach. Kaushal calls for zero-trust agent identity governance. CSA article reinforces that speed alone isn't enough; defenders need architectural execution. CyberArk Lethal Trifecta data and Forescout 'Assume Autonomy' framework provide practical conditions for defense. New: Palo Alto Networks and Koi Security sued over AI error in cyber threat report—MeetingTV's domain falsely flagged as Chinese espionage IOC, leading to global blocking; highlights AI reliability risks in threat intelligence and need for human oversight. New: AI-speed attacks forcing incident response rethink—machine-speed response needed. Practical framework for prioritizing AI agent security by business impact published. Palo Alto Networks governance guide with peer insights on AI agent governance. LTM launches BlueVerse RightLogic for AI risk assessment and remediation planning. Governance articles emphasize managing AI exposure rather than blocking it. New: BlueVoyant releases AI agent security service for Microsoft environments, addressing agent inventory, identity, and detection gaps with 90-day engagement model. New: NIST mathematically proved that static guardrails cannot cover all adversarial prompts, formalizing shift to behavior-based AI security. Key insight: Execution layer control is the real security boundary—model safeguards are insufficient, as Fable 5 incident proves jailbreaks are inevitable. New: MCP defense framework advocates architectural proxy layer and agentic governance, reinforcing execution-layer control.

Sources (28)
Updated Jul 7, 2026