News for today:
- Identity upgrades in the SailPoint Platform. SailPoint added new features to its identity platform, including visibility into privilege risk, discovery and governance of AI agents (and associated identities), and a new conversational management agent, among others. SailPoint says – As a market leader, we are moving toward a new, AI-powered adaptive approach to provide continuous visibility and real-time governance for all identity types, including AI identities, machines, agents, and credentials. This year, we aim to help our customers move to least privilege or zero standing privilege. It’s about truly securing the business, not just checking a box, at the speed that AI-driven enterprises demand. SailPoint
- Resellers now eligible for the Huntress partnership program. Huntress expanded its Partnership Program to resellers, as part of a strategy to make its cybersecurity capabilities available to a much wider set of organizations. Expanding the Partner Program to Resellers will help Huntress realize its vision faster: to protect the 99% of companies that fall below the Fortune 1000 and make up the backbone of the global economy. With its expanded partner ecosystem, purpose-built cybersecurity platform, and an agentic AI-powered SOC, Huntress is making enterprise-grade protection accessible to ALL businesses that want the same level of protection Fortune companies receive, without the fine-tuning, management, and the massive number of false positives and alerts. Huntress
- GA of AgentPulse Command Center from AvePoint. AvePoint released its new AgentPulse Command Center to general availability, for unified visibility, governance, and cost control of autonomous AI agents across Microsoft 365 and Google Cloud. AvePoint AgentPulse now provides plug-and-play visibility into AI agents across multiple cloud platforms (including usage, creation, and inventory trends), giving organizations unified visibility across their entire environment, regardless of tenant boundaries, cloud platforms, or how agents are created. This directly addresses the growing challenge of shadow AI, where unmanaged agents can lead to runaway costs and expose sensitive data without proper oversight. AvePoint
- AI-powered zero-day detection for files. OPSWAT announced MetaDefender Aether, offering zero-day detection of files in a unified way across the multiple perimeters of critical infrastructure organizations. Unlike traditional sandbox or antivirus solutions designed for endpoint protection, MetaDefender Aether intercepts files at every entry point, e.g. file transfers, removable media, email attachments, cloud storage, and web traffic, to detect unknown threats before they reach users, devices, or internal systems. Every file is processed through four progressively deeper AI-powered layers of threat reputation, dynamic analysis, threat scoring and threat hunting. By chaining them into a single pipeline, MetaDefender Aether delivers 99.9% zero-day detection efficacy, 100x greater resource efficiency than VM-based sandboxing, and a unified, confidence-scored verdict per file. OPSWAT
- AI resilience strategy from Cohesity. Cohesity released its Enterprise AI Resilience Strategy, enabling organizations to securely manage the adoption and innovation around AI, with a focus on protecting AI and agent infrastructure; protecting against rogue / unintended / malicious agent actions; and governing sensitive data for AI. As AI systems move from experimentation into production, enterprises must extend cyber resilience across the full AI stack. AI agents increasingly interact directly with enterprise systems and data, expanding operational dependencies and introducing new risk surfaces. Cohesity
- Improving microsegmentation deployments with AI. ColorTokens introduced the Xshield AI Agent, to accelerate policy design and rollout for microsegmentation deployments. Xshield AI Agent continuously refines segmentation policies using live telemetry and built-in guardrails to ensure safe enforcement. Security teams can interrogate their environment using plain-language queries and instantly generate policies to block emerging lateral movement techniques. When new attack tactics appear in the MITRE ATT&CK framework or CISA threat advisories, organizations can quickly assess their exposure and implement countermeasures within minutes. ColorTokens
- New security awareness AI agent. KnowBe4 launched the Custom SAPA (Security Awareness Proficiency Assessment) AI agent, for assessing security awareness within an organization against the organization’s security stack and industry context. The Custom SAPA Agent moves beyond standardized testing by curating questions that reflect how security actually operates within a specific environment. This provides precise, organization-specific data to identify knowledge gaps and inform targeted training roadmaps. Available immediately. KnowBe4
- CodeWall’s offensive AI agent compromises McKinsey in two hours. And got access to a treasure trove of editable chats and files. CodeWall says it accessed 46.5 million chat messages about strategy, mergers and acquisitions, and client engagements, all in plaintext. The agent also grabbed 728,000 files containing confidential client data, 57,000 user accounts, and 95 system prompts controlling the AI’s behavior. Moreover, all those prompts were writable. This means that an attacker could poison every conversation Lilli, the chatbot, had with McKinsey consultants. Egress method? The agent got into Lilli by mapping the attack surface and then finding the API documentation publicly exposed – over 200 endpoints, fully documented. Most required authentication, but 22 didn’t. Cybernews