News for today:
- AI-driven real-time vulnerability assessment. NinjaOne announced a new Vulnerability Management offering, for real-time and continuous vulnerability management. NinjaOne’s AI-native vulnerability product simplifies vulnerability management by delivering real-time visibility, integrated remediation, and reporting within a single platform. Built natively into the NinjaOne Unified IT Operations Platform, the solution helps organizations identify, remediate, and patch vulnerabilities faster and with less effort, ultimately reducing risk and allowing organizations to prioritize security bandwidth for high-severity investigations. NinjaOne
- Protecting organizations from autonomous AI agents going haywire. TrendAI expanded its collaboration with NIVDIA to encompass OpenShell, NVIDIA’s open source runtime for agentic AI. NVIDIA offers agent design; TrendAI the protections. TrendAI can transform agentic AI from a high-risk experiment into an enterprise-ready architecture. Organizations gain the ability to define trust boundaries, enforce policy at runtime, and maintain continuous visibility into autonomous AI behavior, all while preserving the flexibility and power that make agentic systems valuable. TrendAI adds an enterprise-grade security layer that governs how agents behave, what tools they can access, and how risk is detected and enforced, before, during, and after execution. TrendAI
- Ditto, but with CrowdStrike. CrowdStrike is pursuing a similar outcome for its customers embracing NVIDIA OpenShell. Organizations will gain unified visibility and continuous runtime monitoring and enforcement to constrain unsafe behavior, prevent prompt manipulation, and enforce policy across the full AI lifecycle …. CrowdStrike and NVIDIA are also advancing intent-aware controls that govern how agents plan and execute tasks, enabling flexible autonomy while limiting the blast radius of unintended or malicious behavior. CrowdStrike
- Unified governance of identities (human and non-human) on AWS. SailPoint and AWS announced a new strategic collaboration agreement, positioning SailPoint as a preferred identity governance provider for autonomous AI agents built on AWS. There’s also a specific co-development agreement focused on unifying governance of all identities (human and non-human). SailPoint integrates with AWS AgentCore (Bedrock AgentCore) by discovering AI agents in AgentCore and governing them as identities in SailPoint. This integration allows SailPoint customers to govern both human and agentic identities in a single pane of glass, enabling Human-Agent attribution, lifecycle governance, access reviews, right-sizing permissions, and policy enforcement. Forthcoming capabilities are expected to allow customers to use SailPoint to provision accounts on behalf of AgentCore agents, and request and grant new access. This allows SailPoint and AWS joint customers to adopt and scale AI while ensuring security controls and guardrails. SailPoint
- Autonomous DLP analyst. MIND announced its Autonomous DLP Analyst, for automating the operational work of running a modern data security program with classification and investigation skills. Traditionally, security teams rely on complex regex rules, static policies and continuous tuning to classify [sensitive] information. This approach is difficult to maintain and often produces false positives that consume valuable analyst time. The Custom Classifier skill allows organizations to teach the platform what sensitive data looks like for their specific environment. Security teams can upload representative examples of business-specific data elements. The Custom Classifier analyzes these examples to automatically generate precise classifiers and uploads them to MIND’s proprietary multi-layer AI classification engine. MIND
- Beware retaliatory cyber warfare. Horizon3.ai released guidance for organizations on enhancing cyber resilience in response to the evolving Iranian cyber threat landscape, and in particular the types of cyber operations that are expected to intensify in the coming weeks. Horizon3.ai emphasizes securing initial attack surfaces such as VPNs and edge devices vulnerable to CISA Known Exploited Vulnerabilities (KEVs), including Fortinet, Ivanti, and Citrix NetScaler; Active Directory and compromised credentials; and Remote Management Tools (RMMs) with known KEVs. The company also stepped up its capabilities within NodeZero to provide assistance. Horizon3.ai