惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LangChain Blog
Scott Helme
Scott Helme
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Stack Overflow Blog
Stack Overflow Blog
Forbes - Security
Forbes - Security
T
The Blog of Author Tim Ferriss
Y
Y Combinator Blog
S
Schneier on Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cisco Talos Blog
Cisco Talos Blog
N
News | PayPal Newsroom
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Project Zero
Project Zero
Cyberwarzone
Cyberwarzone
Vercel News
Vercel News
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
Google Online Security Blog
Google Online Security Blog
Simon Willison's Weblog
Simon Willison's Weblog
MongoDB | Blog
MongoDB | Blog
Martin Fowler
Martin Fowler
T
Tenable Blog
I
InfoQ
W
WeLiveSecurity
Google DeepMind News
Google DeepMind News
G
Google Developers Blog
D
DataBreaches.Net
博客园 - Franky
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
S
Security @ Cisco Blogs
Hacker News: Ask HN
Hacker News: Ask HN
J
Java Code Geeks
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
F
Full Disclosure
C
Cisco Blogs
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
C
CXSECURITY Database RSS Feed - CXSecurity.com
The Cloudflare Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
I
Intezer
The GitHub Blog
The GitHub Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
F
Fortinet All Blogs
Jina AI
Jina AI
V
Visual Studio Blog
L
LINUX DO - 热门话题
WordPress大学
WordPress大学
aimingoo的专栏
aimingoo的专栏

Vectra AI Blog

Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Why You Need an NDR to Protect Your Modern Network Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI named in Gartner hype cycle for security operations 2025 Vectra AI Vectra AI How Sanofi Detected and Stopped a Cyberattack How MITRE ATLAS Helps Detect LLM Attacks in Cloud AI Detecting Iranian APT identity attacks across hybrid environments Vectra AI Vectra AI Vectra AI Breaking down the axios supply chain incident Vectra AI Vectra AI Who’s Doing What on Your Network? FortiClient EMS Zero-Day: When the Control Plane Becomes Initial Access Detecting Compromise After the Axios Supply Chain Attack. Vectra AI Vectra AI Vectra AI AI Is Now the Attack Surface: Why Your Security Stack Must Adapt Fast Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How attackers use Brute Ratel (BRC4) Vectra AI Vectra AI Vectra AI The Cutting Edge: AI’s Inevitable Rise in Offensive Security Vectra AI Vectra AI Is AI the Right Tool to Defend Against Modern Cyberattacks? Vectra AI Vectra AI Vectra AI Turns Out Network Security Is Cool Again – and It’s Called NDR Vectra AI Vectra AI Vectra AI Choosing the Right NDR: Gartner’s 5 Questions Every Security Buyer Should Be Asking Vectra AI Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Identity Threat Detection and Response (ITDR) Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI You Have the Right Tools. So Why Are Attackers Still Getting In? Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Challenges in Microsoft Log Monitoring: Insights for Your SOC Vectra AI Platform Visualizes Multi-domain Modern Attacks with Attack Graphs Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI Gartner Security and Risk Conference – Chaos meets Opportunity Vectra AI Named a Leader and Outperformer in the 2025 GigaOm Radar Report for Network Detection and Response (NDR) Presenting the 2025 Vectra AI Scholars Simplify Threat Investigation and Hunting with Pre-built Queries in Vectra Investigate The 2025 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) - Why Vectra AI Stands Tall Vectra AI Vectra AI Vectra AI Vectra AI Vectra AI How Black Basta Turned Public Data into a Breach Playbook Play’s New Tactics Bypass Traditional Defenses. Are You Ready? Charting a New Era of Network Security: Vectra AI at the Forefront Unlocking Operational Efficiency: How Vectra AI Drives 40% Gains in SOC Performance and 391% ROI Identity-Centric Attacks: The New Reality for UK Retail CISA Flags Fast Flux as a National Threat: Are You Covered? AI Agents: What Do They Mean in Cybersecurity?
Vectra AI
Zoey Chu · 2026-06-17 · via Vectra AI Blog

For most of the last two decades, cybersecurity has been framed as a problem of keeping bad actors out. Firewalls, endpoints, email security, and identity controls are all designed around a simple idea: if we can prevent intrusions, we can manage risk. When incidents occurred, we looked outward. Who breached us? How did they get in? The insider threat has always challenged that framing.  

Insiders remind us that some of the most consequential security failures don’t begin with a breach at all. They begin with access that was already trusted. An employee with permissions. A system with credentials. A process that was allowed to run.

Historically, we understood insider risk in human terms. A malicious employee. A careless mistake. A compromised user. Those scenarios still exist, and they still matter, but they no longer explain the full reality of how enterprises operate today.

As AI becomes embedded into how organizations run: how decisions are made, how work is automated, how systems interact — a new form of insider risk is emerging. One that is not driven by intent, emotion, or negligence. One that operates continuously, autonomously, and at machine speed.

This is the rise of what I think of as the artificial insider.

Rethinking what “insider” means in the AI enterprise

When people hear the phrase “artificial insider,” it can sound abstract. It isn’t.

An artificial insider is any non-human or AI-driven entity that operates inside the enterprise with legitimate credentials, authorized access, and the ability to act independently. These entities are already present in most organizations. They include AI agents acting on behalf of users or teams, service accounts and APIs that automate access and decision-making, cloud workloads and SaaS integrations, and increasingly, custom AI agents built by employees to help them move faster.

What makes these entities insiders is not malicious intent. It is trust.

  • They authenticate legitimately.
  • They access systems they are allowed to access.
  • They move data where they are permitted to move it.

From a security standpoint, this is exactly where insider risk has always lived — inside the trust boundary. What has changed is scale, speed, and autonomy.

When attackers don’t hack in, but rather log in and blend in

One of the most important shifts in attacker behavior over the last several years has been a move away from brute force and toward abuse of trust. Modern attackers understand that the hardest part of an intrusion is often gaining initial access. Once they have credentials, human or non-human, the environment itself does much of the work for them.

AI accelerates this reality.

Once inside, attackers can deploy automation or AI-driven tooling to operate as insiders. These agents don’t need to rush. They don’t need to be noisy. They can patiently explore an environment, enumerate identities and permissions, move laterally across systems, and adapt based on what they observe. Each action often looks legitimate on its own. A query. An API call. A connection to a sanctioned service. Traditional security tools, which tend to analyze events in isolation, struggle to recognize the broader pattern until it’s too late. This is not a new kind of attack. It is a familiar one — executed faster, more quietly, and with far less friction.

In effect, attackers are learning to act like insiders, using automation to do what humans used to do manually.

The insider risk we create ourselves

Not all artificial insiders are introduced by attackers. Many are created internally, by employees trying to solve real problems. Across organizations, teams are building AI agents to automate analysis, reporting, customer engagement, operational workflows, and decision support. They connect these agents to internal systems, APIs, and data sources because the business demands speed and efficiency.

In most cases, this work is well intentioned. It’s innovation at the edge of the organization. It’s people using new tools to do their jobs better. But from a risk perspective, these agents become insiders the moment they are granted access and allowed to act autonomously. They don’t just exist as applications. They act. They make decisions. They trigger workflows. They move data across environments. And if one is misconfigured, poorly governed, or compromised, it can create the same, or greater, risk as a human insider, without anyone ever intending to introduce that risk.

This is one of the most difficult aspects of the AI era as risk does not require bad intent. It only requires trusted automation operating beyond our field of view.

Why the traditional insider threat model no longer holds

The way we have traditionally thought about insider risk rests on a few assumptions that no longer apply.

First, it assumes insiders are human. Humans operate at human speed. They hesitate. They context-switch. Their behavior is inconsistent and often obvious. AI-driven insiders do not behave this way. They execute consistently, continuously, and across systems.

Second, it assumes risk is tied to intent or negligence. Artificial insiders have neither. They have permissions, instructions, and operating context. Risk emerges when those factors no longer align with reality — often faster than controls can adapt.

Third, it assumes defenders have time. In an AI-enabled environment, timelines compress. What once unfolded over days or weeks can now happen in minutes. Human-driven detection and response processes were never designed for this pace.

The result is not that defenders are failing. It’s that the physics of risk have changed.

Why this matters at the executive level

This shift is not just technical. It’s organizational and strategic.

AI is being embedded across enterprises because leaders trust it to drive productivity, scale, and competitiveness. That trust is necessary. But trust without continuous visibility and verification becomes exposure when systems act autonomously. Boards and regulators are asking harder questions than ever before. Are we secure right now? Where are we exposed? Are the controls we’ve invested in actually working?

Those questions are difficult to answer in environments where non-human identities and AI agents are constantly changing behavior, often outside the scope of traditional controls. And while the actors may be new, accountability has not changed. When an AI-driven system causes a breach, a compliance failure, or a disruption to the business, responsibility still sits with leadership.

The CISO’s reality in the AI era

CISOs are navigating one of the most complex moments the role has ever faced.

They are expected to enable AI adoption, support innovation, reduce friction, and maintain security and compliance — all while defending environments where non-human identities outnumber people and automation moves faster than human oversight. This is not a failure of tools or teams. It is a mismatch between how security has traditionally been practiced and how modern enterprises now operate. The challenge is no longer simply preventing bad actions. It is understanding behavior quickly enough to make informed decisions.

Why prevention alone is not enough

Governance, policy, and preventative controls remain essential. But they cannot, on their own, solve the problem of artificial insiders. These entities operate after access is granted. Once authenticated, their actions are assumed legitimate. Visibility fragments across systems. Risk hides in the connections between domains. This is the same blind spot that has always existed with insider threats — now amplified by automation, scale, and speed. Trying to prevent every risky action would slow the business to a crawl. That is not a viable path forward. Instead, resilience must be built on continuous understanding of behavior, not static trust.

From identity to behavior

The most important shift organizations must make is moving from asking who performed an action to understanding how behavior is unfolding over time.

Security leaders need to be able to see which human and non-human identities are active, how they are behaving across systems, how quickly activity is progressing, and what the potential impact could be if it continues. These are operational questions. They cannot be answered with siloed telemetry, point-in-time assessments, or quarterly reviews.

They require visibility that matches the speed and interconnectedness of the modern enterprise.

The real risk is not AI, it’s blind trust at machine speed

AI is not something organizations can opt out of. It is becoming the operating model of the modern enterprise. Artificial insiders already exist inside our environments. Some were deployed deliberately. Some were created quietly. Some may already be operating on behalf of attackers.

The question leaders must confront is not whether these insiders exist, but whether they can see, understand, and govern their behavior well enough to trust them responsibly.

In the AI era, the insider threat hasn’t disappeared. It has evolved. It has automated. And it now moves at machine speed. Recognizing that reality — and adapting how we think about trust and risk — is one of the most important leadership challenges ahead.

You can read more posts from Mark Wojtasiak, here on the Vectra AI blog.