惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
云风的 BLOG
云风的 BLOG
美团技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
爱范儿
爱范儿
Stack Overflow Blog
Stack Overflow Blog
WordPress大学
WordPress大学
GbyAI
GbyAI
雷峰网
雷峰网
P
Proofpoint News Feed
IT之家
IT之家
人人都是产品经理
人人都是产品经理
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
aimingoo的专栏
aimingoo的专栏
小众软件
小众软件
T
The Blog of Author Tim Ferriss
月光博客
月光博客
V
Visual Studio Blog
L
LINUX DO - 热门话题
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
Project Zero
Project Zero
U
Unit 42
T
Tor Project blog
Scott Helme
Scott Helme
L
LINUX DO - 最新话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
I
InfoQ
Cloudbric
Cloudbric
P
Proofpoint News Feed
The Cloudflare Blog
H
Heimdal Security Blog
Google DeepMind News
Google DeepMind News
The GitHub Blog
The GitHub Blog
Attack and Defense Labs
Attack and Defense Labs
有赞技术团队
有赞技术团队
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
J
Java Code Geeks
博客园 - 【当耐特】
Security Latest
Security Latest
The Register - Security
The Register - Security
F
Fortinet All Blogs
I
Intezer
H
Hackread – Cybersecurity News, Data Breaches, AI and More
MongoDB | Blog
MongoDB | Blog
N
Netflix TechBlog - Medium
NISL@THU
NISL@THU
T
Tenable Blog

Help Net Security

ChatGPT advanced account security adds passkeys and hardware keys Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months Automating Pentest Delivery: A Step-by-Step Guide - PlexTrac Open-source privacy proxy masks PII before prompts reach external AI services Shadow AI risks deepen as 31% of users get no employer training Identity is the control plane for distributed infrastructure AI traffic is getting bigger, louder, and less predictable New infosec products of the month: April 2026 cPanel zero-day exploited for months before patch release (CVE-2026-41940) Cisco releases open-source toolkit for verifying AI model lineage Met Police face criticism for using AI to spy on their own officers Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) Hacker with a special interest in breaching sports institutions ends behind bars - Help Net Security IP Fabric MCP server adds governance and control to enterprise AIOps workflows - Help Net Security Aqua Compass MCP server enables real-time investigation and containment of runtime threats - Help Net Security Google brings instant email verification to Android, no OTP needed - Help Net Security If cyber espionage via HDMI worries you, NCSC built a device to stop it - Help Net Security Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) - Help Net Security GopherWhisper APT group hides command and control traffic in Slack and Discord - Help Net Security OpenAI tackles a bad habit people have when interacting with AI - Help Net Security A year in, Zoom's CISO reflects on balancing security and business - Help Net Security Scenario: Open-source framework for automated AI app red-teaming - Help Net Security GDPR works, but only where someone enforces it - Help Net Security Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks - Help Net Security Google’s Workspace Intelligence promises privacy while running on your data - Help Net Security Cyberattack on French government agency triggers phishing alert - Help Net Security Claude Mythos finds 271 Firefox flaws, Mozilla believes zero-days are numbered - Help Net Security Prove Identity Platform connects verification, authentication, and fraud prevention - Help Net Security New Mirai variants target routers and DVRs in parallel campaigns - Help Net Security Acronis GenAI Protection gives MSPs control over AI usage and data risks - Help Net Security Elastic MCP Apps bring security and observability workflows into AI tools - Help Net Security Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) - Help Net Security Tencent's QClaw AI agent app arrives on Windows and macOS - Help Net Security Phishing reclaims the top initial access spot, attackers experiment with AI tools - Help Net Security OneDrive updates focus on AI, access control, and compliance - Help Net Security PentAGI: Open-source autonomous AI penetration testing system - Help Net Security Apple Intelligence flaw kept stolen tokens reusable on another device - Help Net Security Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook - Help Net Security Thunderbird 150 arrives with encrypted message search and OpenPGP improvements - Help Net Security VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes - Help Net Security Ransomware negotiator admits role in attacks he was hired to resolve - Help Net Security Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency Ivanti Neurons AI automates IT operations, reducing manual work and security risk Silobreaker Mimir adds agentic AI to intelligence workflows with governance and transparency - Help Net Security OpenAI’s Chronicle feature lets Codex read your screen, raising privacy concerns CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) A single platform powers SIM farm proxy networks across 17 countries - Help Net Security NGate NFC malware targets Android users through trojanized payment app - Help Net Security Meta and PortSwigger drive offensive security further to find what others miss - Help Net Security EU pushes for stronger cloud sovereignty, awards €180 million to four providers - Help Net Security SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines - Help Net Security How to spot a North Korean fake in a job interview - Help Net Security Product showcase: Syncthing for secure, private file synchronization - Help Net Security Week in review: Acrobat Reader flaw exploited, Claude Mythos offensive capabilities and limits Google wipes out 602 million scam ads with Gemini on duty Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild GitLab 18.11 brings agentic AI to security fixes, CI pipelines, and delivery analytics Liongard upgrades LiongardIQ with AI access, live asset data, and deeper discovery Mozilla challenges enterprise AI providers with Thunderbolt, open-source AI client under your control Codex can now operate between apps. Where are the boundaries? Android 17 Beta 4 arrives with post-quantum cryptography and new memory limits Apple AirTag tracking can be misled by replayed Bluetooth signals Social media bans might steer kids into riskier corners of the internet Workplace stress in 2026 is still worse than before the pandemic New infosec products of the week: April 17, 2026 - Help Net Security ImmuniWeb brings AI upgrades, post-quantum detection and more in Q1 2026 NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards - Help Net Security Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) - Help Net Security Google Play is changing how Android apps access your contacts and location Tails 7.6.2 patches vulnerability that could expose saved files Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug Two US nationals jailed over scheme that generated $5 million for the North Korean regime Product showcase: Ente Auth encrypts, backs up, and syncs 2FA Wi-Fi roaming security practices for access network providers and identity providers European AI spending set to hit $290 billion by 2029 Windows is getting stronger RDP file protections to fight phishing attacks Capsule Security debuts with $7 million funding to secure AI agent behavior Hackers hijacked CPUID downloads, served STX RAT to victims $12 million frozen, 20,000 victims identified in crypto scam crackdown Rockstar Games receives “pay or leak” warning after cyberattack Google makes it harder to exploit Pixel 10 modem firmware Siemens expands Industrial Automation DataCenter with edge AI and cybersecurity Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) Seized VerifTools servers expose 915,655 fake IDs, 8 arrested Fixing vulnerability data quality requires fixing the architecture first ZeroID: Open-source identity platform for autonomous AI agents MITRE releases a shared fraud-cyber framework built from real attack data The fully free Linux OS Trisquel gets a major update with version 12.0 Ecne Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast ClickFix campaign delivers Mac malware via fake Apple page Poisoned “Office 365” search results lead to stolen paychecks Gmail’s end-to-end encryption comes to mobile, no extra apps required To counter cookie theft, Chrome ships device-bound session credentials Product showcase: Session, a messenger without phone numbers or metadata Little Snitch for Linux shows what your apps are connecting to - Help Net Security Apiiro CLI turns AI coding assistants into full-stack security engineers - Help Net Security April 2026 Patch Tuesday forecast: Spring-cleaning of a preview - Help Net Security What vibe hunting gets right about AI threat hunting, and where it breaks down - Help Net Security Health insurance lead sites sell personal data within seconds of form submission - Help Net Security
Mitiga unveils Agentic Runtime Security for cloud, SaaS, identity, and AI protection - Help Net Security
Industry News · 2026-06-25 · via Help Net Security

Mitiga has announced Agentic Runtime Security, a new approach to runtime detection and response across cloud, SaaS, identity, AI, and third-party services that anticipates, detects, interrupts, and stops active attacks before they impact the business.

For two decades, security operations centered on the endpoint. EDR carried the load, most detections were built there, and most analyst muscle memory lived there. But the primary asset is no longer the server – it’s third-party services, cloud, SaaS, third-party identity providers, and AI. That world is more complicated than endpoints, not less, and the one place no endpoint agent can reach is exactly where modern attacks now land.

“We do for SecOps in this new world everything they’re used to getting from an EDR on the endpoint – but for all the modern infrastructure services and resources,” said Ofer Maor, CTO of Mitiga.

“Runtime security as most people define it means an agent inside a workload. But the modern attack surface lives outside the workload, where there is no operating system to instrument, and the only signal is the audit trail the platform emits. We engineered Mitiga to make log-based runtime defense possible – to detect on behavior in real time, across cloud, SaaS, identity, and AI, and to contain attacks before anything bad happens.”

Multiple forces are reshaping what the SOC has to defend

Agentic Runtime Security responds to a structural shift in the modern SOC. As enterprises move off the endpoint and onto modern infrastructure, four forces are converging:

A compensating control for AI-discovered vulnerabilities. AI finds and exploits vulnerabilities faster than the world can patch them, and exploitation often begins before a fix ships. When an exposure can’t be closed in time, defenders need to detect and disrupt what comes through the open window.

SaaS, shadow SaaS, and embedded AI visibility. The average enterprise runs hundreds of SaaS applications, sanctioned, unsanctioned, and entirely unknown. And shadow AI is rarely just a standalone tool. It now includes AI that’s embedded inside trusted SaaS platforms like CRMs, HR systems, financial management, and collaboration tools. Posture tools were not built to surface active SaaS and AI misuse, and you cannot defend what you cannot see.

Agentic and non-human identity threats. Chatbots, copilots, and autonomous agents now act with their own credentials and permissions. The fastest growing identity on the enterprise network is no longer a person, and it operates entirely outside the endpoint’s line of sight.

Attacks that move at machine speed. Modern attacks move across cloud, SaaS, identity, AI, and third-party services in minutes. Defending against them means anticipating, detecting, interrupting, and stopping active attacks across the entire modern infrastructure, in runtime.

Runtime, redefined for the place attacks happen

Agentic Runtime Security reflects a structural difference between the modern stack and the endpoint. On an endpoint, defenders can always fall back to the device, pull a disk image, capture a memory dump. In a cloud and services world, there is no endpoint to fall back to. Defense is 100% percent dependent on the logs, not just the security logs, but everything the platforms emit. That dependency is why a forensic-grade data layer is a structural necessity for Mitiga, not a feature.

Mitiga’s platform turns that necessity into an advantage by providing panoramic visibility across cloud, SaaS, identity, and AI environments. It uses behavioral detection to identify compromised credentials, lateral movement, and data exfiltration as they occur. Automated AI-driven triage reduces noise and builds a prioritized attack narrative, while rapid containment actions can revoke sessions, quarantine identities, and block API calls during an attack. The result is Zero-Impact Breach Prevention delivered in runtime.

AI-native by design

Agentic Runtime Security is not AI bolted onto a legacy stack. Every part of the Mitiga platform runs on the same agentic, AI-native foundation, organized around three pillars:

Defend with AI – an automated SOC agent that delivers AI triage, agentic investigation and hunting, and automated containment and remediation, integrated via API and MCP.

Defend from AI – runtime detection engineered for AI-centric and AI-scaled attacks, with automated detection engineering built for AI-speed adversaries.

Defend the AI – protection for AI resources and SaaS applications, detecting and stopping attacks across workforce AI (such as ChatGPT, Copilot, and Agentforce), AI infrastructure (such as Bedrock and Claude), and the identities that operate them.

Underpinning all three is the foundation: Mitiga is Built with AI. This provides the ability to create, test, and continuously improve detections and broad runtime capabilities at AI-native speed and scale.

Three proof points: seeing what endpoint tools can’t

The launch is anchored by three findings that show why the modern attack surface demands a different vantage point – the cloud, not the endpoint.

1. SaaS discovery from the cloud, not the endpoint. In recent customer deployments, Mitiga surfaced more unauthorized SaaS applications than agent-based endpoint security solutions already in place. Endpoint and network-traffic tooling can only see what crosses the devices it sits on. Mitiga discovers shadow SaaS from the cloud and identity control plane, where the activity actually originates, catching sanctioned-looking, identity-driven app adoption that never generates a telltale endpoint signal.

2. AI-era shadow SaaS is a new and dangerous threat class. Unsanctioned SaaS no longer means an employee quietly sharing a file. Consider a meeting transcription tool like Otter.ai. It is not file-sharing, it is a conversation recorder that joins meetings, transcribes them, and retains the contents. One unsanctioned adoption creates exposure for every participant in every meeting it touches, expanding the blast radius from a single user to entire rooms of people who never installed anything. These tools widen data exfiltration risk and open the door to both human and non-human identity threats, and they are precisely the category endpoint tools are structurally blind to.

3. Real-time threat coverage for embedded AI agents and chatbots. The fastest growing identity on the modern network isn’t a person. Embedded chatbots, AI copilots, and autonomous agents now act inside cloud and SaaS environments with their own credentials, tokens, and permissions, often with broad access and little oversight. Mitiga extends behavioral, indicator-of-attack (IOA) based detection to these non-human and machine identities, watching how agents and chatbots actually behave in runtime, the calls they make, the data they reach, the actions they take, and flagging the anomalous activity that signals compromise or abuse as it happens. As enterprises wire AI into core workflows, this is the identity layer endpoint tools were never built to see.

“Together, the three tell one story. Mitiga sees what endpoint tools can’t see – and the things those tools are missing are the most dangerous category in the enterprise right now,” said Charlie Thomas, CEO at Mitiga. “Shadow AI-era SaaS and the explosion of non-human identities are expanding faster than any governance program can keep up with, and they live entirely outside the endpoint’s line of sight. You don’t close that gap by watching the device harder. You close it by defending the cloud, SaaS, identity, and AI surfaces at runtime.”

Built for the agentic SOC

Agentic Runtime Security is designed for where the SOC is heading away from the legacy SIEM and SOC model and toward an agentic, AI-native operating model.

Mitiga serves as the cloud, SaaS, identity, and AI authority layer that feeds agentic SOC orchestrators the domain-grade, pre-contextualized evidence they need to reason, reaching the control plane no endpoint agent can touch, backed by a long-horizon distributed data lake leveraging both existing and collected, enriched data across the entire modern infrastructure. The result is AI-powered detection and response fast enough to shift the discipline from reacting after impact to disrupting attacks before it.