惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
S
Securelist
P
Privacy & Cybersecurity Law Blog
Scott Helme
Scott Helme
T
Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
量子位
博客园 - Franky
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
T
Troy Hunt's Blog
N
News | PayPal Newsroom
Google Online Security Blog
Google Online Security Blog
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
小众软件
小众软件
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
WordPress大学
WordPress大学
L
Lohrmann on Cybersecurity
L
LINUX DO - 最新话题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
P
Privacy International News Feed
Last Week in AI
Last Week in AI
Microsoft Security Blog
Microsoft Security Blog
T
Tailwind CSS Blog
博客园_首页
云风的 BLOG
云风的 BLOG
V
Vulnerabilities – Threatpost
D
DataBreaches.Net
Recent Announcements
Recent Announcements
酷 壳 – CoolShell
酷 壳 – CoolShell
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
罗磊的独立博客
Engineering at Meta
Engineering at Meta
Forbes - Security
Forbes - Security
T
Tenable Blog

VentureBeat

Anthropic says it hit a $30 billion revenue run rate after 'crazy' 80x growth OpenAI voice models get GPT-5-class reasoning AI agent identity: how to govern agentic AI in 6 stages Anthropic wants to own your agent's memory, evals, and orchestration — and that should make enterprises nervous Enterprise GPU utilization: why 95% of AI infrastructure spend is wasted Governance, not gatekeeping: How SAP brings enterprise‑grade safety to AI connectivity Anthropic introduces "dreaming," a system that lets AI agents learn from their own mistakes RL orchestration: how a 7B model routes tasks across GPT-5, Claude, and Gemini Meet ZAYA1-8B, a super efficient open reasoning model trained on AMD Instinct MI300 GPUs Anthropic Skill scanners passed every check. The malicious code rode in on a test file. Why AI breaks without context — and how to fix it Market research is too slow for the AI era, so Brox built 60,000 identical 'digital twins' of real people you can survey instantly, repeatedly The app store for robots has arrived: Hugging Face launches open-source Reachy Mini App Store with 200+ apps Scaling AI into production is forcing a rethink of enterprise infrastructure Miami startup Subquadratic claims 1,000x AI efficiency gain with SubQ model; researchers demand independent proof. GPT-5.5 Instant shows you what it remembered — just not all of it One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it AI agents are missing all the discussions your team is having. SageOX has an answer: agentic context infrastructure OpenAI turns its sold-out GPT-5.5 party into a monthlong Codex giveaway for 8,000 developers Inside AMEX’s agentic commerce stack: How intent contracts and single-use tokens enforce AI transactions Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat The RAG era is ending for agentic AI — a new compilation-stage knowledge layer is what comes next Salesforce Agentforce Operations fixes workflows breaking enterprise AI MCP command execution flaw: what security teams need to know The scaffolding era is over. LlamaIndex says context is the new moat xAI launches Grok 4.3 at an aggressively low price and a new, fast, powerful voice cloning suite Hidden IT problems are quietly creating risk, shadow IT, and lost productivity Alibaba's HDPO cuts AI agent tool overuse from 98% to 2% One tool call to rule them all? New open source Python tool Runpod Flash eliminates containers for faster AI dev Why OpenAI's 'goblin' problem matters — and how you can release the goblins on your own AI coding agents breached: attackers targeted credentials, not models | VentureBeat Writer launches AI agents that can act without prompts, taking on Amazon, Microsoft and Salesforce Netomi raises $110 million as Accenture and Adobe bet on AI for customer service Cheaper tokens, bigger bills: The new math of AI infrastructure Amazon’s OpenAI gambit signals a new phase in the cloud wars — one where exclusivity no longer applies Enterprise RAG rebuild: hybrid retrieval adoption tripled in Q1 2026 IBM launches Bob with multi-model routing and human checkpoints to turn AI coding into a secure production system AWS Quick's knowledge graph creates an orchestration blind spot Why enterprise GPU utilization is stuck at 5% — and why the fix makes it worse Definity embeds agents inside Spark pipelines to catch failures before they reach agentic AI systems How to build custom reasoning agents with a fraction of the compute American AI startup Poolside launches free, high-performing open model Laguna XS.2 for local agentic coding Mistral AI launches Workflows, a Temporal-powered orchestration engine already running millions of daily executions Microsoft and OpenAI gut their exclusive deal, freeing OpenAI to sell on AWS and Google Cloud Open source Xiaomi MiMo-V2.5 and V2.5-Pro are among the most efficient (and affordable) at agentic 'claw' tasks AI framework autonomously outperforms human-designed R&D baselines Why supply chains are the proving ground for automation‑led iPaaS RAG precision tuning can quietly cut retrieval accuracy by 40%, putting agentic pipelines at risk Enterprises are obsessing over model accuracy while ignoring the infrastructure layer where AI systems actually break. Monitoring LLM behavior: Drift, retries, and refusal patterns CVSS vulnerability triage: 5 failures, 5 fixes DeepSeek-V4 arrives with near state-of-the-art intelligence at fraction of the cost of Opus 4.7, GPT-5.5 85% of enterprises are running AI agents. Only 5% trust them enough to ship. AI synthetic audiences are already here and poised to upend the consulting industry Mystery solved: Anthropic reveals changes to Claude's harnesses and operating instructions likely caused degradation OpenAI's GPT-5.5 is here, and it's no potato: narrowly beats Anthropic's Claude Mythos Preview on Terminal-Bench 2.0 New startup BAND debuts agentic mesh with deterministic routing to govern multiple enterprise AI agents across model providers, channels OpenAI unveils Workspace Agents, a successor to custom GPTs for enterprises that can plug directly into Slack, Salesforce and more Google and AWS split the AI agent stack between control and execution Are you paying an AI ‘swarm tax’? Why single agents often beat complex systems OpenAI launches Privacy Filter, an open source, on-device data sanitization model that removes personal information from enterprise datasets Google doesn't pay the Nvidia tax. Its new TPUs explain why. Salesforce’s Agentforce Vibes 2.0 targets a hidden failure: context overload in AI agents Google’s Gemini can now run on a single air-gapped server — and vanish when you pull the plug The modern data stack was built for humans asking questions. Google just rebuilt its for agents taking action. Google’s new Deep Research and Deep Research Max agents can search the web and your private data Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain The AI governance mirage: Why 72% of enterprises don’t have the control and security they think they do OpenAI's ChatGPT Images 2.0 is here and it does multilingual text, full infographics, slides, maps, even manga — seemingly flawlessly Kimi K2.6 runs agents for days — and exposes the limits of enterprise orchestration What AI model should you use for revenue intelligence? Von says all the big ones, and it will automate mixing and matching for you Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it Train-to-Test scaling explained: How to optimize your end-to-end AI compute budget for inference AI agent security maturity audit: enterprises funded stage one, stage-three threats arrived anyway Anthropic just launched Claude Design, an AI tool that turns prompts into prototypes and challenges Figma Should my enterprise AI agent do that? NanoClaw and Vercel launch easier agentic policy setting, approval dialogs for messaging apps Salesforce launches Headless 360 to turn its entire platform into infrastructure for AI agents Are we getting what we paid for? How to turn AI momentum into measurable value OpenAI debuts GPT-Rosalind, a new limited access model for life sciences, and broader Codex plugin on Github OpenAI drastically updates Codex desktop app to use all other apps on your computer, generate images, preview webpages Anthropic releases Claude Opus 4.7, narrowly retaking lead for most powerful generally available LLM AI lowered the cost of building software. Enterprise governance hasn’t caught up Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway Frontier models are failing one in three production attempts — and getting harder to audit Meta researchers introduce 'hyperagents' to unlock self-improving AI for non-coding tasks We tested Anthropic’s redesigned Claude Code desktop app and 'Routines' -- here's what enterprises should know AI's next bottleneck isn't the models — it's whether agents can think together Adobe’s new Firefly AI Assistant wants to run Photoshop, Premiere, Illustrator and more from one prompt Traza raises $2.1 million led by Base10 to automate procurement workflows with AI Agentic coding at enterprise scale demands spec-driven development Designing the agentic AI enterprise for measurable performance Five signs data drift is already undermining your security models Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops. Intuit compressed months of tax code implementation into hours — and built a workflow any regulated-industry team can adapt OpenAI introduces ChatGPT Pro $100 tier with 5X usage limits for Codex compared to Plus Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook Claude, OpenClaw and the new reality: AI agents are here — and so is the chaos Goodbye, Llama? Meta launches new proprietary AI model Muse Spark — first since Superintelligence Labs' formation LLM-referred traffic converts at 30-40% — and most enterprises aren't optimizing for it
Agent authorization gap: why verified agents are still a risk
louiswcolumb · 2026-05-15 · via VentureBeat

Anthony Grieco, Cisco’s SVP and chief security and trust officer, did not hesitate when VentureBeat asked whether rogue agent incidents are reaching Cisco’s customer base.

"A hundred percent. We see them regularly," Grieco told VentureBeat in an exclusive interview at RSAC 2026. "I've heard some that I can't repeat, but they do get to the places of, you know, agents are doing things that they think are the right things to do."

The incidents Grieco described follow a consistent pattern: authentication passes, identity checks clear. The agent is exactly who it claims to be. Then it accesses data it was never scoped to touch or takes an action nobody authorized at that level of granularity. The failure is not identity; it's authorization.

"The business is saying things like, we're gonna have 500 agents per employee," Grieco told VentureBeat. "The security leaders are really focused on how to make sure that we do that securely."

Cisco’s State of AI Security 2026 report found that 83% of organizations planned to deploy agentic capabilities, but only 29% felt prepared to secure them. Five vendors shipped agent identity frameworks at RSAC 2026. None closed every gap. That includes Cisco.

VentureBeat mapped four authorization gaps across Grieco’s exclusive interview and five independent sources. The prescriptive matrix at the end of this story is what to do about them.

The authorization gap nobody has closed yet

Grieco came up through Cisco's engineering and threat research organizations before taking a role that straddles both sides of the company's security operation: building the products Cisco sells and running the program that defends Cisco itself.

The authorization gap he described is specific and operational.

"This agent here is a finance agent, but even if it's a finance agent, it shouldn't access all finance data," Grieco told VentureBeat. "It should access the expense reports, and not just expense reports, but the individual expense reports at a particular time. Getting that sort of granular control is really one of the biggest things that are gonna help us say yes to a lot of the agentic developments."

Independent practitioners confirmed the pattern across RSAC 2026. Kayne McGladrey, an IEEE senior member, told VentureBeat that organizations default to cloning human user profiles for agents, and permission sprawl starts on day one. Carter Rees, VP of AI at Reputation, identified the structural reason. The flat authorization plane of an LLM fails to respect user permissions, Rees told VentureBeat. An agent on that flat plane does not need to escalate privileges. It already has them.

"The biggest challenge that we see is knowing what's going on," Grieco said. "Being able to have identity and access control maps to those, that's really crucial."

Elia Zaitsev, CTO of CrowdStrike, described the visibility dimension in an exclusive VentureBeat interview at RSAC 2026. In most default logging configurations, an agent’s activity is indistinguishable from a human’s. Distinguishing the two requires walking the process tree. Most enterprise logging cannot make that distinction.

Five vendors shipped agent identity frameworks at RSAC, including Cisco's Duo IAM and MCP gateway controls. None closed every gap VentureBeat identified. The four gaps below are what remains open.

Standards bodies are converging on the same diagnosis

The authorization and identity gaps Grieco described are not just vendor observations. Three independent standards bodies reached parallel conclusions in early 2026. NIST’s NCCoE published a concept paper in February 2026, "Accelerating the Adoption of Software and AI Agent Identity and Authorization," explicitly calling for demonstration projects on how existing identity standards apply to autonomous agents.

The OWASP Top 10 for Agentic Applications, released in December 2025, identified tool misuse from over-privileged access and unsafe delegation as top-tier risks. And the Cloud Security Alliance launched the CSAI Foundation at RSAC 2026 with a mission of "Securing the Agentic Control Plane," including a dedicated Agentic AI IAM framework built around decentralized identifiers and zero trust principles. When NIST, OWASP, and CSA all independently flag the same gap class in the same market cycle, the signal is structural, not vendor-specific.

MCP security requires discovery before control

VentureBeat asked Grieco about the paradox of MCP, the Model Context Protocol that every vendor at RSAC 2026 embraced while acknowledging its security gaps. Grieco did not argue that the protocol is safe. He argued that blocking it is no longer realistic.

"There is no saying no to that in today's day and age as a security leader," Grieco told VentureBeat. "And so it's how do we manage that."

Inside Cisco’s own environment, Grieco’s team added MCP discovery, proxying, and inspection capabilities to AI Defense and Cisco Secure Access. The approach treats MCP servers the way enterprises treat shadow IT: find them before you govern them.

Etay Maor, VP of threat intelligence at Cato Networks, validated that approach from the adversarial side. At RSAC 2026, Maor demonstrated a Living Off the AI attack chaining Atlassian's MCP and Jira Service Management. Attackers do not separate trusted tools, services, and models. They chain all three. "We need an HR view of agents," Maor told VentureBeat. "Onboarding, monitoring, offboarding."

Nearly half of the critical infrastructure is obsolete and unpatched

Agent authorization failures are harder to detect and contain when the infrastructure underneath has not received a security patch in years — and that gap compounds every other vulnerability in this story. Cisco commissioned UK-based advisory firm WPI Strategy to examine end-of-life technology risk across the US, UK, France, Germany, and Japan. The report found that nearly half of the critical network infrastructure across those geographies is aging or already obsolete. Vendors no longer patch it.

"Almost 50% of the critical infrastructure across these geographies was aging, it was end of life or almost end of life," Grieco told VentureBeat. "It means vendors are not providing security patches for them anymore."

Cisco’s Resilient Infrastructure initiative disables unused features by default and phases out legacy protocols on a three-release deprecation schedule. Grieco pushed back on the assumption that secure by default is a static achievement. "One of the things that most people don't think about is that those are not static points in time," Grieco told VentureBeat. "It's not like you do it once and you're done."

Agentic enterprise security gap matrix

The four gaps below are what security directors can act on Monday morning. Each row maps from what breaks to why it breaks to what to do about it, cross-validated by five independent sources.

Sources: VentureBeat analysis of Grieco's exclusive interview at RSAC 2026, cross-validated against independent reporting from McGladrey (IEEE), Rees (Reputation), Maor (Cato Networks), and Zaitsev (CrowdStrike). May 2026.

Security Gap

| What fails and what it costs

Why your current stack doesn't catch it

Where vendor controls stand now

First action for your team

Infrastructure aging

Nearly half of critical network assets are end of life or approaching it (WPI Strategy); agents operating on unpatched systems inherit vulnerabilities no vendor will fix

Annual patching cadence cannot keep pace with threat velocity; EoL systems receive zero security updates and zero vendor support

Resilient Infrastructure disables insecure defaults, warns on risky configurations, deprecates legacy protocols on a three-release schedule

Infra team: audit every network asset against vendor EoL dates this quarter. Reclassify EoL replacement from IT upgrade to security investment in next budget cycle

MCP discovery

MCP servers proliferate across environments without security visibility; developers spin up agent tool connections that bypass existing governance

Shadow MCP deployments bypass existing discovery tools; no standard inventory mechanism exists; Maor demonstrated attackers chaining MCP + Jira in a Living Off the AI attack

AI Defense adds MCP discovery, proxying, and inspection; treats MCP servers like shadow IT

Security ops: run an MCP server inventory across all environments before deploying any agent governance controls. If you cannot enumerate your MCP surface, you cannot secure it

Agent over-permissioning

Agents inherit broad human-level access on a flat authorization plane; the agent does not need to escalate privileges because it already has them (Rees)

IAM teams clone human profiles for agents by default (McGladrey); no scoped, time-bound permissions exist for non-human identities

Duo IAM registers agents as distinct identity objects with granular, time-bound permissions per tool call

IAM team: stop cloning human accounts for agents immediately. Scope every agent permission to a specific data set, specific action, and specific time window. Grieco's test: can this finance agent access only the individual expense report it needs at this moment?

Agent behavioral visibility

Agent actions are indistinguishable from human actions in security logs (Zaitsev); an over-permissioned agent that looks like a human in logs is invisible to the SOC

Default logging does not capture process tree lineage; no vendor has shipped a complete cross-platform behavioral baseline for agent activity

SOC telemetry integration with Splunk for agent-specific detection and response

SOC lead: update logging to capture process tree lineage so agent-initiated actions are distinguishable from human-initiated actions. If your SIEM cannot answer "was this a human or an agent?" for every session, the gap is open

"Frankly, we must move this quickly and evolve this quickly to keep up with where the adversaries are gonna go," Grieco told VentureBeat.

The gaps mapped above are not theoretical. Grieco confirmed the incidents are already happening. The controls exist in pieces across multiple vendors. No single vendor has assembled the complete stack.