A Cloud Security Alliance and Token Security report on 418 IT and security pros argues shadow AI in 2026 is no longer a data leakage problem. It is an access control problem across agent-driven non-human identities.

Microsoft's Defender Security Research team found a chain in AutoGen Studio that turns a single malicious webpage into an RCE on the developer's host. PyPI users are not exposed, but the pattern is broader than one bug.

Cisco will acquire WideField Security and fold it into Splunk's Agentic SOC, betting that session-level identity evidence is the layer that lets AI agents run in production without a human in the loop.

Gradial just closed a $65M Series C at a $675M valuation, led by Insight Partners, to build the operating system that runs enterprise marketing operations across the tools teams already pay for.

Barcelona-based NeuralTrust closed a $20M seed round, the largest cybersecurity seed in EU history, to build the policy, runtime, and posture layer that enterprise AI agents need to operate safely.

Sumsub became the first KYC platform to expose its configuration layer to AI agents via MCP, letting Claude, ChatGPT, and other models translate AML policy documents into production workflows under human review.

A fresh threat dataset shows the Model Context Protocol package ecosystem has 973 packages on npm, 71% with a single maintainer, and 9 of 11 registries failed to detect malicious uploads.

Vercel rolled out an agent platform at Ship 2026: Vercel Services, the Agent Stack, the open source eve framework, a managed Vercel Agent, and an enterprise tier for running agents in production.

Tenet Security emerged from stealth with $6M seed funding from the Westly Group. The startup, founded by ex-Cisco AI Defense leaders, ships a runtime sensor that catches rogue AI agents before they act.