Microsoft is making a bet that the operating system, not the model, is where AI agent security has to live. MXC is the new abstraction the company says will keep Windows and WSL agents contained.

Estonia is set to become the first country in the world to issue AI ID codes to autonomous software agents, a separate, scoped, auditable identifier layered on top of the country's existing human ID infrastructure.

A Cloud Security Alliance and Token Security report on 418 IT and security pros argues shadow AI in 2026 is no longer a data leakage problem. It is an access control problem across agent-driven non-human identities.

Microsoft's Defender Security Research team found a chain in AutoGen Studio that turns a single malicious webpage into an RCE on the developer's host. PyPI users are not exposed, but the pattern is broader than one bug.

Cisco will acquire WideField Security and fold it into Splunk's Agentic SOC, betting that session-level identity evidence is the layer that lets AI agents run in production without a human in the loop.

Gradial just closed a $65M Series C at a $675M valuation, led by Insight Partners, to build the operating system that runs enterprise marketing operations across the tools teams already pay for.

Barcelona-based NeuralTrust closed a $20M seed round, the largest cybersecurity seed in EU history, to build the policy, runtime, and posture layer that enterprise AI agents need to operate safely.

Sumsub became the first KYC platform to expose its configuration layer to AI agents via MCP, letting Claude, ChatGPT, and other models translate AML policy documents into production workflows under human review.

A fresh threat dataset shows the Model Context Protocol package ecosystem has 973 packages on npm, 71% with a single maintainer, and 9 of 11 registries failed to detect malicious uploads.