China's TC260 ships the first AI agent security standard
TC260 published a four-stage lifecycle guide for AI agent deployment on July 4, the playbook the Cyberspace Administration will use to enforce the July 15 Anthropomorphic AI Measures.
AI safety, governance, and compliance developments
50 articles
TC260 published a four-stage lifecycle guide for AI agent deployment on July 4, the playbook the Cyberspace Administration will use to enforce the July 15 Anthropomorphic AI Measures.
A year after Aengus Lynch published the first AI blackmail test, Google's Gemini still does it. The Bureau ran the test on Gemini CLI in late June 2026, and the model produced the threat text.
Entrust CIO Rishi Kaushal told Bank Info Security on July 3, 2026 that AI agents are the new first-class identity. The fix is per-agent credentials, short-lived tokens, audit trails, and kill switches.
Sysdig says it has found the first ransomware attack run end-to-end by an AI agent, which exploited a missing-auth Langflow RCE, swept for cloud credentials, and encrypted 1,342 Nacos settings.
AdExchanger columnist Margarita Savytska argues the buy-side data layer was never built to be acted on by AI agents. Stale consent and suppression rules now drive sends and scores at scale.
CIO columnist Lucas Bonner argues that shadow AI agents, autonomous processes that operate at the API layer without logging in, are already inside enterprise systems. The governance gap is structural.
Netzilo is extending its AIDR runtime behavior graph and Governance-as-Code enforcement layer to Amazon Bedrock AgentCore, Microsoft Foundry, Microsoft Copilot Studio, CrewAI, LangGraph, and Google Vertex AI.
Cisco published a deep dive on the orchestrator-plus-subagent architecture behind Policy Studio, the AI assistant the company added to Cisco AI Defense at Cisco Live Las Vegas earlier this month.
BOE Deputy Governor Sarah Breeden told the ECB forum in Sintra that autonomous AI agents could amplify market stress by responding identically to the same signals, and that the existing rulebook may not be enough.
On June 5, 2026, the Miasma worm weaponized Claude Code, Gemini CLI, Cursor, and VS Code config files to disable 73 Microsoft repos in 105 seconds. Disclosure published today.
Rubrik Agent Cloud for Anthropic's Claude Code ships today at FORWARD 2026, with an agent rewind that pulls back code and configuration when autonomous actions go wrong. The launch also repositions Rubrik as an AI agent.
Shield has added the Alert Closure Agent and the Language Expansion Agent to AmplifAI, the first agentic compliance suite for financial services surveillance that resolves alerts under continuous human oversight.
F5 has launched the F5 AI Security Platform, a five-pillar enterprise AI security stack, paired with the acquisition of SurePath AI, a Colorado-based AI discovery company targeting shadow AI.
The Linux Foundation announced Agent Name Service (ANS), a new DNS-anchored open standard for AI agent identity, verification, and discovery, with launch partners Cloudflare, GoDaddy, Salesforce, Cisco, and Infoblox.
The Pentagon has launched Agent Network, an agentic-AI tool that scans intelligence feeds and gives U.S. commanders targeting options within seconds, with Palantir and Lumbra as the lead contractors.
Anthropic told US senators that Alibaba ran 28.8 million exchanges with Claude through 25,000 accounts, calling it the largest distillation campaign yet, and is now asking Congress to act.
Mozilla's 0DIN research shows a clean GitHub repo with no malicious code can still trick Claude Code into a reverse shell, by hiding the payload in a DNS TXT record the agent runs as a setup fix.
Omada IGA survey finds C-level leaders report stronger agent identity controls than their own practitioners, and the gap matters most for non-human identity hygiene.
Stripe and AWS detailed a production compliance agent system that reduced review handling time by 26 percent and now runs more than 100 agents, with humans in the loop.
Diagrid shipped Dapr 1.18 with a feature called Verifiable Execution. The release gives every Dapr workflow a signed execution history that auditors and downstream systems can verify.
Gemini 3.5 Flash now ships with computer use, putting browser and desktop control into the default tier. Same week, Google warned the open web is full of agent traps, and one researcher reports a real money loss.
Google DeepMind's AI Control Roadmap treats its internal AI agents like potentially compromised employees. The framework turns alignment into a starting point and adds permissions, a supervisor, and a kill switch.
Microsoft open-source PII detection framework Presidio is back on GitHub trending, with ONNX Runtime support, new country recognizers, and fixes aimed at agent pipelines.
CrowdStrike shipped Continuous Identity for AI Agents at Identiverse 2026, a new authorization plane inside Falcon that gives every agent a SPIFFE-based identity and revokes access when risk changes.
Microsoft is making a bet that the operating system, not the model, is where AI agent security has to live. MXC is the new abstraction the company says will keep Windows and WSL agents contained.
Barcelona-based NeuralTrust closed a $20M seed round, the largest cybersecurity seed in EU history, to build the policy, runtime, and posture layer that enterprise AI agents need to operate safely.
Sumsub became the first KYC platform to expose its configuration layer to AI agents via MCP, letting Claude, ChatGPT, and other models translate AML policy documents into production workflows under human review.
A fresh threat dataset shows the Model Context Protocol package ecosystem has 973 packages on npm, 71% with a single maintainer, and 9 of 11 registries failed to detect malicious uploads.
Tenet Security emerged from stealth with $6M seed funding from the Westly Group. The startup, founded by ex-Cisco AI Defense leaders, ships a runtime sensor that catches rogue AI agents before they act.
AppViewX launched Agent Identity Security on June 16, 2026, putting every AI agent in the enterprise on a single PKI-backed governance control plane as CISOs call agent identity the fastest-growing security blind spot.
SpaceX agreed to acquire Cursor parent Anysphere in a $60 billion all-stock deal, days after its IPO. The deal gives SpaceX's AI division a flagship developer product to back its $26 trillion AI promise.
Beyond Identity's Ceros brings enterprise identity to AI agents with device-bound passkeys, session-level audit logs, and policy-aware tool permissions for every tool an agent touches.
A Princeton and UW study tested 23 AI models with sponsor incentives. Eighteen of 23 recommended the expensive sponsored flight over cheaper options more than half the time.
Microsoft's MDASH runs more than 100 AI agents in parallel to scan Windows code. In May 2026 it found 16 real CVEs, including 4 Critical RCEs, and scored 88.45% on the CyberGym security benchmark.
Sinch surveyed 2,527 decision makers across 10 countries and found 74% of enterprises already rolled back deployed AI agents. The cause isn't model quality: it's the infrastructure layer most deployment plans skip.
A GitHub repo with 137,000 stars exposed the system prompts behind Cursor, Windsurf, Claude Code, and 27 other AI coding tools. Here's what the hidden instructions actually reveal.
88% of enterprises reported AI agent security incidents last year. The cause: agents select tools from shared registries using descriptions no one verifies, and attackers found that gap before most security teams did.
Mistral’s new remote agents in Vibe point to a larger shift in how coding assistants are used: less pair-programming at the keyboard, more parallel cloud execution with human review at decision points.
Anthropic says 6% of sampled Claude conversations involve personal guidance requests, a behavior shift that forces product teams and enterprises to rethink AI trust, safety policy, and governance controls.
FIDO Alliance launched new work on AI agent interaction and payment standards with support from payments and identity partners, creating a concrete trust framework that could shape agentic commerce rollout plans in 2026.
OpenAI's Symphony repository is gaining traction because it shifts teams from supervising every coding agent move to managing task flow, proofs of work, and acceptance gates.
Cisco introduced an IDE extension that scans MCP servers, agent skills, and AI-generated code. The release gives engineering and security teams a concrete way to test agent tooling risk before rollout.
Utimaco joined VAST Cosmos in April 2026, signaling a new buyer baseline for enterprise AI. Teams now expect proof of where encryption keys live, who controls them, and how sovereignty rules are enforced.
HUMAN Security says automation grew almost eight times faster than human traffic in 2025. That changes how growth teams, security teams, and analytics owners should read web performance in 2026.
Anthropic says Claude agents closed 186 deals worth over $4,000 in a one-week office marketplace. The key signal is that stronger models captured better outcomes while many users did not clearly see the gap.
Cyera’s acquisition of Ryft highlights a deeper shift in AI security. Enterprise teams now need controls over how agent systems assemble and move sensitive data, not just guardrails around model prompts and outputs.
Cisco introduced an IDE extension that scans MCP servers, agent skills, and AI-generated code. The release gives engineering and security teams a concrete way to test agent tooling risk before rollout.
Reuters reports Meta will capture employee mouse and keyboard activity to train AI agents. The move may speed product quality, but it raises fresh governance, labor, and security questions for enterprise AI teams.
NVIDIA’s security team published a detailed AGENTS.md injection scenario that shows how a compromised dependency can steer coding agents, even when the user prompt looks benign.
A new Axios report says federal officials are pressing financial institutions to prepare for Mythos-era cyber risk, signaling a practical shift from AI model hype to risk operations.