LLM vendors are increasingly building security features and guardrails into their models. However, the controls inside the model are designed for a contained, request-response world. A user sends a prompt, and the model returns a response. LLM security focuses on making that response safe. Agentic AI shows us how insufficient ... Read More

Researchers at Mitiga Labs recently demonstrated a five-step attack that quietly hijacks Claude Code’s Model Context Protocol (MCP) traffic and steals the OAuth bearer tokens that grant access to platforms like Jira, Confluence, and GitHub. The attack needs no privilege escalation, no memory corruption, and no new CVE. It abuses ... Read More

The Verizon 2026 Data Breach Investigations Report (DBIR) lands with some numbers that are hard to sit with if you’re in the business of defending web applications, APIs, and data. AI-driven bot traffic is growing at a pace most organizations aren’t equipped to handle. Web application attacks are often successful, ... Read More

What is least privilege access for AI agents? Least privilege access for AI agents means restricting each agent’s tool access, API permissions, and data scope to only what its specific task requires, nothing more. It is the same principle security teams apply to human users and service accounts, adapted for ... Read More

As enterprise adoption of generative AI accelerates, so does the number of new components showing up in architecture diagrams. Among the common are LLM proxies and MCP gateways. They are often grouped together because they both sit between applications and AI systems, and both introduce a level of abstraction that ... Read More

The most effective bot attacks don’t look like attacks. They arrive as ordinary traffic; seemingly normal requests with valid headers and at reasonable volumes. They often operate undetected until the damage is already done. By the time security teams notice, inventory has been hoarded, data has been scraped, accounts have ... Read More

The conversation around AI security often starts in the wrong place. Most teams focus on the model; how it behaves, what it generates, and whether it can be manipulated. But in real-world deployments, the model is only part of the story. What really matters is what AI agents are actually ... Read More

Announcing Agent Personas in the Cequence AI Gateway, which allow organizations and employees to manage AI agent privileges at a granular level. It provides the ability to control, monitor, and govern what an AI agent is allowed to do within a system, including data access, tool calls, system actions, and ... Read More

Key Takeaways: Your enterprise needs strong guardrails for AI agents. Unlike GenAI, agentic systems access data, modify records, and trigger transactions, which makes bolted-on security a recipe for failure. AI guardrails are the foundation, not a feature. Identity scoping, behavioral monitoring, and runtime enforcement need to be embedded at the ... Read More

Agentic AI projects are rapidly moving from experimentation to being deployed in enterprises everywhere. Autonomous agents that can reason, plan, and act promise significant revenue growth and productivity gains. At the same time, they expose organizations to new operational and security risks that many teams are not prepared to manage ... Read More