AI Agents Are the New Insiders

Amod Puranik • May 28, 2026

AI systems are no longer passive tools. They make decisions, execute multi-step workflows and access sensitive data repositories with minimal human intervention. They begin to resemble something security leaders understand very well yet are ill-equipped to manage in a digital form: insider risk.

►

Agentic AI

Why AI Agents Are Creating a New Security Blind Spot

Latest

Blockchain & Cryptocurrency

Cryptohack Roundup: US Sanctions Hit Sinaloa Cartel Networks

Rashmi Ramesh • May 28, 2026

This week, the U.S. sanctioned Sinaloa Cartel-linked networks, the U.K. sanctioned a HTX-linked entity, Syndicate Labs shuttered, Missouri sued CoinFlip, Verus attacker took a bounty deal, StablR was exploited and malicious packages targeted crypto developer systems.

Agentic AI

AI Agents Present Massive New Attack Surface

Shaun Waterman • May 28, 2026

Artificial intelligence agents have well and truly arrived and companies of all kinds are rushing to deploy them. But experts warn that agentic AI brings with it a massive new attack surface and highlights the need for a comprehensive, systemic approach to AI security and governance.

Fraud Management & Cybercrime

Chinese Phishers Use Live MFA Interception for Digital Wallet Fraud

Tiffany Wang • May 27, 2026

Google Threat Intelligence Group warned that Chinese-language phishing-as-a-service platforms are using AI, encrypted messaging and real-time OTP interception to bypass multifactor authentication and provision stolen payment cards into attacker-controlled digital wallets worldwide.

Artificial Intelligence & Machine Learning

White House Faces Pressure to Rewrite AI Order

Chris Riotta • May 27, 2026

U.S. President Donald Trump's decision to abruptly shelve an artificial intelligence executive order aimed at creating a federal review process for frontier models doesn't annul the need for the federal government to work with frontier model makers to address risks, say cybersecurity experts.

Agentic AI

Agentic AI in Healthcare Is a Risky Proposition

Marianne Kolbasuk McGee • May 27, 2026

Humans make mistakes. They fall for phishing scams and click on malicious links. Machines aren't necessarily better: Delegating decisions to agentic artificial tools can significantly intensify cybersecurity risks, warns a healthcare association.

Artificial Intelligence & Machine Learning

Top British Spook Touts AI for Cyber Defense

David Meyer • May 27, 2026

A top British intelligence official touted a "blueprint" for cybersecurity defense that leans into AI agents for speed. "We all have an intergenerational duty to harness and secure it for good; to protect our national security, our economy and our way of life," said GCHQ Director Anne Keast-Butler.

Cybercrime

Glassworm Group: Software Supply-Chain Attackers Disrupted

Mathew J. Schwartz • May 27, 2026

In a joint operation, CrowdStrike, Google and Shadowserver Foundation disrupted infrastructure used by the Glassworm cybercrime group, cutting off attackers from victims. The group has wielded a remote access Trojan to repeatedly target developers of widely used open-source software.

Governance & Risk Management

OMB Scraps Biden-Era Cyber Logging Rules

Chris Riotta • May 26, 2026

The White House issued a new memo replacing SolarWinds-era logging mandates with a narrower framework focused on risk, threat hunting and forensic readiness as agencies confront faster artificial intelligence-enabled intrusions across federal networks.

3rd Party Risk Management

GitHub Tells Self-Hosted Admins to Rotate Keys

Greg Sirico • May 26, 2026

Hacked code repository GitHub warned administrators of self-hosted git servers to rotate public encryption keys following a May 18 incident involving a poisoned VS Code extension used by an employee. GitHub CISO Alexis Wales in a Tuesday update said the repository is rotating all keys.

Healthcare

Oncology Firm Says Vendor Hack Compromised Patient Data

Marianne Kolbasuk McGee • May 26, 2026

A publicly traded cancer treatment firm notified investors that a yet-undisclosed number of patients' information was compromised in a 2025 cybersecurity incident involving a third-party billing software vendor. The Oncology Institute provides cancer treatment care to nearly 2 million patients.

Cyberwarfare / Nation-State Attacks

LA Metro Hack Was Part of an Iranian Campaign

Tiffany Wang • May 26, 2026

Researchers say Iran-linked operators behind Ababil of Minab, not independent hacktivists, disrupted L.A. Metro in March by stealing data, deleting systems and targeting backups, signaling a shift toward destructive attacks on recovery infrastructure.

Artificial Intelligence & Machine Learning

Anthropic Expands Public Access to Claude Mythos AI Model

Mathew J. Schwartz • May 26, 2026

Anthropic is expanding public access to its frontier artificial intelligence model Claude Mythos "to qualifying customers' security teams on request" for such purposes as vulnerability research and red-teaming, and predicts that Mythos-class models will be publicly available within 12 months.