Connect with us
DAPA Banner
DAPA Coin
DAPA
COIN PAYMENT ASSET
PRIVACY · BLOCKDAG · HOMOMORPHIC ENCRYPTION · RUST
ElGamal Encrypted MINE DAPA
🚫 GENESIS SOLD OUT
DAPAPAY COMING

Tech

The agent security gap: 54% of enterprises have already had an AI agent incident, and most still let agents share credentials

Published

on

Across 107 enterprises, AI agents are being given real access to systems and data while the controls meant to contain them lag behind. More than half have already had a confirmed agent security incident or a near-miss; only about a third give every agent its own scoped identity, and most agents still share credentials; and only three in ten isolate their highest-risk agents. The security stack is overwhelmingly borrowed from the model providers and hyperscalers rather than purpose-built for agents, spending remains a thin slice of the security budget, and enterprises are evenly split on whether their defenses are keeping pace with AI-enabled attackers. The result is an agent security gap — autonomous agents proliferating faster than the identity, isolation, and enforcement controls needed to hold them.

This wave of VentureBeat Pulse Research examines how enterprises secure their AI agents: what tooling they run, how they manage agent identity and isolation, what has already gone wrong, how much they spend, and whether they believe their defenses are keeping pace with AI-enabled attackers.

The central finding is an agent security gap — the distance between the autonomy enterprises are granting their agents and the controls in place to contain them. More than half of organizations (54%) have already experienced a confirmed agent security incident (18%) or a near-miss caught before harm (36%). The structural weakness beneath those numbers is identity: only about a third (32%) give every agent its own scoped, managed identity, while the rest report that some agents share credentials or that agents mostly run on shared API keys and human or service-account credentials. When agents share credentials, a single compromised or over-permissioned agent carries a wide blast radius — and only three in ten enterprises (30%) isolate their highest-risk agents in sandboxes to bound that radius.

What makes the gap notable is how comfortable enterprises are inside it. The security stack is overwhelmingly provider-native — OpenAI’s guardrails (51%), Google’s and Microsoft’s cloud controls, and Anthropic’s managed-agent controls dominate, while the dedicated agent-security specialists barely register — and satisfaction with that borrowed stack is high, averaging 4.2 out of 5. Yet spending remains a thin slice of the security budget, only a third of enterprises believe their AI defenses are ahead of AI-enabled attackers, and a clear majority plan to change tooling within the year. Enterprises are satisfied with controls they are simultaneously preparing to replace.

Advertisement

Methodology

VentureBeat fielded this survey as part of its ongoing Pulse Research series, this instrument focused on enterprise agent security — the tooling, identity, isolation, and enforcement controls organizations use to secure autonomous AI agents. Responses are filtered to organizations with more than 100 employees (n=107; the survey’s smallest size band, 1–100 employees, is excluded), drawn from a single June 2026 wave. Because this is one wave rather than a pooled multi-month sample, the report reads cross-sectionally and does not infer month-over-month trends. Several questions were multiple-select, so those shares can sum to more than 100%.

By role the sample is senior and buyer-credible: 45% are final decision-makers for AI purchases and another 30% recommenders or influencers. Managers (43%), individual contributors (24%), VPs and directors (15%), and the C-suite (11%) make up the seniority mix. By organization size the sample is mid-market-weighted: 251–1,000 (42%) and 101–250 (25%) employees lead, with 1,001–5,000 (19%), 5,001–10,000 (8%), and 10,001+ (7%) above them. Technology/Software is the largest industry at 23%, followed by Manufacturing (15%), Retail/E-commerce (14%), and Healthcare/Life Sciences (13%).

At 107 respondents the sample is large enough to read directionally but should be treated as a directional signal rather than a precise measurement; it is self-selected and is not a probability sample. It skews toward the mid-market, so it is best read as the view from organizations actively standing up agent security rather than from the largest operators.

Satisfaction ratings are computed on the respondents who answered each rating question; the overall satisfaction score reflects 82 of the 107 qualified respondents.

Advertisement

Finding 1: The incidents are already here

More than half have had an agent security incident or near-miss

We asked whether organizations had experienced an agent security incident — a confirmed breach, or a near-miss caught before harm. Most that run agents in production had.

Finding 1 — The incidents are already here

42%

Advertisement

no such incident identified

36%

yes — a near-miss caught before harm

Advertisement

18%

yes — a confirmed incident

Advertisement

5%

not applicable — no agents in production; 2% don’t track this

Advertisement

This is the report’s defining number. More than half of organizations (54%) have already had an agent security event — 18% a confirmed incident and 36% a near-miss caught before it caused harm. Only 42% report nothing, and a small remainder either run no agents in production or don’t track such events. That so many report near-misses rather than only confirmed incidents is telling: enterprises are catching problems, but they are catching them close to the edge. The controls examined in the rest of this report — identity, isolation, enforcement — are what determine whether the next near-miss stays a near-miss.

Exposure scales with company size, but containment does not. The incident-or-near-miss rate rises from 49% in the mid-market (companies with 101-1,000 employees) to 63% at larger enterprises (above 1,000 employees), while sandbox isolation of high-risk agents falls from 35% to 20%, and satisfaction with security tooling drops from 4.36 to 3.97. The organizations running the most agents across the most systems carry the most incidents and the least of the one control that bounds an incident’s blast radius.

Finding 2: The identity gap

Only a third give every agent its own scoped identity

Advertisement

We asked how enterprises manage the identity of their AI agents — whether each agent has its own credentials, or agents share them. Full per-agent identity is the exception.

Finding 2 — The identity gap

48%

some agents have scoped identities, but many still share credentials

Advertisement

32%

each agent has its own scoped, managed identity

Advertisement

32%

agents mostly run on shared API keys or human / service-account credentials

7%

Advertisement

not applicable — no agents in production; 5% don’t know

Advertisement

Rolled together, the overlapping answers show 69% of enterprises (74 of 107) with credential sharing somewhere in the agent fleet. Identity is the structural weakness beneath the incidents. Only about a third of enterprises (32%) give every agent its own scoped, managed identity — the precondition for least-privilege access and clean attribution. Nearly half (48%) say some agents have scoped identities but many still share credentials, and another 32% say agents mostly run on shared API keys or borrowed human and service-account credentials. (Respondents could describe more than one pattern across their agent fleet, so these overlap.)

The consequence is direct: when agents share credentials, an over-permissioned or compromised agent can act with far more reach than intended, and forensics after an incident cannot cleanly tell which agent did what. The non-human identity problem — giving every agent its own governed identity — is the single largest unfinished piece of enterprise agent security.

Moreover, a company’s agent credential posture is correlated with incidents. Organizations with credential sharing anywhere in the fleet were hit — with an incident or a near-miss in the past twelve months — at 63.5% (47 of 74). Organizations where every agent carries its own scoped identity were hit at 40.9% (9 of 22). The fully-scoped group is small, so for now the relationship is an association rather than proven causation, and the gap is concentrated in the mid-market — but within a single survey, a twenty-three point difference in incident rate suggests significance.

Finding 3: Observe and enforce, but rarely isolate

Only three in 10 sandbox their highest-risk agents

Advertisement

We asked what an organization’s agent security posture looks like in practice — whether they observe, enforce, isolate, or some combination. The control that bounds damage is the least common.

Finding 3 — Observe and enforce, but rarely isolate

49%

enforce — agents have scoped identities and permissions, enforced at runtime

Advertisement

47%

observe — they monitor and log agent activity, but runtime enforcement is limited

Advertisement

30%

isolate — high-risk agents run sandboxed, with bounded blast radius if controls fail

6%

Advertisement

don’t know; 5% have no dedicated agent security program yet

Advertisement

Monitoring and enforcement are reasonably common; containment is not. Roughly half of enterprises observe agent activity (47%) or enforce scoped permissions at runtime (49%), but only 30% isolate their highest-risk agents in sandboxes that bound the blast radius when the other controls fail. That ordering is backwards from a defense-in-depth standpoint: observation tells you what happened, enforcement tries to prevent it, but isolation is what limits the damage when prevention fails — and it is the control enterprises have adopted least. Combined with the identity gap in Finding 2, the picture is of agents that are watched and permissioned but rarely boxed in, which is precisely the configuration in which a single failure propagates.

Finding 4: Security runs on borrowed, provider-native controls

Guardrails from OpenAI, Google and Microsoft dominate; specialists barely register

We asked which agent security tooling enterprises use, and which is their primary layer. The answer favors the model providers and hyperscalers over the dedicated security vendors.

Finding 4 — Security runs on borrowed, provider-native controls

Advertisement

51%

use OpenAI’s built-in guardrails; 36% Google Cloud controls; 35% Microsoft Azure (Purview / Copilot Studio DLP); 29% Anthropic’s managed-agent controls

13%

Advertisement

Microsoft Entra Agent ID; 10% AWS Bedrock Guardrails

8%

each uses open-source guardrails, Cloudflare, and Cisco; the dedicated specialists (Palo Alto, CrowdStrike, Zenity, HiddenLayer, Lakera, Okta) sit in low single digits

Advertisement

82%

name a provider-native or hyperscaler control as their primary agent security layer

Advertisement

Enterprises are securing agents with tools that came bundled with their models and clouds. OpenAI’s guardrails lead at 51%, followed by Google’s and Microsoft’s cloud-native controls and Anthropic’s managed-agent controls — and when asked to name their single primary security layer, 82% name one of these provider-native offerings. The purpose-built agent-security category — Palo Alto’s Prisma AIRS, CrowdStrike, Cisco AI Defense, Zenity, HiddenLayer, Check Point’s Lakera, Okta for AI Agents, non-human identity platforms — barely registers, each in the low single digits, and only 5% run no dedicated tooling at all. As with retrieval and evaluation elsewhere in this series, the provider bundle is winning the default: enterprises reach first for the guardrails their platform ships, and the independent security layer that would address the identity and isolation gaps has not yet been adopted at scale.

The provider-default pattern is consistent across both Q2 survey waves. In April–May (n=110), usage was led by the same names — OpenAI’s controls at 26%, Azure at 15%, AWS at 14%, Google at 12% — with every dedicated agent-security specialist at 3% or below and one in ten using no dedicated tooling at all. The common finding from the two surveys: Enterprises are defaulting to the solutions provided by the platform they’re using, and the specialist category vendors have yet to become big players here.

Advertisement

(A note on reading these shares. As described in the methodology section, the respondent sample is self-selected and skews mid-market, and the usage question counted every vendor or approach a respondent has in place — so the figures measure presence in the security stack rather than spending or exclusivity. Individual vendor percentages therefore carry all the usual sample caveats. The structural pattern, however, held across both Q2 waves on two differently worded questions: provider-native and hyperscaler controls lead, and dedicated agent-security specialists remain in low single digits. Read the individual shares loosely and the pattern with confidence.)

Finding 5: And enterprises are comfortable with it

Satisfaction is high, even as incidents mount and identity lags

We asked how satisfied enterprises are with their current agent security tooling. The comfort is notably out of step with the exposure documented above.

Finding 5 — And enterprises are comfortable with it

Advertisement

4.2

average overall satisfaction with current agent security tooling, on a five-point scale

4.1

Advertisement

average value for money; ease of implementation trails slightly at 3.9

54%

have nonetheless already had a confirmed incident or near-miss (Finding 1)

Advertisement

32%

give every agent its own scoped identity (Finding 2)

Advertisement

Satisfaction with agent security tooling is high — 4.2 out of 5 overall, and 4.1 for value for money — among the most positive readings in this series. That is the striking part: enterprises are highly satisfied with a stack that is mostly borrowed provider guardrails, even though more than half have already had an incident or near-miss and only a third give their agents scoped identities. The comfort appears to rest on the convenience and low friction of provider-native controls rather than on demonstrated containment. It is a false comfort in the making — the same enterprises expressing satisfaction are, as Finding 8 shows, a clear majority planning to change tooling within the year, which suggests the confidence is thinner than the score implies.

Finding 6: Budgets haven’t caught up

Most spend under a tenth of the security budget on agents

Advertisement

We asked what share of the security budget enterprises allocate to securing AI agents. For a fast-emerging risk, the allocation is modest.

Finding 6 — Budgets haven’t caught up

46%

allocate 6–10% of their security budget to agent / AI security — the most common band

Advertisement

26%

allocate 1–5%; a further 8% under 1%

Advertisement

9%

allocate more than 25%

Advertisement

Spending on agent security is still a thin slice. The most common allocation is 6–10% of the security budget (46%), and a third of enterprises (34%) spend 5% or less; only a quarter (24%) devote more than a tenth. Given the incident rate in Finding 1 and the identity and isolation gaps in Findings 2 and 3, the budget looks like a lagging indicator — the risk has arrived faster than the funding to address it. The enterprises spending more than a tenth of their security budget on agents are a distinct minority, and they are likely the ones building the scoped-identity and isolation controls the rest have not.

Only a third think their AI defenses are ahead of AI-enabled attackers

We asked how enterprises assess the balance between their AI-enabled defenses and AI-enabled attackers. Confidence is far from settled.

Advertisement

Finding 7 — The arms race is even, at best

35%

our AI-enabled defenses are ahead

Advertisement

21%

attackers using AI are ahead of our defenses

21%

Advertisement

too early to tell; 6% don’t know

Advertisement

Enterprises are split on whether they are winning. Only about a third (35%) believe their AI-enabled defenses are ahead of AI-enabled attackers; the rest are less sure — 32% call it roughly even, 21% think attackers are ahead, and another 21% say it is too early to tell. Taken together, a clear majority (53%) rate the balance as even or tilted toward the attacker. That uncertainty sits uneasily beside the high satisfaction of Finding 5: enterprises are content with their tooling yet unconvinced it is winning the contest it exists to win. In a domain where the offense is also compounding with AI, an even race is not a comfortable place to be.

Finding 8: A security reshuffle is coming

Nearly six in 10 plan to adopt or switch tooling within a year

We asked whether enterprises plan to adopt a new, additional, or replacement agent security solution, and which they are considering. Few intend to stand pat.

Finding 8 — A security reshuffle is coming

Advertisement

41%

have no plans to change

29%

Advertisement

plan to adopt or switch within the next 0–3 months

Advertisement

The security stack is not settled. While 41% have no plans to change, a clear majority (59%) intend to adopt a new, additional, or replacement agent security solution within twelve months, and 29% within the next quarter — a strong signal that, high satisfaction notwithstanding, enterprises know the current stack is provisional. Incidents are what start the buying cycle.

Among organizations that have been hit, 42.1% plan to adopt, add, or replace agent security tooling within the next ninety days, against 14.0% of organizations with no incident — and after a confirmed incident it becomes majority behavior, at 52.6%. Getting hit also changes the threat assessment: 33.3% of hit organizations say AI-armed attackers are ahead of their defenses, against 8.0% of the unhit. Experience, in this data, is the strongest predictor of both urgency and pessimism.

The consideration set still leans provider-native (OpenAI 34%, Google 30%, Anthropic 29%, Azure 25%), but the dedicated security vendors — Cloudflare, Cisco, Palo Alto, Okta, Check Point’s Lakera — draw early interest in the mid-to-high single digits, more than their current footprint. 

What the shopping does not yet include is the identity layer specifically. Twelve percent of the respondents include an agent-identity product — Okta for AI Agents, Microsoft Entra Agent ID, or a non-human identity platform — anywhere in their consideration set, and among the credential-sharing organizations that have already had an incident, identity consideration is essentially unchanged, at roughly one in ten. The control most directly implicated by the incident data is the one largely missing from the purchase plans. Whether this wave hardens the provider-native default or finally opens the door to purpose-built agent security — the identity and isolation controls the incidents call for — is the question this series will keep tracking.

Advertisement

The bottom line: A security gap that autonomy will test first

Organizations with more than 100 employees are giving AI agents real reach into systems and data while securing them with controls built for something else. More than half have already had an incident or near-miss; only a third give every agent its own scoped identity, and most still share credentials; only three in ten isolate their highest-risk agents; and the stack doing this work is overwhelmingly borrowed from the model providers and hyperscalers rather than purpose-built for agents.

The uncomfortable pairing is confidence with exposure: satisfaction with the current tooling is among the highest in this series, yet spending is a thin slice of the security budget, only a third believe their defenses are ahead of AI-enabled attackers, and a clear majority are already planning to replace what they have. At 107 respondents in a single wave this is a directional read, skewed toward the mid-market — but the direction is clear: agent adoption is running ahead of agent security, and the controls that matter most when something fails — scoped identity and isolation — are the ones enterprises have built least. The agent security gap is not a coverage problem that a provider guardrail will close on its own; it is a problem of identity, isolation, and enforcement built for autonomous software. The open question for later waves is whether enterprises close it deliberately — or whether a confirmed incident closes it for them.


Based on survey responses from 107 qualified enterprise respondents (100+ employees), drawn from a single June 2026 wave. This is a directional read, not a precise measurement — the sample is self-selected and skews mid-market, so it’s best read as the view from organizations actively standing up agent security rather than from the largest operators. Respondents are senior and buyer-credible (45% final decision-makers, 30% recommenders/influencers), spanning managers through the C-suite, and drawn primarily from Technology/Software, Manufacturing, Retail/E-commerce, and Healthcare/Life Sciences.

Source link

Advertisement
Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

Tech

Roblox Will Offer AI-Generated Game Creation On Mobile Later This Year

Published

on

Build starts limited alpha testing later this month.

Roblox has announced plans for its next chapter in letting players create their own games and interactive experiences. A new feature called Build will use AI tools to develop an interactive experience based on natural language prompts. Build will be a mobile-focused system, bringing game creation to smartphones and tablets for the first time. The toolset is based on a mix of open-source and proprietary AI models.

Build will be available as a public alpha for users in New Zealand beginning July 28, with more regions to be added in the coming months. Players will need to be age 9 and up to use the Build tools, and creations that pass safety checks and are published will be globally available to those 16 and up. Its age verification systems didn’t get off to a great start, although Roblox still launched restricted account tiers last month. We’ll see if Build winds up being a positive application of AI (they do exist) or another unforced error.

Update, July 16, 6PM ET: This story was updated after publish to clarify that the public alpha will initially be available in New Zealand.

Advertisement

Source link

Advertisement
Continue Reading

Tech

1Password lets Claude log you into websites without ever seeing your passwords

Published

on

TL;DR

1Password for Claude lets the AI agent use your logins via biometric approval without the credentials ever reaching the model or Anthropic’s systems.

1Password has launched a browser integration that lets Anthropic’s Claude use stored credentials to complete tasks on the web without the passwords ever reaching the AI model, according to a blog post published on Thursday. The company calls it a zero-exposure architecture: when Claude needs to sign in, 1Password shows the user which credential is being requested and why, then waits for biometric approval before injecting the login directly into the page. Claude never sees the vault item, password, or one-time code, and access ends when the task is complete.

The integration addresses a fundamental tension in agentic AI. Browser-based agents like Claude can navigate websites, fill out forms, and complete purchases, but reaching a login page has historically forced users to either hand over their password or take the wheel themselves. 1Password says this is the first browser integration that lets an agent use credentials without granting direct access to them.

After autofill, 1Password checks whether secrets were exposed on the page. If submission fails, the extension clears the filled values before returning control to Claude. The credential stays encrypted and controlled by 1Password throughout the process.

Advertisement

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The launch also introduces Agentic Mode, a feature in the 1Password browser extension that automatically locks down the vault when a compatible AI agent takes control. The agent can only use logins and one-time codes explicitly approved for the current task, and the rest of the vault stays out of reach. Agentic Mode activates even if the 1Password-Claude integration is not configured, and supports agents beyond Claude.

The timing is notable given that security researchers recently demonstrated how AI browsers could be tricked into leaking user credentials through prompt injection attacks, with Anthropic’s own Claude extension among those affected. 1Password CTO Nancy Wang said in the company’s announcement that the answer is not handing agents your secrets, but letting a user give an agent permission to use a credential without letting the agent see it. She called that distinction the foundation of trust in AI agents.

Advertisement

1Password for Claude is available now on Mac for business, family, and individual plans, and requires the 1Password desktop app, browser extension, Claude desktop app, and Claude browser extension. The company, which recently acquired Israeli startup Apono to govern AI agent access inside enterprise systems, said it plans to add support for payment cards and identity details after launch.

CNET’s password manager expert Joe Supan said he would normally be very wary about giving an AI agent access to his password manager, but that 1Password appears to have several good guardrails in place, particularly biometric authentication for each login. The integration marks the first time a major password manager has built a dedicated secure channel for an AI agent to use credentials at runtime, rather than exposing them to the model’s context. Whether the approach holds up against the kind of prompt injection attacks that have already compromised AI browsers remains to be seen.

Source link

Advertisement
Continue Reading

Tech

iRobot Promo Code: 15% Off

Published

on

The brand iRobot launched the first Roomba robot vacuum back in 2002, and popularity for the handy devices skyrocketed from there. Countless competitors have emerged, but Roomba is still going strong. Its latest models have all the new features we love, from doubling as a vacuum and a mop to fantastic navigation and suction. The Roomba Max 705 is currently keeping my house clean as I test it for our robot vacuum guide, and it’s doing a great job both mopping and vacuuming the floors in my massive second story.

Looking to own your own Roomba robot vacuum? These iRobot promo codes and coupons will make it more affordable than ever to own your own powerful robot vacuum from the iconic brand.

Save $400 Off for Fathers Day at iRobot

Give Dad the gift of a clean home (that’s easier than ever) with up to $400 off bestselling iRoomba robot vacuums. This means hundreds of dollars off popular models like the Roomba Plus 505 Combo, Roomba Max 705, and more. Act soon before Father’s Day passes and the deals disappear. A clean home has never been easier (or cheaper) to achieve.

iRobot Promo: Treat a Friend to 15% Off a Robot and Save $15 on iRobot Accessories

I once gifted a friend a robot vacuum and she regularly tells me how it’s a marriage saver. If you want to change a friend’s life (and potentially save their marriage) you can gift a friend 15% off a robot vacuum with this iRobot coupon code, and you’ll get $15 off robot accessories for yourself. A clean win for everyone.

Advertisement

Save 33% on the Roomba Max 705 With Anti-Tangle Brushes Using This iRobot Offer

I test lots of robot vacuums, and my favorite from iRobot’s lineup is the Roomba Max 705. It’s packed with two anti-tangle brushes, excellent navigation, a self-emptying base station, and left my home sparkling clean. It’s a great choice for a Roomba for pet hair, and it’s done a great job with the litter my cat leaves all over the house, too. Extra bonus: it’s gorgeous. You can get 33% off this powerful robot vacuum right now with this iRobot discount code.

Tackle Every Mess Effortlessly: $300 Off the Roomba Plus 405 Combo Robot With AutoWash Dock

Looking for something a little more affordable? The Roomba Plus 405 Combo Robot is cheaper but still packs mopping and vacuuming, and still comes with an auto-emptying docking station. It’s already a pretty affordable model and a great iRobot vacuum for hardwood floors, and right now you can get it for $300 cheaper with this iRobot coupon.

Save $290 on Smart Cleaning: The Roomba 205 DustCompactor Combo Robot Vacuum & Mop

If you don’t want a big base station in your home but still want a robot vacuum that can vacuum and mop, the Roomba 205 DustCompactor is for you. The Roomba 205 will compact and store debris for up to 60 days inside the robot itself, no emptying station required. It’s bagless, like my favorite Shark robot vacuum, so you don’t need to worry about buying and replacing bags to use the vacuum. If that sounds up your alley, don’t miss your chance to save almost $300 on this robot vac with this iRobot promo code.

Get 10% Off Your First iRobot Purchase When You Sign up for Emails

Not sure what you want to get from iRobot, but know you want an iRobot discount code? You can sign up for iRobot’s emails and get a code for 10% off whatever your first purchase is. Enjoy!

Advertisement

Save $500 on Max 705 Combo

The Roomba Max 705 Combo robot + AutoWash dock is the perfect household helper. With a self-cleaning roller mop, detailed edge cleaning, anti-tangle dual rubber brushes, and a powerhouse dock, this impressive robovac-mop combo takes all of the gruntwork out of the normal household cleaning chores. Usually $1,300, the Max 705 is nearly half off at $800. If you’ve been looking to upgrade your cleaning routine, snag this model for $500 less than usual, for a limited time.

Get 20% Off iRobot Accessories

An iRobot is an investment, requiring parts replacement, upgrades, and routine maintenance to keep your device in tip-top shape. iRobot knows this and wants to keep the costs down while maintaining the longevity of this top tech. Be sure to check out iRobot Accessory Offers for huge savings on genuine iRobot accessories for your robot, including up to 20% off with bundle deals. With this “buy more, save more” sale, you can build your own bundle for increased savings, so when you buy any 2, you’ll get 10% off; buy any 3, get 15% off; or when you buy any 4, you’ll get 20% off on eligible accessories. So whatever your need is, make sure you take advantage of this deal and stock up on essential accessories like filters, dirt disposal bags, replacement parts and more.

Source link

Advertisement
Continue Reading

Tech

Coca-Cola suspended production at its Fairlife dairy after a ransomware attack

Published

on

U.S. beverage maker Coca-Cola said one of its dairy subsidiaries was hacked and that it’s shutting down its operations for the foreseeable future. The multinational giant said in a disclosure with the U.S. Securities and Exchange Commission that its Fairlife dairy company was hit by ransomware and that its production systems are affected. The company said that its Fairlife production operations across the United States are “temporarily suspended.”

Fairlife’s operations in Canada are unaffected.

Coca-Cola is one of the largest companies in the world, with products spanning carbonated drinks, water, and dairy products. Its Fairlife dairy is one of the company’s major brands, with an estimated $4 billion in sales by 2024.

Ransomware attacks on food and beverage companies can have lasting effects. Past incidents at Arizona Beverages in 2019 and food distributor giant UNFI last year resulted in weeks-long disruptions to their respective production lines and empty grocery shelves.

Advertisement

Coca-Cola didn’t say when Fairlife’s systems would be restored.

Do you know about the cyberattack at Fairlife? Do you work at the company? We would love to hear from you. From a non-work device, you can securely contact Zack Whittaker on the Signal messaging app with the username zackwhittaker.1337.

Source link

Advertisement
Continue Reading

Tech

Prime Day might be over but these 21 deals under AU$50 prove you don’t need a major sale to upgrade your tech

Published

on

Weekly newsletters

Get daily news, weekly deals and the week’s top tech stories

Commenting access

Join the conversation, share your thoughts and get expert advice

Member badges

Earn badges as you explore news, deals, reviews, guides and more

Exclusive deals

Save on gadgets, subscriptions and accessories with handpicked discounts

Advertisement

Source link

Continue Reading

Tech

Zero trust must now move at agent speed

Published

on

Presented by Ping Identity


Enterprises need to treat zero trust security architecture as an immediate requirement for AI agents rather than a long-term goal, says Andre Durand, CEO and founder of Ping Identity. Zero trust, the security model built on the assumption that no user, device, or system should be automatically trusted, requires continuous verification before every action rather than a single check at login. Agentic AI has profoundly compressed the risk timeline enterprises must manage, demanding that permission decisions be evaluated in real time.

That compression shows up in how permissions accumulate. Every time an employee approves an AI agent’s request for access to a company drive, a database, or a code repository, the enterprise hands over a sliver of control that looks routine in isolation. Across thousands of agents making thousands of requests, those approvals accumulate into an exposure that most existing security architectures were never built to measure.

“The rise in desire to use agents right now, and the speed of agentic, is highlighting the need to move faster on the principles of zero trust,” Durand says. “Agents just move faster, full stop. A human compromise might be measured in minutes or hours, sometimes days. At agentic speed, a thousand actions could happen in five minutes.”

Advertisement

Why zero trust is now urgent for agentic AI

That difference in velocity changes how enterprises need to think about permissions. Two variables matter: the surface area of access an agent is granted and the duration that access remains valid. Traditional identity and access management tends to grant broad permissions and leave sessions open for extended periods because the human using them moves at human speed. Zero trust, in contrast, collapses both variables at once by narrowing access down to what is strictly necessary and revalidating it continuously, rather than once at login.

“Zero trust really just says, just enough, just in time,” Durand says. “It’s your next action that we care about. We’re moving identity from an era where access was our runtime control point — meaning were you logged in, did you have a session — toward the decision that sits behind that login.”

Why agents must be treated as first-class identities

That shift to decision-based control has direct implications for how agents should be provisioned in the first place. The common practice of letting an agent operate under a cloned human login or a shared service account doesn’t work, Durand says.

“Each agent should have its own identity,” he explains. “It should not be impersonating the human. It can act on behalf of the human, we could explicitly delegate authority to an agent, but we don’t want to blur the lines between the human taking action and the agent taking action.”

Advertisement

And beyond that is another concern: the shared secrets, API keys in particular, that many service accounts still rely on. For example, the habit of embedding keys directly in source code, where they can be committed accidentally and exposed, is a convenient but weak security pattern that agentic workflows make considerably riskier. Building service account architectures that let agents authenticate without relying on those shared credentials or other long-lived standing access is now an urgent priority rather than a long-term cleanup project.

Where enterprises can enforce zero trust policies

Enforcing any of this in practice requires identifying where policy can actually be applied. Several existing choke points, including API gateways and the agent gateway sitting in front of MCP servers, offer practical locations where enterprises can inspect what an agent is requesting and apply policy rules before granting it.

“Those policies could leverage real-time risk and fraud signals, and then enforce, deterministically, what the agent can do when it interacts with these systems,” Durand explains.

The goal is to move authorization from something decided once at login to something evaluated at the moment of every consequential action, such as an agent attempting to commit code to a repository. Instead of carrying a standing permission to write to GitHub, the agent’s request would be checked against context and policy at that specific moment, closing the window of trust down to the scope of a single action.

Advertisement

Stopping AI agents from rewriting their own permissions

That model becomes especially important given how agents can behave once they are already inside a system — for example, coding agents that have acknowledged, when questioned, either ignoring a specific guardrail entirely, or attempting to rewrite the permissions they were given.

“Who’s watching the watcher? Zero trust needs to apply here,” Durand says. “If generative AI systems follow your instruction 97% of the time, and you’re simply asking it for advice, that might be fine. If it’s responsible for making a decision about who gets let in, 97% is not good enough.”

How to trust AI-generated output at agent speed

The answer to that gap is not to eliminate AI from the review process, but to structure reviews so no single agent’s judgment is taken at face value. Because human review cannot scale to the volume and speed of agentic output without erasing the advantage of using agents at all, a new framework is necessary, so that when one agent produces work, such as code, separate agents evaluate it, provided those reviewing agents are kept from communicating with one another or with the one they are checking. It’s a new human-AI paradigm, Durand says.

“We probably will have to develop frameworks that we trust without seeing or verifying the output directly,” he explains. “It’s not that that construct is 100% foolproof. However, it’s the best we can do to move at agent speed. We can’t trust the exact output, but we can trust the framework.”

Advertisement

In practice, that means combining automated review with clear human accountability for higher-risk decisions, rather than treating agent output as self-validating.

For traditional auditors, reviewing every transaction individually is never feasible, and statistically valid sampling stands in for full verification. The same applies to risk accumulation: a single agent action might carry little risk on its own, while a sequence of actions moving in a consistent direction could cross a threshold that triggers an intervention, including a kill switch capable of halting the agent before further harm occurs.

What to ask when evaluating agentic identity platforms

For security leaders evaluating identity platforms for agentic AI, there’s no narrow checklist. Enterprises should evaluate what their full lifecycle of agent management looks like. Most enterprises are managing agents on two fronts simultaneously: customer-facing agents acting on behalf of external users, and internal agents deployed to automate enterprise processes.

“Pause long enough to see the totality of what it would mean to secure multiple agents, both interacting with you from the outside as well as being deployed on the inside,” Durand says. “We need discovery and visibility of all the agents operating within our estate, a place to register them, a standard way to assign custodians, and a way to construct and centralize policy so security can enforce it across the organization.”

Advertisement

And while basic security principles were already fully understood before agentic AI arrived, what has changed, Durand says, is that the cost of moving slowly has finally caught up with the cost of moving carelessly, giving enterprises a narrowing window to build the right architecture before widespread agentic adoption makes retrofitting far more expensive.


Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. For more information, contact sales@venturebeat.com.

Source link

Advertisement
Continue Reading

Tech

Truth Social To Sell Wall Street Firms the ‘Fastest’ Access To Trump’s Post

Published

on

An anonymous reader quotes a report from NBC News: Trump Media & Technology Group has unveiled a paid-for, licensed data feed that will give banks and trading firms “the fastest” access to posts from influential Truth Social accounts, such as President Donald Trump’s, whose posts often move global markets. The product, called ‘Truth API,’ will deliver posts from the 10 most influential accounts to customers at a significantly faster pace than a regular push notification on the Truth Social platform, a spokesperson said. The feed is designed for organizations “most impacted by the cost of a delay in information,” such as algorithmic trading firms, the company said in a statement. “Until now… firms that prioritize tracking influential Truth posts have relied on manual monitoring. Truth API closes the gap.” “Markets already move on Truth Social posts … As adoption grows, we expect Truth API to become a meaningful, ongoing source of revenue for the company,” TMTG’s interim CEO Kevin McGurn said.

Source link

Continue Reading

Tech

Magic Touch was Keytec’s 1994 Overlay That Added Touchscreen Control to Any Monitor or Notebook

Published

on

Keytec Magic Touch Accessory 1994
Keytec brought the Magic Touch to the 1994 Summer Consumer Electronics Show in Chicago. The Texas company, founded in 1987, offered a straightforward way to give standard CRT monitors and notebook screens touch input without replacing the entire display. At a moment when keyboards and mice defined personal computing, the idea of pressing a finger directly on the glass stood out as genuinely forward-looking.



The Magic Touch’s hardware took the shape of a framed overlay, similar to a plastic frame with a clear adhesive membrane inside. This membrane rested on top of whatever monitor you were using at the moment, with a nice border that matched the forum’s standard beige or black color scheme. Within this jumble of layers was a brilliant innovation: an invisible spacer system that kept the whole device light and didn’t interfere with your view while also protecting the screen from scratches. The membrane handled roughly 80% of the display, which isn’t awful, and it was strong enough to withstand the ordinary 3H pencil scratch.

Sale


InnoView 15.6″ Portable Monitor 60Hz Touchscreen 1080P 10-Point Touch Screen Monitor Portable with…
  • [10-Point Touchscreen Portable Monitor]: Portable screen compatible with Windows and MacOS systems. You can get touch function for your laptop by…
  • [Get a Monitor Protective Sleeve]: The case is tailor-made for your portable laptop monitor, lightweight and durable, easy to carry, a perfect…
  • [FHD IPS Portable Display]: 15.6 inch 1080P portable screen for laptop adopts a real reliable IPS screen with a viewing angle of 178°. Compared with…

Keytec Magic Touch Accessory 1994
To make things work, you needed a little external controller. Early versions were connected via an obsolete serial port, whereas subsequent versions just used USB. The panel simply hooked into the controller, and many configurations provided power via the computer connection, eliminating the need for a bulky power brick on your desk. The items were offered in a number of sizes, ranging from 12 to 17 inches for poor laptops to 13 to 24 inches for desktop displays, with larger cousins appearing in related products. It was very simple to install; simply attach some clips or brackets for large desktop monitors that would clip over the top of the bezel, or use adjustable straps for laptops to keep everything in line with the screen. You finished in a few minutes, and the old screen was as good as new underneath.

Keytec Magic Touch Accessory 1994
Once everything was set up and connected, you’d need some software to instruct the touchpad what to do. This would convert all of the touchy feely inputs into mouse operations. You’d go through a simple calibration process to get the pixels and the membrane in line. Then you could choose whether to click on contact or lift off to get the device to work, and you could even change for left or right hand preference, as well as temporary right click on using a software toggle. It performed all of the standard mouse actions: cursor movement, single clicks, double taps, and drags. The touch resolution was great and high, 4096 by 4096 points, and the entire thing responded to finger pressure, which ranged from 50 to 120 grams per square centimeter.

Keytec Magic Touch Accessory 1994
The effectiveness of the system was determined by the software being used. Big buttons on interface elements functioned perfectly with a finger or a stylus, and menu navigation was simple. You’re probably familiar with some of the older action games, which were more hit and miss. Because of the small physical space between the membrane and the screen, you had to make sure you had everything set up correctly for those tiny targets; otherwise, you’d have bizarre parallax, and glare may be an issue, especially if you had a shiny display. It also took some force to work, albeit not much.

Keytec Magic Touch Accessory 1994
After completing the initial Magic Touch launch, the company continued to develop subsequent versions that worked with a variety of operating systems and connection methods. They made this type of device until 2017, when it was handed over to a new business that continued to create custom touch-focused solutions for a variety of monitors and panels. Nowadays, you can get very much the same idea, just updated, and still purchase a Magic Touch-style gadget to convert an old display into a touchscreen.

Advertisement

Source link

Continue Reading

Tech

South Korea making its own security-centric AI model

Published

on

AI AND ML

Adapting existing local LLM project for security and sovereignty purposes and hopes to one day match Mythos

South Korea is developing its own security-focused AI model and hopes to bring it online by the end of the year, to ensure the nation has sovereign bug-finding capabilities.

Deputy Prime Minister and Minister of Science and ICT Bae Kyung-hoon revealed the effort to create the model yesterday, and said it’s needed so South Korea possesses a bug-finding model to rival Anthropic’s Mythos.

Advertisement

The US government has twice blocked access to Mythos, once by requiring Anthropic to offer it only to American citizens – a demand the AI company could not meet and therefore blocked all access – and a second time by ordering the company to take down its services so Washington could investigate allegations of possible dangerous performance problems.

Those incidents led many other nations conclude that the US could in future deny access to powerful models – meaning US-based organizations and national security agencies would have an edge. Washington has since allowed limited access to Mythos to some of its allies.

Interest in developing sovereign AI capacity has nonetheless soared, and Bae said South Korea now aspires to develop its own Mythos-class model. The Register is aware of another effort to create Mythos-like tools, involving private firms and infrastructure operators across several countries.

In South Korea, the government’s approach is to add security-related information to the corpus it is using to train a locally developed frontier model. The minister said he expects that security-capable model will debut by the end of 2026.

Advertisement

South Korea has also sought bids to create a chatbot that will be made freely available to all residents, plus an agentic application that will help locals interact with government services.

Minister Bae made his remarks at a policy briefing session conducted by President Lee Jae Myung, during which discussions about AI also touched on using the technology to detect fake news in real time, and put it to work handling complaints about government services more quickly than is currently possible. ®

Source link

Advertisement
Continue Reading

Tech

Activist Group Takes Over London Bus Stops With Fake Meta Glasses Ads

Published

on

One features an optical illusion spoof of ‘They Live.’

Amid a growing backlash against Meta’s smart glasses, an activist group has taken over two London bus stops with fake ads for the product, including one that uses a clever optical illusions to turn Kylie Jenner’s face into a dystopian PSA about surveillance.

At first glance, the “ad” looks almost indistinguishable from a legitimate ad showing Kylie Jenner wearing a pair of smart glasses. But if you look at it from a different angle, the image turns to black and white and Jenner’s face takes on a creepy, skeletal look. Instead of “Meta AI glasses” the text changes to “Meta: We’re always watching.”

Recording everything we see and do constantly? It’s giving fascism, not fashion

It’s just been revealed Meta is planning to make the glasses “continuously record audio while taking photos every few seconds” without any warning light*

Advertisement

Literally NO ONE asked for this

#noncegoggles

*Source: the FT

Everyone Hates Elon (@everyonehateselon.bsky.social) 2026-07-13T15:57:17.393Z

Advertisement

As Hyperallergic points out, the ad seems to be a cheeky nod to They Live, John Carpenter’s 1988 sci-fi classic in which a pair of strange sunglasses plays an important role. It also follows another fake Meta glasses ad that cropped up in London earlier this month that’s even less subtle. “The biggest advance in pervert technology since the trenchcoat,” it says above a pair of glasses. “Hey Meta, start filming.”

Both ads are the work of Everyone Hates Elon, an activist group that’s conducted similar guerrilla-style campaigns to protest Elon Musk and other tech oligarchs. The group was behind a series of and posters subway ads in New York that protested Jeff Bezos’ involvement with this year’s Met Gala.

“Just because you CAN create sunglasses that record people without their consent and use the footage to train robots… Doesn’t mean you should,” the group wrote in an Instagram post about the campaign. The group also pointed to a recent report from the Financial Times that claimed Meta is testing a new type of glasses that’s meant to continuously record audio and video.

Meta didn’t immediately respond to a request for comment. The company recently announced that it would disable the cameras on its smart glasses if it detects that the recording LEDs have been physically tampered with. Meta said it would “continue to work on ways to make them even safer and more trustworthy.”

Advertisement

Source link

Advertisement
Continue Reading

Trending

Copyright © 2025