Learn how to implement cryptographic agility in MCP resource servers to protect AI infrastructure from quantum threats using PQC and modular security frameworks.
The post Cryptographic Agility in MCP Resource Server Orchestration appeared first on Security Boulevard.
How Secure Are Your Machine Identities and Their Secrets? How often do organizations truly consider the security of non-human identities (NHIs) within their systems? Where cybersecurity threats are evolving rapidly, the management of NHIs plays a crucial role in protecting digital assets across industries, particularly those heavily reliant on cloud infrastructure such as financial services, […]
The post How independent can AI ethics governance become appeared first on Entro.
The post How independent can AI ethics governance become appeared first on Security Boulevard.
Is Your Organization Ready to Harness the Power of AI Solutions for Budget Management? An often overlooked aspect is the management of Non-Human Identities (NHIs). With industries like financial services, healthcare, and DevOps rely increasingly on cloud-based infrastructures, the need for advanced security management has never been greater. But how does this fit? Understanding the […]
The post How do AI-driven solutions fit upscale budgets appeared first on Entro.
The post How do AI-driven solutions fit upscale budgets appeared first on Security Boulevard.
How Do Non-Human Identities Impact AI-Driven Decisions in Cybersecurity? Have you ever considered how machine identities, which we refer to with Non-Human Identities (NHIs), can influence AI-driven decisions in cybersecurity? When organizations continue to embrace cloud environments, securing these machine identities becomes paramount for ensuring business certainty and operational efficiency. When examining cybersecurity, NHIs provide […]
The post Why must businesses be certain about AI-driven operational decisions appeared first on Entro.
The post Why must businesses be certain about AI-driven operational decisions appeared first on Security Boulevard.
Overview This is an update to the Cyber Heads-up we posted back on March 4, 2026, with detailed information about Iranian threat activity tied to ongoing U.S./Israeli operations. Analysis At the start of hostilities with Iran, we at Assura took proactive steps to identify and create alerts for known Iranian-sponsored Indicators of Compromise (IOC). We… Continue reading Update: Iranian-U.S./Israeli Hostilities Lead to Increased Threat Landscape
The post Update: Iranian-U.S./Israeli Hostilities Lead to Increased Threat Landscape appeared first on Security Boulevard.
Lloyds Banking Group has launched an internal investigation after a technical error in its mobile banking applications allowed some customers to briefly see other users’ transaction details. The incident affected the mobile apps of several brands operated by the group, including Lloyds Bank, Halifax, and Bank of Scotland. According to the bank, the issue arose […]
The post Lloyds Banking Group Investigates Mobile App Data Exposure Affecting Multiple UK Banks appeared first on Centraleyes.
The post Lloyds Banking Group Investigates Mobile App Data Exposure Affecting Multiple UK Banks appeared first on Security Boulevard.
Presenter: Rik Farrow
Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security '25 (Enigma Track) (USENIX '25 content on the Organizations' YouTube Channel.
The post USENIX Security ’25 (Enigma Track) – Usernames, Passwords And Security appeared first on Security Boulevard.
Most organisations assume DDoS (Distributed denial of service) protection is a box they’ve already ticked. If traffic spikes or an attack starts, the thinking goes, their provider will absorb it and move on. But in the real world it can be a different story. Many incidents aren’t caused by the scale of an attack alone, […]
The post Why Most DDoS Protection Fails: Solving for Continuity and Resilience appeared first on Blog.
The post Why Most DDoS Protection Fails: Solving for Continuity and Resilience appeared first on Security Boulevard.
When cybersecurity experts from the public and private sectors gathered this week, AI and critical infrastructure took a back seat to frontline defense in light of recent international headlines.
The post New Federal Strategies, Rising Risk From Iran Top Cyber Themes appeared first on Security Boulevard.
How Can Non-Human Identities Transform AI Security in Travel? The rapid integration of artificial intelligence (AI) across industries is reshaping how organizations manage security, especially in travel. But how can Non-Human Identities (NHIs) be a game-changer in AI security? With machine identities underpin the secure operation of AI systems, understanding their role is essential for […]
The post What makes AI in travel industry security powerful appeared first on Entro.
The post What makes AI in travel industry security powerful appeared first on Security Boulevard.
Can Machine Identities Be the Key to Greater Security in Healthcare Data Systems? Where data breaches are alarmingly frequent, the role of Non-Human Identities (NHIs) in safeguarding healthcare data systems has garnered increased attention. Understanding and harnessing the power of NHIs can significantly mitigate risks, enhance compliance, and improve operational efficiency across various industries, including […]
The post Are healthcare data systems supported by NHIs effectively appeared first on Entro.
The post Are healthcare data systems supported by NHIs effectively appeared first on Security Boulevard.
Are Your Cloud Security Strategies Providing the Reassurance You Need? Achieving confidence requires more than just traditional measures. Non-Human Identities (NHIs) are a pivotal component of robust cloud security strategies. These machine identities offer an evolved approach to managing cybersecurity risks, specifically addressing the gaps that often exist between security teams and research and development […]
The post How reassured can we be with our current cloud security strategies appeared first on Entro.
The post How reassured can we be with our current cloud security strategies appeared first on Security Boulevard.
I ran an experiment this week that I did not expect to be instructive, and it was.
Related: How ChatGPT is becoming Microsoft Office
The setup was simple. I had been working through a spontaneous personal essay — about cognitive … (more…)
The post MY TAKE: The AI magic is back — whether it endured depends on Amazon’s next moves first appeared on The Last Watchdog.
The post MY TAKE: The AI magic is back — whether it endured depends on Amazon’s next moves appeared first on Security Boulevard.
Presenter: Stacey Higginbotham, Consumer Reports
Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security '25 (Enigma Track) (USENIX '25 content on the Organizations' YouTube Channel.
The post USENIX Security ’25 (Enigma Track) – Zombie Devices Are Running Amuck! appeared first on Security Boulevard.
Cyber threats are evolving at a pace that traditional security testing methods struggle to keep up with. Organizations today operate in highly complex digital environments with cloud platforms, APIs, microservices, and rapidly deployed applications. In such environments, manual security testing alone is no longer enough. This is where an AI pentesting tool becomes a critical […]
The post Best 5 AI Pentesting Tools in 2026 appeared first on Kratikal Blogs.
The post Best 5 AI Pentesting Tools in 2026 appeared first on Security Boulevard.
You have Sentinel. You have Defender. Here is what fills the autonomous investigation gap between detection and autonomous resolution.
The post D3 Morpheus for Your Microsoft Security Environment appeared first on D3 Security.
The post D3 Morpheus for Your Microsoft Security Environment appeared first on Security Boulevard.
This week’s McKinsey incident should be a wake-up call for every enterprise moving fast to deploy AI.
Not because AI itself is inherently insecure.
But because too many organizations are still thinking about AI security at the model layer, while the real enterprise risk sits in the action layer: the APIs, MCP servers, internal services, and shadow integrations that AI agents can reach, invoke, and manipulate.
That is the part most companies still do not see.
The technical details matter here. Public reporting described an internal AI platform with a broad API footprint, including more than 200 documented endpoints and a set of unauthenticated APIs that could allegedly be reached externally. The same reporting described potential exposure paths to tens of millions of chat messages, hundreds of thousands of files, user accounts, and system prompts. Whether or not every possible impact was realized, the takeaway for security leaders is clear: when internal AI systems are wired into weakly governed APIs, the blast radius can become enormous very quickly.
And this is not an isolated case.
The McDonald’s AI hiring incident points to the same structural problem. Different companies. Different workflow. Same core mistake. Reporting on that case described exposed administrative access, weak authentication practices, and the potential exposure of a massive pool of applicant records. Again, the story was not just about the chatbot. It was about the application and API infrastructure around it.
That is the lesson the market needs to understand.
The real risk is not the LLM. It is what the agent can do.A lot of the AI security market today is focused on prompts, model behavior, jailbreaks, and output controls.
Those matter.
But they are only one layer.
In the enterprise, AI agents do not create value by talking. They create value by taking action. They retrieve data, call APIs, invoke tools, access systems, trigger workflows, and increasingly operate through MCP servers and connected services.
That means the real blast radius of AI is determined by the action layer.
This is why the industry framing of “AI security” is still too narrow. The attack surface is no longer just the model. It is the full connected system around it.
McKinsey and McDonald’s security breaches are the same storyAt first glance, these incidents look different. McKinsey was an internal AI platform. McDonald’s was an AI-powered hiring workflow.
But structurally they are the same. Both point to a growing enterprise reality: organizations are connecting AI systems to internal and external application infrastructure faster than they are securing that infrastructure.
And in many cases, the weakest point is not a sophisticated model exploit. It is a plain old exposed API, weak authentication, forgotten endpoint, misconfigured access control, or third-party integration that quietly became internet reachable.
That is exactly why I believe one of the most dangerous categories emerging right now is shadow APIs connected to agents.
These are internal or lightly governed APIs that were never meant to become part of an external attack surface, but once they are connected to copilots, workflows, MCP servers, browser agents, coding agents, or AI applications, they effectively become part of one.
The company still thinks of them as “internal.” The attacker does not.
The blind spot: shadow APIs plus agent connectivityThis is the gap I worry about most for enterprises today. Every company has APIs it knows about. Many also have APIs it has forgotten, never fully documented, or does not realize are externally reachable.
Now add AI. The moment an agent is connected to those systems, or an MCP server is exposed with access to them, the attack surface expands dramatically.
What used to be obscure, low traffic, and semi-internal becomes:
That is the shift. In the pre-agentic world, a hidden or weakly governed API might sit quietly for months or years. In the agentic world, it only needs to be reachable once.
The new security model enterprises needIf you are deploying AI, you need to stop asking only: Is the model safe? and start asking:
The next generation of AI incidents will come from agents sitting on top of weak action layers: exposed APIs, unauthenticated services, forgotten integrations, and misconfigured MCP servers.
This is exactly why we built Salt SurfaceAt Salt, we have spent years helping enterprises discover and secure APIs they did not know were exposed. That problem now matters even more in the age of AI.
With Salt Surface, organizations can map their exposed API footprint, including AI-related APIs and externally reachable services, without deploying an agent or installing anything in their environment.
If you are building with AI, the first question should not be whether your prompt is protected. It should be whether your action layer is exposed.
The model is not the whole attack surface. The API layer is.
Get your free exposure scanIf you want to know whether your company has exposed APIs, AI-connected endpoints, or internet-reachable services, we will show you. No installation. No heavy lift. Just a domain and you get visibility into the attack surface you need to understand now.
Request your free Salt Surface scan today.
Roey Eliyahu is the Co-Founder and CEO of Salt Security, the leader in Agentic Security.
The post An AI Agent Didn’t Hack McKinsey. Its Exposed APIs Did. appeared first on Security Boulevard.
How Do Non-Human Identities Impact Cloud Security? What role do non-human identities (NHIs) play in strengthening cloud security for your organization? Where businesses increasingly migrate operations to the cloud, ensuring robust security becomes essential. Non-human identities, or NHIs, are pivotal, representing machine identities that interact within your digital. By effectively managing these identities, businesses ensure […]
The post Are businesses free to choose their AI-driven solutions appeared first on Entro.
The post Are businesses free to choose their AI-driven solutions appeared first on Security Boulevard.
Are Non-Human Identities the Key to Securing the Financial Sector? One topic gaining notable traction is the management of Non-Human Identities (NHIs). With financial institutions increasingly migrate to cloud-based operations, securing machine identities becomes pivotal. These NHIs—consisting of encrypted passwords, tokens, or keys that define machine identities—are critical to ensuring secure operations and protecting sensitive […]
The post How is Agentic AI innovating financial sector practices appeared first on Entro.
The post How is Agentic AI innovating financial sector practices appeared first on Security Boulevard.
Are Your Machine Identities Securely Managed? Understanding Non-Human Identities Imagine the complexities involved in managing something that can’t think, act, or even decide on its own. Yet, this is the reality of dealing with Non-Human Identities (NHIs)—machine identities that play a crucial role in cybersecurity. These identities are not just strings of code; they’re pivotal […]
The post How relieved are teams with managed machine identities appeared first on Entro.
The post How relieved are teams with managed machine identities appeared first on Security Boulevard.
