This marks the second consecutive year Halo Security has earned the award. The MSP Today Product of the Year Award honors standout products and services that are reshaping the managed services landscape, delivered through the Channel and purpose-built to meet the evolving needs of end users. The Halo Security platform was selected for its innovation, performance, and its measurable impact on customers and partners alike.

The Halo Security Attack Surface Management Platform gives organizations and MSPs a complete view of their internet-facing assets and a clear path to fixing what matters most. Automated discovery helps uncover every domain, hostname, and IP exposed to the internet, while continuous vulnerability scanning, dynamic application security testing, dark web monitoring, and manual penetration testing surface the risks behind them. Behind the technology is a US-based team of security professionals who help customers and partners interpret findings, prioritize remediation, and act with confidence, so risk reduction happens faster and with less guesswork.

For MSPs, that combination scales across every client. Multi-tenant management, customizable dashboards with drag-and-drop widgets, configurable reports with saved views, and white-labeling let partners deliver branded, client-ready insights without the operational drag. Direct integrations with Slack, ServiceNow, Jira, Linear, Vanta, and the major cloud providers keep findings flowing into the tools partners already use, while built-in PCI compliance reporting as a PCI DSS Approved Scanning Vendor and SOC 2 Type II compliance underscore the platform’s commitment to the standards partners and their clients depend on.

Dowling

“As AI has reshaped almost every corner of cybersecurity, our partners keep telling us the same thing: the human element is what they value most,” said Lisa Dowling, CEO of Halo Security. “Automation finds the issues, but it’s our team of security experts who help partners and their clients understand what matters, what to fix first, and how to communicate risk in a meaningful way. This award is a reflection of the trust our partners place in our people, not just our technology.”

Tehrani

“It gives me great pleasure to recognize Halo Security as a 2026 recipient of TMC’s MSP Today Product of the Year Award for their innovative attack surface management solution,” said Rich Tehrani, CEO of TMC. “Our judges were thoroughly impressed not only by the strength and features of the product, but by Halo Security’s commitment to the Channel—empowering partners to deliver exceptional service and drive meaningful results for their clients.”

Winners of the 2026 MSP Today Product of the Year Award will be featured on MSP Today, the definitive resource for managed service providers, as well as across TMCnet’s media platforms.

About Halo Security: Halo Security is changing the way organizations manage their external attack surface. The comprehensive EASM platform pairs unprecedented visibility into internet-facing assets with expert remediation guidance, combining automated asset discovery, continuous vulnerability scanning, and penetration testing insights in a single solution for fast, measurable, and affordable risk reduction. Readers can learn more at halosecurity.com.

About MSP Today: MSP Today is the premier online destination for MSPs (Managed Service Providers) and IT service providers worldwide. As the industry’s leading web portal, MSP Today delivers timely and relevant news, cutting-edge product information, and invaluable insights to empower MSPs and IT professionals to thrive in today’s rapidly evolving technology landscape. Whether you’re seeking in-depth articles on emerging technologies, comprehensive product reviews, or actionable tips to optimize your IT services, MSP Today is the go-to resource for all things MSP-related. Readers can learn more at www.msptoday.com.

About TMC: For more than 20 years, TMC has been honoring technology companies with awards in various categories. These awards are regarded as some of the most prestigious and respected awards in the communications and technology sector worldwide. Winners represent prominent players in the market who consistently demonstrate the advancement of technologies. Each recipient is a verifiable leader in the marketplace. TMC also provides global buyers with valuable insights to make informed tech decisions through editorial platforms, live events, webinars, and online advertising. Readers can learn more at www.tmcnet.com.

Media contact: Lauren Ladra, Director of Partnerships, Halo Security, nick@halosecurity.com

Editor’s note: This press release was provided by CyberNewswire as part of its press release syndication service. The views and claims expressed belong to the issuing organization.

The post News alert: Halo Security recognized for helping MSPs manage customers’ external attack surfaces first appeared on The Last Watchdog.

Related: The industrializing of identity fraud

Corporate deepfake attacks of that kind, executives impersonated to authorize fraudulent wire transfers, accounted for roughly $550 million of the $2.19 billion in deepfake-related fraud losses reported globally through the first quarter of 2026, according to Surfshark’s April 2026 analysis.

What’s more, deepfake fraud attempts have surged 2,137 percent over the past three years, and Deloitte projects AI-enabled fraud in the U.S. will reach $40 billion by 2027.

“The deepfake itself is just a new iteration of a very old trick,” observes  Perry Carpenter, Chief Deception Strategist at KnowBe4, a Clearwater, Fla.-based provider of a digital workforce security platform.

I sat down with Carpenter at KB4-CON 2026 in Orlando to discuss this. For a full drill down, please give the accompanying podcast a listen. Here is what I learned that you should know.

Hijacking minds

Every con in history has worked the same way. The target’s nervous system is hijacked before the rational mind has time to engage. The deepfake is just the newest instrument for doing it.

Deepfakes are grabbing headlines because AI content generation tools have made them cheap, convincing, and scalable. But the deepfake itself is a distraction. What matters is the psychological mechanism underneath it — the one that has powered every con, phishing email, and social engineering attack for the past century, and that no detection tool has yet managed to neutralize.

“The thing that really unlocks the power of the artifact is the narrative — the context that somebody is snapping it into,” Carpenter told me. “Without that context, without human emotion, without the fact that our minds can be hijacked, the deepfake is just an interesting technology demo.”

Carpenter should know. He has spent his career studying deception — stage hypnosis, theatrical pickpocketing, and the psychology of why people act against their own best instincts under pressure.

His conclusion: a deepfake works because it arrives wrapped in the same emotional pressure that has driven social engineering since long before AI existed. Urgency. Claimed authority. A deadline that does not permit verification.

That also explains why deepfake detection tools have fallen short. The technology to reliably catch photorealistic synthetic video does not yet exist.

Meanwhile, the barriers to creating that video have collapsed. AI image and video generation tools — accessible to anyone with a broadband connection for $20 a month or nothing at all — can now produce the kind of photorealistic synthetic video that North Korea, China, and Russia would have needed nation-state resources to pull off five years ago.

Training the reflex

Carpenter’s answer is behavioral. Detection software is not the defense. The defense is an employee who recognizes emotional manipulation as it arrives. The signals are familiar from phishing: time compression, claimed authority, urgency engineered to shut down critical thinking. Those signals work the same way on a voice call or a video call as they do in a text message.

The goal is a reflex. The finance employee on the receiving end of a deepfake call needs to feel the manipulation before the rational mind engages, then pause and ask a verification question. That pause is the last line of defense between a polished deepfake and a wire transfer the company will not recover.

A reflex is not built in a classroom. Once-a-year compliance training does not produce it. Once-a-quarter awareness modules do not produce it. Carpenter put it bluntly: “If an organization is doing a once-a-year training or even a once-a-quarter training, it is like trying to get in shape and only going to the gym once a year. The only thing you realize is how much pain you’re in.”

What builds the reflex is repetition at the cadence of habit formation. KnowBe4 calls the discipline human risk management and runs it continuously rather than as an annual event.

The next attack surface

Most organizations are not ready for what comes after the deepfake. AI agents are now handling finance tasks, triggering transactions and running customer-facing communications inside enterprises that have not yet figured out how to govern them. The agents inherit the same vulnerabilities that make humans susceptible to deepfake attacks. Malicious inputs can manipulate them. Excessive permissions let them act in places their function does not require.

The difference is scale. A human employee tricked into authorizing one fraudulent wire transfer causes one incident. A compromised AI agent moves at machine speed across every system it can reach, executes whatever its permissions allow, and does it before anyone in the security operations center has noticed the agent was working off bad instructions in the first place.

“When you have a set of automated AI agents that are doing something wrong, they do that at agent scale,” Carpenter said.

Gravitee’s State of AI Agent Security 2026 report surveyed more than 900 executives and practitioners. It found 81 percent of enterprise teams have moved past the planning phase for agent deployment. Only 14 percent have full security approval for what they have built. Eighty-eight percent have experienced confirmed or suspected incidents tied to those agents.

Most organizations cannot produce a basic inventory of the agents running inside their environments. That is the same failure that defined unmanaged software exposure a decade ago.

KnowBe4 launched Agent Risk Manager on April 14, 2026. The company framed it as the first product built specifically to govern autonomous AI agent behavior. KnowBe4 released it the same day it acknowledged that human risk management alone no longer covers the workforce it is defending.

The question for CISOs is whether the recognition reflex can be trained into employees fast enough to matter before the next $25 million wire, and whether any of that training will transfer to the AI agents now arriving in the same workflows. I’ll keep watch and keep reporting.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(Editor’s note: I used Claude and ChatGPT to assist with research compilation, source discovery, and early draft structuring. All interviews, analysis, fact-checking, and final writing are my own. I remain responsible for every claim and conclusion.)

The post FIRESIDE CHAT: Deepfakes exploit human emotion, making employee reflex training essential first appeared on The Last Watchdog.

The annual Gartner Security & Risk Management Summit, scheduled for June 1–3, 2026, at the Gaylord National Resort & Convention Center in National Harbor, Maryland, is a widely attended industry event for chief information security officers (CISOs), risk leaders, and enterprise security teams. The event serves as a forum for organizations to evaluate approaches to addressing expanding attack surfaces, AI-driven threats, workforce constraints, and operational efficiency requirements.

In advance of the summit, TVC Analyst Group’s watch list highlights companies operating across security operations, exposure management, identity, compliance, and application security. The selected firms reflect broader industry shifts toward automation, continuous validation, and AI-driven security operations at enterprise scale.

What’s driving the shift

Organizations are no longer satisfied with tools that merely surface risk. They want platforms that can validate, prioritize, and act, autonomously, continuously, and without grinding business operations to a halt. AI is both the accelerant and the antidote: it’s expanding the threat landscape faster than most teams can keep up, while simultaneously offering the automation muscle security functions have long needed.

Against that backdrop, here are twelve cybersecurity companies drawing attention heading into the Summit, each staking out ground at the intersection of AI, automation, and operational resilience.

Security vendors to watch

•Reclaim Security is positioning itself around a challenge many enterprises continue to struggle with: remediation. While many security tools identify exposures, Reclaim focuses on operationalizing fixes through its AI Security Engineer and PIPE engine, which predicts productivity impact before changes are deployed. The company emphasizes business-aware remediation designed to avoid workflow disruption while reducing exposure at scale. As organizations increasingly adopt Continuous Threat Exposure Management (CTEM) programs, platforms that can bridge detection and measurable remediation may attract growing attention.

•Daylight Security is advancing what it calls Managed Agentic Security Services (MASS), combining AI-native operations with experienced threat hunters and incident responders. The company’s model moves beyond traditional MDR by integrating identity and business context directly into investigations and response workflows. Rather than relying solely on AI or human analysts, Daylight combines both to continuously refine detections and operational knowledge. That hybrid approach reflects a broader industry trend toward collaborative security operations between autonomous systems and expert practitioners.

•CyCognito continues to focus on external exposure management with an emphasis on seedless discovery. The platform continuously identifies internet-facing assets, APIs, cloud resources, and third-party exposures without requiring predefined asset inventories. CyCognito also layers business context onto technical findings, helping organizations prioritize the most critical risks instead of drowning in alert volume. As attack surfaces continue expanding across subsidiaries, vendors, and cloud environments, automated discovery and validation capabilities are becoming increasingly important.

•Mate is positioning itself as a re-architecture of the modern Security Operations Center through its Continuous Detection/Continuous Response (CD/CR) model. Built on a proprietary Security Context Graph, the platform creates a customer-specific “security brain” that allows AI agents to operate with full environmental understanding across detection, triage, investigation, response, and threat hunting. Rather than relying on static rules or fragmented data pipelines, Mate continuously refines its context layer so each new alert strengthens the system’s intelligence. In a landscape where traditional SOC models are struggling under data scale and alert fatigue, Mate is betting on context-native AI agents as the foundation for faster, more adaptive security operations.

•Darktrace remains one of the most recognizable AI-native cybersecurity vendors in the market. The company’s platform focuses on detecting and responding to novel threats by learning the behavioral patterns unique to each organization. Darktrace has also increasingly positioned itself around securing AI environments while defending enterprises from AI-driven attacks. With enterprises seeking proactive resilience rather than reactive detection alone, behavioral AI platforms continue to play a prominent role in cybersecurity conversations.

•Twine Security is bringing AI digital employees into identity and access management operations. Its AI employee, Alex, is designed to autonomously handle repetitive IAM processes ranging from entitlement reviews to application onboarding and remediation tasks. The company positions this as a shift away from fragmented automation toward proactive, self-healing execution. As IAM complexity continues to grow across cloud and SaaS ecosystems, organizations are increasingly exploring ways to reduce operational burden without sacrificing governance.

•Checkmarx is focusing on agentic application security as software development becomes increasingly AI-assisted. The Checkmarx One platform integrates security directly into developer workflows while using autonomous agents to identify and remediate vulnerabilities across the software lifecycle. The company is also emphasizing prevention-first security for AI-generated code and modern application environments. As development velocity accelerates, organizations are placing greater importance on embedding security earlier and more seamlessly into engineering processes.

•Persona is addressing workforce identity verification at a time when AI-driven impersonation and social engineering attacks are becoming more sophisticated. Its platform combines liveness detection, behavioral analysis, and selfie-to-ID matching to strengthen trust during onboarding, password resets, and account recovery. Persona also integrates into existing IAM ecosystems rather than requiring organizations to rebuild access control infrastructure. Workforce identity verification is becoming increasingly relevant as enterprises face growing risks tied to remote work and AI-generated fraud.

•Zero Networks is concentrating on automated microsegmentation and lateral movement prevention. The company’s platform applies identity-driven segmentation across users, devices, workloads, and AI agents to contain attacks before they spread. Its approach reflects growing industry concern over ransomware and credential abuse, particularly in hybrid enterprise environments. As organizations continue adopting zero trust architectures, automated containment strategies are becoming a larger part of resilience planning.

•Coverbase is applying AI to third-party risk management by continuously validating vendor evidence against customer-defined controls. Rather than relying heavily on questionnaires and manual review cycles, the platform emphasizes live posture visibility and continuous monitoring. The company positions itself as infrastructure for vendor risk operations instead of a traditional workflow layer. With supply chain risk remaining a persistent enterprise concern, automated and evidence-based vendor assessments are gaining traction.

•Drata continues expanding beyond compliance automation into broader trust management and enterprise governance. Its platform uses AI-powered automation to manage controls, evidence collection, third-party risk, and security questionnaires from a unified environment. Drata is also leaning into agentic AI capabilities that automate repetitive governance and compliance workflows. As organizations manage increasing regulatory complexity, continuous assurance models are replacing periodic compliance exercises.

•Torq is building an AI SOC platform centered on autonomous triage, investigation, and remediation. The company’s platform uses agentic AI to enrich events, investigate threats, and orchestrate containment actions while integrating with existing security stacks. Torq positions its natural language-driven AI capabilities as a way to reduce alert fatigue and accelerate response times for overstretched SecOps teams. As organizations continue grappling with staffing shortages and rising alert volumes, AI-assisted SOC operations remain a major area of industry focus.

The thread connecting all twelve is less about any single product category and more about a broader architectural shift. Security platforms are being rebuilt around context, continuity, and autonomy, not just detection. As enterprises head into Summit season, the vendors earning attention are the ones making that shift real.

The Gartner Security & Risk Management Summit takes place June 1–3, 2026, at the Gaylord National Resort & Convention Center, National Harbor, Maryland.

About TVC Analyst Group: TVC Analyst Group is a data-driven research firm focused on delivering in-depth analysis, rankings, and insights across the global venture capital and startup ecosystem. Leveraging proprietary data models and market intelligence, TVC provides investors, founders, and limited partners with transparent, performance-based evaluations of venture firms, emerging technologies, and high-growth companies. Through its reports, rankings, and editorial coverage, TVC Analyst Group aims to bring greater accountability, clarity, and actionable insight to private markets.

Media contact: Jake Smiths, Analyst, jake@theventurecation.com

Editor’s note: This press release was provided by CyberNewswire as part of its press release syndication service. The views and claims expressed belong to the issuing organization

The post News alert: TVC Analyst Group names 12 vendors to watch ahead of Gartner’s security summit first appeared on The Last Watchdog.

Related: Leaked secrets no. 1 exposure

Production data stays in production. Test environments get masked or synthetic data. Access is controlled. Ownership is defined. The system, while imperfect, largely works.

Then AI arrived — and that discipline quietly broke.

Not because teams forgot what to do, but because the workflows changed faster than the controls did.

Today, production data routinely flows into AI pipelines with far less scrutiny than it ever faced in traditional software development. It moves through data lakes, feature stores, training pipelines, evaluation sets, and sometimes third-party platforms. Along the way, the original boundary — the question of whether that data should have left production at all — often disappears.

Ownership without owners

No one is explicitly responsible for asking it.

This is not a tooling failure. It is a breakdown in ownership.

In one large financial institution, a team built a machine learning model using what they believed were low-risk, derived features. The raw data had already been processed, transformed, and abstracted. On paper, it looked safe.

But as those features accumulated and recombined inside the feature store, they began to reconstruct something much closer to the original sensitive data than anyone intended. Individually, each feature passed review. Together, they created a high-sensitivity exposure that no single control had been designed to catch.

The issue wasn’t a lack of encryption or access controls. It was that no one was tasked with evaluating how data changed meaning as it moved through the pipeline.

That’s the gap. Traditional data security models assume relatively stable environments. Data is classified, protected, and monitored within defined boundaries. Even when it moves, those movements are predictable and governed. AI workflows are different.

Who owns the pipeline?

Data is continuously transformed, combined, and repurposed. Context shifts at every stage. A dataset that appears benign at ingestion can become sensitive after transformation. A feature that looks harmless in isolation can contribute to meaningful reconstruction when combined with others.

And yet, most security programs still treat data protection in AI pipelines as an extension of existing controls, rather than a fundamentally new problem.

The result is a blind spot. Security teams often assume that if data was approved for use upstream, it remains safe downstream. Data teams assume that if they are working with derived features, the original sensitivity no longer applies. AI teams focus on model performance, not data lineage or exposure risk.

Each group is acting reasonably — within its own frame of reference. But no one owns the full path.

Asking the hard question

That is where the breakdown occurs. The question that needs to be asked is simple, but it is rarely formalized: at every stage of the pipeline, does this data still belong here?

Not just from a technical standpoint, but from a risk and compliance perspective. Answering that requires more than better tools. It requires a shift in how organizations assign responsibility. Someone — whether it sits in data security, AI governance, or a cross-functional review process — has to take ownership of how data is evaluated as it moves, transforms, and recombines inside AI systems.

Singh

That means tracking how derived features relate back to source data, paying attention to how combinations of those features can introduce new exposure, and making explicit decisions about whether data should continue downstream at all. It also means reintroducing the idea of boundaries, even in workflows that are designed to be fluid. Without that, organizations are effectively trusting that sensitivity doesn’t re-emerge once data has been transformed.

Evolve or expose

That assumption does not hold.

AI doesn’t just use data. It reshapes it. And in doing so, it can quietly undo the controls that were designed for a different era.

For security leaders, the takeaway is not to slow down AI adoption. It’s to recognize that the control model has to evolve with it.

If your team cannot clearly answer who owns data once it enters an AI pipeline, how sensitivity is evaluated after transformation, and where the decision is made about whether data should continue downstream, then the system has already failed — even if nothing has gone wrong yet.

That’s the moment to intervene.

Because by the time a breach or regulatory issue surfaces, the problem won’t be that the model was misused.

It will be that the data should never have been there in the first place.

About the essayist:  Kajal Singh leads enterprise data security strategy at Oracle. She focuses on data protection for LLM and GenAI pipelines and holds an M.S. from Dartmouth.

The post GUEST ESSAY: AI pipelines are shattering network security — most companies haven’t even noticed yet first appeared on The Last Watchdog.

Related: Carol Sturka declares her agency 

I had turned to ChatGPT to help organize research notes for an upcoming keynote. I was pressed for time and wanted help spotting patterns I might have missed. That seemed harmless enough. Then the tool offered to help write the speech.

I was tempted. I let it try.

The result was cohesive, polished and snappy. It was based on my own research. It sounded good. Maybe too good.

Then I stood in front of an audience and did something I had not done in more than 30 years of public speaking: I read from the page. The words were mine in one sense, but they had not passed through me in the usual way. For a moment, I stopped trusting myself.

When trust thins

AI is remarkable. It saves time. It can sharpen a rough thought, organize a pile of notes and help a busy professional get moving. But there is another side to the bargain. Used carelessly, AI can weaken the thing leaders need most: trust in their judgment, voice and creative instincts.

That loss of trust does not stay private.

Before an upcoming webinar, I sent an email to a co-presenter. We had presented on the topic before, though it had been a few months. He wrote back warmly, then added a question: “Just out of curiosity, did you have AI write the email below?”

No, I told him. I had typed it myself.

Later I learned that when he suspected the email was AI-generated, he had stopped reading closely. He assumed it was not worth his full time or attention. He had opened the message looking not just for information, but for connection. Once he thought a machine had mediated that connection, the trust began to thin.

Keep judgment first

Choy

That is the leadership problem now emerging around AI-assisted communication. The issue is not simply whether AI makes writing faster. It is whether people receiving our messages still believe there is a person fully present behind them.

Companies are adopting AI quickly. Deloitte’s 2026 State of AI in the Enterprise report found that organizations broadened worker access to sanctioned AI tools by 50 percent in one year, growing from fewer than 40 percent of workers to around 60 percent. That makes the trust question more urgent, not less. If AI helps us produce more polished communication while colleagues, clients and audiences feel less certain about our intent, the efficiency gain carries a hidden cost.

So how should leaders use AI without flattening their own voice or weakening human connection?

First, write something yourself before asking AI to improve it. Michael Smart, a public relations coach, warns against what he calls “anchoring,” when AI’s first answer overrides your experience and instincts from the start. His advice is simple: draft first, then use AI for iteration, brainstorming or pressure-testing. That keeps your judgment in the lead.

Warmth beats polish

Second, know when polish is not the goal. Some messages need warmth more than efficiency. A note to a colleague, a client check-in or a message after a difficult meeting may not benefit from sounding smoother. It may benefit from sounding unmistakably human.

Third, create more script-free moments. In meetings, that can mean opening with a question that invites a short personal story, not a status update. When people have room to speak in their own words, misunderstandings surface faster. Authenticity becomes easier to read. Connection has a chance to form before everyone rushes back to the next task.

AI wants our attention and data. It does not care whether we grow. Leaders have to care about that part.

The most effective communicators will not be the ones who use AI to sound flawless. They will be the ones who use it carefully while protecting curiosity, judgment and trust. Quick answers are useful. But in moments that matter, the right question, asked by a real person, may still be the more powerful tool.

About the essayist: Esther Choy is founder of Leadership Story Lab and an expert in leadership communication and business storytelling. Her latest book is Winning Without Persuading.

The post GUEST ESSAY: AI can speed up communication, but it can also weaken human connection first appeared on The Last Watchdog.

The report found that invisible identity (“identity dark matter”) now outweighs visible identity across enterprise environments, 57% to 43%. Further, 67% of non-human accounts are created directly within the application, unseen and unmanaged by IAM programs.

This finding comes at a critical moment—organizations rapidly deploy AI agents, which in turn accelerates identity exposure. Traditional IAM was built to govern people. It was not built for autonomous systems that inherit credentials, act without human oversight, and often operate within the blind spot that identity dark matter creates.

Additional significant findings:

•70% of enterprise applications contain an excessive number of privileged accounts, dramatically increasing the potential impact of misuse or compromise

•57% of applications bypass centralized identity providers

•40% of accounts are orphaned, remaining available after their users have gone

•36% of all credentials are hardcoded and in clear text within applications

Katmor

“Enterprise identity has crossed a dangerous threshold: the identities we can’t see now outnumber the ones we can,” said Roy Katmor, CEO and co-founder of Orchid Security. “That was already a major security and compliance problem. In the agentic AI era, it becomes an operational crisis. AI agents don’t wait for quarterly reviews. They act in real time, across systems, using whatever access the enterprise makes available to them. If organizations cannot see every identity, understand its authority, and govern its actions, they are not ready to safely scale AI.”

Identity dark matter

The established IAM model for non-human identities has always carried risk: these accounts are typically granted broad, standing access locally (67% of the time, according to analysis of enterprise applications), based on the assumption that their behavior is predetermined and repetitive. A machine, service, or bot that runs the same job on the same schedule poses a risk, but one limited by its code.

However, that all changes with the latest emerging class of actor, Agent AI. While technically nonhuman, Agent AI are far from predetermined and repetitive in their actions. Rather, they are unpredictable and relentless in pursuit of their prompt. Allowing them to run unseen and unmanaged poses a huge risk.

Shadow identity

There is a growing disconnect between formal identity controls and how access actually functions. While many organizations have strengthened corporate IAM systems with a strong stack consisting of a centralized identity directory, strong authentication from an identity provider (IdP), privileged access management (PAM), and increasing identity governance and administration (IGA). Orchid found that these controls are frequently bypassed. Consider that almost 3 out of 4 applications have excessive privileged accounts, more than 1 out of 2 applications allow authentication through local or unmanaged pathways, and 1 out of 3 applications contain credentials stored in clear text, embedded directly in code or configuration files.

All of these contribute to the expanding layer of unmanaged access, or “Identity Dark Matter,” eroding the foundation of identity at its core.

“Organizations have invested heavily in securing the front door, but the research shows identity risk is increasingly concentrated in the side doors: local accounts, unmanaged access paths, hardcoded credentials, and excessive privileges that sit outside formal controls,” Katmor said.

Toxic combinations

Beyond individual exposures, the report identifies what Orchid calls “toxic combinations”—overlapping identity gaps that significantly increase risk.

This includes:

•Orphaned accounts with elevated privileges

•Applications that bypass centralized identity providers while storing credentials in clear text

•Dormant accounts operating without logging or oversight

Individually, these gaps are concerning; together, they create unmonitored access paths that can dramatically increase the potential level of compromise.

Machine-scale exposure

As organizations rapidly deploy AI agents to automate business processes, these identity gaps are not only increasing but are also becoming more visible and more exploitable.

Designed for efficiency, AI agents intuitively identify and utilize the most direct access paths available, including those outside centralized IAM controls, regardless of whether those accounts, credentials, or permissions were intended for their use.

“AI agents discover and exploit identity control gaps and exposures in a way and at a speed we’ve never seen before,” Katmor said. “If there’s a shortcut in your environment, an autonomous system will find it.”

Weak identity foundations.

The findings suggest that many organizations are approaching Agent AI implementation with an incomplete understanding of how access actually works across their environments, often without realizing it. This prevents the necessary risk management that accompanies the advent of AI Agents.

Without first shoring up the foundation of enterprise identity (each application), enterprises expose themselves to increasing cyber, compliance, and operational risks—now at machine scale.

“Identity programs look strong on paper, but most identity activity happens outside them,” said Katmor. “That’s where security, compliance, and AI risks really start to build.”

About the Report: Identity Gap: 2026 Snapshot is based on anonymized telemetry collected from enterprise applications deployed across North America and Europe between April 2025 and March 2026. The data spans industries including financial services, healthcare, retail, manufacturing, and energy, and reflects both managed and unmanaged identity activity across enterprise environments.

Identiverse 2026: Orchid Security will be onsite at Identiverse 2026 at Booth #239 from June 15 – 18. Attendees interested in learning how organizations can safely scale agentic AI while reducing unmanaged identity risk are encouraged to stop by or schedule a meeting with the team onsite.

Orchid Security will also be hosting the following sessions during the event:

When “Lazy” AI Agents Meet Broken Identity Hygiene 

Tuesday, June 16 | 1:15 PM – 1:30 PM | Oceanside E

From Seeing to Knowing: The Identity Observability Frontier

Wednesday, June 17 | 7:15 AM – 8:15 AM | Oceanside E

About Orchid Security: Orchid Security sees straight into the application binary to deliver the industry’s first Identity Control Plane, transforming IAM complexity into clarity, compliance, and control. Its Identity-First Security Orchestration platform continuously discovers enterprise applications, analyzes their native authentication and authorization flows, and accelerates onboarding into governance systems, putting true identity insight in front of security leaders and practitioners, without the months of manual work traditionally required for each task or informational ask. By exposing and remediating the ‘identity dark matter’ hidden across modern environments, Orchid helps enterprises solve identity at its core; reducing risk, lowering operational costs, and achieving compliance at scale. 

Media contact: Chloe Amante, Montner Tech PR, camante@montner.com

Editor’s note: This press release was provided by CyberNewswire as part of its press release syndication service. The views and claims expressed belong to the issuing organization

The post News alert: Orchid Security study finds invisible identities now outnumber managed accounts first appeared on The Last Watchdog.

Related: SaaS and AI agents converge

One of them was in focus at KB4-CON, KnowBe4’s annual customer conference at the Marriott World Center here last week.

The Clearwater, Fla.-based cybersecurity training vendor used the conference to lay out a pivot from a training-focused company to a workforce security platform — built through extending its core services to adjacent IT operations.

The logic holds. It’s a way to help its existing customer base leverage AI to streamline vital employee training and also boost protective filtering of company email.

But that’s just the starting line, CEO Bryan Palma told me. The company is stepping forward to help companies mitigate the cascading risks of a hybrid workforce where humans and AI agents share the same workflows.

“People say the agentic era is comparable to the Industrial Revolution. I think it’s true,” said Palma, who took over as CEO in May 2025. “It’s probably one of the biggest inflection points in humanity. For KnowBe4 that’s a lot of fun. We’ve been anticipating it.”

Training becomes orchestration

KnowBe4 spent 15 years selling security awareness training. It now sells agentic email security alongside it, with the email product feeding behavioral data back into the training engine. Agent Risk Manager, launched April 30, extends the platform into governing the AI agents customers are deploying to handle routine tasks across HR, finance, IT administration and customer support.

KnowBe4 is deploying AI agents on both sides of its own business. On the vendor side, agents build phishing simulation modules, update training content, and personalize delivery to individual employees. For customers, agents handle the routing and configuration work that the old training model imposed on IT administrators.

Alex Ziegelmeier, walking me through the product on the exhibit floor Wednesday, was specific about how the customer-side automation works. Aida Orchestration, the company’s training-side agent layer, picks the training modules, builds the phishing simulation templates, schedules the deployment and personalizes the content per employee — work that used to require a human administrator.

“The AI running the platform is more effective than a human administrator,” Palma said in a Thursday interview. “That’s what we’re finding.”

The new risk equation

KnowBe4 appears to be in the vanguard of B2B vendors recognizing an opportunity that did not exist before generative AI arrived in late 2022. The opening is to apply AI’s force-multiplier capacity in two directions — rebuilding how the vendor itself operates, and guiding customers through the same retooling across the dozens of functions where AI agents are now landing.

The market backdrop helps explain the urgency. Deloitte’s 2026 State of AI in the Enterprise report found agentic AI deployment accelerating sharply, with only about one in five companies operating a mature governance model for autonomous agents. A KPMG survey found 75 percent of enterprise buyers rank security, compliance and auditability as the most critical requirements for agent deployment. A fraction say they have the controls in place.

The analytical case for why a training vendor is now selling agent governance came from Perry Carpenter, KnowBe4’s chief human risk management strategist, in a Wednesday interview.

“Human risk management is an incomplete equation,” Carpenter said, “because of the addition of agentic AI.” AI agents, he argued, carry many of the same vulnerabilities humans do. They can be socially engineered. They can act on poisoned inputs. They can operate with excessive privilege.

What changes is speed. “When a human makes a mistake, they do it at human pace and human scale,” Carpenter said. “When an AI agent makes a mistake, it does it at agent scale.”

Exposures on the rise

The attack surface side of the equation confirms the timing. Chris Wallis, CEO of Intruder, attended KB4-CON as an exhibitor and gave me an unvarnished read Thursday morning. CVE counts are on track to hit 60,000 this year, up from roughly 50,000 in 2025.

That is before counting API exposures, orphaned services and unmanaged agent footprints that do not make the official list. Attackers are using AI to scale their operations the way enterprises are using it to scale theirs. “Anytime the difficulty level goes down for the attacker, it’s bad news for defenders,” Wallis said.

Recent intrusions illustrate the human-channel exposure. The Shiny Hunters group worked breaches at Google and Canvas (Instructure’s learning management platform) by calling employees, claiming to be from IT, and walking them through credential resets, Wallis noted. The technical defenses held. The humans on the phone did not.

A 2026 Gravitee State of AI Agent Security report found 88 percent of organizations reported confirmed or suspected AI agent security incidents in the last year. A separate Writer enterprise survey found 39 percent of companies have no formal strategy for AI adoption. Thirty-five percent are not confident they could pull the plug on a rogue agent if one started causing damage. Thirty-five percent are not confident they could pull the plug on a rogue agent if one started causing damage.

The platform pull

What KnowBe4 is doing is not unique to security training. Workday is running the same play in HR and finance, with internal AI agents accelerating product development and external agents handling scheduling, accounting and supplier contracts for customers. ServiceNow has told the market its internal AI specialist resolves IT service desk cases 99 percent faster than human staff and is shipping the same capability to customers across IT operations, HR, finance and procurement.

Every category that has spent the last decade serving as a necessary line item is staring at the same choice. Rebuild around AI-driven internal operations and extend the retooling into adjacent governance work, or watch the line item get rationalized into someone else’s platform in the next procurement cycle.

Whether KnowBe4 executes depends on decisions Palma’s team will make in the next 18 months. But the opening is real. Orlando offered a working preview of how AI agents are likely to reshape other necessary line items across the enterprise.

Seems very likely the pattern is about to show up a lot of other places. I’ll keep watch and keep reporting.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(Editor’s note: I used Claude and ChatGPT to assist with research compilation, source discovery, and early draft structuring. All interviews, analysis, fact-checking, and final writing are my own. I remain responsible for every claim and conclusion.)

The post MY TAKE: AI agents force a rethink of enterprise service lines as vendors move up the tech stack first appeared on The Last Watchdog.

Two words that have done an awful lot of heavy lifting in the cybersecurity industry over the years. They tend to surface whenever a vendor wants to wave off a serious finding without fixing it.

Related: The unending password problem

Microsoft just deployed them again. This time in response to a Norwegian researcher who showed that Edge holds every saved password in plaintext memory for the entire browser session — even credentials for sites the user never opens. The disclosure landed just days before World Password Day.

A working demonstration

Tom Jøran Sønstebyseter Rønning is no hobbyist. He leads proactive security at Statnett SF, the Norwegian state grid operator. He disclosed the finding April 29 at Palo Alto Networks Norway’s BIG Bite of Tech conference. On May 4 he posted a video walkthrough on X. He also released a proof-of-concept tool, EdgeSavedPasswordsDumper, on GitHub.

He tested every major Chromium-based browser. Edge was the only one loading the entire vault into plaintext at startup. Chrome decrypts on demand. It also binds those keys to an authenticated browser process through Application-Bound Encryption.

The SANS Internet Storm Center reproduced the behavior in minutes using Windows Task Manager and the Sysinternals strings utility.

By design, by deflection

Microsoft told Rønning during responsible disclosure that the behavior is intentional. A company spokesperson later told Dark Reading that any attacker reading that memory would already need to have compromised the device.

The dispute cuts to a larger question security architects have wrestled with for years: when does convenience become exposure?

That framing also has a familiar ring. Once an attacker is on a shared system — a terminal server, a virtual desktop, a contractor laptop — a single compromise should not cascade across every saved password for every logged-in user.

That is the part security pros are pushing back on. Last Watchdog asked privacy and security experts two questions. What does the Edge stance say about how the industry treats credential exposure — as a design problem or a user-behavior problem? And where should the trust boundary actually sit for credentials in 2026, especially in shared environments?  Their commentary follows.

Uzair Gadit, Founder and CEO, Secure.com

Gadit

The Edge disclosure highlights a larger flaw in how the industry approaches credential security. Organizations have spent years telling users to adopt stronger passwords and password managers, yet those protections lose value if credentials remain exposed in memory for the life of a browser session.

In shared environments such as RDS or Citrix, a single privileged compromise can quickly expand into broad credential exposure across multiple users. The deeper issue is not password hygiene, but how long credentials remain accessible in usable form once authentication occurs. Convenience-driven design choices increasingly collide with how modern attackers operate.

Ted Miracco, CEO, Approov

Miracco

Modern infostealers thrive in the gap between credentials that are encrypted at rest and exposed at runtime. The industry increasingly needs to move toward app-bound, just-in-time access to secrets rather than long-lived plaintext credentials sitting in memory.

Once passwords or tokens are handled in cleartext, they become accessible to any malicious process capable of observing memory or intercepting execution flows. Runtime protections and tighter controls around how credentials are accessed and reused are becoming essential because attackers no longer need to break encryption itself to compromise identity and move laterally through systems.

Morey Haber, Chief Security Advisor, BeyondTrust

Haber

Passwords were never meant to persist as long-lived artifacts sitting in system memory. They were intended to be transient secrets: entered, validated, and discarded. Once credentials remain in cleartext memory, they effectively become exposed assets rather than protected authentication factors.

Threat actors have exploited this reality for years through credential dumping, memory scraping, and post-exploitation tooling. In shared or privileged environments, a single exposed password can become the starting point for lateral movement, ransomware deployment, or broader identity compromise. The larger issue is not user hygiene, but how modern systems handle credentials after authentication occurs.

Craig Lurey, CTO and Co-Founder, Keeper Security

Lurey

The Edge finding exposes a broader weakness in how Windows handles application memory. Browsers and password managers routinely keep sensitive credentials in memory, while other user-mode processes can still access that memory under certain conditions.

Researchers have demonstrated variations of this problem for years. The deeper issue is not simply that passwords appear in plaintext, but that malware running under the same user context may be able to read them without elevated privileges. The result is an environment where a local compromise can quickly turn into credential theft and wider account exposure.

Abhay Kulkarni, CEO and Founder, WideField Security

Kulkarni

Operating systems have improved process-memory protections over the past decade, yet infostealers and malicious browser add-ons still routinely find ways to extract credentials and session data. The larger concern is that keeping passwords or tokens in cleartext memory undermines the principle of least privilege by making sensitive data broadly accessible once a system is compromised.

Attackers increasingly target session tokens because they can bypass MFA protections entirely. Chrome’s move toward stronger password isolation is a useful step, but the same protections should extend to session cookies and authentication tokens that remain exposed in browser memory.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(Editor’s note: I used Claude and ChatGPT to assist with research compilation, source discovery, and early draft structuring. All interviews, analysis, fact-checking, and final writing are my own. I remain responsible for every claim and conclusion.)

The post LW ROUNDTABLE: Microsoft Edge normalizes credential exposure — security pros push back first appeared on The Last Watchdog.

Related: No easy AI security fixes

I sat down with Tony Anscombe, chief security evangelist at ESET, on the floor at RSAC 2026 to discuss this. Tony has spent years tracking the intersection of cyber insurance and SMB security from inside the insurance ecosystem. Here is what I learned that you should know.

The causality chain is not complicated, but it took about five years to play out. Around 2020, ransomware payouts started overwhelming cyber insurers. Losses mounted. The industry responded the way it always does — by tightening requirements.

Suddenly, policyholders had to demonstrate multi-factor authentication, endpoint detection and continuous monitoring before coverage would apply. For large enterprises with in-house security teams, that was manageable. For small and midsize businesses, the list of mandated controls read like a job posting for staff they could not afford to hire.

Insurers supplying security

So insurers stepped in. Beazley, Zurich and Coalition each built or acquired managed detection and response capabilities and began bundling them with coverage. As Anscombe put it on the conference floor: “The insurer is becoming the MSSP.”

ESET’s newly released SMB Cyber Readiness Index puts numbers on how far this has gone. In the U.S., 86 percent of SMBs now carry cyber insurance, and adoption runs higher among businesses that have already experienced an incident — they know the cost.

Among U.S. SMBs that outsource cybersecurity, the cyber insurer offering MDR is now the most popular destination, cited by 35 percent — ahead of traditional managed service providers at 27 percent, dedicated MDR vendors at 21 percent, and MSP/MSSPs offering MDR at 17 percent. For a market segment that has historically struggled to staff or afford enterprise-grade security, that is a real solution to a real problem.

What motivates the urgency is not hard to find. Anscombe walked through a string of high-profile supply chain attacks in 2024 and 2025 that demonstrated, in financial terms, what happens when a single vendor relationship becomes the attack surface.

The Jaguar Land Rover incident is the most instructive example. A social engineering attack on a third-party IT services provider gave threat actors privileged credentials, which they used to penetrate JLR’s production systems — not just the office environment. The factory shut down for nearly five weeks. Five thousand businesses in the JLR supply chain were disrupted. The UK government stepped in with a £1.5 billion loan guarantee to keep suppliers solvent. The entry point was a trusted third party with standing access. That is the supply chain problem in its most concrete form.

Single point of failure

Anscombe was careful not to let the insurer-as-MSSP development land as straightforward good news. The risk he flagged is concentration. Beazley, Zurich and Coalition are deploying overlapping product stacks to their SMB customer bases.

If a sophisticated threat actor finds a vulnerability in the underlying platform, the attack surface is not one company — it is the de facto security operations infrastructure for a significant share of American small business. Cyber insurers bundling a common MDR stack have built precisely the kind of monoculture that makes concentrated attacks viable. Diversity in the ecosystem, Anscombe argued, would be a good thing.

His concern acquired a concrete price tag in March 2026, when Zurich and Beazley reached agreement on a recommended all-cash offer valued at approximately $11 billion. Two of the three insurers Anscombe named on the conference floor — each already operating as a de facto MSSP for SMB customers — are now moving toward a single combined entity.

Consolidation downside

The transaction is pending regulatory approval, with closing expected in the second half of 2026. Whether consolidation accelerates or complicates the concentration risk Anscombe described is a question the industry has not yet answered.

Where this ends is genuinely unclear. Anscombe raised a possibility most enterprise security teams have not taken seriously: that actuarial modeling trained on breach telemetry, configuration data and attack pattern analysis could eventually produce precise prescriptions for which controls, architectures and policies minimize financial exposure.

If that happens, the actuary becomes a standing figure in enterprise security strategy. The infrastructure to make it possible is being assembled right now, acquisition by acquisition, MDR contract by MDR contract.

Listen to the full podcast for Anscombe’s complete breakdown.

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(Editor’s note: I used Claude and ChatGPT to assist with research compilation, source discovery, and early draft structuring. All interviews, analysis, fact-checking, and final writing are my own. I remain responsible for every claim and conclusion.)

The post FIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spread first appeared on The Last Watchdog.

OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced two milestones that together position the company as foundational infrastructure for the agentic AI era: acceptance into Anthropic’s Cyber Verification Program (CVP), and the public release of the Agent Trust Protocol (ATP), an open cryptographic standard for securing AI agents operating autonomously on the internet.

“Being among the first companies accepted into Anthropic’s Cyber Verification Program validates what we’ve built. Lyrie isn’t a security tool that sits alongside AI. It’s the security layer that AI runs on top of,” said Guy Sheetrit, CEO and Founder of OTT Cybersecurity LLC, the company behind Lyrie.ai.

Security for AI agents

Enterprises and governments are deploying autonomous AI agents at unprecedented speed — agents that read mail, write code, move money, sign contracts, and act on behalf of human operators. The security model for those agents has not existed at enterprise scale. Lyrie was built to change that.

The Agent Trust Protocol (ATP), authored by Lyrie’s research team and now open to the public at lyrie.ai/research, is a cryptographic standard that lets any system verify, in real time, what AI agent it is communicating with, what that agent is authorized to do, and whether the agent or its instructions have been tampered with.

The protocol covers five primitives:

•Identity — who the AI agent is.

•Scope — what it is authorized to do.

•Attestation — whether it or its instructions have been tampered with.

•Delegation — who delegated authority.

•Revocation — whether that authority has been revoked.

“Every AI agent on the internet today is a stranger. You don’t know who it is, what it’s authorized to do, or whether it’s been tampered with. ATP is the protocol that changes that,” said Sheetrit.

ATP is open, royalty-free, and slated for submission to the Internet Engineering Task Force (IETF). The reference implementation is published under MIT license at github.com/OTT-Cybersecurity-LLC/lyrie-ai.

Anthropic verification

OTT Cybersecurity LLC was accepted into Anthropic’s Cyber Verification Program (CVP), Anthropic’s framework for verifying legitimate dual-use cybersecurity operators. CVP acceptance supports Lyrie’s work around vulnerability research, offensive security tooling, and red-team workflows on Claude’s AI infrastructure, subject to Anthropic’s applicable safety and security policies.

Lyrie is also exploring similar verification pathways with other leading AI labs as part of its mission to build trusted security infrastructure for autonomous AI systems.

The Lyrie platform

Lyrie is a unified offensive and defensive security platform built for the AI era. Its capabilities include:

•lyrie hack — a single command that runs a 7-phase autonomous penetration test, generating proof-of-concept exploits and code-level remediation.

•GPU-accelerated red-teaming — GCG and AutoDAN adversarial workflows on H200 GPU infrastructure, supporting Crescendo and TAP attack chains.

•OWASP ASI 2026 coverage — coverage mapped to the OWASP Agentic Security Initiative threat catalog.

•Omega-Suite binary research — autonomous zero-day discovery workflows in compiled software.

•Hardware-flexible deployment — consumer hardware through enterprise GPU clusters.

•Nine built-in security tools — reconnaissance, exploitation, and remediation in a single agent.

About OTT Cybersecurity LLC and Lyrie.ai:OTT Cybersecurity LLC, headquartered in Dubai, United Arab Emirates, is the developer of Lyrie.ai — the security infrastructure for the AI agent era. The company operates from a conviction that the best security is built by people who have operated in contested environments. For more information: https://lyrie.ai | Research: https://lyrie.ai/research | GitHub: github.com/OTT-Cybersecurity-LLC/lyrie-ai

Media contact: Guy Sheetrit, guy@lyrie.ai

Editor’s note: This press release was provided by CyberNewswire as part of its press release syndication service. The views and claims expressed belong to the issuing organization.

The post News Alert: Lyrie.ai joins Anthropic verification program, unveils protocol for securing AI agents first appeared on The Last Watchdog.