Data exfiltration stories

Acronis rolls out GenAI Protection for managed service providers to spot shadow AI, curb data leakage and block prompt injection.

Zscaler joins Anthropic's Project Glasswing to test Claude Mythos Preview in software scans, as the firm pushes zero trust against AI-driven attacks.

CIS, Astrix and Cequence publish AI security guides for large language models, autonomous agents and MCP environments.

LangWatch releases open-source AI red-teaming framework to expose hidden vulnerabilities in production agents through multi-turn attack simulations.

Anthropic's Mythos spots corporate network attacks in hours, while security experts warn unmanaged AI agents are becoming a critical enterprise risk.

Netskope's Tony Burnside warns AI agents are creating hidden east-west traffic, calling for omni-directional controls and smarter DLP to stop data leaks.

Proofpoint says mailbox rule abuse is becoming a routine Microsoft 365 takeover tactic, helping attackers hide alerts, hijack threads and drive fraud.

Sonatype flags 21,764 malicious open-source packages in Q1 2026, with npm hit hardest as attackers used trusted workflows to steal secrets.

Salt warns AI agents are widening the API security gap, with 92% of organisations still short of advanced defences and 47% delaying releases.

AI-era data security needs more than DSPM visibility, as firms must track how sensitive information moves and enforce controls in real time.

UK SOC spots Monday-morning conditional access failure from Germany, helps reset compromised Microsoft 365 account before attackers can strike.

Nutanix and NetApp team up on migration tools to help enterprises modernise virtualised systems, cut complexity and bolster ransomware defences.

Anthropic’s Claude Code is under scrutiny after researchers found deny rules can weaken in long workflows, raising fresh concerns for AI-driven development.

Permiso launches SandyClaw sandbox to detonate AI agent skills and expose hidden runtime risks before they reach enterprise systems.

ChatGPT flaw may have let attackers siphon sensitive user data via DNS queries, prompting OpenAI to issue a fix after researchers exposed the bug.

Zscaler says Xloader malware has added layered encryption, decoy servers and new obfuscation tricks to hinder analysts.

F5 and Forcepoint have teamed up to link data discovery with runtime controls, aiming to curb AI risks as enterprises move systems into production.

Foxit's latest PDF Editor update adds Action Inspector to uncover hidden scripts and redaction-bypassing behaviour in business documents.

ReliaQuest flags DeepLoad malware stealing live credentials in enterprise networks, with AI-style obfuscation, USB spread and hidden WMI persistence.

Experts warn firms must improve visibility and backup resilience as automated ransomware campaigns and hidden SaaS and AI assets widen exposure.