Google has introduced Agentic Resource Discovery, an open specification designed to help AI agents locate and verify tools, skills, and other agents across disparate systems and organizations. The standard addresses a growing challenge in the AI ecosystem where capabilities remain siloed in separate registries, preventing agents from easily discovering resources hosted in different environments.

As AI agents become more prevalent in enterprise and consumer applications, they increasingly need to interact with tools and services distributed across multiple teams, platforms, and organizations. Currently, these capabilities exist in isolated systems with their own proprietary registries, creating significant barriers to interoperability. An agent operating in one environment has limited ability to discover or connect to resources available elsewhere, hampering the potential for cross-platform collaboration.

The Agentic Resource Discovery specification provides a standardized method for publishing, discovering, and verifying AI capabilities across the web. By establishing common protocols for resource advertisement and authentication, the standard enables agents to locate relevant tools and services regardless of where they are hosted. The specification includes mechanisms for verifying the authenticity and permissions of discovered resources, addressing security concerns that arise when agents interact with external capabilities.

This standardization effort could significantly impact how AI systems are built and deployed across organizations. Developers will be able to create agents that tap into a broader ecosystem of tools without building custom integrations for each platform. Organizations can publish their AI capabilities in a discoverable format, potentially creating new opportunities for collaboration and service sharing across enterprise boundaries.

Google has released the specification as an open standard, inviting other organizations and developers to adopt and contribute to its development. Organizations implementing AI agent systems should evaluate how this standard might simplify their architecture and improve interoperability. Security teams should review the verification mechanisms within the specification to ensure they align with their organization's policies for external resource access and agent permissions.

Subscribe now

Source: https://www.helpnetsecurity.com/2026/06/18/google-agentic-resource-discovery/

South Korean authorities have arrested 23 individuals connected to a cryptocurrency laundering network that processed approximately $11.1 million for cybercriminals operating from Cambodia. The Seoul Metropolitan Police dismantled the operation after tracing 16.8 billion won in illicit funds that originated from phishing attacks and were converted into USDT, a stablecoin pegged to the US dollar.

The laundering scheme served a Cambodia-based phishing syndicate that targeted victims through fraudulent schemes. Once the criminals obtained funds from their victims, they relied on the arrested intermediaries to convert and move the money through cryptocurrency channels. This arrangement allowed the phishing operators to distance themselves from the stolen assets while maintaining access to the funds.

The money laundering network used USDT transactions and transfers across multiple cryptocurrency exchanges to obscure the trail of stolen funds. By converting assets into stablecoins and moving them between different platforms, the operators attempted to break the chain of custody and make tracking more difficult for law enforcement. This multi-step process is a common technique in cryptocurrency-based money laundering operations.

The case highlights the continued use of cryptocurrency infrastructure by international criminal networks, particularly those operating from Southeast Asian countries with less regulatory oversight. Cambodia has become a known hub for various cyber fraud operations, including pig butchering scams and phishing syndicates. The involvement of South Korean intermediaries demonstrates how these networks span multiple jurisdictions to complicate law enforcement efforts.

Financial institutions and cryptocurrency exchanges should strengthen their transaction monitoring capabilities to detect suspicious patterns associated with layered transfers and rapid conversions between different digital assets. Enhanced due diligence on customers conducting large or frequent cross-border cryptocurrency transactions can help identify potential money laundering activity. Organizations accepting cryptocurrency payments should implement robust know-your-customer procedures and maintain detailed records of transaction origins to avoid inadvertently processing illicit funds.

Subscribe now

Source: https://crypto.news/south-korea-detains-23-suspects-over-usdt-laundering-for-cambodia-based-fraud-network/

The European Union has launched Shield-6G, a security initiative designed to protect next-generation 6G telecommunications networks before they become operational. The framework combines multiple defensive technologies including artificial intelligence-based threat detection, digital twin simulations, and honeypot systems to create a comprehensive security posture for mobile carriers.

While 6G networks remain in development and are not expected to deploy commercially for several years, the EU is taking a proactive approach to security architecture. This early focus on protection mechanisms represents a shift from previous generations of mobile networks, where security measures were often added after deployment rather than built into the foundational design.

The Shield-6G framework integrates several key technologies to create layered defenses. AI-powered threat detection systems will monitor network traffic and identify anomalous behavior in real-time. Digital twin technology will allow security teams to simulate network environments and test defensive measures without risking production systems. Honeypots will serve as decoy targets to attract and analyze attacker techniques.

Mobile carriers will be the primary beneficiaries of this security framework, as they will operate the 6G infrastructure that connects billions of devices and handles sensitive communications. The increased speed and connectivity promised by 6G networks will also expand the attack surface, making robust security measures necessary from the outset. The framework aims to address threats that may not yet exist but could emerge as 6G technology matures.

Organizations planning for 6G adoption should monitor the development of Shield-6G and similar security frameworks. Security teams should begin evaluating how AI-based threat detection and digital twin technologies can integrate with their existing infrastructure. Carriers and enterprises should participate in industry discussions about 6G security standards to ensure their requirements are addressed in these early-stage frameworks.

Subscribe now

Source: https://www.darkreading.com/cybersecurity-operations/eu-6g-network-security

The Cybersecurity and Infrastructure Security Agency faces significant operational challenges following workforce reductions and budget cuts that Senator Mark Warner warns could compromise national security. In a letter to CISA Acting Director Nick Andersen, Warner detailed concerns about the agency losing approximately one-third of its staff, including many senior personnel, alongside a proposed $700 million budget cut for fiscal year 2027.

The staffing crisis has particularly affected CISA's regional operations, with five of ten regional director positions currently filled by acting officials. State and local government officials have reported reduced responsiveness and disrupted service delivery from the agency, which traditionally provides critical cybersecurity support including vulnerability scans, risk assessments, and incident response services to infrastructure operators nationwide.

A major point of contention involves the MS-ISAC (Multi-State Information Sharing and Analysis Center), which supports state and local critical infrastructure cybersecurity efforts. Former DHS Secretary Kristi Noem discontinued federal funding for the program and blocked state and local governments from using federal grants to participate. Warner has introduced the Guaranteeing Universal Access to Cybersecurity Act to restore this funding and sent letters to all 50 governors outlining the risks to their states' critical infrastructure.

CISA Acting Director Andersen has announced plans to hire more than 300 additional workers, with some already onboarded. He emphasized the administration's commitment to maintaining a ready cyber defense capability, though the agency has operated without a permanent director since January 2025 after nominee Sean Plankey withdrew from consideration following months of Senate delays.

Warner has requested comprehensive organizational charts and staffing data from CISA, including details on employee departures, service delivery metrics by region, and information about new hires' qualifications and assignments. The senator seeks documentation showing the number of security services provided to state and local officials, service request volumes, completion rates, and response times to assess the full impact of the organizational changes on CISA's operational capacity.

Subscribe now

Source: https://therecord.media/warner-warns-of-cisa-cuts-staffing-shortages

The US Government Accountability Office has publicly urged the Federal Deposit Insurance Corporation to improve coordination with other federal agencies on blockchain technology oversight. In a June 8 letter to FDIC Chairman Travis Hill made public this week, the GAO emphasized that regulators currently lack an ongoing coordination mechanism for addressing blockchain-related risks.

The GAO initially flagged these priority recommendations to the FDIC in May 2024, identifying blockchain technology oversight as a critical area requiring attention. The watchdog agency has since elevated blockchain technology to its High Risk List, a designation reserved for areas where the government faces significant challenges in effective oversight and management.

The GAO's concerns center on what it describes as regulatory struggles to oversee blockchain-based financial products and assess the risks they may pose to US financial markets. The current fragmented approach across multiple federal agencies has created gaps in how blockchain technology and related financial products are monitored and regulated. Without a formal coordination mechanism, different agencies may duplicate efforts or leave critical areas unaddressed.

The implications extend beyond the FDIC to the broader regulatory framework governing digital assets and blockchain applications in the financial sector. Multiple federal agencies, including the Securities and Exchange Commission, Commodity Futures Trading Commission, and Office of the Comptroller of the Currency, have varying degrees of authority over blockchain-based financial activities. The lack of coordination among these bodies creates uncertainty for both regulators and financial institutions.

The GAO's recommendation calls for the FDIC to take a leadership role in establishing formal coordination channels with other federal regulators. This would involve creating structured processes for information sharing, joint risk assessments, and coordinated policy development related to blockchain technology. Financial institutions operating in this space should monitor how agencies respond to these recommendations, as improved coordination could lead to clearer regulatory expectations and more consistent oversight approaches across the federal government.

Subscribe now

Source: https://cointelegraph.com/news/us-government-watchdog-urges-fdic-coordinate-on-crypto-oversight?utm_source=rss&utm_medium=rss_feed_medium&utm_campaign=rss_feed_medium

Organizations continue to struggle with zero trust implementation 15 years after the security model was introduced, with new research revealing widespread failures and confusion about the approach. Accenture reports that 88% of organizations encounter significant challenges when implementing zero trust, while a Gartner survey found that 35% of organizations attempting zero trust initiatives experienced failures that negatively affected their operations. Security researchers at DefCon 33 identified vulnerabilities in multiple zero-trust network access (ZTNA) vendor offerings, highlighting that even dedicated solutions contain familiar security flaws.

The core problem stems from persistent misconceptions about what zero trust actually represents. Many organizations mistakenly view zero trust as a product they can purchase or a technology they can deploy, when it is fundamentally a security strategy and mindset. Vendors contribute to this confusion by marketing products as complete zero-trust solutions, though experts note that individual products typically deliver only 10-15% of required controls. Zero trust was originally defined by John Kindervag as a "never trust, always verify" approach to replace perimeter security models, but translating this principle into practice requires organizational change rather than just technology deployment.

Successful zero trust implementation starts with identifying high-value assets (protect surfaces) and mapping transaction flows associated with mission-critical business processes. This requires breaking down organizational silos and coordinating among security teams, networking groups, business units, compliance functions, and risk management. IT departments often lack visibility into what constitutes the organization's crown jewels, making collaboration with business leaders essential. In multi-cloud environments, this mapping becomes particularly complex as business processes span on-premises systems, edge computing, cloud services, containers, and microservices.

Many organizations believe zero trust requires massive investment, but experts emphasize that initial steps involve minimal spending. Key activities include forming cross-functional zero-trust teams from existing governance and compliance groups, educating stakeholders across departments, developing a business-aligned strategy, and defining architecture specific to organizational needs. Organizations should inventory existing security tools like multi-factor authentication, single sign-on, and identity management systems before identifying gaps requiring new investments. Gartner warns that overly expansive initial scopes incorporating too many systems or intricate policy sets lead to scalability challenges and extended timelines.

Security leaders recommend starting with targeted, high-impact initiatives that demonstrate quick wins rather than attempting organization-wide implementation. Success should be measured through outcome-driven metrics linking zero-trust initiatives to business objectives, including reduced breach incidents, improved compliance rates, and mitigation of specific risks like lateral movement and data breaches. As organizations adopt AI and deploy autonomous agents, zero-trust principles become more relevant rather than obsolete, requiring the same fundamental approach of strict segmentation, policy enforcement, and data flow control. Organizations should view zero trust as an ongoing journey requiring continuous adaptation as business needs and technology environments evolve.

Subscribe now

Source: https://www.sophos.com/en-us/blog/a-needle-in-a-stack-of-needles-hunting-infostealers-with-ai

Sophos Principal Data Scientist François Labrèche presented research at NorthSec Conference 2026 demonstrating how a multi-layered detection pipeline can identify genuine threats within massive SOC datasets. The research addresses alert fatigue, a critical problem where analysts face overwhelming volumes of security alerts, most of which prove irrelevant or benign. Using two weeks of telemetry from Taegis XDR, which processes over 800 billion events daily, the study analyzed 11.8 trillion total events to demonstrate practical threat hunting at enterprise scale.

The detection pipeline operates in four distinct stages, each progressively reducing alert volume. The first stage applies detectors ranging from simple indicator matches to sophisticated ML models, including a Long Short-Term Memory (LSTM) network for identifying domain generation algorithms and logistic regression models for detecting malicious command-line activity. This initial filtering reduced the dataset to 2.6 billion alerts, representing just 0.02% of original events. The second stage performs deduplication and correlation, grouping related alerts such as denial-of-service attacks or scanning activity, which reduced the count to 251.4 million alerts.

The third stage applies context-based suppression, filtering alerts based on customer-specific circumstances such as authorized vulnerability scanning or known false positives from threat intelligence feeds. This suppression removed 16% of remaining alerts, leaving 211 million. The final prioritization stage employs a Gradient Boosted Trees Classifier trained on 1.8 million historical alerts, using both static features like MITRE techniques and dynamic features tracking investigation rates for similar alerts. This model automatically closes low-probability threats while elevating high-risk alerts, ultimately reducing the two-week dataset to 81,573 high and critical alerts.

The system successfully identified an infostealer attack affecting one customer through two high-severity password theft alerts. When analysts examined surrounding medium and lower-severity alerts for context, they discovered anomalous program behavior followed by malware detections and behavioral indicators of credential theft. The pattern repeated twice on the same user's machine, confirming compromise. Sophos contacted the customer and initiated incident response procedures to contain the attack.

Organizations operating large-scale SOCs should implement similar multi-stage filtering approaches rather than relying on single-layer detection systems. The research demonstrates that combining rule-based detection, machine learning models, and context-aware filtering can reduce alert volumes to manageable levels while maintaining threat detection capability. Future development will focus on applying prioritization models to grouped incidents rather than individual alerts, potentially improving detection accuracy through aggregated alert analysis.

Subscribe now

Source: https://www.sophos.com/en-us/blog/a-needle-in-a-stack-of-needles-hunting-infostealers-with-ai

US and French law enforcement have seized two prominent deepfake pornography websites and arrested their alleged operators in coordinated international enforcement actions. The US Departments of Justice and Homeland Security seized CFake.com and SOCFake.com under the TAKE IT DOWN Act, federal legislation signed in May 2025 that criminalizes publication of nonconsensual intimate imagery, including AI-generated forgeries. The law allows platforms 48 hours to remove flagged content and imposes penalties up to two years imprisonment.

Seizure warrants revealed the sites hosted digitally forged images depicting politicians, royalty, journalists, athletes, and entertainers, organized under disturbing categories including rape, forced acts, and degradation. Following a US tip to Paris prosecutors, French investigators identified a suspect in Nice and documented the scale of CFake.com's operations. The site contained roughly 300,000 images and 7,000 videos depicting 14,000 individuals, attracting four million monthly views from 200,000 user accounts.

French authorities arrested an IT professional with no prior criminal record, seizing approximately $64,000 in Ether cryptocurrency from his residence, representing advertising revenue from the site. The suspect faces trial on July 7 in Paris on charges of conducting illicit online transactions and providing nonconsensual sexual deepfakes. Combined, these charges carry potential penalties of up to ten years imprisonment and €575,000 ($667,000) in fines.

These actions follow other recent prosecutions under the new law. In April, Ohio resident James Strahler II pleaded guilty to cyberstalking, producing child sexual abuse material, and publishing digital forgeries after creating over 700 images and sending deepfake material to at least six adult women. In May, the DOJ arrested Cornelius Shannon and Arturo Hernandez for publishing thousands of deepfake images of both prominent and private individuals.

Security experts warn that despite these enforcement successes, nonconsensual deepfake production continues to accelerate. Deepfake incidents jumped 257% in 2024, with girls representing 94% of victims in reported AI-generated child sexual abuse cases. Victims should preserve evidence including screenshots, URLs, and communications before filing takedown requests. Experts recommend limiting high-resolution facial images posted publicly, as these provide the source material for deepfake generation tools.

Subscribe now

Source: https://www.malwarebytes.com/blog/ai/2026/06/deepfake-posting-sites-depicting-famous-women-taken-down-by-feds

Major enterprise software vendors are embracing "headless ERP" concepts that separate user interfaces from underlying business logic, following Salesforce's recent launch of Headless 360 for its CRM platform. Seth Ravin, CEO of third-party support vendor Rimini Street, argues this architectural shift allows enterprises to escape vendor-mandated upgrade cycles by building custom interface layers using AI agents or workflow tools while maintaining existing ERP databases. The approach eventually enables migration to open source databases like PostgreSQL or MongoDB without replacing entire systems.

A Censuswide study of 4,295 C-level executives commissioned by Rimini Street found 70 percent do not consider traditional ERP the future of enterprise software. Among respondents, 36 percent preferred composable, API-driven architectures using best-of-breed components, while 33 percent favored agentic ERP with autonomous AI-driven decision-making capabilities. This sentiment reflects growing frustration with monolithic ERP systems that require costly, disruptive upgrades on vendor timelines.

SAP, the dominant ERP vendor serving major global manufacturers, reversed its policy of restricting AI agent capabilities to cloud-based systems after customer pushback. The company initially announced that innovations would only be available in its latest S/4HANA suite and cloud products, but demand from users forced a policy change in 2025. Despite this flexibility, SAP continues struggling with customer migrations from legacy systems. Gartner data from Q4 2024 showed only 39 percent of SAP's 35,000 ECC customers had purchased licenses to begin transitioning to S/4HANA, and the company fell approximately €2 billion short of its target for converting on-premises support contracts to cloud revenue.

Ravin contends that agentic AI capabilities are disrupting vendor control over enterprise software roadmaps. He argues customers are moving faster than vendors anticipated, breaking monolithic ERP systems into microservices connected via APIs. This decomposition allows organizations to maintain legacy systems while gradually modernizing specific components, rather than undertaking risky full-scale replacements. Rimini Street, which provides support for legacy ERP systems through 2040 without vendor involvement, has a business interest in giving customers time to develop migration strategies.

The headless ERP trend reflects broader industry pressure as investors scrutinize traditional software business models in light of AI coding tools and autonomous agents. Whether this architectural approach becomes standard practice remains uncertain, but major vendors like Salesforce and SAP are responding to customer demands for greater flexibility and control over their enterprise systems. Organizations evaluating ERP strategies should assess whether headless architectures align with their technical capabilities and business requirements before committing to specific vendor platforms or migration timelines.

Subscribe now

Source: https://www.theregister.com/ai-and-ml/2026/06/16/erp-users-may-soon-get-ahead-by-going-headless-says-rimini-street-boss/5253619

Electronic warfare, drone operations, and cyber intrusions now function as a single integrated weapon system, with adversaries timing digital attacks to coincide with physical strikes for maximum effect. This convergence represents a fundamental shift from traditional hybrid warfare concepts, where cyber operations served as supporting elements rather than synchronized components of kinetic force. The electromagnetic spectrum has become contested ground, with jamming and spoofing operations affecting not just military targets but civilian aviation, shipping, and navigation systems hundreds of miles from active conflict zones.

The 2026 Iran-Israel conflict and ongoing operations in Ukraine illustrate this integration in practice. Iranian-aligned groups launched spear-phishing campaigns, ransomware attacks, and infrastructure intrusions against energy systems, airports, and government networks while missiles and drones struck physical targets. In Ukraine, the cost imbalance is stark: drones costing $500 can destroy tanks worth $12 million, forcing both sides to flood the battlefield with unmanned systems while electronic warfare crews work to jam control links. The jamming intensity has driven Ukrainian developers to frequency-hopping radios and eventually fiber-optic guided drones that trail hair-thin glass filaments, eliminating radio emissions entirely.

The interference extends well beyond military operations. In January 2026, 13 European nations and Iceland issued joint warnings about GPS jamming and spoofing affecting maritime safety and commercial shipping. Aviation faces similar disruption, with the UK Defence Secretary's flight from Estonia jammed for its entire duration in May, forcing crews to rely on inertial navigation. These attacks exploit fundamental vulnerabilities in civilian systems like ADS-B aviation surveillance, which broadcasts aircraft position and identity without authentication, allowing adversaries with commodity hardware to inject false data that appears identical to legitimate signals.

Critical infrastructure faces the most serious long-term threat through pre-positioning operations, where adversaries establish quiet access to energy grids, water systems, and industrial control networks months or years before launching visible attacks. More than one-third of global energy and utilities infrastructure is estimated to have already experienced such pre-positioning by state-aligned actors and AI-assisted adversaries. Legacy operational technology in industrial environments compounds the risk, as these systems were designed for reliability rather than security, making them difficult to patch, poorly segmented, and challenging to monitor for intrusions.

Organizations should treat this convergence as an operational risk rather than a purely military concern. Security teams need to map dependencies in operational technology environments, implement network segmentation between IT and industrial control systems, and establish monitoring for unusual access patterns that might indicate pre-positioning. Supply chain security requires particular attention, as interdependencies mean a single compromise can cascade across multiple organizations. Aviation and maritime operators should prepare backup navigation procedures that do not rely solely on GPS, while critical infrastructure providers must assume adversaries already have some level of access and focus on detection and containment rather than prevention alone.

Subscribe now

Source: https://socradar.io/blog/modern-hybrid-warfare-cyber/

Multiple state attorneys general have launched a coordinated investigation into OpenAI, issuing subpoenas on Friday demanding internal documents related to user data practices, minor safety protections, and advertising operations. New York, Colorado, and additional states are participating in the probe, which OpenAI confirmed in a Saturday statement. The company said it takes the concerns seriously and intends to engage constructively with state officials while highlighting that recent ChatGPT versions include stronger safeguards like parental controls.

The investigation reflects mounting regulatory scrutiny of artificial intelligence companies as documented cases of children harming themselves after using AI technology have increased alongside a surge in AI-generated scams. States have taken independent action on AI regulation this year, introducing dozens of bills and enacting over 100 laws that ban chatbots for young users, require security testing, and protect copyrighted materials from unauthorized AI training. The Trump administration recently barred Anthropic from allowing foreign nationals access to certain AI systems and issued an executive order requesting voluntary government oversight of new AI models before public release.

State-level enforcement actions against AI companies have already produced significant legal consequences. Florida became the first state to sue OpenAI this month, alleging ChatGPT poses risks to children and that the company failed to disclose product dangers. Florida's attorney general has also opened a criminal investigation into OpenAI based on messages between the chatbot and a suspect in a deadly Florida State University shooting. In January, California's attorney general announced an investigation into x.AI for generating non-consensual sexualized images of real women and minors.

Previous state investigations into tech companies have resulted in substantial financial penalties and prolonged litigation. New Mexico investigated Meta in 2023 for child safety violations on its social media platforms, including predators' ability to contact minors. Attorney General Raúl Torrez sued the company and secured a $375 million jury award in March. Kentucky has similarly sued Character.AI for violating consumer protection laws by exposing children to dangerous technology uses.

OpenAI declined to provide additional details about the current investigation beyond its public statement. The company emphasized its commitment to learning and improving safety measures, acknowledging that enhanced protections do not change what affected families have experienced. The New York Times, which is suing OpenAI and Microsoft for copyright infringement related to AI training on news content, first reported the investigation following initial coverage by The Wall Street Journal.

Subscribe now

Source: https://www.nytimes.com/2026/06/13/technology/states-investigating-openai.html

The White House may have restricted exports of Anthropic's Mythos AI system after intelligence suggested a China-linked group gained access to the advanced model, according to a Semafor report. The restrictions target Mythos 5 and Fable 5, two versions of Anthropic's AI technology that could pose national security risks if obtained by foreign adversaries.

Anthropic, a leading AI research company, developed Mythos as part of its portfolio of large language models. The system represents significant advances in AI capabilities, making it a valuable target for foreign intelligence operations. Export controls on advanced AI systems have become increasingly common as governments recognize the strategic importance of maintaining technological advantages.

The primary concern centers on model distillation, a technique where a less capable AI system is trained using outputs from a more advanced model. Through this process, adversaries could create their own versions that replicate much of the original system's behavior and capabilities without needing access to the underlying architecture or training data. This method allows foreign actors to bypass years of research and development while avoiding the computational costs of training models from scratch.

If Chinese government entities successfully accessed Mythos 5 or Fable 5, they could analyze the models' responses, decision-making processes, and capabilities to inform their own AI development programs. Such access would provide insights into cutting-edge AI techniques and potentially compromise any applications built using these systems. The White House has not officially confirmed the Semafor report, and Trump advisor David Sacks made no mention of China in his public statements about the restrictions.

Organizations using Anthropic's AI systems should review their access controls and monitor for unusual query patterns that might indicate unauthorized access. Security teams should implement additional logging for API calls and consider restricting deployment of sensitive AI models to air-gapped environments where appropriate. Companies should also evaluate their supply chain security to ensure AI systems are not exposed through third-party integrations or cloud service providers.

Subscribe now

Source: https://www.theverge.com/ai-artificial-intelligence/949644/china-white-house-anthropic-mythos

AI agents are moving beyond pilot projects into production environments where they autonomously access sensitive documents, invoke internal APIs, trigger workflows, and make decisions traditionally requiring human judgment. Security leaders recognize these systems introduce risk, but many organizations lack clear governance frameworks for managing agents once they begin operating independently across enterprise infrastructure.

The fundamental security challenge with AI agents differs from traditional software systems. While their technical capabilities matter, the greater concern is their autonomous behavior and delegated authority. These agents act on behalf of users or systems, making decisions and taking actions without constant human supervision, which creates new attack surfaces and accountability gaps.

Existing NIST and ISO frameworks provide applicable guidance for AI agent governance despite being developed before widespread agent deployment. These standards address core security principles including access control, audit logging, risk assessment, and operational monitoring. Organizations can adapt framework requirements to cover agent-specific scenarios such as API invocation limits, data access boundaries, and decision approval thresholds.

The operational impact of ungoverned AI agents extends beyond technical security risks. Agents with excessive permissions could expose confidential information, execute unauthorized transactions, or make business decisions outside acceptable parameters. Without proper governance controls, organizations face compliance violations, data breaches, and operational disruptions caused by agent actions that bypass normal approval processes.

Security teams should implement governance controls before expanding AI agent deployments. Recommended actions include mapping agent capabilities to existing security policies, establishing monitoring for agent activities, defining clear authority boundaries, and maintaining human oversight for high-risk decisions. Organizations should also document agent behaviors, create incident response procedures for agent-related security events, and regularly audit agent permissions against business requirements.

Subscribe now

Source: https://www.helpnetsecurity.com/2026/06/12/nist-iso-frameworks-govern-ai-agents/

Federal authorities have dismantled AudiA6, a major cryptocurrency laundering operation that processed approximately 10,333 Bitcoin (valued at roughly $389 million) since launching in 2021. The US Secret Service Cyber Investigative Section and IRS Criminal Investigation led the operation, resulting in the arrest of two alleged senior members in Batumi, Georgia: 37-year-old Ukrainian national Ruslan Igorevich Tkachuk and 25-year-old Russian Alexander Vladimirovich Ledenev. Both face charges of conspiring to launder monetary instruments and commit money laundering in the Eastern District of Pennsylvania, carrying potential sentences of up to 20 years in prison.

According to the criminal complaint, Tkachuk and Ledenev operated AudiA6 alongside an illegal forum called Dark2Web, where they advertised their money laundering capabilities. The service promised to conceal and disguise the origin of traceable cryptocurrency for fees reaching 5%. Investigators used blockchain analysis tools to trace the flow of funds through the network, identifying connections to criminal enterprises.

Blockchain forensics revealed that 393.39 BTC (approximately $19.2 million) originated directly from ransomware organizations, dark web marketplaces, and other cybercrime platforms. Additional illicit funds were routed indirectly through the service to blend with legitimate transactions, complicating tracing efforts. The operation advertised its services on Dark2Web, attracting clients seeking to obscure the criminal origins of their cryptocurrency holdings.

The coordinated takedown involved simultaneous actions across multiple jurisdictions. Law enforcement personnel searched three properties, seized digital devices, blocked active Telegram accounts used by the network, and froze remaining cryptocurrency assets. Federal agents seized servers and domains located in the United States, Iceland, Germany, and France, replacing both clear web and dark web sites with law enforcement seizure banners. The operation received support from Europol, Eurojust, and authorities from Australia, Canada, France, Germany, Iceland, Japan, Poland, and Switzerland.

Authorities discovered that the AudiA6 group used commercial email providers and custom domain email addresses to register money mule accounts with cryptocurrency exchanges. Law enforcement has published 19 domains associated with the operation, including smplfy.in, lett.email, trayo.app, and pheontx.eu, enabling exchanges to identify and block accounts linked to the laundering service. Both suspects remain in Georgian custody awaiting extradition proceedings to the United States.

Subscribe now

Source: https://hackread.com/feds-seize-audia6-dark2web-crypto-laundering-case/

Cybersecurity firm Rubrik has acquired Strata.io, an identity orchestration company, and introduced two new identity resilience capabilities designed to help organizations maintain operations during identity provider compromises. The acquisition terms were not disclosed. The new offerings, Identity Continuity and Identity Roll Forward, are currently in private preview.

Strata.io specializes in unifying fragmented Identity and Access Management (IAM) infrastructures across multi-cloud, hybrid, and on-premises environments without requiring application code rewrites. The company's CEO and co-founder, Eric Olden, co-authored the SAML identity federation standard used widely for authorization and authentication. Strata CTO Granville Schmidt chairs the JavaScript security working group.

Identity Continuity, powered by the Strata acquisition, automatically fails over to a secondary Identity Provider when the primary IdP goes down, keeping critical applications online during incidents. Identity Roll Forward, developed in-house by Rubrik, addresses a longstanding challenge in identity system recovery. The capability allows organizations to restore Active Directory to a clean state while preserving legitimate changes such as employee onboarding and offboarding, eliminating the need to choose between rolling back to a compromised state or losing weeks of business progress.

The launch responds to research from Rubrik Zero Labs indicating that 90% of IT and security leaders identify identity-based threats as their primary concern. When identity providers are compromised, organizations traditionally face difficult choices between maintaining business continuity and removing attacker persistence. Identity Roll Forward uses Rubrik intelligence and third-party signals to identify, isolate, and reverse unauthorized changes while keeping legitimate modifications intact.

Rubrik Chief Product Officer Anneka Gupta stated the combined solution eliminates the traditional trade-off between recovering to a clean state and maintaining business progress. The acquisition extends Rubrik's identity resilience portfolio, with Chief Business Officer Mike Tornincasa noting that Strata addresses the critical gap of Identity Continuity. The combined team will focus on what Rubrik describes as complete Identity Resilience, including work on agentic identity management.

Subscribe now

Source: https://itwire.com/it-industry-news/deals/rubrik-advances-identity-resilience-through-strata-acquisition-and-identity-roll-forward-innovation

Nearly all software development teams have adopted AI coding assistants, but a critical governance gap is preventing organizations from realizing the full productivity benefits these tools promise. An independent survey of 831 software engineers and DevOps professionals conducted by UserEvidence for Black Duck in March 2026 found that 97% actively use AI coding tools, yet only 30% have implemented formal oversight policies. GitHub Copilot and Claude Code lead adoption, used by 83% and 63% of teams respectively, with most organizations running multiple assistants simultaneously.

The productivity gains are substantial but come with hidden costs. Teams report that AI assistants return an average of eight hours per week to developers, and 92% credit the tools with faster, more productive releases. However, nine in ten teams encounter problems with AI-generated code somewhere in their workflow, indicating that these tools often shift effort downstream rather than eliminating it entirely. The friction points occur primarily after code generation: 52% cite manual code review as a bottleneck, 51% point to security testing, 48% report reworking generated code, and 41% spend time iterating on prompts.

Security concerns escalate with increased usage. Among teams where AI-written code has grown by more than half, 57% identify security testing and vulnerability remediation as their worst bottleneck. Nearly two-thirds (64%) of all teams express moderate to extreme concern that AI assistants will introduce security defects, with the heaviest users showing the greatest worry. Diana Kelley, CISO at Noma Security, emphasized that faster code does not equal safer code, as developer time increasingly shifts toward validating and securing AI output. Nicole Carignan, field CISO at Darktrace, warned that AI-generated code can conceal weak authentication, exposed secrets, over-permissioned APIs, and opaque external dependencies.

Teams with formal governance structures demonstrate significantly better outcomes. Where AI use is fully governed, 90% report major efficiency gains, compared to 58% overall and just 44% among teams without full governance. Despite this clear advantage, a quarter of organizations have no defined AI coding policy whatsoever. While 68% consider automated tracking of AI-generated code extremely important, many still rely on manual flagging through pull-request comments rather than systematic oversight.

Security experts recommend treating AI-generated code as a supply-chain risk requiring dedicated controls. Ram Varadarajan, CEO of Acalvio, argues that governance, not the assistants themselves, now represents the primary challenge. Organizations should implement policy frameworks, secure coding standards, and mandatory human review. The survey found that 86% of teams believe an AI agent or model should vet AI-written code, and 56% want a dedicated AI security agent, though 84% still prefer keeping humans in the loop through pull requests or in-editor suggestions. Black Duck concludes that teams which operationalize AI with proper guardrails and shared standards will prevent efficiency gains from leaking into downstream QA, DevOps, and application security work.

Subscribe now

Source: https://www.infosecurity-magazine.com/news/ai-coding-adoption-governance-lags/

Federal authorities have taken down 13 internet domains allegedly connected to a Chinese intelligence-gathering operation targeting U.S. government personnel. The FBI seized the domains as part of an investigation into efforts to compromise current and former government employees and military personnel who hold security clearances and access to classified information.

The domain seizures represent the latest action by U.S. law enforcement against suspected foreign intelligence operations on American soil. While Chinese state-sponsored cyber espionage campaigns have targeted U.S. government networks for years, this operation appears to have focused specifically on individuals rather than organizational infrastructure. The FBI has not released information about the specific agencies or military branches whose personnel were targeted.

Technical details about the operation remain limited. Authorities have not disclosed whether the domains were used for phishing campaigns, watering hole attacks, or other social engineering techniques commonly employed in intelligence operations. The domains' registration information, hosting providers, and operational timeline have not been made public. It is unclear whether any classified information was successfully exfiltrated through these channels.

The seizure affects an unknown number of potential victims among the U.S. government workforce. Personnel with active security clearances across defense, intelligence, and civilian agencies may have been exposed to the operation. The scope of any successful compromises has not been revealed, and authorities have not indicated whether any arrests have been made in connection with the campaign.

Current and former government employees with security clearances should remain vigilant for suspicious communications and report any unusual contact attempts to their security officers. Organizations should review access logs and authentication records for anomalies. Federal personnel should verify the legitimacy of any websites requesting credentials or sensitive information, particularly those claiming affiliation with government agencies or military organizations.

Subscribe now

Source: https://www.helpnetsecurity.com/2026/06/11/fake-consulting-websites-target-us-security-clearance-holders-china/

Check Point has announced a significant expansion of its Managed Service Provider platform, introducing three strategic capabilities designed to address the challenges MSPs face in securing AI adoption and delivering managed security services. The updates focus on AI governance, centralized management infrastructure, and simplified service delivery models.

The expansion comes as MSPs increasingly need to help clients manage AI security risks while maintaining operational efficiency across multiple customer environments. Check Point's new platform features are specifically designed to address these dual challenges by providing tools that both secure AI usage and streamline the delivery of security services to MSP clients.

The technical enhancements include a new multi-tenant MSP management platform that provides Management Control Plane (MCP) access, allowing MSPs to oversee security operations across multiple client environments from a centralized interface. This architecture is complemented by new AI security and governance capabilities that enable MSPs to monitor and control how AI technologies are adopted and used within their clients' organizations. The platform also introduces unified managed security bundles that consolidate multiple security functions under simplified licensing arrangements.

For MSPs, these updates address operational complexity that has grown as security portfolios expand and AI adoption accelerates across customer bases. The centralized management approach reduces the administrative overhead of managing disparate security tools across multiple tenants, while the unified licensing model simplifies billing and service delivery. The AI governance features provide MSPs with visibility and control mechanisms needed to help clients adopt AI technologies while maintaining security postures.

MSPs using Check Point's platform should evaluate how these new capabilities integrate with their existing service offerings and client security requirements. Organizations that rely on MSPs for security services may want to discuss with their providers how AI governance features can be applied to their environments, particularly if they are deploying or planning to deploy AI technologies. The unified security bundles may also present opportunities to consolidate security tools and simplify vendor management.

Subscribe now

Source: https://www.helpnetsecurity.com/2026/06/11/check-point-msp-platform-expansion/

AI red teaming has transformed from an obscure discipline practiced by a handful of researchers in 2019 into one of the fastest-growing specialties in cybersecurity. When Ram Shankar Siva Kumar launched Microsoft's AI red team that year, the field was so small that practitioners joked they could fit on a 14-foot catamaran. The arrival of GPT-4 and subsequent large language models forced a complete rethinking of the discipline, as traditional machine learning attack methods no longer worked against these new systems. Today, dedicated AI red teams operate at Microsoft, Anthropic, OpenAI, Google, and Nvidia, but the field continues grappling with fundamental questions about what the job actually entails.

The core challenge stems from AI's probabilistic nature, which distinguishes it fundamentally from traditional software testing. Unlike conventional applications that behave deterministically, AI systems produce varying outputs under identical conditions. The same attack might succeed once in 100 attempts or 90 times in 100 attempts, forcing security teams to evaluate not just whether vulnerabilities exist but how frequently they appear and under what conditions. This probabilistic behavior requires repeated testing under varying conditions to understand system behavior and identify consistently risky outputs.

AI red teaming has expanded far beyond traditional cybersecurity concerns to encompass safety, misinformation, and reputational risks. Microsoft's team now includes psychologists, linguists, and bioweapons specialists alongside conventional security experts. The threat model has also broadened dramatically: while nation-state adversaries remain relevant, AI systems can fail in response to ordinary users asking unexpected questions or creatively manipulating prompts. President Biden's 2023 executive order formally defined AI red teaming and required safety testing for powerful models, though President Trump later revoked it, leaving standards development largely to industry.

The rise of agentic AI systems introduces operational risks that extend beyond generating incorrect text. These systems retrieve information, invoke APIs, process transactions, and access databases with real-world consequences. A vulnerability in an agent that executes business processes represents an operational failure rather than merely a communications problem. Security experts warn that organizations commonly make the mistake of testing only the model itself while ignoring the databases, APIs, and workflows connected to it. An Air Canada chatbot that invented a nonexistent refund policy illustrates how AI systems can cause harm without any attacker involvement.

Organizations deploying AI need to develop internal testing capabilities rather than relying solely on model providers. Security testing can no longer be periodic; as AI systems become more autonomous, continuous behavioral evaluation in production environments becomes necessary. Microsoft has open-sourced AI safety testing tools in recognition that AI risk requires community-wide solutions. Experts predict that AI red teaming will eventually converge with traditional cybersecurity red teaming as AI tools become standard across all security work, though testing probabilistic AI systems themselves will remain a distinct challenge requiring specialized expertise.

Subscribe now

Source: https://www.csoonline.com/article/4181930/ai-red-teaming-comes-of-age.html

More than 200 cryptocurrency firms and industry organizations have called on US Senate leaders to schedule an immediate vote on the CLARITY Act, warning that continued delays could derail the legislation. The coordinated appeal, organized by crypto lobby group Stand With Crypto, was sent Monday to Senate Majority Leader John Thune and Minority Leader Chuck Schumer.

The CLARITY Act passed the Senate Banking Committee last month following what supporters describe as months of bipartisan negotiations. The bill aims to establish a regulatory framework for digital asset markets, addressing long-standing concerns about unclear oversight and enforcement in the cryptocurrency sector. Industry advocates view the legislation as a potential foundation for durable market structure rules.

The letter emphasizes the urgency of bringing the bill to a full Senate vote before an approaching legislative deadline tied to the midterm election cycle. Supporters argue that the Banking Committee's approval demonstrates sufficient bipartisan support to warrant floor consideration. The coordinated lobbying effort reflects growing industry concern that procedural delays could prevent the bill from advancing during the current congressional session.

The push for the CLARITY Act comes as cryptocurrency companies continue to face regulatory uncertainty in the United States. Without clear statutory guidance, firms have operated under a patchwork of enforcement actions and regulatory interpretations from multiple agencies. Industry representatives contend this ambiguity has hindered innovation and pushed some businesses to consider operations outside US jurisdiction.

Organizations supporting the legislation should monitor Senate floor schedules and committee announcements for potential movement on the bill. Companies operating in digital asset markets may want to review their compliance frameworks in anticipation of potential new regulatory requirements if the legislation advances. Industry participants should also prepare for possible amendments or modifications as the bill moves through the legislative process.

Subscribe now

Source: https://cointelegraph.com/news/over-200-crypto-firms-push-senate-to-pass-clarity-act?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound