Microsoft cautions that rapid deployment of workplace AI assistants can turn them into insider threats, calling the risk a "double agent." The company’s Cyber Pulse report explains how attackers can manipulate an agent’s access or feed it malicious input, using its legitimate privileges to cause damage inside an organization. Microsoft urges firms to treat AI agents as a new class of digital identity, apply Zero Trust principles, enforce least‑privilege access, and maintain centralized visibility to prevent memory‑poisoning attacks and other forms of tampering. Read more →

Cybercriminals are leveraging artificial intelligence to target the weakest link in cloud‑based software: user identities. AI accelerates the gathering of employee data, sifts massive credential dumps for high‑value accounts, creates realistic synthetic personas, and powers fully automated attack frameworks. These capabilities let attackers bypass traditional defenses, infiltrate SaaS environments, and operate undetected. Experts warn that organizations must shift security focus to continuous identity verification, behavioral analytics, and AI‑enhanced defenses to counter the growing AI‑enabled identity threat. Read more →

Vibe coding—using large language models to write software from prompts—offers faster development and broader accessibility, but it also introduces serious security risks. Studies show a significant portion of AI‑generated code contains serious flaws, and attackers can exploit poisoned code libraries to spread vulnerabilities. Experts stress that human oversight, strict code reviews, private sandboxed models, and Zero‑Trust access controls are essential to mitigate these threats while still benefiting from the efficiency of AI‑assisted development. Read more →