Help Net Security

AI agents run across many platforms, and each one needs a way to locate and confirm the identity of the others it works with. The Linux Foundation’s DNS-AID project gives them that capability through the Domain Name System, the same address lookup system that has directed internet traffic for decades. The project lets AI agents and Model Context Protocol (MCP) servers use DNS as a global, vendor-neutral directory for publishing, discovering, and verifying one another. … More → The post DNS-AID lets AI agents find and verify each other through DNS appeared first on Help Net Security.

Asimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to flow directly into enforceable network policy without manual translation. No other platform combines full asset visibility, vulnerability prioritization, and segmentation orchestration in a single system. “AI has exploded the volume and sophistication of network attacks against connected devices, and security teams are discovering that visibility tools and manual policies cannot keep pace,” said Shankar Somasundaram, CEO, Asimily. “Attackers are exploiting the space between what organizations … More → The post Asimily turns device risk into automated network policy appeared first on Help Net Security.

In this interview with Help Net Security, Avani Desai, CEO at Schellman, talks about the gap between what organizations think they know about their data and what discovery scans turn up. She shares stories of shadow data in abandoned cloud storage, post-merger surprises where duplicated datasets slowed integration, and why synthetic data is overmarketed while confidential computing stays underappreciated. Desai also explains why smaller companies often beat large enterprises on compliance, and the one question … More → The post Data discovery gaps that catch enterprises off guard appeared first on Help Net Security.

Cybersecurity governance in the EU is shifting under expanding frameworks such as NIS2 and DORA, while AI raises new questions for security teams. What the future brings is hard to predict, and organizations must find a way to cope. Antonija Vojnović, Governance, Risk and Compliance Department Manager at Span, spoke with Help Net Security at the Span Cyber Security Arena conference about how these regulatory frameworks are shaping compliance priorities and day-to-day decision-making. Compliance overload … More → The post EU organizations buckle under rising compliance pressure appeared first on Help Net Security.

AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who plants text in the wrong field can override an agent’s instructions, pull out user data, or steer future tool calls, and the effect survives across sessions because the memory does. Agent Memory Guard is an open-source runtime defense layer that … More → The post OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory appeared first on Help Net Security.

In this Help Net Security video, Alan Snyder, CEO at NowSecure, talks about governing shadow AI without stopping innovation. He frames the problem as two opposing forces. Companies need to adopt AI fast because attackers and competitors will outpace them otherwise, but they also need to do it safely. Snyder argues the pressure to move quickly will win, so leaders must work hard to manage AI risk along the way. He references the first 8-K … More → The post Governing shadow AI without killing innovation appeared first on Help Net Security.

145 AI-related laws were enacted by state legislatures in 2025, and more than 1,000 additional bills were introduced or revised, according to DataGrail’s Privacy and AI Trends Report 2026. Average cost of manual data subject request management (Source: DataGrail) Shadow AI risks Of the 2,400 popular business software providers that advertised AI capabilities, 63.6% did not disclose third-party AI subprocessors in their legal documentation, exposing businesses to shadow AI risks they may not be aware … More → The post 145 AI laws passed in 2025 and privacy teams aren’t catching a break appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI pressure Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered in the United States and operates across multiple jurisdictions. Portelli sat … More → The post Week in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flaw appeared first on Help Net Security.

The Dutch National Police and the country’s National Cyber Security Center (NCSC) have taken offline 200 servers controlling a botnet of 17 million devices, the law enforcement agency announced on Thursday. The investigation was launched after the NCSC received a report by a security researcher, and showed that the botnet consisted of at least 17 million infected devices – computers, mobile phones, IoT devices, routers, etc. – and that the 200 servers used to host … More → The post Dutch police disrupts botnet composed of 17 million devices appeared first on Help Net Security.

Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). “The [malicious] payload was presented as a Fortinet endpoint update and executed through FortiClient-managed VPN scripting workflows,” Arctic Wold researchers noted. About CVE-2026-35616 CVE-2026-35616 is an improper access control vulnerability vulnerability in FortiClient EMS, a centralized management platform through which IT admins deploy, configure, and monitor FortiClient endpoint security software across all devices in … More → The post New infostealer reaches enterprise devices through FortiClient EMS vulnerability appeared first on Help Net Security.