Information Security Buzz

Machine identities now outnumber human users by ten to one in many organisations. Service accounts created on demand, API tokens spun up and never retired, AI agents accumulating access with no structured offboarding. Most IAM systems were never designed to track any of this at scale.

The result is a visibility problem that attackers understand well. Compromised credentials remain the top initial access vector in breaches, and when nobody has a clear picture of who or what has access to what, the window to catch something and contain it stretches considerably.

David Canellos, CEO of Axiad, writes about what it actually takes to close that gap. His argument is that quarterly access certifications and manual reviews create an appearance of control without surfacing the exposures that actually matter.

🔗 Learn more: https://informationsecuritybuzz.com/the-missing-link-in-cyber-resilience-bridging-the-identity-visibility-gap/

The Missing Link In Cyber Resilience: Bridging The Identity Visibility Gap The enterprise security perimeter didn't evolve; it dissolved, and what replaced it isn't a newer, stronger boundary. It's the absence of one.  Today's

The Verizon 2026 DBIR is out, and ten security professionals share their take on what it means.

Weighing in:

Matt Hartman (Merlin Group), Jason Soroko (Sectigo), Collin H. (Black Duck), Chandra Gnanasambandam (SailPoint), ☁️ Trey Ford (Bugcrowd), Morey Haber (BeyondTrust), Mika Aalto & Maxime Cartier (Hoxhunt), Ram Varadarajan (Acalvio Technologies), and Diana Kelley (Noma Security)

🔗 Full article: https://informationsecuritybuzz.com/verizon-dbir-26-the-experts-are-saying/

Verizon DBIR 2026: What The Experts Are Saying Hear from several security experts to get their views on the DBIR and what it means for today's businesses. Read more...

The UK's National Cyber Security Centre, alongside authorities in the US, Australia, Canada, and New Zealand, has published guidance advising organisations to slow down on agentic AI deployment until governance and security tooling are more mature.

The concern is specific: agentic AI takes actions, not just generates answers. That changes the risk profile considerably. The NCSC flags overprivileged agents with broad access to email, finance, and internal systems, prompt injection attacks, and cascading failures across connected systems as the key areas of exposure.

Experts offer their read on the guidance: Rajeev R. (Averlon) & Steven Swift (Suzu Labs)

🔗 Full story: https://informationsecuritybuzz.com/ncsc-warns-organisations-not-to-rush-into-agentic-ai/

informationsecuritybuzz.com