Homepage News Details
AI Agent Security Assessment: Only 11% Pass the Security Threshold
2026-06-08 09:27
Favorite

en.Wedoany.com Reported - This week in industrial OT and physical security, Chuck Davis, Global Vice President of Information Security at Hikvision, explained in an interview how zero trust applies to physical security systems such as cameras and door controllers, noting that these devices should be treated as IT assets, requiring trust decisions at the edge without rebuilding old perimeter assumptions, and mentioned lessons learned from the Mirai botnet. In another interview, Avani Desai, CEO of Schellman, discussed the gap between an organization's perception of its data and the actual findings from discovery scans, including unexpected issues like shadow data in abandoned cloud storage and duplicate datasets from mergers slowing down integration. Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, analyzed common mistakes security teams make when preparing for CMMC and FedRAMP 20x, such as checking 110 requirements while overlooking the 320 assessment objectives beneath them. Regarding vulnerability management in real-time manufacturing environments, a viewpoint was raised that a CVSS 10 vulnerability in OT or ICS environments cannot be simply patched, requiring a shift from critical vulnerabilities to manageable risks.

Developments in AI security are intensive. An independent evaluation of 100 production-grade AI agents found that only 11% passed the security threshold, with nearly all agents being susceptible to control by a single malicious document. OWASP released Agent Memory Guard, an open-source runtime defense layer positioned between the agent and its memory storage, filtering every read and write through a detector pipeline and YAML policies, serving as a reference implementation for OWASP ASI06 (Memory Poisoning). The Linux Foundation launched the DNS-AID project, enabling AI agents to discover and authenticate each other via DNS. Researchers from the University of Toronto, the Vector Institute, and the University of Cambridge built and tested a proof-of-concept AI-powered worm that analyzes each target, reasons about how to attack, and creates strategies on the fly using a small large language model (LLM) running on already compromised machines. AgentGG is an open-source agent SAST scanner released under the Apache 2.0 license. Agent Threat Rules (ATR) is an open detection rule format for AI agent security threats. Anthropic expanded its cybersecurity initiative Project Glasswing to 150 organizations across more than 15 countries. Microsoft Defender Vulnerability Management updated its exposure scoring model, adding vulnerability risk signals and asset context. Microsoft also launched the Microsoft Scout agent, inaugurating a new category of always-on autopilots. Codex knowledge work has been extended to research, reports, and spreadsheets. NVIDIA open-sourced a large set of physical AI agent tools aimed at simplifying the development of robots, autonomous vehicles, and industrial digital twins. ETSI released TS 104 033, defining security requirements for AI computing platforms. Let's Encrypt plans to pursue post-quantum secure Web PKI through Merkle Tree Certificates (MTCs). A research team constructed an attack named BadBone, implanting backdoors in backbone models to cause downstream tasks to inherit the backdoor.

In terms of vulnerabilities and attack incidents, a firewall authentication bypass vulnerability (CVE-2026-0257) disclosed by Palo Alto Networks on May 13 has seen limited exploitation attempts, though no successful lateral movement has been observed. The Belgian Cybersecurity Centre (CCB) warned that a Windows Netlogon remote code execution vulnerability (CVE-2026-41089) is being actively exploited in the wild; this is a stack-based buffer overflow vulnerability in Netlogon. An unpatched 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager is being exploited by attackers. Google released the June 2026 Android security update, fixing multiple vulnerabilities including a high-severity vulnerability in the Android framework (CVE-2025-48595), which may be subject to limited, targeted exploitation. NIST was criticized by a U.S. federal oversight body for failing to effectively manage the growing backlog of unprocessed vulnerabilities in the National Vulnerability Database (NVD). Brute-force attacks triggered account suspensions for the password manager Dashlane, which subsequently disclosed that attackers had accessed encrypted password vaults for some user accounts. McAfee researchers discovered a malware-as-a-service (MaaS) operation named WeedHack targeting Minecraft users, infecting over 116,000 systems. A data leak from the cheat service Atlas Menu for Grand Theft Auto V and Counter-Strike 2 exposed approximately 64,000 accounts. Spain's National Police arrested a man in Granada suspected of leaking personal data of members of sensitive state institutions. Meta added stricter guardrails to its platforms for teen feeds. The FBI warned that cybercriminals are impersonating FIFA websites for scams ahead of the World Cup. Anthropic released AI for cyber abuse analysis, examining 832 accounts disabled for malicious cyber activity and mapping them to the MITRE ATT&CK framework. Dashlane confirmed that brute-force attacks triggered account lockouts and authentication issues.

In industry ecosystem and policy, U.S. state legislatures passed 145 AI-related laws in 2025, with over 1,000 additional bills proposed or amended. EU organizations are overwhelmed by the expansion of frameworks like NIS2 and DORA. OpenAI frontier models and Codex are now available on AWS. KDE Linux removed multiple kernel modules and software packages following a security audit. Microsoft Defender Vulnerability Management updated its exposure scoring model. Numerous product and tool releases were announced (Asimily, depthfirst, Diligent, Hyland, MazeBolt, Noma, etc.). A Cloud Security Alliance survey found that 80% of organizations experienced an application security-related incident in the past year, linked to documented vulnerabilities. GitGuardian analysis revealed an average of 150 secrets found on developer endpoint samples. Attackers are aware of secrets on developer machines. The CIS SecureSuite platform was launched to simplify security management. Predictions for the June 2025 Patch Tuesday and risk analysis for major events were noted. Existing cybersecurity positions and updates to new information security products were also covered.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com

America
Spain
Information and CommunicationInformation Security and Data Security EngineeringArtificial Intelligence Engineering
Previous:Advanced Public Cloud Summit Releases "Advanced Public Cloud" White Paper and Karamay Super Intelligent Agent
Next:Mitsubishi Brazil Cuts Prices Across All Models, Up to 55,000 Reais Off
Related Products
Negotiable
G.652.D Wavelength-extended Non-dispersion Shifted Single-mode Optical Fiber
HONGAN GROUP CO., LTD.
Negotiable
Industrial and Commercial Point-Type Gas Detector
Jinan Benan Technology Development Co., Ltd.
Negotiable
Intelligent Manufacturing
DONGFANG ELECTRIC CORPORATION
Negotiable
SIS Safety Instrumentation Solution
Beijing Consen Automation Technology Co., Ltd.
Negotiable
Wireless LAN | AirEngine 5776-56T Access Point
Huawei
Negotiable
Office Data Leakage Prevention Solution
Sangfor Technologies Inc.
Negotiable
Unmanned Driving FAO
UniTTEC Co., Ltd.
Negotiable
Neolix X3 Autonomous Delivery Vehicle
Neolix Beijing Technology Co., Ltd.
Negotiable
Intelligent Operations and Maintenance Solutions
Chengdu Yunda Technology Co., Ltd.
Negotiable
Automatic Aiming Laser Remote Obstacle Removal Robot
Pinggao Group Weihai High-Voltage Apparatus Co., Ltd.
Negotiable
Direct Burial Cable GYHTY53
ETERN GROUP COMPANY LIMITED
Negotiable
Flat Portable Satellite Terminal 0.35m Aperture Manual Portable Terminal
China Starwin Science & Technology Co., Ltd.
Related Recommendations
US ITI Warns EU Digital Sovereignty Plan Could Backfire
2026-06-08
Spain's Telefónica Acquires LineoX for €90 Million
2026-06-08
Ciena Reports Q2 Revenue of $1.57 Billion, EBITDA Up 324% Year-over-Year
2026-06-08
Athena Global Learning Launches in Marquette, Focusing on AI Literacy Education for Learning and Training
2026-06-08
Safaricom Launches $6 Monthly Plan, Escalating Kenya's Broadband Price War
2026-06-08
AVEVA Platform to Introduce Industrial Knowledge Graph
2026-06-08
US CISA Adds High-Severity SolarWinds Serv-U Vulnerability to KEV Catalog
2026-06-08
AI Agent Discovers 21 Zero-Day Vulnerabilities in FFmpeg, Chrome Patches 429
2026-06-08
Google rolls out Meet for Android Auto to all users
2026-06-08
Cognizant Establishes New Roles Such as Frontier Certified Engineer in the US
2026-06-08
Lastest Bulletin
1
Sanming City in Fujian, China, Rated Grade A for Sponge City Construction Performance
2
China's Hainan Issues Opinions on High-Quality Urban Development, Aiming to Build Modern People's City by 2035
3
China Renovates 770,000 km of Urban Underground Pipelines, Adds 50,000 MW of Heating Capacity
4
Amgen Reports New Results from Evolocumab Trial in the US: 25% Risk Reduction in Primary Endpoint
5
US ITI Warns EU Digital Sovereignty Plan Could Backfire
6
Germany's healthcare cost-cutting plan leads to 50% reduction in Eli Lilly's investment and Boehringer Ingelheim's suspension of €900 million project
7
China's Pingshan County, Sichuan Launches Procurement Bid for 280,000 Tons of Crushed Stone and Manufactured Sand
8
Spain's Telefónica Acquires LineoX for €90 Million
9
Ciena Reports Q2 Revenue of $1.57 Billion, EBITDA Up 324% Year-over-Year
10
Hydro Completes Bauxite Environmental Restoration Goal in Brazil 11 Years Ahead of Schedule