{"id":5271,"date":"2026-06-03T18:34:32","date_gmt":"2026-06-03T23:34:32","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5271"},"modified":"2026-06-03T18:34:32","modified_gmt":"2026-06-03T23:34:32","slug":"ai-ml-in-security-june-7-2026","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5271","title":{"rendered":"AI &amp; ML in Security &mdash; June 7, 2026"},"content":{"rendered":"<style>\n.single .entry-title,\n.single .entry-header .entry-title,\n.single .post-title,\n.single header.entry-header h1,\n.single h1.entry-title,\n.single .page-title,\n.post-template-default h1.entry-title,\n.post-template-default .entry-header,\narticle .entry-header,\narticle .entry-title { display: none !important; }\n.single .entry-header { margin: 0 !important; padding: 0 !important; }\n.single .entry-content { margin-top: 0 !important; padding-top: 0 !important; }\n<\/style>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"background-color:#f4f5f7;\">\n<tr>\n<td align=\"center\" style=\"padding:24px 12px;\">\n<table role=\"presentation\" width=\"680\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"max-width:680px;width:100%;background-color:#ffffff;border-radius:8px;overflow:hidden;box-shadow:0 1px 3px rgba(0,0,0,0.08);\">\n<tr>\n<td style=\"background-color:#581c87;background:linear-gradient(135deg,#581c87 0%,#9333ea 100%);padding:32px 28px 24px;color:#ffffff;\">\n<div style=\"font-size:12px;letter-spacing:2px;text-transform:uppercase;opacity:0.75;margin-bottom:8px;color:#ffffff;\">AI &amp; ML in Security &middot; Issue June 7, 2026<\/div>\n<h1 style=\"margin:0;font-size:28px;line-height:1.2;font-weight:700;color:#ffffff;\">AI &amp; ML in Security<\/h1>\n<p style=\"margin:8px 0 0;font-size:14px;opacity:0.85;color:#ffffff;\">June 7, 2026 &middot; LLM red-teaming, agent identity, MCP, and the platforms reshaping enterprise AI security<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:28px 28px 4px;\">\n<h2 style=\"margin:0 0 12px;font-size:18px;color:#0f172a;border-bottom:2px solid #9333ea;padding-bottom:6px;\">At a glance<\/h2>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">The defining AI-security signal of the last two weeks is fragility under <strong>multi-turn attack<\/strong>. Cisco&rsquo;s threat-intel team ran roughly 37K attacks against 15 frontier models and pushed multi-turn jailbreak success as high as 88% on Grok 4.1 Fast &mdash; widening the gap between vendor safety benchmarks and observed resilience. Microsoft open-sourced <strong>RAMPART<\/strong> and <strong>Clarity<\/strong> for agent red-teaming, and Hadrian&rsquo;s <strong>OpenHack<\/strong> packaged multi-agent vuln-research harnesses for the defender side of the same coin.<\/p>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">In parallel, an <strong>agent-security framework<\/strong> is taking shape. Microsoft articulated platform-level capabilities (prompt-injection resistance, agent identity, runtime sandboxing, model supply-chain controls) and shipped <strong>Windows 365 for Agents<\/strong>, which gives AI agents enterprise-IAM-bound cloud PCs. NSA&rsquo;s CSI on <strong>Model Context Protocol<\/strong> security gave the agent-protocol layer its first national-authority guidance, while Adversa&rsquo;s May roundup catalogued the wider MCP research ecosystem. Only 11% of production agents clear a baseline security bar &mdash; the starting point for everything that follows.<\/p>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">Vendor platforms are converging around agent operations: <strong>Netskope AgentSkope<\/strong>, <strong>Google AI Threat Defense<\/strong>, <strong>Tamnoon TAMI AI Skills<\/strong>, and <strong>Okta&rsquo;s vendor-neutral agent identity<\/strong> push. Microsoft is reportedly bundling Copilot into a super app. And on the offensive side, AI is now both target and weapon &mdash; reshaping vuln research, fraud, synthetic media, and the economics of agent runtimes that token-discipline and observability work now have to tame.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:18px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Topic map &mdash; vendors, frameworks, protocols, and how they cluster<\/h2>\n<div style=\"height:3px;width:48px;background-color:#9333ea;margin-bottom:14px;\"><\/div>\n<p style=\"margin:0 0 8px;font-size:11px;color:#64748b;\">Every major entity in this issue&rsquo;s 24 articles plotted across the four themes we&rsquo;re tracking this cycle &mdash; LLM red-teaming, agent security frameworks &amp; identity, vendor agent platforms, and AI ops\/evals\/economics.<\/p>\n<div style=\"background-color:#ffffff;border:1px solid #e2e8f0;border-radius:8px;padding:14px;text-align:center;\">\n<img decoding=\"async\" src=\"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-content\/uploads\/2026\/06\/topic-map-ai-ml-2026-06-07.png\" alt=\"Topic map of AI &amp; ML in Security issue June 7, 2026\" style=\"max-width:100%;height:auto;display:block;margin:0 auto;\">\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Article index<\/h2>\n<div style=\"height:3px;width:48px;background-color:#9333ea;margin-bottom:14px;\"><\/div>\n<h3 style=\"margin:14px 0 8px;font-size:15px;color:#9333ea;text-transform:uppercase;letter-spacing:1px;\">LLM red-teaming &amp; defensive testing<\/h3>\n<p style=\"margin:0 0 8px;font-size:13px;color:#475569;\">Cisco&rsquo;s multi-turn jailbreak data, Microsoft&rsquo;s RAMPART\/Clarity release, Hadrian&rsquo;s OpenHack, and the spam-flood problem now hitting maintainers as AI-generated vuln reports drown legitimate triage.<\/p>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/28\/cisco-multi-turn-ai-attacks\/\" style=\"color:#1d4ed8;text-decoration:none;\">Frontier AI models collapse under multi-turn attacks, Cisco finds<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 28, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/25\/openhack-open-source-ai-powered-vulnerability-research\/\" style=\"color:#1d4ed8;text-decoration:none;\">OpenHack: Open-source AI-powered vulnerability research<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 25, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/18\/problems-with-ai-assisted-vulnerability-research\/\" style=\"color:#1d4ed8;text-decoration:none;\">AI is drowning software maintainers in junk security reports<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 18, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/developers.openai.com\/cookbook\/examples\/partners\/macro_evals_for_agentic_systems\/macro_evals_for_agentic_systems\" style=\"color:#1d4ed8;text-decoration:none;\">Macro Evals for Agentic Systems<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">OpenAI Cookbook<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#7c3aed;text-transform:uppercase;letter-spacing:1px;\">Agent security frameworks &amp; identity<\/h3>\n<p style=\"margin:0 0 8px;font-size:13px;color:#475569;\">RAMPART\/Clarity, Windows 365 for Agents, the NSA&rsquo;s MCP CSI, the MCP ecosystem roundup, the systems-vs-models reframe, and identity plays from Okta and Microsoft&rsquo;s broader agent-security platform pitch.<\/p>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/thehackernews.com\/2026\/05\/microsoft-open-sources-rampart-and.html\" style=\"color:#1d4ed8;text-decoration:none;\">Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The Hacker News<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 21, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/28\/microsoft-windows-365-for-agents-ai-automation\/\" style=\"color:#1d4ed8;text-decoration:none;\">Microsoft&rsquo;s new cloud PCs place AI agents under enterprise controls<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 28, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/06\/03\/microsoft-ai-agent-security-capabilities\/\" style=\"color:#1d4ed8;text-decoration:none;\">Microsoft responds to security challenges facing code, AI agents, and models<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">June 3, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.nsa.gov\/Portals\/75\/documents\/Cybersecurity\/CSI_MCP_SECURITY.pdf\" style=\"color:#1d4ed8;text-decoration:none;\">NSA CSI: Securing Model Context Protocol Implementations<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">NSA<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/adversa.ai\/blog\/top-mcp-security-resources-may-2026\/\" style=\"color:#1d4ed8;text-decoration:none;\">Top MCP security resources &mdash; May 2026<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Adversa AI<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.biometricupdate.com\/202605\/okta-pushes-vendor-neutral-identity-governance-for-ai-agents\" style=\"color:#1d4ed8;text-decoration:none;\">Okta pushes vendor-neutral identity governance for AI agents<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">BiometricUpdate<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.csoonline.com\/article\/4176725\/ai-security-needs-a-shift-from-models-to-systems-researchers-argue.html\" style=\"color:#1d4ed8;text-decoration:none;\">AI security needs a shift from models to systems, researchers argue<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">CSO Online<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/venturebeat.com\/orchestration\/the-ai-agent-bottleneck-isnt-model-performance-its-permissions\" style=\"color:#1d4ed8;text-decoration:none;\">The AI agent bottleneck isn&rsquo;t model performance &mdash; it&rsquo;s permissions<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">VentureBeat<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#0891b2;text-transform:uppercase;letter-spacing:1px;\">Vendor agent platforms &amp; integrations<\/h3>\n<p style=\"margin:0 0 8px;font-size:13px;color:#475569;\">Google AI Threat Defense, Netskope AgentSkope, Tamnoon TAMI AI Skills, Microsoft&rsquo;s Copilot &ldquo;super app,&rdquo; Gemini-app integrations, and DNS-AID&rsquo;s push to make agents discoverable.<\/p>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/27\/google-ai-threat-defense-released\/\" style=\"color:#1d4ed8;text-decoration:none;\">Google AI Threat Defense targets attackers using AI to find flaws faster<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 27, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.globenewswire.com\/news-release\/2026\/05\/05\/3287732\/0\/en\/netskope-revolutionizes-security-and-network-operations-with-agentskope-including-first-of-kind-agentic-ai-dlp-analysis-and-insider-threat-triage.html\" style=\"color:#1d4ed8;text-decoration:none;\">Netskope Revolutionizes Security and Network Operations with AgentSkope<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">GlobeNewswire<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 5, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/26\/tamnoon-tami-ai-skills\/\" style=\"color:#1d4ed8;text-decoration:none;\">Tamnoon introduces skill-based AI orchestration for autonomous cloud defense<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 26, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.eweek.com\/news\/google-gemini-adobe-canva-capcut-integrations\/\" style=\"color:#1d4ed8;text-decoration:none;\">Coming Soon: Gemini to Add Adobe, Canva, and CapCut for AI Editing<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">eWeek<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/fortune.com\/2026\/05\/29\/microsoft-working-on-super-app\/\" style=\"color:#1d4ed8;text-decoration:none;\">Microsoft is building a super app combining coding, chat, and other Copilot AI tools<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Fortune<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 29, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.infoworld.com\/article\/4178820\/dns-aid-will-make-ai-agents-easier-to-discover-says-linux-foundation.html\" style=\"color:#1d4ed8;text-decoration:none;\">DNS-AID will make AI agents easier to discover, says Linux Foundation<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">InfoWorld<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/variety.com\/2026\/digital\/news\/reactor-real-time-ai-video-funding-jeffrey-katzenberg-1236755883\/\" style=\"color:#1d4ed8;text-decoration:none;\">Reactor, real-time AI video startup founded by ex-Apple engineers, raises $59M<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Variety<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#475569;text-transform:uppercase;letter-spacing:1px;\">AI ops, evals &amp; economics<\/h3>\n<p style=\"margin:0 0 8px;font-size:13px;color:#475569;\">Production-agent security pass rates, agent-skill design pitfalls, domain-tuned LLMs, observability for probabilistic systems, and the token-discipline pressure that Opus 4.8&rsquo;s capabilities have created.<\/p>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/06\/03\/research-ai-agent-security-capability\/\" style=\"color:#1d4ed8;text-decoration:none;\">Only 11% of production agents pass the AI agent security bar<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">June 3, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.oreilly.com\/radar\/agent-skills-work-but-the-research-shows-most-teams-are-building-them-wrong\/\" style=\"color:#1d4ed8;text-decoration:none;\">Agent Skills Work, but Most Teams Are Building Them Wrong<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">O&rsquo;Reilly Radar<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.infoworld.com\/article\/4169605\/21-llms-tuned-for-special-domains.html\" style=\"color:#1d4ed8;text-decoration:none;\">21 LLMs tuned for special domains<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">InfoWorld<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/thenewstack.io\/opus-4-8-claude-smarter-token-discipline-urgent\/\" style=\"color:#1d4ed8;text-decoration:none;\">Opus 4.8 Made Claude Smarter. Token Discipline Got Urgent.<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The New Stack<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/thenewstack.io\/debugging-observable-ai-systems\/\" style=\"color:#1d4ed8;text-decoration:none;\">Debugging the undebuggable: building observability into probabilistic AI systems<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The New Stack<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Detailed write-ups<\/h2>\n<div style=\"height:3px;width:48px;background-color:#9333ea;margin-bottom:14px;\"><\/div>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">1. Frontier AI models collapse under multi-turn attacks, Cisco finds<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Help Net Security &middot; May 28, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Cisco&rsquo;s AI threat-intelligence team tested 15 frontier models across roughly 30,000 single-turn and 7,000 multi-turn attacks and saw single-turn safety hold up much better than multi-turn &mdash; with multi-turn success climbing to <strong>88% against Grok 4.1 Fast<\/strong>. The work formalizes the divergence between vendor safety benchmarks and observed jailbreak resilience: single-turn evals consistently understate risk because real adversaries iterate. CISOs and AI red teams should treat single-turn safety scores as a floor rather than a ceiling and require multi-turn coverage in any model-acceptance pipeline.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/28\/cisco-multi-turn-ai-attacks\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">2. Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">The Hacker News &middot; May 21, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Microsoft released <strong>RAMPART<\/strong> &mdash; a Pytest-native red-teaming framework built on its PyRIT toolkit &mdash; alongside <strong>Clarity<\/strong>, a design-intent sounding board that pushes teams to articulate agent goals and constraints before testing. The pairing matters because most teams skip the &ldquo;what is this agent allowed to do?&rdquo; step entirely, and red-team output without that grounding becomes noise. Open-sourcing both lowers the bar for in-house agent safety testing and gives security teams CI-friendly primitives that drop into existing Python test suites.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/thehackernews.com\/2026\/05\/microsoft-open-sources-rampart-and.html\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">3. Google AI Threat Defense targets attackers using AI to find flaws faster<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Help Net Security &middot; May 27, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Google Cloud unveiled <strong>AI Threat Defense<\/strong>, fusing Gemini, Wiz, CodeMender, and Mandiant into a four-stage <em>Prepare \/ Scan \/ Remediate \/ Monitor<\/em> platform aimed at compressing vulnerability-response timelines. The play is explicit: meet attackers using AI to weaponize disclosures faster by giving defenders an equivalent agentic loop on the same data. Strategically, this is Google productizing the agentic-security primitives it has accumulated through Wiz and Mandiant &mdash; and signaling that AI-assisted exposure management is now a hyperscaler-scale category rather than a startup one.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/27\/google-ai-threat-defense-released\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">4. OpenHack: Open-source AI-powered vulnerability research<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Help Net Security &middot; May 25, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Hadrian released <strong>OpenHack<\/strong>, an MIT-licensed file-based workspace that packages multiple AI agent harnesses for autonomous vulnerability research. The framework lets teams stand up agentic vuln-research pipelines without re-inventing harness plumbing, and it deliberately avoids vendor lock-in by keeping artifacts portable across model providers. For defenders, it&rsquo;s a credible reference for building internal red-team automation; for the disclosure ecosystem, it&rsquo;s another datapoint in the same trend that&rsquo;s simultaneously drowning maintainers in low-quality AI-generated reports (see story #8).<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/25\/openhack-open-source-ai-powered-vulnerability-research\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">5. Microsoft&rsquo;s new cloud PCs place AI agents under enterprise controls<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Help Net Security &middot; May 28, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\"><strong>Windows 365 for Agents<\/strong> spins up dedicated cloud PCs where AI agents run under enterprise IAM and conditional-access policy &mdash; a direct architectural response to shadow-AI sprawl and the agent-identity gap. By giving every agent a real machine identity, a tenant boundary, and access controls equivalent to a human user, Microsoft is forcing the runtime question (&ldquo;who is this agent and what can it touch?&rdquo;) into existing enterprise governance. Expect this pattern to set the template that other agent-platform vendors compete against.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/28\/microsoft-windows-365-for-agents-ai-automation\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">6. Only 11% of production agents pass the AI agent security bar<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Help Net Security &middot; June 3, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">New research benchmarks production agents against a baseline security-capability bar covering authentication, secrets handling, prompt-injection resistance, and least-privilege tool use &mdash; and only <strong>11%<\/strong> clear it. The number is the foundational stat for this issue: most agents now in production lack the controls that any human user account would be required to have. CISOs should use the bar as a procurement and acceptance checklist, and as the spine of internal agent governance policies tied to identity, secrets management, and tool registration.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/06\/03\/research-ai-agent-security-capability\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">7. Microsoft responds to security challenges facing code, AI agents, and models<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Help Net Security &middot; June 3, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Microsoft outlined a coherent agent-security framework across Azure AI and Windows 365 for Agents covering four primitives: <strong>prompt-injection resistance, agent identity, runtime sandboxing, and model supply-chain controls<\/strong>. The packaging is significant &mdash; it gives the market a shared vocabulary that procurement teams can use to compare vendors. For CISOs evaluating multi-vendor agent stacks, treat the four primitives as the minimum capability set and require each vendor to map their controls back to it before signing.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/06\/03\/microsoft-ai-agent-security-capabilities\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">8. AI is drowning software maintainers in junk security reports<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Help Net Security &middot; May 18, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">AI-assisted vulnerability research is flooding open-source maintainers with low-quality, hallucinated reports, eroding the triage capacity that legitimate disclosures depend on. The disclosure ecosystem is a commons, and AI-spam is the tragedy: maintainers describe spending hours per week dismissing reports that look credible but cite nonexistent functions, fabricated CVEs, or syntactically valid but semantically meaningless exploit paths. Expect pushback in the form of stricter intake gates, paid triage tiers, and disclosure platforms that throttle automated submissions.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/18\/problems-with-ai-assisted-vulnerability-research\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">9. NSA CSI: Securing Model Context Protocol Implementations<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">NSA &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">NSA published a Cybersecurity Information Sheet on securing <strong>Model Context Protocol<\/strong> against design-level RCE and zero-click prompt-injection risks affecting Claude Code, Cursor, Windsurf, Gemini-CLI, and Copilot. The CSI is the first national-authority guidance on MCP, and its arrival marks the protocol&rsquo;s transition from developer-tool plumbing to regulated agent infrastructure. Security teams running MCP servers should treat the document as a baseline: enforce per-server allowlists, isolate untrusted content, and gate tool invocation behind explicit human or policy approval for high-blast-radius actions.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.nsa.gov\/Portals\/75\/documents\/Cybersecurity\/CSI_MCP_SECURITY.pdf\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">10. Top MCP security resources &mdash; May 2026<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Adversa AI &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Adversa&rsquo;s curated roundup catalogues the month&rsquo;s leading MCP security research, tools, and disclosures &mdash; a useful single-screen snapshot of where the agent-protocol security ecosystem sits during the coverage window. Read it alongside the NSA CSI for breadth: the CSI tells you what national authorities are emphasizing, the Adversa roundup tells you what red teams and tool builders are actually shipping. Both are required input for any team building an internal MCP threat model this quarter.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/adversa.ai\/blog\/top-mcp-security-resources-may-2026\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">11. Netskope Revolutionizes Security and Network Operations with AgentSkope<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">GlobeNewswire (Netskope) &middot; May 5, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Netskope launched <strong>AgentSkope<\/strong>, an architectural foundation that deploys six initial AI agents &mdash; DLP AISecOps, Insider Threat, Private Access AIOps, two DEM agents, and CCI Insights &mdash; into SOC and NOC workflows. The bet is that SASE telemetry is the right substrate for agentic SecOps and NetOps because it already spans identity, network, data, and application context. For Netskope customers it&rsquo;s a path to consolidated agentic operations; for the broader market it&rsquo;s the strongest current example of a SASE vendor moving up into agent-operations territory.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.globenewswire.com\/news-release\/2026\/05\/05\/3287732\/0\/en\/netskope-revolutionizes-security-and-network-operations-with-agentskope-including-first-of-kind-agentic-ai-dlp-analysis-and-insider-threat-triage.html\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">12. Agent Skills Work, but Most Teams Are Building Them Wrong<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">O&rsquo;Reilly Radar &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">A research-grounded critique of the common mistakes teams make when designing agent skills: poor decomposition, leaky abstractions, and weak evaluation harnesses that make it impossible to tell whether a skill is improving or regressing. The piece is practical &mdash; it names the failure modes and ties each to a fix &mdash; and lands at the right moment as security teams begin building skill libraries internally. Pair this with the OpenAI macro-evals cookbook (#24) for a defensible skill-design and skill-evaluation methodology.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.oreilly.com\/radar\/agent-skills-work-but-the-research-shows-most-teams-are-building-them-wrong\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">13. 21 LLMs tuned for special domains<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">InfoWorld &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">A survey of 21 domain-tuned LLMs spanning legal, medical, code, finance, and security with capability notes and usage tradeoffs. For security buyers it&rsquo;s a useful reference when deciding whether to fine-tune, retrieve, or default to a frontier general model for an internal workload &mdash; an increasingly common procurement question as cost-aware teams look for cheaper substitutes. Treat the list as a starting point for build-vs-buy conversations rather than a definitive ranking; many of the entries are still moving targets.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.infoworld.com\/article\/4169605\/21-llms-tuned-for-special-domains.html\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">14. Okta pushes vendor-neutral identity governance for AI agents<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">BiometricUpdate &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Okta proposed a <strong>vendor-neutral identity framework for AI agents<\/strong>, directly challenging the hyperscaler-bound agent-identity stacks emerging from Microsoft and Google. The pitch is that agent identity should sit outside any single cloud, on the same control plane that already governs humans and machines. For enterprises building multi-cloud agent estates the argument is strong; for hyperscalers it&rsquo;s a competitive threat. Watch which standards bodies pick it up &mdash; that will determine whether vendor-neutral agent identity becomes a real lane or an Okta-only marketing position.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.biometricupdate.com\/202605\/okta-pushes-vendor-neutral-identity-governance-for-ai-agents\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">15. Tamnoon introduces skill-based AI orchestration for autonomous cloud defense<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Help Net Security &middot; May 26, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Tamnoon launched <strong>TAMI AI Skills<\/strong>, skill-based orchestration that strings autonomous cloud-defense workflows across detection, remediation, and posture management. It&rsquo;s the latest example of agentic cloud security shipping as a productized category rather than a custom integration. Procurement angle: ask how skills are versioned, how they handle rollback when a remediation goes wrong, and whether the orchestration layer enforces approval gates for high-impact actions &mdash; the design choices that separate an autonomous defender from a foot-gun.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/26\/tamnoon-tami-ai-skills\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">16. AI security needs a shift from models to systems, researchers argue<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">CSO Online &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Researchers argue that AI security has over-indexed on model-level evals and now has to move to <strong>systems-level threat modeling<\/strong> &mdash; covering data flows, tool use, and human-AI handoffs. The framing matters because most production failures are not model failures but composition failures: a safe model wired to an unsafe tool, or a careful prompt subverted by an upstream summarization step. Use it to reset internal AI threat models away from &ldquo;is the model jailbroken?&rdquo; toward &ldquo;what can the system actually do when something goes wrong?&rdquo;<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.csoonline.com\/article\/4176725\/ai-security-needs-a-shift-from-models-to-systems-researchers-argue.html\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">17. Coming Soon: Gemini to Add Adobe, Canva, and CapCut for AI Editing<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">eWeek &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Google previewed forthcoming integrations connecting Gemini to Adobe, Canva, and CapCut for in-flow AI editing. The headline is consumer\/creative; the security implication is enterprise data flow. Each new agent-to-app integration creates a new data path that DLP, IRM, and content-classification systems have to recognize. Security teams should map these integrations as they ship and decide pre-emptively which to allow, which to broker, and which to block at the SASE or browser-extension layer.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.eweek.com\/news\/google-gemini-adobe-canva-capcut-integrations\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">18. The AI agent bottleneck isn&rsquo;t model performance &mdash; it&rsquo;s permissions<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">VentureBeat &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">The argument: the binding constraint on enterprise agent deployment is not model capability but <strong>authorization and permissions architecture<\/strong>. Agents are blocked from acting at scale because they don&rsquo;t have a coherent way to inherit, delegate, or scope rights across tools and tenants. The piece reframes the procurement conversation away from model benchmarks and toward identity, delegation, and policy engines. It pairs cleanly with the Okta and Microsoft pieces in this issue &mdash; permissions are the layer everyone is now competing to own.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/venturebeat.com\/orchestration\/the-ai-agent-bottleneck-isnt-model-performance-its-permissions\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">19. Opus 4.8 Made Claude Smarter. Token Discipline Got Urgent.<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">The New Stack &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Opus 4.8&rsquo;s capability gains amplify the cost and operational risks of unbounded agent loops, and the piece argues <strong>token discipline<\/strong> has become a first-class design concern rather than a finance afterthought. Security teams should care because runaway loops are not just expensive &mdash; they are an attack surface (cost-amplification denial-of-wallet, prompt-injection-induced context bloat). The recommended primitives &mdash; hard token budgets per task, observable cost telemetry, automatic suspension on anomaly &mdash; double as both finance and security controls.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/thenewstack.io\/opus-4-8-claude-smarter-token-discipline-urgent\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">20. DNS-AID will make AI agents easier to discover, says Linux Foundation<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">InfoWorld &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">The Linux Foundation proposed <strong>DNS-AID<\/strong>, an agent-discovery protocol layered on DNS. The discoverability story is compelling &mdash; agents need a way to find each other &mdash; but the security tradeoff is direct: a successful DNS-AID makes the agent population trivially enumerable to defenders and attackers alike. Network security teams should engage early on resolver-level controls, anti-enumeration patterns, and rate-limiting, the same way they did when service-discovery on internal networks first went public.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/www.infoworld.com\/article\/4178820\/dns-aid-will-make-ai-agents-easier-to-discover-says-linux-foundation.html\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">21. Microsoft is building a super app combining coding, chat, and other Copilot AI tools<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Fortune &middot; May 29, 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Fortune reports Microsoft is consolidating Copilot capabilities into a single <strong>super app<\/strong> spanning coding, chat, productivity, and agent orchestration. The consolidation reshapes how agents reach enterprises &mdash; a single client surface means a single set of policy-enforcement points, a single telemetry stream, and a single negotiation table for enterprise buyers. Security teams should plan for both sides: simpler control on the Microsoft estate, and increased pressure on every other vendor whose agent stack now has to compete with a bundled hyperscaler default.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/fortune.com\/2026\/05\/29\/microsoft-working-on-super-app\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">22. Debugging the undebuggable: building observability into probabilistic AI systems<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">The New Stack &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">A practical guide to observability for probabilistic AI systems &mdash; covering telemetry, replay, and root-cause workflows for non-deterministic agent behavior. The piece is engineering reference material that security and AI-ops teams should adopt jointly: incident response on agents is impossible without the ability to reconstruct what the agent saw and decided. Look especially at the patterns for capturing prompt, context, and tool-call traces at the call site, where they remain useful weeks later when an unexpected behavior finally surfaces.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/thenewstack.io\/debugging-observable-ai-systems\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">23. Reactor, real-time AI video startup founded by ex-Apple engineers, raises $59M<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">Variety &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Reactor raised $59M led by Jeffrey Katzenberg to scale real-time AI video. The funding is a leading indicator for the synthetic-media attack surface defenders will face: every dollar invested upstream in cheaper, faster, more realistic generation translates into harder downstream detection problems for fraud, KYC, and trust &amp; safety teams. Security leaders should be in conversation now with synthetic-media detection vendors and identity providers about live-call attestation, watermarking adoption, and the limits of detection-only strategies.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/variety.com\/2026\/digital\/news\/reactor-real-time-ai-video-funding-jeffrey-katzenberg-1236755883\/\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">24. Macro Evals for Agentic Systems<\/h3>\n<p style=\"margin:0 0 6px;font-size:12.5px;color:#475569;\">OpenAI Cookbook &middot; May 2026<\/p>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">OpenAI published a <strong>macro-eval cookbook for agentic systems<\/strong> &mdash; covering scenario coverage, behavioral metrics, and CI integration. The cookbook is a defensible methodology security teams can adapt for agent risk testing: it shifts evals from one-shot benchmarks to ongoing, scenario-grounded suites that catch regression over time. Combine it with RAMPART (#2) for red-teaming and the agent-skill design critique (#12) for skill-level coverage, and you have a credible end-to-end agent-assurance pipeline that CI can actually run on every change.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\"><a href=\"https:\/\/developers.openai.com\/cookbook\/examples\/partners\/macro_evals_for_agentic_systems\/macro_evals_for_agentic_systems\" style=\"display:inline-block;background-color:#9333ea;color:#ffffff;text-decoration:none;padding:6px 14px;border-radius:4px;font-weight:600;\">Read article &rarr;<\/a><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">On our watch list<\/h2>\n<div style=\"height:3px;width:48px;background-color:#9333ea;margin-bottom:14px;\"><\/div>\n<ol style=\"margin:0 0 12px 18px;padding:0;font-size:14px;color:#374151;\">\n<li style=\"margin-bottom:8px;\"><strong>MCP security adoption.<\/strong> Will the NSA CSI translate into MCP-server hardening in the popular dev tools (Claude Code, Cursor, Windsurf, Gemini-CLI, Copilot)? Watch for vendor MCP allowlists, sandboxing defaults, and the first publicly disclosed MCP-driven incident.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Agent identity standards.<\/strong> Whether Okta&rsquo;s vendor-neutral pitch picks up real co-signers, whether Microsoft&rsquo;s Windows-365-for-Agents identity model gets cross-cloud uptake, and what (if anything) emerges from IETF\/OpenID workgroups on agent identity tokens.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Multi-turn-attack defenses.<\/strong> Vendor responses to the Cisco data &mdash; specifically, whether frontier-model providers update safety benchmarks to include multi-turn coverage and whether enterprise red-team tooling (RAMPART, OpenHack, Adversa) standardizes on shared scenario sets.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Super-app consolidation impacts.<\/strong> If Microsoft&rsquo;s Copilot super app ships, watch the ripple: which third-party agent vendors get squeezed, how enterprise procurement responds, and whether Google and Anthropic ship comparable consolidated surfaces in response.<\/li>\n<\/ol>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:28px 28px 32px;border-top:1px solid #e5e7eb;color:#6b7280;font-size:12px;text-align:center;\">\n<p style=\"margin:0 0 6px;color:#6b7280;\">AI &amp; ML in Security &middot; a Newshunter publication<\/p>\n<p style=\"margin:0 0 6px;color:#6b7280;\">Weekly news items are from the previous seven days. Foundational reading is refreshed each week.<\/p>\n<p style=\"margin:0 0 10px;color:#6b7280;\"><a href=\"*|UNSUB|*\" style=\"color:#1d4ed8;text-decoration:none;\">Unsubscribe<\/a> &middot; <a href=\"*|ARCHIVE|*\" style=\"color:#1d4ed8;text-decoration:none;\">View in browser<\/a><\/p>\n<p style=\"margin:14px 0 4px;font-size:11px;color:#9ca3af;\">Newsletter design, layout, and editorial curation &copy; 2026 Security Radar. All rights reserved.<\/p>\n<p style=\"margin:0;font-size:11px;color:#9ca3af;\">Article titles and summaries are excerpted for review and commentary; all linked articles remain the copyright of their respective publishers and authors.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>AI &amp; ML in Security &middot; Issue June 7, 2026 AI &amp; ML in Security June 7, 2026 &middot; LLM red-teaming, agent identity, MCP, and the platforms reshaping enterprise AI security At a glance The defining AI-security signal of the last two weeks is fragility under multi-turn attack. Cisco&rsquo;s threat-intel&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45],"tags":[],"class_list":["post-5271","post","type-post","status-publish","format-standard","hentry","category-ai-ml"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5271","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5271"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5271\/revisions"}],"predecessor-version":[{"id":5312,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5271\/revisions\/5312"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5271"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}