CyberSecurity news
FlagThis - #aiagents
|
@www.eweek.com
//
Microsoft is embracing the Model Context Protocol (MCP) as a core component of Windows 11, aiming to transform the operating system into an "agentic" platform. This integration will enable AI agents to interact seamlessly with applications, files, and services, streamlining tasks for users without requiring manual inputs. Announced at the Build 2025 developer conference, this move will allow AI agents to carry out tasks across apps and services.
MCP functions as a lightweight, open-source protocol that allows AI agents, apps, and services to share information and access tools securely. It standardizes communication, making it easier for different applications and agents to interact, whether they are local tools or online services. Windows 11 will enforce multiple security layers, including proxy-mediated communication and tool-level authorization. Microsoft's commitment to AI agents also includes the NLWeb project, designed to transform websites into conversational interfaces. NLWeb enables users to interact directly with website content through natural language, without needing apps or plugins. Furthermore, the NLWeb project turns supported websites into MCP servers, allowing agents to discover and utilize the site’s content. GenAIScript has also been updated to enhance security of Model Context Protocol (MCP) tools, addressing vulnerabilities. Options for tools signature hashing and prompt injection detection via content scanners provide safeguards across tool definitions and outputs. Recommended read:
References :
@blogs.microsoft.com
//
Microsoft Build 2025 showcased the company's vision for the future of AI with a focus on AI agents and the agentic web. The event highlighted new advancements and tools aimed at empowering developers to build the next generation of AI-driven applications. Microsoft introduced Microsoft Entra Agent ID, designed to extend industry-leading identity management and access capabilities to AI agents, providing a secure foundation for AI agents in enterprise environments using zero-trust principles.
The announcements at Microsoft Build 2025 demonstrate Microsoft's commitment to making AI agents more practical and secure for enterprise use. A key advancement is the introduction of multi-agent systems within Copilot Studio, enabling AI agents to collaborate on complex business tasks. This system allows agents to delegate tasks to each other, streamlining processes such as sales data retrieval, proposal drafting, and follow-up scheduling. The integration of Microsoft 365, Azure AI Agents Service, and Azure Fabric further enhances these capabilities, addressing limitations that have previously hindered the broader adoption of agent technology in business settings. Furthermore, Microsoft is emphasizing interoperability and user-friendly AI interaction. Support for the agent-to-agent protocol announced by Google could enable cross-platform agent communication. The "computer use" feature for Copilot Studio agents allows them to interact with desktop applications and websites by directly controlling user interfaces, even without API dependencies. This feature enhances the functionality of AI agents by enabling them to perform tasks that require interaction with existing software and systems, regardless of API availability. Recommended read:
References :
@Salesforce
//
Salesforce is enhancing its security operations by integrating AI agents into its security teams. These AI agents are becoming vital force multipliers, automating tasks that previously required manual effort. This automation is leading to faster response times and freeing up security personnel to focus on higher-value analysis and strategic initiatives, ultimately boosting the overall productivity of the security team.
The deployment of agentic AI in security presents unique challenges, particularly in ensuring data privacy and security. As businesses increasingly adopt AI to remain competitive, concerns arise regarding data leaks and accountability. Dr. Eoghan Casey, Field CTO at Salesforce, emphasizes the shared responsibility in building trust into AI systems, with providers maintaining a trusted technology platform and customers ensuring the confidentiality and reliability of their information. Implementing safety guardrails is crucial to ensure that AI agents operate within technical, legal, and ethical boundaries, safeguarding against undesirable outcomes. At RSA Conference 2025, SecAI, an AI-enriched threat intelligence company, debuted its AI-native Investigator platform designed to solve the challenges of efficient threat investigation. The platform combines curated threat intelligence with advanced AI techniques for deep information integration, contextual security reasoning, and suggested remediation options. Chase Lee, Managing Director at SecAI, stated that the company is reshaping what's possible in cyber defense by giving security teams superhuman capabilities to meet the scale and speed of modern threats. This AI-driven approach streamlines the investigation process, enabling analysts to rapidly evaluate threats and make confident decisions. Recommended read:
References :
@www.helpnetsecurity.com
//
References:
betanews.com
, Help Net Security
,
1Password has announced enhanced access management capabilities designed for AI agents, integrated within their Extended Access Management platform. This new feature aims to secure and govern the identities, credentials, and access of autonomous AI agents operating within enterprise environments. With AI agents increasingly automating and simplifying tasks across various sectors, from customer service to data processing, 1Password recognizes the crucial need to manage the unique security challenges these agents introduce. The company's approach focuses on providing a robust security layer without hindering developer agility or operational scale, effectively managing AI agent identities with the same level of rigor applied to human users.
David Faugno, Co-CEO at 1Password, emphasized the transformative potential of AI agents while highlighting the inherent risks if their access to enterprise data and systems isn't properly secured and governed. He noted that agentic AI goes beyond mere data analysis, independently taking action, interfacing with sensitive systems, and executing workflows. Traditional identity and access management (IAM) solutions are ill-equipped to handle non-human identities like AI agents, necessitating a re-evaluation of trust, access, and control. 1Password's Agentic AI Security aims to empower enterprises to confidently embrace this new era of automation, facilitating rapid growth while maintaining stringent security measures. The new capabilities include programmatic management of vault items, allowing developers to construct AI workflows that can securely read, write, share, and rotate secrets during runtime. IT teams can create scoped API keys for AI agents, enabling them to retrieve secrets from 1Password vaults without exposing full human credentials. Additionally, 1Password offers vaults to securely store secrets for AI agents to access service providers for automating tasks, along with audit logs to monitor machine identity for enterprise security. Future enhancements planned for this year include access governance features that will provide IT teams with comprehensive visibility and control over SaaS applications, aiding in the discovery of shadow IT, automating access reviews, and optimizing spending while enforcing security and compliance. Recommended read:
References :
Chris McKay@Maginative
//
OpenAI has released its latest AI models, o3 and o4-mini, designed to enhance reasoning and tool use within ChatGPT. These models aim to provide users with smarter and faster AI experiences by leveraging web search, Python programming, visual analysis, and image generation. The models are designed to solve complex problems and perform tasks more efficiently, positioning OpenAI competitively in the rapidly evolving AI landscape. Greg Brockman from OpenAI noted the models "feel incredibly smart" and have the potential to positively impact daily life and solve challenging problems.
The o3 model stands out due to its ability to use tools independently, which enables more practical applications. The model determines when and how to utilize tools such as web search, file analysis, and image generation, thus reducing the need for users to specify tool usage with each query. The o3 model sets new standards for reasoning, particularly in coding, mathematics, and visual perception, and has achieved state-of-the-art performance on several competition benchmarks. The model excels in programming, business, consulting, and creative ideation. Usage limits for these models vary, with o3 at 50 queries per week, and o4-mini at 150 queries per day, and o4-mini-high at 50 queries per day for Plus users, alongside 10 Deep Research queries per month. The o3 model is available to ChatGPT Pro and Team subscribers, while the o4-mini models are used across ChatGPT Plus. OpenAI says o3 is also beneficial in generating and critically evaluating novel hypotheses, especially in biology, mathematics, and engineering contexts. Recommended read:
References :
@aithority.com
//
Cloudflare is significantly enhancing its platform for AI agent development, introducing new tools and features aimed at accelerating the creation and deployment of these autonomous systems. The company's Developer Week kicked off with the announcement of several advancements building upon the Agents SDK JavaScript framework released in February. These include industry-first remote Model Context Protocol (MCP) server, generally available access to durable Workflows, and a free tier for Durable Objects. These advancements are designed to drastically reduce the time it takes to build sophisticated AI agents, making the technology more accessible and affordable for developers.
Cloudflare's focus centers around the Model Context Protocol (MCP), an open standard that enables AI agents to directly interact with external services, shifting them from merely providing instructions to actively completing tasks. The newly introduced remote MCP server eliminates the previous limitation of running MCP locally, opening doors for wider adoption. Furthermore, Cloudflare is providing new Agents SDK capabilities to build remote MCP clients, with transport and authentication built-in, to allow AI agents to connect to external services. This also included integrations with Stytch, Auth0, and WorkOS to add authentication and authorization to your remote MCP server The company's new tools address key challenges in AI agent development by simplifying integrations, managing client lifecycles, and assigning granular permissions. Stytch and Cloudflare have also partnered to secure Remote MCP servers with OAuth. This partnership solves the challenge of robust authorization for AI agents, enabling Remote MCP authorization via OAuth. By addressing these challenges, Cloudflare is positioning itself as a leading platform for building and scaling agentic AI, lowering the barrier to entry for developers and unlocking new possibilities for AI-driven automation. Recommended read:
References :
|