The startup has built a security-first identity platform to protect humans, machines, and AI agents.

The post NewCore Emerges From Stealth Mode With $66 Million in Funding appeared first on SecurityWeek.

Raising $59 million to date, Opal also announced five senior leadership appointments.

The post Opal Security Raises $23 Million for AI-Native Identity Governance appeared first on SecurityWeek.

Earlier this month, ShinyHunters breached Instructure’s Canvas platform twice within a single week — stealing 3.65 terabytes of data from approximately 275 million users across more than 8,000 institutions. The group defaced login pages at hundreds of schools during final exam periods, forced Canvas offline, and extracted a ransom payment before Congress opened a formal investigation. The attack did not require exotic malware or zero-day exploits. Attackers entered through compromised “Free-For-Teacher” accounts, escalated rapidly, and exfiltrated sensitive data at scale before Instructure could contain them.

That sequence — entry through weak identity controls, rapid lateral movement, mass exfiltration, extortion, disruption — is now the standard playbook. It will happen again, unless the priority for security and technology leaders becomes reducing the blast radius of every intrusion before it happens.

The problem with how enterprises think about SaaS risk

Modern organizations have consolidated critical operations inside shared SaaS platforms, creating enormous concentrations of risk in single points of failure. When Canvas went down, thousands of students could not access coursework, faculty lost contact with their classes, and administrators scrambled to postpone exams. The scale of disruption came from how deeply institutions depended on Canvas, not from the vulnerability alone.

That asymmetry is the defining feature of SaaS risk in 2026. A single compromised account at a shared platform can trigger sector-wide operational failure. Yet most enterprise security frameworks still treat SaaS platforms primarily as availability problems — measured by uptime, recovery time objectives, and business continuity plans. Canvas exposed the gap in that thinking. Availability means nothing when the platform is operational but the data inside it has already been stolen.

Resilience in SaaS environments requires a harder and more honest premise: treat compromise as continuous and expected. Attackers will reach critical systems. The real test is how much they can take, how far they can move, and how long they can persist before detection and containment.

Identity is the perimeter now

The Canvas attack followed a pattern that has repeated across sectors for years. By compromising legitimate accounts with excessive standing privileges, the attackers moved laterally through Canvas infrastructure, maintained persistence, and exfiltrated data at a scale that took days to quantify.

Too many organizations still operate with fragmented identity controls, inconsistent privilege management, and limited visibility into how accounts interact across SaaS integrations. When attackers compromise a legitimate account, they inherit whatever access that account holds — and in most environments, that access far exceeds what the user actually needs. The result is that identity has become the most reliable attack surface in the modern enterprise, and most organizations are still treating it as a secondary concern.

Strong passwords and multifactor authentication are necessary but no longer sufficient. Enterprises need continuous identity verification, tightly scoped privileges, aggressive governance over third-party integrations, and real-time visibility into anomalous access patterns across SaaS systems. Identity governance cannot be a compliance checkbox. In cloud-native environments, it should be the primary control that determines how far an attacker can travels if they manage to get inside.

Data protection cannot stop at the application layer

Even organizations with strong identity controls face a second, underappreciated problem: the data stored inside SaaS platforms is often far less protected than the credentials used to access it.

Enterprises accumulate vast repositories of sensitive information inside SaaS environments — private messages, accommodation requests, financial records, personal disclosures — while relying almost entirely on application-level access controls to protect it. When those controls fail, as they did at Canvas, the data is immediately readable, searchable, and monetizable. 

Attackers do not need to crack anything. They simply take it.

Cryptographic protections — including encryption strategies that preserve organizational control over sensitive data even after it leaves the platform — directly reduce the value of a successful exfiltration. Stolen data that cannot be read or used is far less valuable as an extortion instrument. That distinction matters significantly in today’s threat environment, where the leverage attackers extract from stolen data often outlasts the breach itself.

The threat does not expire when the incident ends 

The “agreement” between Canvas’s parent company and attackers illustrates a risk that most organizations have not yet fully priced in. While Instructure received digital confirmation that the stolen data was destroyed, Congress opened an investigation anyway. The Instructure CEO has been called to testify before the House Homeland Security Committee. Affected institutions — many of which had no visibility into Instructure’s security posture or incident response capabilities — remain accountable for protecting student data they can no longer control.

That accountability gap will not close after Congress concludes its inquiry. Sensitive data stolen during incidents like Canvas retains value long after the breach itself. Adversaries increasingly collect encrypted data today with the expectation that it can be decrypted later as cryptographic standards age or quantum computing capabilities mature. This “harvest now, decrypt later” approach means that encryption protecting data only in the present still leaves organizations exposed downstream.

Strong cryptographic protection must therefore be paired with crypto-agility and post-quantum readiness. Security leaders should assume that any sensitive data exfiltrated during a SaaS breach may remain a target for years, not days. If stolen data remains immediately usable, attackers retain leverage indefinitely. If it does not, the economics of extortion shift.

What the Canvas breach actually demands

The lesson from Canvas is not that SaaS platforms are inherently insecure. They remain foundational to how modern organizations operate and scale. The lesson is that the assumptions underlying most enterprise security strategies — that prevention is the primary objective, that access controls are sufficient data protection, that recovery means restoring uptime — no longer match the realities of today’s threat environment.

Attackers have already internalized this. They target SaaS platforms precisely because the concentration of data and operational dependency makes them extraordinarily high-value targets. They exploit identity weaknesses because those weaknesses are pervasive and reliable. They apply extortion pressure because stolen data retains leverage long after technical remediation.

The organizations that close this gap — by treating identity governance as mission-critical infrastructure, implementing cryptographic protections that survive exfiltration, building recovery discipline alongside prevention, and planning for post-quantum exposure — will be significantly better positioned when the next breach arrives. And it will arrive. The only variable is how much it costs.

Rishi Kaushal is the CIO of Entrust, a company that helps organizations fight fraud and cyber threats with identity-centric security.

The post The Canvas breach proved that prevention is no longer enough appeared first on CyberScoop.

As AI becomes more integrated into federal IT (and attacker toolsets) government agencies will need to focus their resources on regulating and monitoring the identities that access their network, a top White House cybersecurity official said Thursday.

Nick Polk, branch director for federal cybersecurity in the Executive Office of the President, said that while AI models will present unique threats to federal networks, they will still generally require trusted access first, something defenders can use to their advantage.

“I think the important thing is that in many cases in order to use and exploit the vulnerabilities that [AI] might find, or use them in a manner…that could be malicious or adversarial, the first thing you have to do is get into the network,” Polk said at the Rubrik Public Sector Summit presented by FedScoop. “There are some cases where your software is facing the internet, there’s a little bit of an easier solution there, but most times you have to get into the network.”

That often means exploiting the access an employee, contractor or third-party vendor has to your systems and data. Even in an AI-powered future, the network security boundary still matters, providing organizations with meaningful control over who gets access to their systems and data and how.

“That’s really where strong identity is still really critical in order to [first] repel an attempted exploitation before it can happen or, [second,] identify very quickly that this person or this machine really shouldn’t be on the network” or is behaving anomalously,” Polk said.

However, even before large language models emerged, cybercriminals and foreign adversaries were increasingly compromising organizations not with malware or sophisticated exploits,  but by gaining network access through stolen accounts, credentials, and other trusted assets.

Federal identity security, already a concern, is now set to become more critical in the age of AI.

Justin Ubert, director of cyber protection at the Department of Transportation, said beyond speed and scale, AI tools have given malicious hackers other advantages, like obviating the need for stealth.

“Now, you can have a smash-and-grab of your network that’s faster than you can respond to because…there’s no need to be quiet: just go in, grab and go [home],” said Ubert. “By the time your fences are working as they’re supposed to be, as we designed them to be, they’re already gone.”

AI tools can also easily become insider threats. Even when users restrict their ability to perform sensitive actions like downloading or exfiltrating data without human input, models have bypassed those guardrails by exploiting obscure technical loopholes.

Research released last month by the University of California-Riverside found that automated AI agents “can become dangerously fixated on completing assignments without recognizing when their actions are harmful, contradictory or simply irrational.”

The study, which examined Anthropic’s Claude Sonnet and Opus 4, as well as OpenAI’s ChatGPT-5, found that model agents struggled with contextual reasoning, had biases towards taking action (i.e. figuring out how to do something instead of whether to do it) and would frequently get tripped up by contradictory or infeasible goals.

Anna Libkhen, acting CISO for the Bureau of Economic Analysis at the Department of Commerce, said that AI has become “much more clever in hiding how it managed to penetrate and attack and come through as a trustworthy source.” 

When asked how the federal government was working to address current gaps in identity security that are increasingly being exploited by AI systems, Libkhen said federal leaders are “peeing in their pants” before adding “at least I am.”

“It is scary, yes, we are very vulnerable,” Libkhen said.

She compared the use of AI agents to teaching a child to ice skate: the first thing you teach them is how to handle a fall and recover. Likewise, organizations will need to plan for when their agents fail and quickly recover lost assets.

“Our agents will go wrong, they will do things we don’t expect them to. How do we get up?” said Libkhen. “Do we have that third set of data because that agent erased the database and the backup? Is it safe elsewhere? What kind of holes can you anticipate and what will it take for us to recover from those holes?”

The post White House cyber official: identity security matters more than ever in the age of AI appeared first on CyberScoop.

Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities — flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy broadly because the same capabilities that let it find and fix security flaws could let attackers exploit them. A single AI agent, the company warned, could scan for weaknesses faster and more persistently than hundreds of human hackers. 

That decision tells you something important about where we are. The same AI systems that companies are racing to deploy as autonomous assistants — scheduling your appointments, writing your code, managing your workflows — are also capable of probing digital defenses at a speed and scale no human team can match. And most of the systems they’d be probing still rely on a security model designed for an era when a person sat behind every keyboard. 

Think of it like a building where every door has a lock, but the locks were all designed to recognize human hands. Now the building is full of robots — some of them authorized couriers, some of them intruders — and the locks can’t tell the difference. 

Not long ago, you could sit at your desk, glance at the sticky note on your monitor for your username and password, type them in, and grab a cup of coffee while your browser opened a doorway to the rest of the world. Every layer of security that followed — passwords, security questions, biometric scans, two-factor authentication — grew out of a single bedrock assumption: a person was on the other end. 

AI agents break that assumption from two directions at the same time. Legitimate agents need credentials to act like a human. OpenAI’s Operator navigates websites on your behalf. Google’s Gemini can plan your next family vacation while you sleep. Visa recently unveiled Intelligence Commerce Connect, a platform that lets AI agents do the shopping for consumers. These aren’t demos or hot takes from a tech conference floor. They’re shipping products that act on behalf of real people—and to do that, they need your identity. 

At the same time, adversaries can fake humanity at scale. The same AI that can act like a helpful assistant convincing can also be a malicious impersonator. They don’t break in, they log in—through shared credentials, hiring pipelines, vendor onboarding portals, and collaboration tools. Most organizations still treat identity as a login problem—something IT handles with stronger passwords or additional authentication steps layered on top of existing systems. The harder challenge now is knowing who, or what, you’ve already let in. 

That distinction is collapsing just as digital systems become more autonomous. 

When that distinction blurs, the damage is concrete. If a procurement workflow cannot distinguish between a human manager and an AI impersonator, purchase orders go out under false authority. When compliance logs cannot determine how a decision was authorized — by a person or a bot — the accountability chain falls apart. Regulators and customers will not accept “we’re not sure” as an explanation. 

The economics have tilted sharply toward the attacker. Sophisticated fraud once required coordination, with people researching targets, crafting messages, and adjusting tactics in real time. AI agents eliminate those constraints. One person can now supervise an army of autonomous systems, each running a valid persona across multiple interactions simultaneously. A single operator can field a hundred synthetic employees for the cost of one real salary. The barrier to large-scale impersonation is no longer skill or manpower. It is access to a capable model and a set of stolen credentials. 

Stronger identity controls do carry a cost. Every additional verification step is a moment when a customer might abandon a transaction, or an employee might lose patience with a security protocol. The goal is not to shut down automation. It is to make sure the systems acting in your name are authorized to do so. 

Some organizations are adapting. They are treating AI agents less like software and more like new employees, cataloging every agent in their environment, limiting permissions, requiring human approval for sensitive actions. They are moving beyond passwords to phishing-resistant authentication that binds access to a known device and a verified user. They are building behavioral baselines so that when a customer service bot suddenly queries a financial database, or a new hire accesses source code on day one, alarms go off. 

Nobody keeps their password on a sticky note anymore (I hope). But the assumption behind the sticky note, that a human hand would type it in, still underpins most of the systems we depend on. These systems hold your medical records, process your mortgage, and let an AI assistant rebook your flight. In a world where AI agents act faster, more persistently, and more convincingly than any person, that assumption is the vulnerability. 

The organizations that can verify identity continuously — not just at the door, but at every action, for every actor, human or machine — will have a durable advantage. The ones that cannot will find out what ambiguity costs. 

Devin Lynch is Senior Director of the Paladin Global Institute and a former Director for Policy and Strategy Implementation at the Office of the National Cyber Director. 

The post Everyone’s building AI agents. Almost nobody’s ready for what they do to identity. appeared first on CyberScoop.

From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase.

The post Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents appeared first on SecurityWeek.

Threat hunters and a collection of unconfirmed victims are responding to a series of attacks targeting Salesforce customers, which the vendor disclosed in a security advisory Saturday. 

“Salesforce is actively monitoring threat activity targeting public-facing Experience Cloud sites, including attempts to take advantage of overly permissive guest user configurations,” the company said in the alert.

The campaign marks the third widespread attack spree targeting Salesforce customers in about six months. 

The number of victims ensnared by the latest attacks is unverified, but ShinyHunters, the threat group asserting responsibility for the attacks, claims about 100 companies have already been impacted. 

Researchers told CyberScoop they are confident the threat group behind the campaign is associated with ShinyHunters, an outfit that’s previously stolen data from Salesforce instances for extortion attempts.

Salesforce did not attribute the attacks, but pinned blame on a “known threat actor group,” adding that the issue is not due to a vulnerability in the company’s platform.

The company said the threat activity reflects a broader trend of identity-based targeting, in this case customer-configured guest user settings that expose publicly accessible Experience Cloud sites to potential attacks.

“We are aware of a threat actor attempting to identify misconfigurations within Salesforce Experience Cloud instances,” Charles Carmakal, chief technology officer at Mandiant Consulting, said in a statement. “We are working closely with Salesforce and our customers to provide the necessary telemetry and detection rules to mitigate potential risk.”

Salesforce said the threat actor is using a modified version of the Mandiant-developed open-source tool AuraInspector to scan for public-facing Experience Cloud sites and steal data from instances with a guest user profile. 

This setting is designed to provide unauthenticated users access to data intended for public consumption. Yet, guest profiles with excessive permissions allow attackers to view additional data by directly querying Salesforce CRM objects without logging in, the company explained.

Salesforce did not say when or how it became aware of the latest campaign targeting its customers, nor how many companies have already been impacted. “We don’t have anything further to add at this time,” said Nicole Aranda, senior manager of corporate communications at Salesforce. 

The company advised customers to ensure guest user configurations are properly restricted.

“Any system exposed to the internet must be configured with the expectation that it will be continuously scanned,” Shane Barney, chief information security officer, at Keeper Security, said in an email. 

“At its core, this is an access governance issue,” he added. “Guest accounts, service accounts and API integrations must be treated with the same discipline as privileged users. Applying least privilege, restricting API access and continuously auditing permissions are foundational security controls.”

Salesforce customers confronted a pair of attack sprees involving third-party vendors last year. Google Threat Intelligence Group at the time said it was aware of more than 200 potentially affected Salesforce instances linked to malicious activity in Gainsight applications connected to Salesforce customer environments in November.

A more extensive downstream attack spree discovered in August impacted more than 700 companies who integrated the AI chat agent Salesloft Drift into their Salesforce environments. ShinyHunters or threat clusters affiliated with the extortion group were involved in both of those campaigns as well.

The post Salesforce issues new security alert tied to third customer attack spree in six months appeared first on CyberScoop.

Artificial intelligence may be enhancing cyber threats, but the defensive approach to those AI-amplified attacks remains the same, a top FBI official said Tuesday.

“We have seen actors both criminal and nation-state, they’re absolutely using AI to their advantage,” said Jason Bilnoski, deputy assistant director at the FBI’s cyber division. “But the way attacks unfold have not changed. Cyberattacks still follow basic steps. It just becomes an incredible speed now.”

The best way to deal with those attacks is to implement all the traditional defenses, like those the FBI has been emphasizing as part of its Operation Winter SHIELD media campaign, he said.

“Don’t worry about the speed and capability” of AI attacks, Biloski said at a Billington Cybersecurity conference. “If you’re focused on the basics, it’ll help prevent the actual intrusion from occurring.”

It’s a message that the acting director of the Cybersecurity and Infrastructure Security Agency, Nick Andersen, also shared at the conference. Sophisticated attackers are out there, he said, but the agency’s recent binding operational directive for federal agencies to get rid of unsupported edge devices was a way of shoring up basic vulnerabilities.

“We continue to see any non-zero-days continuing to be exploited within this environment,” he said. “The very least that we can do is harden that edge and make it just a little bit more difficult to take advantage in that regard.” 

His advice to state and local officials was to take a “back to the basics” approach, such as adopting multi-factor authentication.

Bilnoski offered further warnings about the threat, too.

“Identity is the new perimeter. You’re hunting legitimate traffic on your network,” he said. “So we’re no longer seeing malware drop. We’re no longer seeing these very noisy TTPs [tactics, techniques and procedures]. It’s legitimate credentials moving laterally throughout the network, as if it’s a legitimate user on the network. You need to hunt the adversaries as if they’re already on your network, because that’s the type of activity you’re looking for.”

The post FBI says even in an AI-powered world, security basics still matter appeared first on CyberScoop.

Jordan Drysdale // The following content is loosely based on a presentation I gave at BSides Denver. After speaking at BSides Denver, one of the audience members spent some time […]

The post Review of the Data Brokers appeared first on Black Hills Information Security, Inc..