VentureBeat | Transformative tech coverage that matters

Security Teams Deprioritized Both Palo Alto CVEs as Non-Critical. Chained Together, They Were a Kill Shot — VentureBeat created with Imagen

Featured

CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

Five ways CVSS vulnerability triage misses the kill chain — and the specific actions security directors can take this month.

Louis Columbus

April 24, 2026

Cisco's Jeetu Patel says trusted delegation is the line between bankruptcy and market dominance. Only 5% of enterprises crossed it — Source: Cisco Video Portal (https://video.cisco.com/detail/video/6391539167112)

85% of enterprises are running AI agents. Only 5% trust them enough to ship.

An 80-point gap separates AI agent pilots from production. Patel's RSAC interview reveals why trust — not technology — is what's keeping enterprises stuck.

Louis Columbus

April 24, 2026

One Employee's AI Tool Just Opened the Door to Vercel's Internal Systems. Here's the OAuth Scoping Audit Every Security Director Needs Now — VentureBeat made with Imagen

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

One AI tool OAuth grant. Four organizational boundaries. No zero-day required. How the Vercel breach exposed a detection gap most security programs can't close.

Louis Columbus

April 21, 2026

Three frontier AI system cards promise safety. None quantifies agent-runtime resistance — VentureBeat created with Imagen

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A researcher typed one malicious PR title and exfiltrated API keys from three AI coding agents. One vendor's system card warned it was possible.

Louis Columbus

April 21, 2026

Subscribe to get latest news!

Deep insights for enterprise AI, data, and security leaders

Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to your firewall — VentureBeat created with Imagen

Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall

The AI tools attackers hijacked in 2025 could only read data. The autonomous SOC agents shipping now can rewrite infrastructure.

Louis Columbus

April 21, 2026

Enterprises funded stage-one security for their AI agents. Stage-three threats arrived anyway. Here is the maturity audit that closes the gap — VentureBeat created with Imagen

Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

A rogue Meta agent and a Mercor supply-chain breach expose the same gap: enterprises fund monitoring, not isolation. VentureBeat's maturity audit maps the fix.

Louis Columbus

April 17, 2026

Microsoft Copilot Studio and Salesforce Agentforce both fell to the same attack class. Here is the enterprise agent remediation playbook

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Safety mechanisms flagged the attack. DLP never fired. A new CVE class for agentic AI is exposing what patches alone can't fix.

Louis Columbus

April 15, 2026

AI question — CleoP made with Midjourney

Frontier models are failing one in three production attempts — and getting harder to audit

Capability is no longer the constraint. Reliability, transparency and benchmark validity are — and all three are getting worse.

Taryn Plumb

April 15, 2026

nuneybits Vector art of developer mopping code spill dbcceaac-fb6e-4e63-90cf-5774d34a0f44 — Credit: VentureBeat made with Midjourney

43% of AI-generated code changes need debugging in production, survey finds

The software industry is racing to write code with artificial intelligence. It is struggling, badly, to make sure that code holds up once it ships.

Michael Nuñez

April 14, 2026

Five signs data drift is already undermining your security models

Data drift happens when the statistical properties of a machine learning (ML) model's input data change over time, eventually rendering its predictions less accurate. Cybersecurity professionals who rely on ML for tasks like malware detection and network threat analysis find that undetected data drift can create vulnerabilities. A model trained on old attack patterns may fail to see today's sophisticated threats. Recognizing the early signs of data drift is the first step in maintaining reliable and efficient security systems.

Zac Amos, ReHack

April 12, 2026

AI perimeter — CleoP made with Midjourney

Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot

For the last 18 months, the CISO playbook for generative AI has been relatively simple: Control the browser.

Jayachander Reddy Kandakatla

April 12, 2026

AI Agent Credentials Live in the Same Box as Untrusted Code. Here's the Zero-Trust Architecture Audit That Shows What to Fix. — Created by VentureBeat with Imagen

AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.

79% of enterprises run AI agents. 86% deployed without security approval. Two new architectures reveal how far credentials actually are from untrusted code.

Louis Columbus

April 10, 2026