Welcome to The Cybersecurity Pulse (TCP)! I’m Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security innovation and industry news. Subscribe to receive weekly updates! 📧

Subscribe now

Share

AI Agent Security: The Blind Spot That’s Growing Faster Than Your Security Can Track

AI agents have quietly multiplied into the thousands: ChatGPT integrations, Agentforce, n8n workflows, custom tools, embedded assistants. They act autonomously, hold persistent permissions, and execute across systems. Most security teams can account for maybe a dozen.

Watch our on-demand demo to see how Reco discovers every AI agent, maps their connections, and stops exfiltration before it happens.

Watch the Full Demo

Want to sponsor the TCP newsletter? Learn more here.

Howdy 👋 - hope you’re having a stellar week. It’s only Wednesday but feels like it should be Friday… not sure what that’s all about. Maybe it’s correlated with the amount of ‘wtf?’ moments and unintentional satire going on in security right now?

In any case, I’ll be at Unprompted con next week, hit me up if you’ll be in town and want to grab a coffee/lift. Same applies if you’re attending BSidesSF or RSAC! Monad has partnered with Scanner.dev (should be on every operators radar) for a happy hour event at Fang restaurant, you can RSVP here. More to come re: RSAC.

Now, onto this week’s news.

TL;DR 🗞️

• 🔬 Anthropic launches Claude Code Security — reasoning-based code scanner built on Opus 4.6; Wall Street panic-sold the entire cyber sector despite zero overlap with most co’s

• 💀 OpenClaw agent deleted a Meta researcher’s inbox — context window compaction silently dropped stop commands; she had to physically kill the process

• 🚪 Snyk CEO McKay steps down — says company needs an “AI-immersed” leader after building to $325M ARR and 4,800 customers

• 📨 Microsoft Copilot bug exposed confidential emails — DLP-labeled messages were summarized by AI for weeks despite policy restrictions

• 🔟 Microsoft published top 10 Copilot Studio agent risks — released detection queries on GitHub covering auth gaps, orphaned agents, and MCP misconfigs

• 📐 NIST launched AI Agent Standards Initiative — targeting identity, authentication, and interoperability standards for autonomous AI agents

• ⚔️ Aikido Security launched Infinite — continuous AI pentesting that triggers on every code change with auto-remediation and retest

• 🎓 CompTIA released SecAI+ certification — first vendor-neutral cert covering AI system security, AI-driven SecOps, and AI governance

• 🔐 Venice Security exits stealth with $33M — zero standing privilege PAM for human, machine, and AI identities; backed by Wiz founder

• 🧬 Astelia raised $35M for exposure management — founded by Israel’s National Red Team leads; agentic AI maps env topology to prove exploitability

• 🐺 Arctic Wolf acquires Sevco Security — adds Gartner-recognized exposure assessment platform to Aurora

⚒️ Picks of the Week ⚒️

Anthropic Shipped a Code Scanner. Wall Street Sold the Entire Cyber Sector

Okay, let’s start with the elephant in the room. Anthropic launched Claude Code Security on Friday, a reasoning-based code vuln scanner built into Claude Code powered by the new Opus 4.6 model. Rather than matching known patterns like traditional SAST tools, it reasons through code contextually, tracing data flows and identifying business logic flaws, with multi-stage self-verification and mandatory human approval before any patch is applied. In internal testing, Opus 4.6 found over 500 previously unknown high-severity vulns in production open-source codebases, including flaws that survived decades of expert review. Available as a limited research preview for Enterprise and Team customers, with free access for open-source maintainers.

Wall Street’s response was immediate and indiscriminate. CrowdStrike dropped ~10%. Cloudflare fell 8.1%. SailPoint slid 9.4%, Okta dropped 9.2%. The Global X Cybersecurity ETF fell 4.9%, closing at its lowest since November 2023. Clearly, the trading bots and hedge fund operators don’t know the difference between code scanning and a WAF, EDR, or IdP.

Cyber CEOs Takes

CrowdStrike CEO George Kurtz took the most direct approach possible: he opened Claude Code and asked it to build a tool to replace CrowdStrike. Claude’s response was blunt: “Building a replacement for CrowdStrike isn’t something I can do here, and it wouldn’t be responsible for me to suggest otherwise.”

Kurtz’s takeaway: “AI doesn’t eliminate the need for security. It increases it.” Palo Alto Networks CEO Nikesh Arora echoed the sentiment in his earnings call, saying he’s “confused why the market is treating AI as a threat to cybersecurity.”

I think this was a sell-off driven algorithmic trading combined with investors looking for a de-risking event in a sector trading at elevated multiples. Most of the companies that got hammered operate in domains Claude Code Security doesn’t touch: endpoint detection, identity management, network security, incident response etc.

In my opinion, Anthropic is just cleaning up after themselves. Claude Code and its competitors have generated an enormous volume of code over the past year (~4% of all daily public commits) .

Indie builders, vibe coders, and enterprise devs are shipping AI-written code into production at scale. Building a security scanner for that code should be tablestakes.

The bigger questions are:

• What’s it cost in terms of compute and tokens to run the feature at scale?

• How do SAST players that rely on foundation AI models beat those same model producers at their own game? What’s the differentiator? Is it enough to operate an entirely separate tool?

• Who owns liability when an AI scanner misses a vuln, or when its auto-suggested patch introduces a new one?

My LinkedIn post asking whether Anthropic just disrupted AppSec pulled 100K+ impressions, 400+ connection requests, and 750+ engagements within 72 hours. The answer, for now, is no. Anthropic is just securing its own output. If they start securing endpoints, runtime, cloud, etc then it’s a cause for concern.

Dig Deeper: Bloomberg | Axios

Meta AI Security Researcher’s OpenClaw Agent Goes Rogue on Her Inbox

This is some borderline Black Mirror stuff. Meta AI safety + alignment researcher Summer Yue posted her experience w/ an OpenClaw agent she’d been testing that went on a “speed run” deleting her email, ignoring her stop commands from her phone.

From the screenshots, you can see OpenClaw ignored stop prompts and did not apologize. “You’re right to be upset.” it said… Who do you call when your OpenClaw gaslights you?

What happened

Yu had been testing the agent on a smaller “toy” inbox where it performed well, building her trust. When she pointed it at her full inbox, the volume of data triggered context window compaction, causing the agent to summarize and compress its running instructions. The stop commands she issued got dropped during compaction, and the agent reverted to its earlier behavior from the test inbox.

What it means

1. If an AI alignment researcher at Meta gets burned, the rest of us may not stand a chance. Yu admitted it was a “rookie mistake,” but the failure mode is architectural, not user error. Context window compaction silently dropping safety instructions is a fundamental reliability problem.

2. Irreversible actions without confirmation gates. The agent had full delete access with no human-in-the-loop approval for destructive operations. This is the pattern every agentic security framework warns about.

We are deploying agents with real-world permissions at a pace that far outstrips our ability to govern them. Yu’s experience is almost comically relatable (who hasn’t wanted to hand their inbox to an AI?), but the failure mode is serious. Context window compaction silently eating safety instructions is the kind of bug that doesn’t show up in testing and only manifests at production scale.

Dig Deeper: TechCrunch | Summer Yu’s X post

After $325M in Revenue, Snyk’s CEO Says the Next Chapter Needs a New Kind of Leader

Snyk CEO Peter McKay announced he’s stepping down, saying the company needs a leader with deeper product innovation and AI chops for its next chapter. McKay pointed to his track record: 4,800 customers, $325M in annual revenue, and what he called a “monumental pivot to become the leader in AI-native security.” He’ll remain a significant shareholder and stay on until a replacement is found.

McKay framed the move around what he sees as a generational shift in how code gets written and secured. “This next chapter requires a visionary, AI-immersed leader ready to commit their full energy to a multi-year journey of technical disruption,” he wrote.

What to watch

1. The successor profile matters. McKay is essentially saying Snyk’s future CEO needs to be a product/AI person, not a go-to-market exec. That’s a meaningful signal about where the company thinks the competitive fight is heading.

2. Competitive pressure is real. Between Wiz expanding aggressively into AppSec, legacy SAST/DAST vendors bolting on AI features, and AI-native startups like Aikido launching autonomous pentesting, Snyk’s market position is under pressure from every direction.

3. $325M ARR is solid but stagnation is the enemy. At that scale, Snyk needs to either accelerate toward IPO territory or become an acquisition target. A leadership vacuum at this moment is risky.

Kudos to McKay for an unusually honest exit. Most CEOs get pushed; few publicly admit they’re not the right person for next company phases. Whoever takes over needs to answer a hard question: does Snyk become the platform that secures AI-generated software, or does it get outrun by companies that were born in that world? No in between.

Microsoft Copilot Bug Exposed Confidential Emails for Weeks

This one is absolutely wild and I’m surprised more people aren’t talking about it. Microsoft confirmed a bug in Copilot Chat allowed its AI to read and summarize emails labeled as confidential since January, even when customers had data loss prevention (DLP) policies explicitly configured to prevent their sensitive content from being ingested into the LLM.

Just days before the disclosure, the European Parliament’s IT department blocked built-in AI features on lawmakers’ work devices over concerns that AI tools could upload confidential correspondence to the cloud.

The whole value prop of AI assistants is that they operate within your existing access controls and classification boundaries. When they don’t, you’ve essentially deployed an insider threat with read access to your most sensitive data and a habit of summarizing it for anyone who asks. If Microsoft is messing this up, can you imagine what else is going on?

Microsoft Publishes Top 10 Copilot Studio Agent Security Risks

Unironically, Microsoft’s Defender Security Research team published a detailed breakdown of the 10 most common Copilot Studio agent misconfigurations they’re seeing in production environments, along with Advanced Hunting queries to detect each one.

The top 10 risks are:

1. Agents shared with the entire organization without scoped access

2. No authentication required, creating public entry points to internal data

3. HTTP request actions bypassing connector governance (non-HTTPS, non-standard ports)

4. Email-based data exfiltration via AI-controlled dynamic recipients

5. Dormant agents, connections, and actions creating hidden attack surface

6. Author (maker) authentication giving every user the creator’s elevated permissions

7. Hard-coded credentials embedded in topics or actions in cleartext

8. MCP tools configured without active review, creating undocumented access paths

9. Generative orchestration without instructions, leaving agents vulnerable to prompt abuse

10. Orphaned agents with no active owner for governance

Microsoft released corresponding community hunting queries on GitHub for each risk. They’re in KQL but could easily be converted to whatever you’re hunting in.

Dig Deeper: Microsoft Security Blog | GitHub Hunting Queries

🔮 The Future of Security 🔮

AI Security

NIST Launches AI Agent Standards Initiative

NIST’s Center for AI Standards and Innovation (CAISI) launched a new program to develop technical standards and guidance for autonomous AI agents. The initiative targets identity, authentication, and interoperability challenges as orgs push agent-based systems into production for coding, workflow automation, and task execution. NIST has issued an RFI seeking public input on agent security risks, identity models, and deployment considerations, and is coordinating with the NSF and other federal stakeholders.

Securing agentic AI is still a massive sh*tstorm. Crowdsourced and bulletproofed standards like this at least give a measuring stick on how teams should be addressing it. Will be good to see what comes from it. If you’re in the trenches securing AI, you can contribute your insights here.

Application Security

Aikido Security Launches Infinite for Continuous AI Pentesting

Aikido launched Infinite, a continuous AI-driven penetration testing solution that autonomously validates vulnerabilities, applies remediation where safe, and retests to confirm risk reduction. Each software change triggers AI pentesting agents, replacing the traditional periodic testing window with a feedback loop tied to release cycles.

Education

CompTIA Launches SecAI+ Certification for AI Security Skills

CompTIA released SecAI+, a cert covering AI system security, AI-driven security operations, and AI governance. Would be interesting to see the training materials for this. Sounds like it covers security for AI + AI for security.

Identity & Access Management

Venice Security Exits Stealth with $33M to Modernize Privileged Access Management

Venice Security emerged from stealth with $33M in combined funding: an $8M seed led by Index Ventures and a $25M Series A led by IVP. Angel investors include Assaf Rappaport (Wiz) and the Axis Security founders. Venice aims to eliminate standing privileges entirely, discovering every identity and entitlement across cloud, SaaS, on-prem, and AI-driven environments, then granting access only when needed and revoking it immediately after.

Vulnerability Management

Astelia Raises $35M to Replace Vuln Guesswork with Exploitability-Based Exposure Management

Astelia raised $35M in combined seed and Series A funding led by Index Ventures and Team8. Founded by the leaders of Israel’s National Red Team (the unit that stress-tests the country’s critical infrastructure). The platform uses agentic AI to map real network topology, segmentation, and existing controls, then correlates exploitability with reachability to surface only what’s genuinely exposed.

More Vulnerability Management news

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of 20,000+ CISOs, practitioners, founders, and investors across 125+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!