We explore the rapid paradigm shift from passive chatbots to autonomous "agentic" AI, where new standards like the Model Context Protocol (MCP) grant systems the power to execute code and access sensitive files. Drawing on a massive empirical study of over 31,000 agent skills and real-world espionage campaigns like GTG-1002, we expose how attackers leverage "tool poisoning" and indirect prompt injection to hijack these agents for data exfiltration. Finally, we unpack essential defense strategies, including the NIST AI Risk Management Framework and the new OWASP Top 10 for Agentic Applications, to help organizations close the dangerous "consent gap" between user permissions and agent actions.
https://cisomarketplace.com/blog/agentic-desktop-agents-ai-local-file-access-security
https://cisomarketplace.com/blog/agentic-browser-revolution-ciso-guide-ai-attack-surface
https://cisomarketplace.com/blog/workflow-automation-blind-spot-zapier-n8n-power-automate-security
https://cisomarketplace.com/blog/ai-agent-security-crisis-mcp-vulnerabilities
https://cisomarketplace.com/blog/agent-skills-next-ai-attack-surface
https://breached.company/over-1-000-clawdbot-ai-agents-exposed-on-the-public-internet-a-security-wake-up-call-for-autonomous-ai-infrastructure/
 
Sponsors:
https://airiskassess.com
https://compliance.airiskassess.com
https://cloudassess.vibehack.dev
https://vibehack.dev
 

Join us as we analyze the 2026 data protection landscape, where a stabilization in aggregate GDPR fines contrasts with a sharp 22% increase in breach notifications fueled by geopolitical tensions. We discuss how the EU's proposed "Digital Omnibus" aims to streamline the complex "Digital Decade" regulations, even as authorities ramp up enforcement against AI systems like Replika and scrutinize "consent or pay" models. The episode concludes by examining the widening gap between the EU’s focus on personal liability and the UK’s shift toward a pro-innovation, "less is best" regulatory environment following the Data (Use and Access) Act 2025.
DLA Piper PDF Downloads: www.compliancehub.wiki/gdpr-enforcement-and-data-breach-landscape-a-synthesis-of-2025-2026-trends
Digital Omnibus episode: https://podcast.cisomarketplace.com/e/red-tape-vs-rights-unpacking-the-eus-digital-omnibus-proposal/
 
Sponsors:
www.compliancehub.wiki
www.cisomarketplace.services 

The European Commission has introduced the "Digital Omnibus," a sweeping legislative package designed to streamline digital rules like the GDPR and AI Act to reduce administrative burdens and foster innovation. However, privacy experts warn that shifting to a subjective definition of "personal data" and creating broad commercial exemptions for "scientific research" could severely undermine fundamental rights and generate significant legal uncertainty. We analyze the clash between the Commission's promise of €5 billion in compliance savings and the potential erosion of data protection enforcement across Europe.
www.compliancehub.wiki/analysis-of-the-proposed-digital-omnibus-regulation
 
Sponsors:
www.compliancehub.wiki
www.cisomarketplace.services
https://airiskassess.com
 

The 2025 CSA and Google Cloud survey reveals a widening gap between the "haves" and "have-nots" of AI readiness, identifying formal governance as the critical "maturity multiplier" that allows organizations to innovate faster while staying secure. Contrary to historical trends where security functions lagged behind new technology, security teams have emerged as early adopters, with over 90% actively testing or planning to use AI for critical tasks like threat detection and red teaming. As enterprises navigate complex multi-model strategies and vendor consolidation, the report emphasizes that operationalizing policies today is the only way to avoid "shadow AI" and successfully transition from pilot programs to production.
 
Sponsor:
https://vibehack.dev
https://cloudassess.vibehack.dev
https://www.cisomarketplace.services 

As AI agents move from experimental pilots to production via the Model Context Protocol (MCP), they introduce a fundamental architectural shift where Large Language Models sit at the center of security-critical decisions. This episode unpacks the Coalition for Secure AI’s comprehensive framework, exploring twelve core threat categories that range from novel vectors like tool poisoning and shadow servers to the "confused deputy" problem. Tune in to learn why traditional perimeter defenses are insufficient and how to implement defense-in-depth strategies, including cryptographic identity propagation, hardware-based isolation, and zero-trust validation for AI outputs
https://cisomarketplace.com/blog/ai-agent-security-crisis-mcp-vulnerabilities
 
https://www.coalitionforsecureai.org/securing-the-ai-agent-revolution-a-practical-guide-to-mcp-security
Whitepaper: https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/mcp/model-context-protocol-security.md
 
Sponsors: 
https://vibehack.dev
www.cisomarketplace.services 
 

This episode explores the Department of War's strategic pivot to "Agentic Warfare," where proactive AI systems evolve from passive tools into digital staff officers capable of executing complex workflows rather than just generating text. We discuss how commanders are shifting from "in the loop" controllers to "on the loop" mission directors, overseeing a "planning multiverse" that runs millions of simulations to "self-heal" operational plans in real time. Finally, we examine the critical race for "decision advantage," arguing that the ability to out-think adversaries with "force guided by foresight" has replaced mass as the primary mechanism of modern deterrence.
https://cisomarketplace.com/blog/pentagon-ai-strategy-defense-startups-innovation-shakeup
https://scale.com/agentic-warfare
 
Sponsor:
www.cisomarketplace.services
www.breached.company 

This series explores the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), a stakeholder-first framework designed to help intelligence programs support the specific decisions and actions of those protecting the organization. We guide listeners through the model’s eleven distinct domains and the cyclical five-step implementation process—Prepare, Assess, Plan, Deploy, and Measure—to transition teams from reactive, ad hoc practices to standardized, predictive operations. By analyzing specific use cases and maturity indicators, we demonstrate how to evolve metrics from simply counting effort to quantifying systemic impact and business value.
www.breached.company/briefing-the-cyber-threat-intelligence-capability-maturity-model-cti-cmm
 
Sponsors: 
www.breached.company
www.cisomarketplace.com 

Transnational cybercrime has evolved into a globally distributed ecosystem where identity is now "synthetic, scalable and weaponizable" due to the proliferation of deepfakes and camera injection tools targeted at digital verification systems. To counter this, the Cybercrime Atlas fosters global collaboration to map criminal infrastructure and identify technical "choke points," a strategy validated by the Serengeti operations which resulted in thousands of arrests and the seizure of $140 million in criminal funds. Simultaneously, experts recommend that institutions implement multi-layered defenses—such as trusted camera source controls and active liveness checks—to harden Know Your Customer (KYC) processes against the democratized threat of AI-generated impersonation.
https://initiatives.weforum.org/cybercrime-atlas/home
www.scamwatchhq.com/your-voice-your-face-your-money-the-terrifying-rise-of-ai-powered-scams-in-2026
 
Sponsors:
www.securitybydesign.shop
SECURE15 - 15% off cybersecurity swag
www.generatepolicy.com
CISO30  - 30% OFF for first-time buyers