Cyata

𝗜𝗱𝗲𝗻𝘁𝗶𝘁𝘆 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘄𝗶𝗹𝗹 𝗰𝗵𝗮𝗻𝗴𝗲 𝗳𝗮𝘀𝘁 𝗶𝗻 𝟮𝟬𝟮𝟲. 𝗔𝗿𝗲 𝘆𝗼𝘂 𝗿𝗲𝗮𝗱𝘆? We are moving from identity governance built for slow human actions to a world where agents execute autonomous actions at machine speed. In our new research, we introduce Agentic Identity Access Platforms (AIAP): an end-to-end architecture that acts like a new SSO for agents, shifting governance from who logged in to why an action is happening, with task-scoped identities and permissions issued only when an authorized action is requested or in progress. We partnered with 5 vendors pushing this ecosystem forward: 1️⃣ @AstrixSecurity 2️⃣ @oasissec 3️⃣ @aembit_io 4️⃣ @TeamCyata 5️⃣ @silverfort Full report with case studies, implementation patterns, and our new ecosystem map: softwareanalyst.substack.com/p/emerging-age…

🎉 @CheckPointSW is acquiring @TeamCyata to accelerate its mission of delivering an end-to-end AI security platform for the agentic world. As AI systems shift from prompts to autonomous action, agents are already operating across browsers, IDEs, SaaS, and internal environments, often with limited visibility and control. Cyata built technology to discover, understand, and govern autonomous AI agents, with guardrails and posture controls designed specifically for this new layer. We are proud to have backed the Cyata team from day one, and to see their vision and technology become the foundation of Check Point’s AI security platform. @jifa @brian_sack3

AI agents are already making decisions across your organization. But most security teams have no visibility into what they're actually doing, and can't control them when they go rogue. Shahar Tal (@jifa) joined @i24NEWS_EN to discuss the new security challenge most enterprises aren't prepared for: autonomous AI systems acting without oversight. Watch the full conversation on agentic security and how to bring autonomous AI under control:

📝 Full technical writeup on our blog: cyata.ai/blog/cyata-res…

🔓 Cyata Research disclosed three vulnerabilities in 𝐀𝐧𝐭𝐡𝐫𝐨𝐩𝐢𝐜'𝐬 𝐨𝐟𝐟𝐢𝐜𝐢𝐚𝐥 𝐆𝐢𝐭 𝐌𝐂𝐏 𝐬𝐞𝐫𝐯𝐞𝐫. Each flaw looked relatively moderate in isolation. But chain them together with the Filesystem MCP server, and you get remote code execution - triggered entirely through prompt injection. The real takeaway → as agentic systems get more complex, it's the combinations that break things. Tooling that looks safe in isolation can become dangerous when chained together. 📰 Read the coverage by The Register: theregister.com/2026/01/20/ant… 📝 Full technical writeup in the first comment.

🚨 𝐖𝐞 𝐟𝐨𝐮𝐧𝐝 𝐚 𝐜𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐢𝐧 𝐋𝐚𝐧𝐠𝐂𝐡𝐚𝐢𝐧. Upgrade to langchain-core 1.2.5 or 0.3.81 immediately. Cyata's security researcher Yarden Porat discovered LangGrinch (CVE-2025-68664 & CVE-2025-68665): the first critical vulnerability in LangChain Core, the most widely adopted framework for building AI agents (847M+ total downloads per pepy.tech). The flaw lives in core serialization logic, making it reachable across virtually any deployment. The attack: Malicious inputs can trick LangChain into leaking secrets from your environment, no direct code access required. Full technical breakdown → cyata.ai/blog/langgrinc… Coverage by @SiliconANGLE → siliconangle.com/2025/12/25/cri… This is what securing agentic AI looks like. The agent isn't just the asset, it's the attack surface.

𝐍𝐞𝐰 𝐫𝐞𝐬𝐞𝐚𝐫𝐜𝐡 𝐟𝐫𝐨𝐦 𝐂𝐲𝐚𝐭𝐚: 𝐂𝐕𝐄-𝟐𝟎𝟐𝟓-𝟔𝟒𝟏𝟎𝟔 Cyata security researcher Yarden Porat disclosed a high-severity RCE vulnerability in Cursor's MCP installation flow. A single keyword in a deep-link bypassed the security modal, presenting users with a trusted dialog while executing attacker-controlled commands. The finding highlights a systemic gap: AI IDEs are making undocumented trust decisions that security teams have no way to audit. This exception was found through reverse-engineering raising the question of what other trust shortcuts exist across agentic tooling. Full coverage in SiliconANGLE: siliconangle.com/2025/12/19/cya…

𝐘𝐨𝐮𝐫 𝐈𝐀𝐌 𝐬𝐲𝐬𝐭𝐞𝐦 𝐢𝐬 𝐟𝐚𝐬𝐭. 𝐘𝐨𝐮𝐫 𝐀𝐈 𝐚𝐠𝐞𝐧𝐭𝐬 𝐚𝐫𝐞 𝐟𝐚𝐬𝐭𝐞𝐫. Employee terminated at 2:47:00 PM. By 2:48:00 PM, their agent has accessed critical systems across three cloud environments-before the revocation fully propagates. In a guest post, Sushant Chowdhary (Ascension) breaks down why State Drift in "eventually consistent" IAM becomes an instant attack vector when agents operate at machine speed, and what replaces it. Worth the read: cyata.ai/blog/speed-kil…

We’re excited to announce that Cyata will be exhibiting at The AI Summit New York this December - find us at booth S1! As organizations embrace AI agents across their operations, visibility and control are critical. Cyata’s control plane for agentic identity gives teams the power to discover, explain, and control every AI agent, ensuring secure and governed adoption at scale. 📍 Visit us at booth S1 during hashtag#TheAISummit New York. 👉 Book a dedicated meeting with our team: cyata.ai/ai-summit-ny/

Google just launched Antigravity. 𝗪𝗲 𝘀𝗵𝗶𝗽𝗽𝗲𝗱 𝗳𝘂𝗹𝗹 𝘀𝘂𝗽𝗽𝗼𝗿𝘁 𝗶𝗻 𝗖𝘆𝗮𝘁𝗮 𝘁𝗵𝗿𝗲𝗲 𝗵𝗼𝘂𝗿𝘀 𝗹𝗮𝘁𝗲𝗿. That's not bragging - it's the point. Agentic tools will keep arriving. Security needs a control plane that moves at their speed. New blog on Antigravity, Agent Modes, and why same-day support matters: cyata.ai/blog/google-an…

Proud to announce Cyata has joined @owasp. When AI agents become critical infrastructure, securing them requires open standards and community collaboration to establish the security paradigm organizations need today. Read more on our blog: cyata.ai/blog/cyata-joi…

𝐄𝐱𝐜𝐢𝐭𝐞𝐝 𝐭𝐨 𝐬𝐡𝐚𝐫𝐞 𝐭𝐡𝐚𝐭 𝐂𝐲𝐚𝐭𝐚 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐞𝐱𝐡𝐢𝐛𝐢𝐭𝐢𝐧𝐠 𝐚𝐭 𝐭𝐡𝐞 𝐆𝐚𝐫𝐭𝐧𝐞𝐫 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 & 𝐀𝐜𝐜𝐞𝐬𝐬 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 𝐒𝐮𝐦𝐦𝐢𝐭 𝟐𝟎𝟐𝟓 𝐭𝐡𝐢𝐬 𝐃𝐞𝐜𝐞𝐦𝐛𝐞𝐫 𝐢𝐧 𝐓𝐞𝐱𝐚𝐬! As AI agents become the new workforce, identity governance must evolve. Cyata enables organizations to discover, explain, and control every AI agent with posture-first identity security. 📍 Visit us at Booth #725 in the exhibit hall 👉 Book a meeting with our team: cyata.ai/gartner-iam/

Every computing era demanded its own security discipline. Now autonomous agents demand theirs. Introducing Agentic SPM. AI agents aren't users. They're not NHIs. They're autonomous actors that reason, decide, and act. Existing security can't govern them. Agentic Security Posture Management can. Read why: cyata.ai/blog/why-aispm…

Cyata has officially joined the Cloud Security Alliance and signed the AI Trustworthy Pledge. As AI agents become autonomous actors in enterprise environments, we're committed to supporting open, community-driven standards for AI agent governance. Read more in our latest blog: cyata.ai/blog/cyata-joi… @cloudsa

I’m not here to tell you to secure your AI agents. And I definitely won’t say they’re the most powerful identities in your environment. Or… that they can make your attack surface look enormous. Why would I need to do that? But if you said you wanted to see them - and lock down their privileges - I’m not gonna stop you. But just to be clear, this is not me telling you to secure your AI agents. You see what I did there, right?

Vaults are trusted by default. We found 14 zero-days that challenge that trust. RCEs. Auth bypass. Root token theft. 🔎Read the disclosure: cyata.ai 🎙️ See us at #BlackHat2025 Booth 6316 #VaultFault #Cybersecurity #ZeroDay #CISO #HashiCorpVault #CyberArk #Infosec

🚨 @Cyata is out of stealth! $8.5M seed backed by @TLV_Partners & security leaders from @Cellebrite, Unit 8200 & @CheckPointSW. We’re building the Control Plane for Agentic Identity - securing AI agents with visibility, auditing & just-in-time controls. venturebeat.com/security/how-c…

They’re not malicious. They’re just agentic.