In this episode of 'Cybersecurity Today,' host Jim Love discusses various pressing topics in the realm of cybersecurity. Highlights include Anthropic's prediction on AI-powered virtual employees and their potential security risks, Microsoft’s introduction of AI security agents to mitigate workforce gaps and analyst burnout, and a pivotal court ruling allowing a data privacy class action against Shopify to proceed in California. Additionally, the show covers the last-minute extension of funding for the Common Vulnerabilities and Exposures (CVE) program by the US Cybersecurity and Infrastructure Security Agency, averting a potential crisis in cybersecurity coordination. These discussions underscore the evolving challenges and solutions within the cybersecurity landscape.
00:00 Introduction and Overview
00:26 AI Employees: Opportunities and Risks
01:48 Microsoft's AI Security Agents
03:58 Shopify's Legal Battle Over Data Privacy
05:12 CVE Program's Funding Crisis Averted
07:24 Conclusion and Contact Information
Episode Transcript
One of the leading AI companies saysvirtual employees could pose security
risks Within a year, Microsoft rollsout security agents to combat analyst
burnout and workforce gaps, and the commonvulnerability and exposures programs.
CVE gets an 11th hour stay of execution.
(00:21):
This is cybersecurity today,and I'm your host, Jim Love.
Anthropic, one of the leading artificialintelligence companies anticipates
that AI powered virtual employeescould begin operating within corporate
networks as soon as next year, andthat's according to Chief Information
Security Officer Jason Clinton.
(00:42):
This development raises significantcybersecurity concerns as organizations
will need to reevaluate how theymanage digital identities and access
controls to prevent potential breaches.
Clinton emphasized that securingAI employee accounts, determining
appropriate access levels and assigningaccountability for their actions.
Are major challenges thatenterprises will face.
(01:05):
There's a risk that AI employees couldbe exploited or even act dangerously,
such as interfering with critical systemslike continuous integration platforms.
With current IT teams alreadyoverwhelmed by credential
management and cyber threats.
The addition of AI agentscomplicates the landscape further.
(01:26):
The growing importance of non-humanidentity management has spurred
cybersecurity firms to developsolutions in this emerging area,
which Clinton identifies as apriority for future AI investments.
As integrating AI into corporatesettings becomes more prevalent,
managing virtual employees securelywill become a pressing issue.
(01:49):
Microsoft is adding 11 AI powered agentsto its security co-pilot platform in a
move aimed squarely at easing the strainon overworked cybersecurity teams.
Unlike traditional AI copilots thatoffer suggestions, these agents can take
autonomous actions, flagging alerts,initiating investigations, and even
(02:09):
closing incidents, freeing analyststo focus on higher priority threats.
According to US federal data, thecountry currently has only enough
trained professionals to fill 83%of available cybersecurity roles.
At the same time, security teamsare inundated with alerts more than
4,400 per day in some organizations,And they spend up to three hours
(02:33):
daily triaging and respondingaccording to research from Vectra ai.
While other cybersecurity vendors havelaunched AI assistance, most stop short
of full autonomy, Microsoft's agents bycontrast, are designed to handle routine
and repetitive tasks, such as identifyingfalse positives in phishing detection, or
(02:54):
investigating suspicious login patterns
The company claims they continuouslylearn from user feedback and can
adapt their behavior over time.
Each agent focuses on a particulartask and a wide range of activities
ranging from looking for phishing emailsto even crafting the letters needed
to be sent out after a data breach.
(03:15):
Microsoft promises the ability toconfigure each agent's level of
access and autonomy, making themtotally independent or an addition
to a user's account, whichever youneed as well for greater control.
Each agent will provide what they referto as a map of its thinking so that
humans can review it and if necessary,correct or override their decisions.
(03:38):
The company says the agents have beenextensively red teamed to identify
risks before deployment, and earlyusers report significant time savings.
If adoption scales, Microsoft'sapproach could transform how AI
shifts from assistant to activeresponder in enterprise security.
A US Appeals Court has reinstated aproposed data privacy class action against
(04:03):
Canadian e-commerce company Shopify,allowing the case to proceed in California
the ninth US Circuit Court of Appealsruled 10 to one that Shopify could
be held accountable in Californiafor collecting personal data via
tracking cookies without user consent.
Plaintiff Brandon Briskin, a Californiaresident, alleges that Shopify
(04:25):
installed tracking software on hisiPhone during a purchase using his
data to build a customer profilethat they sold to other merchants.
Shopify contended.
It should not be sued in Californiabecause it operates nationwide and
did not specifically target the state.
However, the court found that thecompany's actions deliberately
(04:45):
targeted Californians.
The court's decision could have broaderimplications for the jurisdiction of
US courts over internet companies, acoalition of 30 states and Washington.
DC supported Briskin citing the need touphold state consumer protection laws.
Shopify back.
By the US Chamber of Commerce arguedthat the ruling could unfairly
(05:06):
subject global service providers tolawsuits in unrelated jurisdictions.
And finally, in a dramatic 11th hourdecision, the US Cybersecurity and
Infrastructure Security Agency, CISAA extended the funding for the common
vulnerabilities and exposures or CVEprogram averting a potential crisis
(05:29):
in global cybersecurity coordination.
The program managed by the nonprofitMitre Corporation serves as a
critical resource for identifying andcataloging software vulnerabilities.
Until the last minute notice, the federalcontract was set to expire on April
16th, 2025, without a renewal in place.
(05:52):
The CVE system is essentially a wayto manage records of vulnerabilities.
It assigns unique identifiers topublicly disclosed cybersecurity
vulnerabilities, enabling organizationsworldwide to prioritize security patches
effectively, the program's suddenfunding uncertainty prompted concerns
across the cybersecurity community.
(06:13):
. Yosry Barsoum, MIT's, vice Presidentand Director of the Center for
Securing the Homeland, warned thata service interruption could lead to
deterioration of national vulnerability,databases and advisories, tool vendors,
incident response operations, andall manner of critical infrastructure
In response to the potential lapseCISA announced the execution of
(06:35):
an 11 month contract extension toensure the program's continuity.
a CISA spokesperson stated the CVEprogram is invaluable to the cyber
community and a priority of CISA.
Despite this temporary reprieve, theincident has sparked discussions about
the program's long-term sustainability.
Some members of the CVE Board haveproposed transitioning the program
(06:58):
into an independent entity to reducereliance on government funding
and enhance its global neutrality.
A CVE program near shutdown underscoresthe importance of stable funding for
critical cybersecurity infrastructure.
As the digital landscape continues toevolve, ensuring the resilience and
independence of such programs remainsa priority for stakeholders worldwide.
(07:24):
That's our show for today.
Love to hear what you think.
You can contact me ateditorial@technewsday.ca.
You can find me on LinkedIn.
Many people do.
Or if you're watching on YouTube,just drop a comment under the video.
I'm your host, Jim Love.
Thanks for listening.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com