AI is moving from experimentation to execution. What started as copilots is quickly evolving into autonomous AI agents that can make decisions, execute tasks, and operate across enterprise environments.

As organizations accelerate adoption of agentic AI, they’re expanding their attack surface in ways traditional security models weren’t built to handle. AI agents interact with identities, APIs, workloads, and data across environments, and attackers who can compromise these agents can also reach an organization’s sensitive resources and assets. This is where a secure-by-design approach becomes critical.

Security can’t be layered on after AI agents are in use. It must be built into how AI systems are developed, deployed, and adopted. Industry efforts, including recent collaboration between CrowdStrike and NVIDIA, are helping define what it means to secure autonomous agents at scale. Three principles stand out.

1. Treat AI agents as privileged identities

AI agents behave like users, but operate at a speed and scale no human can match. They access systems and trigger workflows in real time, which makes them a high-value target. If compromised, an AI agent can give an adversary legitimate access to move quickly across environments, creating a new attack path that security teams can’t afford to ignore.

Organizations need to treat AI agents as privileged identities from Day One. This means enforcing least-privilege access, continuously monitoring behavior, and correlating activity across identity, cloud, endpoint, and additional security domains. Teams require full visibility into what these agents are doing and the ability to stop suspicious activity immediately.

2. Secure the full AI lifecycle

Most security efforts today focus on the build phase, especially protecting models and training data. That’s necessary, but not sufficient on its own. The real risk often shows up in production, where AI agents are interacting with live environments.

AI agents are deeply connected systems. They rely on APIs, integrate with cloud services, and operate across production workloads. Every connection increases the potential blast radius if something goes wrong. A secure-by-design approach must span the full lifecycle — from build to runtime – to ensure models and data are protected, policies are enforced at deployment, and behavior is continuously monitored once agents are live.

Runtime protection is the gap that many organizations underestimate. If an AI agent is manipulated or abused, teams need to detect and respond in real time.

3. Use AI to defend against AI-driven threats

Adversaries are already using AI to move faster, automate attacks, and evade detection. Defending against them requires meeting speed with speed, and AI is the critical component to deliver that defense.

By combining real-time telemetry with AI-driven analytics, organizations can surface subtle and unknown signals that point to compromise. Correlating activity across identity, cloud, endpoint, and data environments helps expose threats before they escalate. This kind of cross-domain visibility is critical because modern attacks don’t stay contained — they move laterally, blend into normal operations, and exploit gaps between tools. AI-powered security helps close those gaps and keep pace with the adversary.

Building AI with confidence

Agentic AI is reshaping how work gets done, from automating complex processes to accelerating decision-making across the enterprise. But it also introduces a new class of risk that traditional approaches weren’t designed to address.

Organizations that build security into the foundation of their AI systems will be able to move faster with confidence. Those that don’t will be left reacting to threats operating at machine speed. Secure-by-design AI isn’t about slowing innovation — it’s about enabling it. By treating AI agents as identities, securing the full lifecycle, and using AI to stop advanced threats, organizations can scale AI without scaling risk.

Additional Resources

The post 3 Principles to Safely Scale Agentic AI appeared first on MASSIVE News.

Consider the below hypothetical scenario:

A data science team is building an AI model in the cloud using customer data in cloud storage. That data moves through ETL (extract, transform, load) pipelines that prepare and transfer data between systems before it is accessed by APIs and ultimately used in a cloud-hosted AI model.

On paper, the organization knows where that data lives. In practice, key information is missing. The team cannot clearly trace how the customer data moves from storage, through pipelines, into the model. They can’t see how it is accessed once the model is in production, and they have no way of knowing whether the data is exposed or accessed in unintended ways.

ISO 42001:2023, the first international standard for AI management systems, provides a framework for organizations to responsibly govern and monitor AI systems. It is designed to help organizations understand how AI systems use data across their lifecycle, assess the risks and impacts associated with that data usage, and establish the processes needed for ongoing monitoring, governance, and accountability.

This is where CrowdStrike Falcon Data Security for Cloud comes in. By providing visibility into how sensitive data moves through cloud and AI environments, Falcon Data Security for Cloud helps organizations understand data flows, monitor runtime activity, and identify emerging risks that may impact AI governance efforts.

Throughout this blog, we will follow this scenario to show how those risks emerge and how organizations can better understand and manage them.

Where Traditional Data Security Approaches Fall Short

Most data security tools were built to protect relatively static data. Legacy DLP relies on predefined rules and policies, traditional DSPM focuses on point-in-time visibility into data at rest, and compliance tooling emphasizes documentation.

In the scenario above, these tools can confirm customer data exists in cloud storage and may even classify it. However, they cannot answer critical questions including:

• How does this data move into the AI model?
• What services access the data once the model is live?
• Has this data been reused or shared beyond its intended purpose?

ISO 42001:2023 requires organizations to understand:

• How data flows through AI systems
• Where data originates and how it changes
• How sensitive data is used at runtime and the potential impact of that usage
• How risks evolve over time as AI systems and data interactions change

Falcon Data Security for Cloud Helps Support Key ISO 42001:2023 Control Areas

To see how these data security challenges can emerge in practice, let’s return to the scenario and explore how Falcon Data Security for Cloud can help support key control areas across ISO 42001:2023.

Understand AI Data Resources

The first challenge for the organization in this scenario is understanding what data is being used across the AI system and how it moves through the environment.

With Falcon Data Security for Cloud, the team can see customer data move from cloud storage, through ETL pipelines, and into the AI model. They can trace where that data originated, identify whether it includes sensitive information such as PII, and understand how the data is used.

This visibility helps organizations build a more complete picture of the resources supporting AI systems. What was previously a static inventory of where sensitive data resides becomes a continuously updated view of how data moves across the AI environment.

This can help support ISO 42001:2023 control areas focused on resource documentation and data governance (A.4, A.7), which require organizations to document data resources, provenance, and data usage across the AI lifecycle.

Monitor AI Systems at Runtime

Once the model is deployed, the challenge shifts from understanding data flows to understanding what happens inside those flows.

Teams need to know not only where data is moving, but also what data is present within a pipeline at a given point in time. Falcon Data Security for Cloud provides live runtime visibility into cloud data activity, which allows organizations to understand what types of data are being processed by AI systems and services.

For example, teams can identify when sensitive data such as PII appears within a pipeline, even if that data was not expected to be there. If a dataset becomes contaminated with PII during processing or transformation, that change introduces new considerations around monitoring, governance, and data handling.

This can help support ISO 42001:2023 requirements for monitoring, logging, and traceability (A.6) by providing visibility into how AI systems operate and how data is used during runtime.

Support Responsible AI Use and Incident Response

Now consider that a new service begins accessing the model, and customer data is transmitted to a destination that was not part of the original pipeline.

With visibility into data flows and runtime activity, the organization can determine whether this behavior aligns with internal policies and governance requirements. Is the service authorized to access the model? Should sensitive customer data be moving to this destination? Does this activity warrant investigation?

By providing context around sensitive data movement, access patterns, and potential exposure events, Falcon Data Security for Cloud helps organizations make more informed decisions about how to respond. Teams can investigate activity, validate policy compliance, and identify events that may require escalation or remediation.

These capabilities can help support ISO 42001:2023 control areas related to risk assessment, incident response, and responsible AI usage (A.5, A.8, A.9). By providing operational inputs into governance and compliance processes, Falcon Data Security for Cloud helps organizations better understand and manage AI-related data risks.

How Compliance Fuels Stronger Data Security 

AI systems have fundamentally changed how data is used and how it must be secured. ISO 42001:2023 reflects this shift by requiring organizations to understand and govern data across the AI lifecycle. In the example scenario, the difference between protecting sensitive data and putting it at risk came down to visibility. Without it, the organization relied on assumptions. With it, they could see how data moved, detect risk, and take action.

Falcon Data Security for Cloud plays a key role by making data movement visible and helping organizations understand how sensitive data is used across cloud and AI environments. That visibility must be paired with clear governance policies, defined risk management processes, and continuous evaluation of system behavior. This allows organizations to take meaningful steps toward ISO 42001:2023 objectives while reducing real-world data risk.

Additional Resources

• Visit the Falcon Data Security for Cloud webpage to learn how CrowdStrike is redefining the cloud data security market.
• Sign up today to experience firsthand the benefits of Falcon Data Security.
• Be part of Fal.Con 2026 and connect with 10,000+ cybersecurity professionals shaping the future of the industry.

The post ISO 42001:2023 and the New Reality of Cloud AI Data Risk appeared first on MASSIVE News.

Infostealers are among the most persistent and damaging strains of malware affecting individuals and organizations worldwide. These stealthy and malicious programs often go unnoticed, quietly infiltrating devices to steal sensitive data and relay it to cybercriminals. From session tokens and login credentials to financial information and browser-stored data, infostealers pose a grave risk to organizations. 

In this blog, we’ll provide a comprehensive overview of what infostealers are, how they operate, and the history of these threats. We’ll also dive into why some traditional security solutions and extension-based security solutions fall short in combating them. Finally, we’ll detail whyCrowdStrike is uniquely positioned to defend against this consistent threat and deliver real identity security for modern organizations. 

What Is an Infostealer? 

An infostealer is a type of malware specifically designed to do what its name suggests: steal sensitive information. Often deployed through phishing emails, malicious downloads, compromised websites, or exploited vulnerabilities, infostealers can harvest: 

• Login credentials 
• Session tokens for active accounts 
• Browser-stored autofill data and cookies 
• Financial data, including credit card information and cryptocurrency wallets 
• System and network configurations 

Infostealers differ from threats like ransomware because they operate quietly in the background. They often go undetected while transmitting the data they harvest to a remote command-and-control (C2) server. Infostealers are particularly dangerous because they can lead to identity theft through session hijacking, which enables threat actors to use stolen session tokens to impersonate users and access sensitive systems via their login credentials without requiring a multifactor authentication (MFA) challenge or the victim’s password. 

The History of Infostealers 

Infostealers have been an active threat since the mid 2000s. Often credited as the first widespread infostealer is the infamous Zeus virus, aka Zbot. Zeus infected devices via phishing and drive-by downloads, targeting financial institutions to capture banking credentials. Since then, infostealers have evolved greatly in sophistication, scale, and intensity.  

Here are some notable infostealers that have made their way onto devices over the years: 

• Zeus (2007-2010): Pioneered modern identity security threats with its ability to intercept online banking sessions 
• Emotet (2014-2021): Initially a banking trojan, later expanded to deliver other malware including infostealers 
• Racoon Stealer (2019-present): Sold as malware as a service, targeting browsers, email clients, and cryptocurrency wallets 
• Lumma Stealer (2023-present): Compromised hundreds of thousands of devices by stealing browser-stored credentials and session tokens 

This malware category has thrived due to the value of stolen credentials and session hijacking opportunities on underground markets. A single valid session token for a corporate system can be worth tens of thousands of dollars on dark web forums. 

How Infostealers Operate: Tactics and Timeline 

The infostealers most used today typically follow a lifecycle like the following:  

• They are delivered through phishing emails, malvertising, pirated software, or apps with vulnerabilities 
• The infostealer’s payload installs quietly in the background, avoiding detection by traditional antivirus solutions 
• Once installed on a device, the infostealer begins harvesting data like session tokens, cookies, credentials, and financial details 
• After collecting data, the infostealer transmits the information to the attacker’s remote infrastructure 
• After exfiltration, some infostealers will remain persistent, maintaining access for ongoing surveillance and data theft

Consequences of an Infostealer Attack 

The impact of an infostealer attack can be devastating. Because infostealers quietly extract sensitive data, organizations often remain unaware until significant damage has been done. Here are some of the most serious consequences organizations can face: 

Account Takeover via Session Hijacking

Session hijacking is arguably the most dangerous. By stealing session tokens, attackers can impersonate legitimate users without needing their passwords. This means even accounts protected by multifactor authentication can be compromised. From corporate email accounts to cloud dashboards and financial portals, these unauthorized logins can lead to data leaks, financial theft, and unauthorized transactions.

Credential Theft and Identity Fraud

Infostealers harvest login credentials stored in browsers, including those for email, banking, cloud services, and social media accounts. This sensitive information is often sold on the dark web, giving way to identity fraud. Attackers may open new accounts in a victim’s name, conduct unauthorized purchases, or initiate scams.

Data Breaches and Compliance Violations

When a threat actor hijacks session tokens, they gain access to sensitive corporate data, intellectual property, and potentially customer information. A single compromised session can lead to a major data breach. This often results in regulatory penalties under data protection laws, reputational damage, and legal liabilities.

Financial Losses

Infostealers can extract financial data, credit card numbers, and cryptocurrency wallet keys unnoticed. The direct financial impact can be immediate, as attackers drain wallets or make unauthorized transactions. Additionally, the costs of incident response, system restoration, legal actions, and customer notification can amount to millions of dollars for affected businesses. 

Long-Term Brand and Trust Damage

Victims of infostealer attacks often suffer long-term reputational harm. Clients, partners, and customers may lose trust in a company’s ability to protect sensitive data, leading to lost contracts, customer churn, and competitive disadvantage. 

Why Extension-Based Security Solutions Can’t Stop Infostealers 

Today, some enterprise organizations rely on browser extension-based security tools to shore up their identity security. While these solutions can sometimes provide valuable features such as phishing protection and the management of cookies, they are fundamentally limited in their ability to counter advanced infostealers. They have limited access to browser internals, no control over HTTP traffic, often only focus on cookie protection, and tend to be reactive in nature.

How CrowdStrike Stops Infostealers and Session Hijacking 

Protecting against session hijacking, session token theft, and identity-based attacks requires a fundamentally different approach. CrowdStrike’s browser security technology operates inside the browser itself. We offer:

Deep Browser Integration

CrowdStrike integrates directly into the browser environment, giving it privileged access to internal session storage, runtime data, and session management processes. This allows us to actively monitor, secure, and encrypt session tokens before they can be stolen.

Comprehensive Identity Security

CrowdStrike’s solution goes beyond cookie protection to protect all browser-stored credentials, autofill data, session tokens, and sensitive transaction data. Our real-time threat detection engine identifies unauthorized data exfiltration attempts and halts them before damage occurs.

Real-Time Session Hijacking Prevention

By continuously validating the integrity and security context of active sessions, CrowdStrike prevents attackers from using stolen session tokens to gain access to systems. If a suspicious session is detected, it’s immediately invalidated and the user is alerted.

HTTP Traffic Visibility

CrowdStrike’s technology provides secure oversight of HTTP and HTTPS communications without compromising user privacy. This allows for the detection of anomalous traffic patterns associated with infostealers and the prevention of data exfiltration over encrypted channels.

Adaptive Threat Response

The CrowdStrike Falcon® platform uses advanced behavioral analytics and machine learning to identify previously unknown infostealers, including zero-day variants. CrowdStrike stops threats dynamically, even when no signature or indicator of compromise exists. 

The Future of Identity Security

Infostealers represent one of the fastest growing and most dangerous classes of malware out there today. Their ability to harvest login details, session tokens, and sensitive personal data makes them a formidable threat to both individuals and enterprises. While browser extension-based security tools offer partial protection, they are fundamentally incapable of stopping advanced infostealers due to limited browser access, no control over HTTP traffic, and narrow cookie-focused defenses. 

CrowdStrike delivers a proactive, deeply integrated browser protection solution that ensures real identity security, prevents session hijacking, and stops infostealers before they can do harm.

Additional Resources

The post How to Protect Identities and Sessions from Infostealers appeared first on MASSIVE News.