AI moves fast. Stay in the know.

A new Verizon data breach report shows that AI is becoming a bigger factor in cybersecurity incidents, with attackers using AI to identify vulnerabilities faster and scale existing attack techniques. Reuters reported that vulnerability exploitation has now surpassed stolen credentials as the leading entry point in breaches, while shadow AI has emerged as a major source of non-malicious data loss. For enterprises adopting GenAI, the risk is not just external attacks but also employees unintentionally exposing sensitive data through unauthorized AI tools.

Source: Reuters

What to know:

• Verizon’s report found that AI-related data breach risks are rising as attackers use AI tools across different stages of cyberattacks.
• Vulnerability exploitation accounted for 31% of breaches, surpassing stolen credentials for the first time, according to the report.
• Threat actors are using generative AI for targeting, initial access, malware development, and other attack workflows.
• Verizon warned that AI can shrink the defensive response window from months to hours by accelerating the exploitation of known vulnerabilities.
• Shadow AI, or unauthorized AI use, is now the third most common non-malicious insider action in data-loss incidents.
• Employees are submitting sensitive information such as source code, images, and structured data into unauthorized AI tools, increasing enterprise data exposure risk.

Why it matters:

For mid-sized businesses adopting GenAI, this report highlights two connected risks: AI-powered external threats and unmanaged internal AI usage. As attackers use AI to move faster, businesses need stronger security monitoring, faster vulnerability response, and clearer visibility into AI-related risks. At the same time, shadow AI creates a quieter but equally serious exposure point because employees may share sensitive source code, customer data, financial information, or internal documents with tools the organization cannot monitor. This reinforces the need for AI observability, prompt-level visibility, policy enforcement, and data protection controls that help businesses understand how GenAI is being used before it becomes a compliance, security, or operational risk.

Google is rolling out Spark, an always-on AI agent inside the Gemini app that can run continuously in the background and take actions on a user’s behalf. Business Insider reported that Spark can read and use information from Google products such as Gmail, Docs, Sheets, and Slides, with future plans to connect to third-party tools. While the agent is positioned as a productivity assistant, the enterprise risk is significant: once AI agents can access workplace data and act across connected systems, businesses need stronger controls around permissions, monitoring, data exposure, and accountability.

Source: Business Insider

What to know:

• Google described Spark as an always-on AI agent that can run 24/7 and continue working even when a laptop is closed.
• The agent is powered by Gemini 3.5 and runs on Google Cloud, allowing it to operate continuously in the background.
• Spark can take actions on behalf of users, including planning tasks, collating notes, drafting emails, and managing reminders.
• Google said Spark will be able to read and use information from first-party products such as Gmail, Docs, Sheets, and Slides.
• The company also plans to connect Spark with Chrome and eventually third-party tools, expanding the agent’s access across workflows.
• For businesses, this creates new governance concerns around what data AI agents can access, what actions they can perform, and how those actions are monitored.

Why it matters:

As Gemini becomes embedded into everyday workplace systems, always-on AI agents introduce a new governance challenge by shifting from simple assistance to active task execution. Once an AI agent can read emails, scan documents, pull information from spreadsheets, draft messages, and act across connected apps, organizations need clear visibility into what the agent accessed, what it generated, and whether its behavior aligns with internal policy. Without AI observability and governance controls, businesses may face risks tied to sensitive data exposure, unauthorized actions, inaccurate outputs, shadow AI usage, and weak accountability when AI-driven tasks affect customers, employees, or business operations.