Signal criticality: High
What happened: Help Net Security reported that sinisa Markovic , Senior Staff Writer, Help Net Security March 30, 2026 Share Diligent automates time-consuming steps in third-party reviews Diligent launched of Third-Party Risk Intel, an agentic due diligence and intelligence solution that automates the most time-consuming steps of third-party reviews, delivering up to 80% time savings for compliance, legal, and procurement teams. The launch builds on the company’s recent acquisition of 3rdRisk, an AI-native third-party risk management solution that gives organizations a near real-time view of their external ecosystem, how critical vendors are performing, and what that means for their overall risk posture.
Key takeaways:
Original source: https://www.helpnetsecurity.com/2026/03/30/diligent-automates-time-consuming-steps-in-third-party-reviews/
Signal criticality: High
What happened: The Hacker News published "OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability". A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel, leaking user messages, uploaded files, and other sensitive content," the cybersecurity company said in The article focuses on a concrete model, prompt, data, or integration risk with operational security implications.
Key takeaways:
Original source: https://thehackernews.com/2026/03/openai-patches-chatgpt-data.html
Signal criticality: High
What happened: Microsoft Security Blog published "Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio". Agentic AI introduces new security risks. Learn how the OWASP Top 10 Risks for Agentic Applications maps to real mitigations in Microsoft Copilot Studio The article focuses on governance, identity, guardrails, or permission boundaries around AI agents that can act with real system access.
Key takeaways:
Original source: https://www.microsoft.com/en-us/security/blog/2026/03/30/addressing-the-owasp-top-10-risks-in-agentic-ai-with-microsoft-copilot-studio/
Signal criticality: High
What happened: Cloudflare Blog published that if that sounds abstract, here are two recent examples of such skimming attacks: In January 2026, Sansec reported a browser-side keylogger running on an employee merchandise store for a major U.S. In September 2025, attackers published malicious releases of widely used npm packages . As we previously explained , our GNN is trained on publicly accessible script URLs, the same scripts any browser would fetch.
Key takeaways:
Original source: https://blog.cloudflare.com/client-side-security-open-to-everyone/
The strongest signal today is that AI security is being decided in the surrounding control layer — permissions, connectors, deterministic workflow design, response speed, and the infrastructure that still underpins trust. That is a more durable framing than generic agent hype, and it is the one worth carrying forward.