Enterprise agents face critical security flaws; OpenAI scales cyber defense tools; agentic AI adoption accelerates despite vulnerabilities.
Enterprise AI agents are hitting production at scale—but security researchers are finding dangerous gaps faster than vendors can patch them. Today’s news shows agentic systems generating real business value while exposing critical vulnerabilities that existing security frameworks weren’t designed to catch.
1. Microsoft Copilot Studio and Salesforce Agentforce hit by prompt injection flaws; data exfiltration continues post-patch — VentureBeat
Capsule Security disclosed ShareLeak (CVE-2026-21520, CVSS 7.5) in Microsoft Copilot Studio and PipeLeak in Salesforce Agentforce—both indirect prompt injection vulnerabilities in agent-building platforms. Microsoft patched in January; researchers confirmed data was exfiltrated anyway through legitimate Outlook actions that bypassed DLP systems. Salesforce has not issued a CVE for PipeLeak. For ops and security teams: This signals a new vulnerability class that patches alone cannot eliminate. Agents acting as “confused deputies” can be hijacked through form submissions and lead forms with no authentication. Audit SharePoint form triggers and lead form agents immediately for compromise indicators between November 2025–January 2026.
2. OpenAI launches Agents SDK update with sandboxed execution and cyber defense focus — OpenAI Blog
OpenAI released the next evolution of its Agents SDK with native sandbox execution and model-native harness, enabling long-running agents across files and tools. Separately, OpenAI announced Trusted Access for Cyber, distributing GPT-5.4-Cyber to vetted security firms with $10M in API grants and working with Cloudflare to embed agents in enterprise infrastructure. For finance and IT: This positions OpenAI as the de facto platform for agentic workflows at scale. The cyber focus signals OpenAI sees security as table stakes for enterprise adoption—critical timing given today’s vulnerability disclosures.
3. DeepL expands into voice translation; targets Zoom and Teams integration — TechCrunch
DeepL, known for text translation, announced voice translation capabilities designed for real-time use in meeting tools like Zoom and Microsoft Teams. The move reflects broader shift toward multimodal agents in enterprise comms. For marketing and ops: Voice translation agents in meetings remove friction for global teams and reduce reliance on external interpreters. Expect rapid adoption in multinational firms; integration partnerships will be key differentiator.
4. Hightouch reaches $100M ARR with AI-powered marketing agent platform — TechCrunch
The data activation startup grew ARR by $70M in 20 months after launching an AI agent platform for marketers. Platform automates customer segmentation, campaign orchestration, and personalization at scale. For marketing and finance: This is the clearest signal yet that agentic AI is driving real enterprise revenue, not just hype. Marketing teams are outsourcing complex workflow logic to agents; vendors building agent-native platforms (not bolt-on AI features) are winning market share and multiples.
5. LinkedIn data: hiring down 20% since 2022, but AI not the culprit—yet — TechCrunch
LinkedIn’s report shows hiring has declined 20% since 2022 but attributes slowdown to higher interest rates and cost of capital, not AI displacement. Caveat: the data reflects 2022–2026 trends before agentic hiring automation reached mainstream adoption. For HR and finance: This is the last window before AI-driven recruitment, resume screening, and interview automation materially shift hiring practices. Organizations should audit and document current hiring workflows now, before agents become the default in 2027–2028.
6. Google launches Gemini app for macOS with floating chat and window access — The Verge
Google released a native Gemini app for Mac with Option+Space hotkey to pull up a floating chat bubble. App requests permission to access system information before window sharing, allowing inline context without switching apps. For ops and IT: Desktop AI assistants are now table stakes. Evaluate implications for data residency, DLP policies, and approved AI tools on corporate devices. Users will expect this level of ambient access.
7. Gizmo AI learning platform reaches 13M users; secures $22M Series A — TechCrunch
The edtech startup powered by AI agents hit 13M users and closed $22M Series A funding. Platform personalizes learning paths and tutoring at scale for K–12 and adult learners. For HR and operations: AI tutoring agents are commoditizing personalized education. Enterprise L&D teams should explore agent-based training platforms to reduce instructor costs while maintaining personalization at scale.
8. Thiel-backed startup ObjectionAI proposes AI judgment of journalism; raises press freedom concerns — TechCrunch
A Peter Thiel-backed startup is building AI systems to evaluate journalism credibility and newsworthiness, raising concerns among press advocates about chilling whistleblower sources and centralizing editorial judgment. For legal and marketing: This is an early signal of AI systems making substantive editorial and reputational judgments at scale. Legal teams should monitor emerging liability frameworks; marketing/comms should anticipate AI-driven content moderation becoming more aggressive and less transparent.
9. Nutanix claims 30,000 VMware customer migrations; Broadcom strategy blamed — Ars Technica
Nutanix CEO claims the platform has attracted thousands of VMware customers citing customer dissatisfaction with Broadcom’s post-acquisition strategy and pricing changes. (Not directly AI-focused, but signals risk of enterprise software vendor backlash affecting cloud infrastructure decisions.) For IT and operations: Virtualization and cloud decisions are in flux; cost optimization and agent-driven infrastructure automation will be key criteria in 2026–2027 vendor evaluations.
10. OpenAI’s cyber defense ecosystem; GPT-5.4-Cyber deployed to vetted security partners — OpenAI Blog
OpenAI announced Trusted Access for Cyber program scaled to leading security firms and enterprises, distributing GPT-5.4-Cyber with guardrails and $10M in API grants for threat detection, incident response, and vulnerability management. For security and IT leadership: This is where enterprise agentic AI is most mature and safeguarded. Cyber defense is the first vertical where AI agents have both regulatory clarity and clear ROI. Budget for GPT-5.4-Cyber integration in 2026–2027.
Today’s signal: Agentic AI is moving into production faster than security frameworks can adapt—expect 2026 to be defined by post-incident patch cycles and aggressive vendor competition around agent governance and sandboxing, not by breakthrough capability announcements.