Monthly Zen: February Edition

From Agentic AI security insights to big product innovations, Zenity is making waves. Catch up on our latest talks, upcoming webinars, and key thought leadership from February!

Speaker Announcement: The Industry's First AI Agent Security Summit

The first ever AI Agent Security Summit, with participation from the Cloud Security Alliance is being hosted on March 31st at The Cinema at Neuehouse Madison Square.

We are very excited to welcome Ken Huang , Kenneth Foster , Walter Haydock and Rick Doten to the speaker lineup, joining Michael Bargury and Kayla Underkoffler . The unique presentations will give insights into threat modeling for AI Agents, and feature a panel discussion that lends insights into how modern enterprises are approaching AI adoption and security.

If you have a great idea for a talk or research, we are still reviewing speaking submissions until March 10th. More information about the Summit can be found here.

Gartner Market Guide for AI Trust, Risk and Security Management (TRiSM)

We are so proud to announce that Zenity has been named a Representative Vendor in the 2025 Gartner Market Guide for AI TRiSM. Our combination of business-logic-driven AI Security Posture Management (AISPM) with real-time AI Detection and Response (AIDR) uniquely helps our customers mitigate risks, ensure compliance, and maximize SOC and AppSec efficiency.

In this report, Gartner lays the groundwork for security, trust, GRC, data science, and AI teams to come together to ensure that AI is executed securely. Get your complimentary copy here!

OWASP Agentic AI - Threats and Mitigations Guide!

The OWASP® Foundation just released their first deliverable from the Top 10 for LLM and Gen AI project... the Agentic AI Threats and Mitigations Guide! This guide provides a threat-model-based reference to help developers, architects, security professionals, and platform engineers understand and mitigate emerging threats in AI Agents.

If you're using an enterprise ready Agentic platform to build/customize the agents in your environment you need to still threat model the build and implementation of those agents. Check out the Guide here, featuring insights from our very own Tamir Ishay Sharbat and Kayla Underkoffler

Hacker News

Microsoft Power Pages CVE

Microsoft recently disclosed a privilege escalation vulnerability (CVE-2025-24989) affecting Power Pages, which could allow attackers to gain elevated access via registration of new users as admins. While customers have been notified and a patch has been provided, it’s important to continuously monitor for any ongoing suspicious activity or traces of malicious activity that has already taken place.

For organizations looking to stay one step ahead, we have created an open source module that is designed to scan and alert of any anonymous access to Dataverse tables that are exposed via specific Power Pages. Check out the Zenity Security Assessment Hub for more.

The Power of One SSRF Vulnerability: A Multi-Platform Threat

Zenity researcher Dmitry L. disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that if exploited allows for bad actors to harvest user credentials and stage persistent attacks.

This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf of the impersonated user, enabling unauthorized access to sensitive data, Zenity Labs said in a report shared with The Hacker News ahead of publication.

Subscribe to Zenity Labs for more breaking security research.

Upcoming Security Conferences

• Are you going to be in New Orleans for FS-ISAC 's Americas Spring Summit on March 9-12? Swing by Booth #36 - we'd love to chat with you about securing AI Agents in the enterprise! We're also hosting an intimate dinner at Luke on March 10th, details here.

• Tamir Ishay Sharbat is going to be at the Southeast Cybersecurity Summit on April 9th and 10th, giving a talk titled, "Friends to Foes: Threat Modeling Enterprise Copilots & Real World Attacks" where he'll provide comprehensive analysis of the unique threats presented by Agentic AI that can lead to identify spoofing, data tampering, and even complete jailbreak attacks.

• Michael Bargury is going to be back at RSAC 2025 giving not one, but TWO illuminating talks. The first of which is called "Your Copilot is My Insider," examining how powerful AI Agents can be used as novel attack vectors to compromise user accounts for initial and persistent access and exploitation. The second is being presented alongside Ryan McDonald , highlighting how to build an AppSec program as the scope increases to 100x devs and 1000x apps that resulted in the remediation of >50K vulnerabilities within 3 months. If you'll be at RSA - drop us a line, we'd love to meet up!

We hope you’ve enjoyed this latest edition Monthly Zen. Stay tuned for more on the latest news, research, events and notes from the ever-evolving world of Agentic AI in an easy-to-read newsletter. Something more you want to hear about - let us know!