Welcome to Week 1's AI Security 3x3 Brief—and the first of 2026. Happy New Year!

TL;DR: Palo Alto Networks just designated AI agents as the top insider threat of 2026, a maximum-severity vulnerability in a major AI workflow platform shows exactly why that matters, and a new survey confirms every organization is deploying AI agents—but most lack the basic controls to govern them.

The 3 Key Points:

1. What Happened: Palo Alto Networks' Chief Security Intelligence Officer Wendi Whitmore has formally designated AI agents as the primary insider threat for 2026. In an interview with The Register published January 4, Whitmore outlined why autonomous agents represent a fundamentally different risk than traditional insider threats. According to Gartner estimates cited in the company's 2026 predictions, 40% of enterprise applications will integrate with task-specific AI agents by year's end—up from less than 5% in 2025. Meanwhile, machine identities already outnumber humans 82:1 in enterprise environments.

2. Why It Matters: Whitmore described what she calls the "superuser problem": AI agents are granted broad, persistent access to critical systems because they need it to function. They're always on, implicitly trusted, and given the keys to the kingdom. That makes them the most valuable target an attacker could ask for. The company's prediction put it bluntly: "By using a single, well-crafted prompt injection or by exploiting a 'tool misuse' vulnerability, adversaries now have an autonomous insider at their command—one that can silently execute trades, delete backups, or pivot to exfiltrate the entire customer database."

3. What You Need to Know: Whitmore also warned about "doppelganger" attacks—AI agents that could impersonate executives to approve wire transfers or sign off on M&A decisions. The risk isn't hypothetical. Palo Alto Networks' Unit 42 team observed attackers abusing AI throughout 2025 in two ways: running traditional attacks faster and at greater scale, and manipulating models for entirely new attack types.

For Enterprises: Treat AI agents like you'd treat a new employee with admin access—except one that never sleeps and processes thousands of requests per hour. Audit agent permissions aggressively. Implement least-privilege access. Monitor for anomalous behavior. Have a plan for what happens when an agent gets compromised, because the 82:1 ratio means your attack surface just exploded.

For SMBs: Before deploying any AI agent, ask: What systems can this access? What can it do without asking? What happens if someone tricks it? If you can't answer those questions, you're not ready to deploy it. Start with agents that require human confirmation for consequential actions.

Peak season is here. Most retail and ecommerce teams face the same problem: volume spikes, but headcount doesn't.

Instead of hiring temporary staff or burning out your team, there’s a smarter move. Let AI handle the predictable stuff, like answering FAQs, routing tickets, and processing returns, so your people focus on what they do best: building loyalty.

Gladly’s ROI calculator shows exactly what this looks like for your business: how many tickets AI could resolve, how much that costs, and what that means for your bottom line. Real numbers. Your data.

See your savings

The 3 Key Points:

1. What Happened: A maximum-severity vulnerability in n8n, one of the most popular AI workflow automation platforms, allows unauthenticated attackers to take complete control of affected instances. The flaw, tracked as CVE-2026-21858 with a CVSS score of 10.0, was disclosed January 7 by Cyera Research Labs, who dubbed it "Ni8mare." n8n has over 100 million Docker pulls and connects to everything from Google Drive and Salesforce to OpenAI API keys, IAM systems, and payment processors. Cyera estimates approximately 100,000 servers are affected globally.

2. Why It Matters: This isn't just another CVE. n8n has become essential infrastructure for organizations building AI-powered automations—the exact kind of agent workflows Palo Alto Networks is warning about. The vulnerability exploits a Content-Type confusion flaw that lets attackers read arbitrary files from the server, including the internal database containing user credentials and the encryption keys protecting them. With that information, they can forge an administrator session and execute commands on the underlying system. "To retrieve the content of that internal file, all we need to do is ask about it through the chat interface," explained Cyera researcher Dor Attias.

3. What You Need to Know: The vulnerability affects all versions prior to 1.121.0, which was released November 18, 2025. There are no workarounds—upgrading is the only fix. Censys data shows over 26,000 n8n instances directly exposed to the internet, each potentially holding credentials for dozens of connected services.

For Enterprises: Check your n8n version immediately. If you're running anything before 1.121.0, you're vulnerable to unauthenticated takeover. Audit what credentials and API keys your n8n instances hold—those are all potentially compromised if you've been running an exposed, unpatched instance. This is also a wake-up call: inventory every AI workflow tool in your environment and treat them as critical infrastructure.

For SMBs: If you're using n8n, upgrade now. If you're not sure whether you're using n8n, find out—it's popular enough that someone on your team may have spun one up. Check your cloud environments for any instance. After upgrading, rotate any credentials that were stored in the platform.

The 3 Key Points:

1. What Happened: A new report from Kiteworks confirms what many suspected: organizations are racing to deploy AI agents without the controls to govern them. The "Data Security and Compliance Risk: 2026 Forecast Report", based on a survey of 225 security, IT, compliance, and risk leaders across 10 industries and 8 regions, found that while agentic AI is on every organization's roadmap for 2026, the governance to manage it is lagging far behind. Fortune covered the report on January 6, highlighting the gap between adoption ambitions and governance reality.

2. Why It Matters: The survey revealed what Kiteworks calls the "governance-containment gap." Organizations have invested in monitoring AI systems—human-in-the-loop oversight, continuous monitoring, data minimization. What they haven't invested in is stopping AI when something goes wrong. The numbers: 53% cannot remove personal data from AI models once it's been used. 63% cannot enforce purpose limitations on AI agents. 60% lack kill-switch capabilities to terminate misbehaving agents. 72% have no software bill of materials for AI models in their environment.

3. What You Need to Know: Tim Freestone, Chief Strategy Officer at Kiteworks, told Fortune that organizations are being asked to approve significant AI investments in technology they may not yet have the internal expertise to evaluate or manage. The question isn't whether AI will touch your sensitive data—it already does. The question is whether your organization has the controls to govern it when something goes sideways.

For Enterprises: Run through the Kiteworks checklist: Can you remove personal data from your AI models? Can you enforce purpose limitations? Can you shut down an agent quickly? Can you prove what data your AI systems are processing? If the answer to any of these is "no" or "I don't know," that's your 2026 priority. The governance gap is a liability gap.

For SMBs: You may not need a full governance framework, but you need answers to basic questions: What data are our AI tools processing? Where is it stored? Who has access? Can we turn it off? Start there. Most SMBs adopting AI agents have no documentation of what those agents can do or access—that's a problem waiting to become an incident.

Run a quick inventory across three domains:

The gap between AI adoption and AI governance is widening.

Closing it doesn't require stopping AI adoption—it requires treating AI security with the same rigor you apply to everything else.

Keep reading, learning and be a LEADER in AI 🤖

Hashi & The Context Window Team!