Understanding context still requires human judgment
"AI still cannot determine intent. A program backing up files to the cloud may be a legitimate business application, or it may be data exfiltration. The activity looks similar, but the intent behind it is completely different. Understanding that context still requires human judgement." - Danny Jenkins
From the ThreatLocker blog
Lateral movement, open-source AI, and ThreatLocker for agentic AI
How attackers turn a single compromise into company-wide incident
What's happening: Most successful cyberattacks aren't defined by how attackers get in but by what happens next. Once inside, attackers attempt to move laterally between systems, applications, SaaS platforms, and administrative tools, expanding their access until they reach valuable data or critical infrastructure. A single compromised account or vulnerable device quickly becomes an organization-wide incident when there are no controls limiting movement.
Why it matters: If an attacker moves through your environment using trusted tools like PowerShell or RDP, their malicious activity will appear legitimate, especially if they gained access using valid credentials. In many instances, they might not be detected until they've reached their target.
The big picture: The initial breach is rarely what makes an attack successful. Organizations that don't restrict what users can do after gaining access risk turning a single compromised account into a widespread breach.
The biggest impact is on already overstretched security teams
What's happening: GLM-5.2 is drawing comparisons to leading commercial models from Anthropic and OpenAI with one major difference—it is open source. GLM-5.2 can be run locally, modified by users, and operated at a much lower cost. While an open-source model gives companies more control over how the AI is used in their environments, it gives threat actors plenty of new capabilities as well.
Why it matters:The barriers to launching sophisticated cyberattacks continue to fall as advanced AI becomes cheaper, more accessible, and more capable. Tasks that once required significant expertise can increasingly be automated and dramatically accelerated, meaning organizations should expect these capabilities to become commonplace rather than exceptional.
The big picture: AI is not replacing skilled attackers or creating new attack tactics. Instead, it is multiplying them. For already overstretched security teams, that means more incidents to investigate and less time to respond. This makes investing in prevention more critical. A Zero Trust approach helps reduce both risk and alert fatigue.
How to use these tools without giving them free rein over your environment
What's happening: Traditional software was designed with a specific purpose and scope in mind. Agentic AI tools were built to perform a task in the most direct way possible. Unlike chatbot-style AI, these tools can interact with applications, access sensitive data, execute workflows, and make decisions across multiple systems. Their execution profile more closely resembles a user with broad access rather than a traditional application. That means agentic tools need security policies that define exactly what they can access, where they can write, and what they can reach.
Why it matters:The advanced capabilities of agentic AI tools are often what make them so appealing, especially when it comes to reviewing code, automating workflows, and file management. But granting a higher level of access opens your environment up to too many unknown risks. Different agents have different responsibilities, privileges, and trust levels, making granular, task-specific policies essential. Without them, a compromised, misconfigured, or overly permissive agent could perform actions far beyond its intended purpose.
The big picture: Zero Trust does not mean blocking AI tools entirely. It means gaining visibility into what they are doing and enforcing necessary boundaries. As organizations adopt increasingly autonomous AI, success will depend on applying Zero Trust principles that limit what each agent can see, access, and do, ensuring automation doesn't come at the expense of security.
To see these policies in action, join our upcoming webinar:
Next week: Join us to discuss how to maintain visibility and control over AI tools in your environment.
Tuesday, July 14 | 11 a.m. EDT
Hosted by ThreatLocker CEO Danny Jenkins and CPO Rob Allen
What's happening: ThreatLocker Threat Intelligence identified an MSI file in the wild masquerading as an installer for LetsVPN, a service known for its ability to bypass China's Great Firewall. The installer drops and executes an encrypted remote access trojan (RAT) that gives attackers complete control of a victim's machine and data. Features implemented include full remote control, keylogging, browser manipulation, persistence, and auto-updating.
Why it matters: Several actions were taken to remain undetected by EDR and antivirus and ensure future C2 commands are aware of the security platforms in use. This case is another example of why it's critical to verify the integrity of software being installed beyond its name.
The big picture: As attackers increasingly weaponize fake applications and legitimate-looking installers, organizations need preventive controls that verify what is allowed to execute—not just whether it's known to be malicious.
Ghost phishing wave is breaking traditional email security
Recent campaign exposes email security blind spot
What's happening: A recent "ghost phishing" campaign by EvilTokens has been targeting US and European businesses and is exposing a security blind spot. The real attack remains hidden until the page opens in a browser. The HTML is encrypted with AES-GCM, but this is only visible once the browser decrypts it. The kit convinces users to complete a legitimate Microsoft login flow which gives the attack authorized access to their account without needing to steal a password directly.
Why it matters: Static URL checks and network-level controls see something different than what the employee is seeing in this attack. This visibility gap can result in longer exposure to the account takeover, delayed response, and unauthorized access to the corporate environment.
The big picture: Many organizations rely on their employees catching suspicious emails or URLs before engaging with them, but this attack renders that ineffective. Not only will humans make mistakes, but the attacks themselves will continue to evade detection as much as possible.
ThreatLocker events
Meet the Cyber Hero Team in person at these upcoming events