More than a year after national security officials revealed that Chinese hackers had systematically infiltrated U.S. telecommunications networks, the top Senate Democrat on the committee overseeing the industry is calling for hearings with executives from the nation’s biggest telecom companies.

In a public letter released Tuesday, Sen. Maria Cantwell, D-Wash., called for the CEOs of Verizon and AT&T to appear before Congress and explain how the hacking group known as Salt Typhoon breached their networks, as well as what steps they’ve taken to prevent another intrusion.

“For months, I have sought specific documentation from AT&T and Verizon that would purportedly corroborate their claims that their networks are now secure from this attack,” Cantwell wrote to Sen. Ted Cruz, R-Texas, who is the Chair of the Senate Commerce, Science and Transportation Committee. “Unfortunately, both AT&T and Verizon have chosen not to cooperate, which raises serious questions about the extent to which Americans who use these networks remain exposed to unacceptable risk.”

Salt Typhoon’s intrusion into telecom networks exposed major security weaknesses and put sensitive communications and data belonging to U.S. politicians and policymakers at risk. The federal government has done little since to hold the industry publicly accountable.

Congress has neither  proposed or passed meaningful legislation to address the issue.  While a handful of federal departments and agencies began public regulatory and oversight reviews, most of those efforts have been shut down or rolled back.

An investigation by the Cyber Safety Review Board at the Department of Homeland Security into the intrusions was abruptly stopped when the Trump administration eliminated the advisory body. One former member remarked recently that the failure to finish the investigation ranked among her biggest career regrets.

Weeks before President Joe Biden left office, his Federal Communications Commission issued emergency regulations aimed at holding telecom companies legally responsible – under federal wiretapping laws – for securing their communications. The rules would have also required carriers to file annual certifications with the FCC confirming they have cyber risk management plans in place. That certification would include addressing common security gaps, like lack of multifactor authentication, that are widely believed to have been exploited by Salt Typhoon.

While outgoing Chair Jessica Rosenworcel told CyberScoop the rules were badly needed to hold telecoms accountable for their cybersecurity, Brendan Carr— an FCC commissioner and Rosenworcel’s successor as chair—rescinded those rules, arguing they were unnecessary because the FCC and telecoms could work together voluntarily on cybersecurity. Another commissioner, Anna Gomez, told CyberScoop she had seen no evidence her agency had been meeting with telecoms on the issue.

At a hearing in December, Cruz endorsed the FCC’s elimination of the rules, arguing that improving the nation’s telecom cybersecurity “doesn’t come from imposing outdated checklists and top down regulations, it arises from a strong partnership between the private sector and government, working together to detect and deter attacks in real time.”

Cantwell, citing reporting from CyberScoop and other sources, argued that  “telecommunications providers have taken few protective actions thus far due to the costs involved” and said the committee “must hear directly from the CEOs of AT&T and Verizon so Americans have clarity and confidence about the security of their communications.”

According to Cantwell, she has already requested documentation from AT&T CEO John Stankey and then-Verizon CEO Hans Vestberg on how they’ve responded to the breaches. Both confirmed that Mandiant, Google Cloud’s incident response and threat-intelligence division wrote a report, one that Cantwell said “would presumably document the vulnerabilities identified and detail what corrective actions” telecoms took to improve their privacy and security.

She claimed after requesting the report from Mandiant, AT&T and Verizon “apparently intervened to block Mandiant from cooperating with my requests.”

AT&T and Verizon representatives did not immediately respond to a request for comment.

By Ido Shlomo, CTO and Co-Founder, Token Security

Security leaders have spent years hardening identity controls for employees and service accounts. That model is now showing its limits.

A new class of identity is rapidly spreading across enterprise environments, autonomous AI agents. Custom GPTs, copilots, coding agents running MCP servers, and purpose-built AI agents are no longer confined to experimentation. They are running and expanding in production, interacting with sensitive systems and infrastructure, invoking other agents, and making decisions and changes without direct human oversight.

Yet in most organizations, these agents exist almost entirely outside established identity governance. Traditional IAM, PAM, and IGA platforms were not designed for agents that are autonomous, decentralized, and adaptive. The result is a growing identity gap that introduces real security and compliance risk together with efficiency and effectiveness challenges.

Why AI Agents Break Existing Identity Models

Historically, enterprises managed two identity types: humans and machines. Identities whose goal is to serve human access are centrally governed, role-based, and relatively predictable. Machine and workload identities operate at scale but tend to be deterministic, repetitive, performing narrowly defined tasks.

AI agents fit neither and both categories at once.

They are goal-driven,and role-based, capable of adapting behavior based on intent and context, and able to chain actions across multiple systems. At the same time, they operate continuously and at machine speed and scale. This hybrid nature fundamentally alters the risk profile. AI agents inherit the intent-driven actions of human users while retaining the reach and persistence of machine identities.

Treating them as conventional non-human identities creates blind spots. Over-privileging becomes the default. Ownership becomes unclear. Behavior drifts from original intent. These are not theoretical concerns. They are the same conditions that have driven many identity-related breaches in the past, now amplified by autonomy and scale.

Adoption Velocity without Security Is the Real Accelerator of Risk

What makes this challenge urgent is not just what AI agents are, but how quickly they are spreading.

Enterprises that believe they have just a few AI agents often discover hundreds or thousands once they look closely. Employees build custom GPTs. Developers spin up MCP servers locally. Business units integrate AI tools directly into workflows. Cleanup rarely happens.

Security teams are left unable to answer basic questions:

• How many AI agents exist?
• Who owns them?
• What systems, services, and data do they access?
• Which ones are still active?

This lack of visibility creates identity sprawl at machine speed. And as attackers have demonstrated repeatedly, abusing unmanaged credentials is often easier than exploiting software vulnerabilities.

The Case for AI Agent Identity Lifecycle Management

Identity risk accumulates over time. This is why organizations use joiner, mover, and leaver processes for its workforce and lifecycle controls for service accounts. AI agents experience the same dynamics, but compressed into minutes, hours or days.

AI Agents are created quickly, modified frequently, and often abandoned silently. Access persists. Ownership disappears. Quarterly access reviews and periodic certifications cannot keep pace.

AI Agent identity lifecycle management addresses this gap by treating AI agents as first-class identities governed continuously and near-real-time from creation through usage, ending up in decommissioning.

The goal is not to slow adoption, but to apply familiar identity principles, such as visibility, accountability, least privilege, and auditability, in a way that works for autonomous systems.

Download Token Security’s latest asset, an eBook designed to help you shape Lifecycle Management for your AI Agent identities from end to end.

Visibility Comes First: Discovering Shadow AI

Every identity control framework begins with discovery. Yet most AI agents never pass through formal provisioning or registration workflows. They run across cloud platforms, SaaS tools, developer environments, and local machines, making them invisible to traditional IAM systems.

From a Zero Trust perspective, this is a fundamental failure. An identity that cannot be seen cannot be governed, monitored, or audited. Shadow AI agents become unmonitored entry points into sensitive systems, often with broad permissions.

Effective discovery must be continuous and behavior-based. Quarterly scans and static inventories are insufficient when new agents can appear and disappear in a matter of minutes.

Ownership and Accountability Matters

One of the oldest identity risks is the orphaned account. AI agents dramatically increase both its frequency and impact.

AI agents are often created for narrow use cases or short-lived projects. When employees change roles or leave, or just grow tired of a certain AI product that hasn’t evolved, the agents they built frequently persist. Their credentials remain valid. Their permissions remain unchanged. No one remains accountable.

An autonomous agent without an owner can be perceived as a compromised identity. Lifecycle governance must enforce ownership and maintenance as a core requirement, flagging agents tied to departed users or inactive projects before they become liabilities.

Least Privilege Must Become Dynamic

AI agents are almost always over-privileged, not out of negligence, but uncertainty and the will to explore. Since their behavior can adapt, teams often grant broad access to avoid breaking workflows.

This approach is risky. An over-privileged agent can traverse systems faster than any human. In interconnected environments, a single agent can become the pivot point for widespread compromise or lateral movement.

Least privilege for AI agents cannot be static. It must be continuously adjusted based on observed behavior. Permissions that are unused should be revoked. Elevated access should be temporary and purpose-bound. Without this, least privilege remains a policy statement rather than an enforced control.

Traceability Is the Foundation of Trust

As enterprises move toward multi-agent systems, traditional logging models break down. Actions span agents, APIs, and platforms. Without correlated identity context, investigations and forensics or even compliance evidence become slow and incomplete.

Traceability is not just a forensic requirement. Regulators increasingly expect organizations to explain how automated systems make decisions, especially when those decisions affect customers or regulated data. Without identity-centric audit trails, that expectation cannot be met.

Identity Is Becoming the Control Plane for AI Security

AI agents are no longer emerging technology. They are becoming part of the enterprise operating model. As their autonomy grows, unmanaged identity becomes one of the largest sources of systemic risk.

AI Agent identity lifecycle management provides a pragmatic path forward. By treating AI agents as a distinct identity class and governing them continuously, organizations can regain control without stifling innovation.

In an agent-driven enterprise, identity is no longer just an access mechanism. It is becoming the control plane for AI security.

If you’d like more information on how Token Security is tackling AI security within the identity control pane, book a demo and we’ll show you how our platform operates.

Sponsored and written by Token Security.

Ravie LakshmananFeb 03, 2026Vulnerability / Malware

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit.

Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania, three days after Microsoft publicly disclosed the existence of the bug.

The vulnerability in question is CVE-2026-21509 (CVSS score: 7.8), a security feature bypass in Microsoft Office that could allow an unauthorized attacker to send a specially crafted Office file and trigger it.

The Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC), and Office Product Group Security Team, along with Google Threat Intelligence Group (GTIG), have been credited with discovering and reporting the flaw.

“Social engineering lures were crafted in both English and localized languages (Romanian, Slovak, and Ukrainian) to target the users in the respective countries,” security researchers Sudeep Singh and Roy Tay said. “The threat actor employed server-side evasion techniques, responding with the malicious DLL only when requests originated from the targeted geographic region and included the correct User-Agent HTTP header.”

The attack chains, in a nutshell, entail the exploitation of the security hole by means of a malicious RTF file to deliver two different versions of a dropper, one that’s designed to drop an Outlook email stealer called MiniDoor, and another, referred to as PixyNetLoader, that’s responsible for the deployment of a Covenant Grunt implant.

The first dropper acts as a pathway for serving MiniDoor, a C++-based DLL file that steals a user’s emails in various folders (Inbox, Junk, and Drafts) and forwards them to two hard-coded threat actor email addresses: ahmeclaw2002@outlook[.]com and ahmeclaw@proton[.]me. MiniDoor is assessed to be a stripped-down version of NotDoor (aka GONEPOSTAL), which was documented by S2 Grupo LAB52 in September 2025.

In contrast, the second dropper, i.e., PixyNetLoader, is used to initiate a much more elaborate attack chain that involves delivering additional components embedded into it and setting up persistence on the host using COM object hijacking. Among the extracted payloads are a shellcode loader (“EhStoreShell.dll”) and a PNG image (“SplashScreen.png”).

The primary responsibility of the loader is to parse shellcode concealed using steganography within the image and execute it. That said, the loader only activates its malicious logic if the infected machine is not an analysis environment and when the host process that launched the DLL is “explorer.exe.” The malware stays dormant if the conditions are not met.

The extracted shellcode, ultimately, is used to load an embedded .NET assembly, which is nothing but a Grunt implant associated with the open source .NET COVENANT command-and-control (C2) framework. It’s worth noting that APT28’s use of the Grunt Stager was highlighted by Sekoia in September 2025 in connection with a campaign named Operation Phantom Net Voxel.

“The PixyNetLoader infection chain shares notable overlap with Operation Phantom Net Voxel,” Zscaler said. “Although the earlier campaign used a VBA macro, this activity replaces it with a DLL while retaining similar techniques, including (1) COM hijacking for execution, (2) DLL proxying, (3) XOR string encryption techniques, and (4) Covenant Grunt and its shellcode loader embedded in a PNG via steganography.”

The disclosure coincides with a report from the Computer Emergency Response Team of Ukraine (CERT-UA) that also warned of APT28’s abuse of CVE-2026-21509 using Word documents to target more than 60 email addresses associated with central executive authorities in the country. Metadata analysis reveals that one of the lure documents was created on January 27, 2026.

“During the investigation, it was found that opening the document using Microsoft Office leads to establishing a network connection to an external resource using the WebDAV protocol, followed by downloading a file with a shortcut file name containing program code designed to download and run an executable file,” CERT-UA said.

This, in turn, triggers an attack chain that’s identical to PixyNetLoader, resulting in the deployment of the COVENANT framework’s Grunt implant.