The Latest

Earlier this year, security firm Huntress discovered a malicious browser extension that initiates ClickFix attacks, a sophisticated attack designed to take over your computer. In a ClickFix scheme, bad actors get you to install their browser extension, then display a fake error prompt in your browser. This pop-up offers a fix that often requires you to copy a malicious command and run it in the command prompt on your device. Since then, the onus has been on the user to avoid downloading suspicious extensions, but now Opera is adding ClickFix protections directly into its browser.

How "Paste Protect" fights against ClickFix attacks

The feature, called Paste Protect, is designed to stop code injection attacks such as ClickFix. When Paste Protect believes you are the target of a ClickFix attack, it displays a pop-up, warning you not to copy malicious commands, and offers a button to close the tab to sidestep the attack. You do have the option to click "Show content" to view the first 120 characters of the command, in case you want to review what Paste Protect flagged as malicious.

Paste Protect allows you to bypass the block if you wish, with a red button labeled "Hold to copy (unsafe)." To copy the command, you'll have to hold this button for over five seconds. You'll also have the option to always allow copying code from a site you trust, which is helpful in case the feature accidentally blocks code from a legitimate site. The warning may be enough for most casual users to realize that something's off, similar to how Apple and Microsoft protect you from installing untrustworthy apps on your computer. You'll see a warning that blocks you from installing those apps, but there's an option to bypass it if you know what you're doing and are confident that it's a false positive.

ClickFix attacks are quite sophisticated: They may show a fake captcha verification that's designed to fail, and offer a "solution" in the form of malicious code that you can run on your device. Opera claims it uses platform-specific detection techniques for Linux, macOS, and Windows to identify patterns associated with malicious scripts, and blocks them via Paste Protect.

Paste Protect isn't the first Opera feature of its kind

This isn't Opera's first security feature aimed at protecting users from malicious activity. The browser has offered a "Hijack Protection" feature for a few years, which prevents sites from replacing the contents of your clipboard without your permission. This means that if you copy a URL, Opera will stop sites from changing the copied link to a malicious URL. Paste Protect adds an extra layer of security to the browser.

While added security features are more than welcome, vigilance is always the best defense against online scams. Don't install extensions or apps from developers you don't know or trust; never click suspicious links, whether you find the on the web or someone shares them via text or email; and never copy code from the internet and paste it in your device's command prompt without being 100% sure of what you're doing.


from Lifehacker https://ift.tt/0lso89f

We may earn a commission from links on this page.

Apple's MacBook Air is a great value—even now, after the company significantly raised the price of the machine. The Air offers the best of both worlds: It's a lightweight laptop with a powerful Apple chip, without the expense that comes with the added features of the company's "Pro" line. Most of us could probably get by on an Air—if not a Neo—which explains why so many of us own these laptops, and use them every day.

But while you can get a lot done with the Air out of the box, there are so many ways to push this machine to its limits. Below, I've compiled 10 hacks, tips, and tricks that should help you get the most out of your Apple laptop.

Pick up an external SSD to avoid slowdowns and crashes

If you maxed out your MacBook Air's storage upon purchase, you might not need this hack. However, if you, like many of us, purchased a base model MacBook Air—especially when Apple still started the machines off at 256GB—you'll want to consider an external SSD.

Having extra storage is always helpful, but that's not the motivation behind this hack. By adding an SSD to your setup, you sharply reduce the chance of pushing your MacBook Air's storage to its limits, which, in turn, helps it run better. Like all computers, your MacBook Air needs a certain amount of accessible storage space to operate properly. If your MacBook has limited RAM as well, it'll tap into the SSD for "swap." The closer you get to a full drive, the greater the chance for slowdowns or crashes.

Due to the global demand for memory and storage, external SSDs are more expensive than they used to be, but you can still find good deals out there to upgrade your setup. Take this 2TB option from Seagate, for example. For $145, you can potentially octuple your MacBook Air's available storage, ensuring it has the free space on the internal drive it needs for optimal performance.

Upgrade your power adapter to charge your MacBook faster

MacBook Airs released in 2022 and later support power adapters up to 140W, but yours might have shipped with a power adapter as wimpy as 30W. If your MacBook spends most of its life on the charger, that might be just fine. But if you're frequently on the go and you need to charge up as fast as possible, you're going to want a power adapter as close to 140W as possible. Take note of the cable itself, too: If you want to take advantage of fast charging on your MacBook Air, you'll need a MagSafe 3 cable or a USB-C charging cable. (As it happens, not all USB-C cables are created equal. For more information, check out Lifehacker's explainer on USB-C charging cables.)

Set a charge limit to extend the life of your battery

Most of our discussions around batteries concern ways to make day-to-day charges last longer, but equally important is how to stretch the lifecycle of the battery itself. The lithium-ion batteries that most of our devices now use age over time, and, as they do, they lose their capacity to hold a charge. A three-year-old battery that has been frequently recharged won't last as long after being charged to 100% as it did when it was new. Slowing down that aging process can keep your MacBook Air's battery from losing its overall capacity too quickly.

There's no way to prevent battery aging entirely, but you can slow down aging by reducing the number of charging cycles you put the battery through. One of the easiest ways to do that is to set a limit to how charged the battery gets while connected to power, which prevents it from overcharging when you don't need that extra juice. Your MacBook Air tries to do this on its own through a feature called "Optimized Battery Charging," which analyzes how you use your computer to set charge limits accordingly. You can bypass these automated processes and set your own charge limit. That way, you can choose to cap charging at 80% all the time, so that no matter how long your MacBook sits on the charger, it almost never breaks 80%—except for the occasional charge to 100% for "accurate battery state-of-charge estimates."

But that's getting a bit in the weeds. The point is, you can set charge limits for anywhere from 80% to 95% to prevent your Mac's battery from charging when you don't want it to. Here's how: Open System Settings, then choose Battery. Here, click the (i) next to "Charging," then adjust the slider next to "Charge Limit."

Use a clipboard manager to improve copy and paste

Copy and paste is pretty straightforward: You highlight something, copy it, then paste it somewhere else. If you spend a lot of time on your MacBook copying and pasting, however, you know it can get tedious to jump back and forth every time you want to copy something new. Enter: clipboard managers. These tools are essential for frequent copy and pasters, as they save a history of everything you copy on your Mac. When you need to retrieve something, you pull up the clipboard manager, click the item in question, then paste it, eliminating the need to switch between windows all day long.

My clipboard manager is essential, and I've been using one for the past decade or longer. While you had to go third-party for years on Mac, Apple tried to implement its own clipboard manager with macOS 26 by embedding a Clipboard menu in Spotlight. I tried to replace my third-party clipboard manager with this native solution, but, in my view, it's too cumbersome and limiting. There are plenty of options out there, but my go-to is CopyClip. It's free and lives in your menu bar, so your entire clipboard history is accessible from anywhere in macOS.

Use a window manager to improve your workflow

On the flip side, a window manager has been indispensable for me when working across multiple windows at once. If you use windows side-by-side on your Mac, you should never drag and drop your windows again—a good window manager will let you quickly snap windows into place with keyboard shortcuts. I frequently use this tactic when writing: I snap my editor on one half of the screen, and my sources on the right. If you have a large enough screen, you might even want windows in thirds—I imagine having my chat apps on the third pane would be quite useful as well.

Again, for years you had to pick a third-party app to get these features on macOS. But in recent years, Apple also added a new window management system to the mix. You can now hover over the green button on any window to reveal quick resizing options, but you should definitely use the keyboard shortcuts instead. It definitely works better than Spotlight's clipboard manager, and I encourage you to give it a try if you've never used a window manager before.

But, again, I still prefer third-party here. I find the keyboard shortcuts a bit glitchy at times, and some app shortcuts override the macOS shortcuts, so you end up doing things you don't mean to. There are plenty of options to try, but I've used Magnet for years. It costs $4.99, but I've certainly gotten my money's worth, and it's definitely the option for anyone who needs more options than macOS' built-in solution can offer—like window thirds. Before you commit, however, give the built-in shortcuts a try, and see if you like moving windows around with your keyboard.

Use Safari for a private browsing experience

One of the first things most of us do when setting up a new computer is download a third-party browser. Chrome is the world's most popular option, so perhaps that's your go-to as well, but I'd argue that you should give Safari a chance. Apple's browser comes with some great built-in privacy tools, including tracker blocking and preventing extensions from accessing your browsing history. If you have an iCloud+ subscription, you can use iCloud Private Relay to shield your MacBook's IP address from sites as you browse. I also find Safari much more efficient than alternatives like Chrome, so it ends up draining my battery less. I have to use a few different browsers in my line of work, but in my personal use, I'm almost always using Safari.

Use an ad blocker to make the internet more manageable

The internet runs on ads, but that doesn't mean you need to live with that. I'm all for supporting websites that rely on ads for financial support, but that doesn't extend to every corner of the web. There are way too many obnoxious and malicious adverts out there, pining for your clicks, that I find it nearly impossible to browse the internet without an ad blocker in place. Even the FBI recommends using these tools to keep yourself safe online.

Safari plus an ad blocker is an excellent combination. While options used to be limited, there are plenty of choices these days, including a version of uBlock Origin—though I've been using AdGuard for some time. I'd recommend whitelisting the sites you'd like to support with ads, though some may prompt you to do so themselves. (Most will let you continue reading while using your ad blocker, but some might deny access until you disable it.)

Use Voice Isolation for clearer video calls on your MacBook

This is one of my favorite features Apple has added in recent years. If you frequently take video calls on your Mac, either for work or via FaceTime, Voice Isolation is a must. It reduces background noise and focuses on your words, so that others on the call hear your voice, rather than your dog, kids, or the people chatting away in the coffee shop. It works well, too, at least in my experience. My dog has decided to start screaming at a passing car while I'm on a call, only for me to be met with confused looks when I apologize for the disruption. "Oh, really? I didn't hear anything."

To turn Voice Isolation on, open a video calling app like FaceTime to activate your MacBook's camera. Then, click the FaceTime icon in the menu bar. Here, you'll find all your system-level video call controls, including "Mic Mode" at the bottom. Click this, then choose "Voice Isolation." (You'll also see "Wide Spectrum," which does the opposite, by emphasizing all noise that hits the microphone.) This feature is available on iPhone and iPad as well, so I highly recommend enabling it on those devices as well.

Disable 'Reactions' to save yourself embarassment during important video calls

While you're at it, I strongly suggest disabling "Reactions," if enabled. Someone at Apple thought it'd be fun to roll out animated reactions tied to specific gestures for video calls: holding your thumb up displays a 3D graphic of a thumb up emoji in a thought bubble above your head; holding up a peace sign sends balloons rising up from the bottom of the screen. There are a number of these reactions available, and some may enjoy using them. The issue, however, is they apply not just to FaceTime, but to all video calling apps on your Mac. That means if macOS thinks you're holding two thumbs up, it's going to start shooting out fireworks, whether you're on a FaceTime call with a friend, or a Teams call with your boss. Save yourself some future headaches, and disable this feature now.

Double the number of fingerprint scans for Touch ID

On macOS, you get three fingerprint scans for Touch ID. That might be plenty for most, but there is a hidden way to double the number of scans you can make. This goes back to the days when Touch ID was standard on iPhone, before Face ID took over. Apple's fingerprint scanning system seems to still support it on Mac.

First, open System Settings, then choose "Touch ID & Password" from the menu. Under Touch ID, choose "Add Fingerprint." Once the scanner pops up, scan two of your fingers instead of just one. Place one finger on the scanner, lift it when macOS tells you to, then place the second finger down, and repeat. Once the scan completes, you'll have two fingerprints stored on one entry. Do this for all three entries, and you'll be able to unlock your Mac with up to six of your fingers.


from Lifehacker https://ift.tt/39cdrqg

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

When Samsung’s "The Frame" TV first dropped, it pioneered the concept of the “art TV,” making it a smart lifestyle option for anyone who doesn't want a TV to dominate their decor when not in use. Over the years, Samsung has evolved the concept to include a QLED screen, AI processor technology, and thinner displays that make the "it's not a TV, it's art" illusion even more convincing. And right now is a great time to buy one: The 55-inch model from 2025 is marked down by $400, to $697.99—a 36% discount and the lowest price we’ve seen on this model.

Unlike a traditional TV, The Frame is designed to blend in. When you’re not watching TV, it switches into Art Mode, showcasing artwork or your own photos on a matte, anti-glare screen that looks surprisingly close to a real canvas. It also includes Samsung’s Slim Fit wall mount, so it sits nearly flush against the wall like framed artwork, rather than sticking out like a standard TV.  

The 2025 model features Samsung’s NQ4 AI Gen2 Processor and comes with new Vision AI features for improved picture optimization and better content recommendations. It isn't Samsung’s flagship Mini-LED model, but it has fantastic QLED picture quality, with a brighter panel than previous models and strong HDR performance. It’s also a reliable choice for gamers, supporting 4K gaming at up to 144Hz with VRR.

Keep in mind that the set doesn’t come with the customizable bezels that create the framed look (they’re sold separately), and you’ll need a paid Samsung Art Store subscription to unlock the full artwork library. As with every The Frame TV, part of what you’re paying for is the design. While this normally comes at a steep premium, the $400 discount makes it easier to recommend. (That said, if your main priority is the best possible picture quality for the money, you may want to opt for something in Samsung’s Neo QLED lineup.)

Deals are selected by our commerce team

from Lifehacker https://ift.tt/gvn86Gb

Mac users can now call on Google's agentic AI, Gemini Spark, to automate tasks on their desktop and bridge the gap between Google Workspace and their local apps and files. But you should still be cautious when granting Gemini access to your data and workflows, as AI agents can introduce security risks.

Google first announced Spark at I/O 2026 back in May, promising a rollout to the Gemini macOS app at some point this summer. That time has come—the AI agent is now available in beta for Google AI Ultra subscribers on macOS in the U.S. Google has said users will also be able to run Gemini Spark tasks on desktop remotely from their phones, though that functionality is not live yet.

Gemini Spark can automate workflows on macOS

Spark turns Gemini into a personal AI agent that can complete multi-step tasks based on your requirements, even if your device is turned off. When given access to desktop files and apps, it can, for example, sort downloaded PDFs into specific folders or create a budget in Sheets using invoices saved to your computer and update that worksheet on a regular schedule.

Google is also launching integrations with Tasks and Keep as well as apps like Canva, Dropbox, Instacart, OpenTable, and Zillow Rentals, so Gemini Spark could theoretically translate notes into action items, share files, submit your weekly grocery order, or make a dinner reservation. These will be available on web and mobile first, with a rollout planned for macOS "in the coming weeks."

Agentic AI comes with risks

Google has emphasized that Gemini Spark works on your commands: It only has access to the files and apps you permit it to use, and it won't spend money or take other high-stakes actions without your consent. However, handing control over to AI isn't without risk, and you should proceed with caution when allowing Spark (or any other AI agent) to read your files and act on your behalf. At the very least, an AI agent could share sensitive information or send a message you wish it hadn't.

One known security risk is a prompt injection attack, in which hackers trick AI into following their malicious instructions instead of your legitimate ones. When agentic AI acts autonomously without user approval, there's no safeguard against data being shared, malware being downloaded, or a fraudulent purchase being made. If you're going to let Gemini Spark or another AI agent take action on your behalf, you should limit what it can access, require manual review for certain tasks, and enable multi-factor authentication on connected accounts to minimize the risk from threat actors.


from Lifehacker https://ift.tt/9J7Nivm

Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have been spotted over the weekend, threat intelligence company Defused warned on Monday.

Oracle Payments cve-2026-46817 exploitation

The detected exploitation attempts (Source: Defused)

“On 27 June 2026 our Oracle E-Business Suite decoys recorded the first in-the-wild exploitation of CVE-2026-46817 — roughly six weeks after Oracle’s May 2026 patch and before any public proof-of-concept existed,” the company said.

“The activity was a single source running an unauthenticated file-read against the Payments component: a targeted proof-of-concept, not broad scanning.”

The exploit targets the ibytransmit endpoint in Oracle Payments’ File Transmission component, and calls an internal Oracle Java function directly, redirecting it to read a file (/etc/passwd) from the server.

But the same technique could be used to reach more sensitive files, such as configuration files containing database credentials, encryption keys, or payment processor API keys.

Advice for organizations

Oracle Payments is the payment-processing engine built into Oracle’s E-Business Suite, centralizing how the company’s finance applications send and receive payments through banks and card networks.

CVE-2026-46817 affects the File Transmission component of Oracle Payments, and is caused by improper privilege management, improper authentication, and missing authentication for a critical function.

Oracle considers it to be an easily exploitable vulnerability. It can be exploited remotely, by unauthenticated attackers with network access via HTTP, to compromise and take over Oracle Payments.

The vulnerability was patched by Oracle in late May 2026.

Administrators running Oracle E-Business Suite versions 12.2.3 to 12.2.15 should apply Oracle’s May 2026 Critical Security Patch Update immediately. Until patched, EBS web interfaces should be restricted to internal networks and not exposed to the public internet.

Security teams should treat any internet-facing EBS instance left unpatched past May 28 as potentially compromised, and should review logs for suspicious POST requests to /OA_HTML/ibytransmit. If evidennce of compromise is discovered, they should perform a full forensic review and rotate all credentials and keys stored on that host.

Also, given the pattern of repeated critical EBS vulnerabilities exploited by attackers in the last year, security teams should review whether their EBS installation’s needs any internet-facing components at all.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!


from Help Net Security https://ift.tt/blLpfO7

Cequence Security has announced general availability of Cequence Platform 9.0, an AI-native release that changes how users interact with API security tools.

Platform 9.0 ships with a built-in AI Assistant, an open Model Context Protocol (MCP) server that exposes every platform capability to an organisation’s agents or automation workflows, a compliance-ready risk rules library mapped to 25 global regulatory frameworks, and a re-architected API security engine built to handle the largest enterprise API estates without performance degradation.

Agentic AI is transforming how enterprises interact with their customers, and internal IT teams are adopting AI agents faster than their security tools can keep up. Unlike vendors that add a simple chatbot to their existing product, Cequence took the opposite approach; the entire platform is AI-native and open, enabling customers to use Cequence’s built-in model or one of their choosing.

With Platform 9.0, any practitioner can open a conversation and start asking the questions they actually care about, without knowing the interface, navigating menus, or understanding how the product works. The platform finds the answers. Teams with sophisticated AI workflows can use their own agents to directly drive these same capabilities through the open MCP architecture, with no custom integration required.

Ameya Talwalkar, CEO at Cequence, said: “Most vendors looked at the agentic era and added a chatbot. We looked at it and rebuilt the architecture. Cequence Platform 9.0 exposes the entire Cequence platform through an open MCP architecture so any agent can operate it directly, whether through our built-in AI Assistant, or a customer’s own agent. That is what AI-native actually means: the UI becomes optional. We are building for the way the agentic enterprise already works, while making sure a human approves every change along the way.”

AI-native platform with a built-in AI assistant

Cequence Platform 9.0 ships with a built-in AI Assistant that answers plain-language questions such as “What is my biggest risk right now?” with ranked, evidence-backed findings drawn from live platform data. Unlike most security chatbots that only deliver value in the hands of experienced practitioners, the Cequence AI Assistant arrives with skills built on years of application, API, and data protection work in high-traffic enterprise environments, able to guide practitioners of all skill levels from day 1.

Agent capabilities in Platform 9.0 include:

  • Drive valuable actions from simple conversation: use plain-English to easily and quickly drive results. The possibilities are endless. Have the AI Assistant classify APIs, identify risks, draft rules, and create reports, all without navigating the UI.
  • Open MCP server: any MCP-capable agent, SOAR platform, or automation workflow can interact with, configure, and pull insights from the platform through an open API contract, with no custom integration, incorporating API security into broader agentic workflows
  • Human in the loop: read actions run freely; every proposed write shows the exact change and requires explicit human approval before anything happens
  • Full transparency: every answer exposes the AI Assistant’s reasoning and the underlying tool calls; when it lacks a tool for a task, it says so rather than guessing

“Most security chatbots are only as useful as the person asking the questions, which means they fall flat in the hands of anyone who is not already an expert. We built the Platform 9.0 agent differently. It runs a full agentic loop, planning which tools answer the question, calling them, and synthesising ranked, evidence-backed recommendations while showing you exactly how it got there. When it does not have the tool to do something, it tells you instead of guessing. That governance-first design is not an afterthought. It is the same conviction behind the Cequence AI Gateway, and it is what makes this safe to put in front of any practitioner on Day 1,” said Shreyans Mehta, CTO at Cequence.

Compliance-ready risk rules and compliance packages

Compliance is the most common forcing function for an API security purchase, and the most common place programs stall. Platform 9.0 ships the rules, frameworks, and reports to make customers audit-ready immediately, with no professional services and no custom rule development required.

Compliance capabilities in Platform 9.0 include:

  • 250+ pre-built risk rules: more than four times the previous version, mapped to 25 global compliance frameworks including OWASP API Security Top 10 (all versions), PCI DSS, GDPR, HIPAA, SOC 2, ISO 27001, NIST CSF, DORA, NIS2, LGPD, SAMA, MAS TRM, and additional regional frameworks across the Americas, EMEA, and APAC
  • One-click audit-ready reports: each report builds from live data, maps findings to the framework’s specific controls, scores risk by control area, and provides remediation guidance for every gap; reports can be company or partner branded
    Observe mode: see how proposed rules perform for testing purposes without raising formal issues, allowing teams can add frameworks without a flood of unreviewed findings
  • Test panel: validates any rule against sample request and response data before activation

Re-architected API security engine built for enterprise scale

Agentic AI is accelerating API endpoint growth faster than any prior technology wave. Platform 9.0 includes a complete rebuild of the engine that discovers, catalogues, and scores risk across an organisation’s API estate, delivering higher performance at a smaller CPU footprint.

API security engine improvements in Platform 9.0 include:

  • 50x increase in API endpoints supported: with sub-five-second page load times across every view regardless of endpoint count
  • Reduced compute costs: CPU footprint improvements translate directly into lower infrastructure costs, especially for on-premise deployments


from Help Net Security https://ift.tt/7Q1PabI

Jamf has announced general availability of AI Governance, a new capability within Jamf for Mac that enables IT and security teams to discover actively-used AI tools, enforce policy controls, and generate audit-ready reporting.

Jamf AI Governance

Many organizations struggle to confidently audit and report on AI tool usage across their device fleet, including both sanctioned applications and unsanctioned or prohibited tools. AI Governance provides comprehensive visibility into which AI applications are in use, along with detailed insights into how they behave on the endpoint.

This enables organizations to understand AI activity at a level that network- and cloud-based reporting solutions alone cannot provide, helping security teams identify risk, support compliance, and make informed governance decisions.

With launch support for Claude Code, Claude Desktop, and OpenAI Codex, the capability provides deep governance coverage across model access, tenancy, network permissions, file system controls, MCP server restrictions, and other vendor-specific AI configurations.

A vendor control tracking engine continuously monitors supported AI platforms for new or updated controls, helping organizations keep governance policies current as AI tools rapidly evolve. All of these policies are in place offline and before a user’s first login to an AI agent, enforcing a foundational day-zero and tamper-resistant policy baseline.

Native Mac control plane for enterprise AI

AI tools run natively on Apple Silicon and operate as processes that existing network proxies and cloud-based tooling cannot fully see or govern. No existing tool unifies platform-native device management, deep AI tool configuration coverage, and a workflow that translates governance intent into vendor-correct configuration on macOS.

Jamf AI Governance closes that gap by enabling visibility of shadow AI and providing granular AI configurations natively, deployed in minutes, through the same endpoint management control plane that admins use today, offering:

  • Visibility: AI application visibility and shadow AI discovery surface AI tools, agents, and LLM runtime across the fleet (including CLI-based developer tools and background agents) using Jamf’s existing telemetry agent, which uses native and high-performance macOS frameworks. No new agent is required.
  • Control: AI access policy controls let IT define sanctioned tools, deploy access policy at scale, and scope different postures to different teams. Vendor-correct configurations can be applied automatically at scale.
  • Governance: An executive AI posture report provides CIOs and CISOs with a snapshot-in-time summary of AI usage. The capability offers SIEM compatibility and is designed to assist companies in reporting against their existing compliance frameworks.

“AI adoption across the enterprise is moving faster than existing technology policies can keep up,” said Beth Tschida, CEO at Jamf. “Organizations need governance that matches the way AI tools actually operate on Mac. This means visibility into what’s running, policy controls enforced directly on the endpoint, and reporting that helps security teams demonstrate compliance. Our AI Governance capability delivers that natively from the same platform customers already trust to manage and secure Apple devices.”

“Like many organizations, we want to enable teams to use AI tools productively while maintaining appropriate governance and oversight,” said Sam Lalli, Security Engineering & SOC Manager at Eventbrite. “What impressed us about Jamf’s AI Governance was how quickly we could apply policy across our Mac fleet without adding another point solution or creating friction for developers. Having this critical capability built into the same device management platform we already use, really simplifies AI governance for our team.”

Beyond essential visibility and control, Jamf’s AI Governance policies can more effectively deploy and govern partner AI solutions.

IT and security teams can use Jamf to discover AI tools running across MacOS devices and register those agents directly with Okta for AI Agents. This gives each one a managed identity and scoped access to only the resources it is allowed to reach. Jamf controls which MCP servers can run on the device while Okta controls what cloud resources those MCP servers can reach.

Rather than long-lived static keys, agents use short-lived, vaulted credentials, and every action is authorized and logged from the endpoint to the cloud. The Okta integration deploys directly from Jamf’s console without manual API setup or certificate management required.

Organizations can also configure their preferred agent builder platform, such as Amazon Bedrock AgentCore, ensuring AI traffic routes through and is processed on sanctioned cloud infrastructure.

With Jamf handling device visibility and policy enforcement, and Okta managing agent identity and access, organizations can answer: which agents ran on which endpoints, what they were authorized to reach, and what they did along the path from a MacOS device to the SaaS app.

“While some enterprise AI agents run locally, they access data across a vast cloud ecosystem, requiring coordinated security between the endpoint and identity layers,” said Harish Peri, SVP & GM of AI Security, Okta. “By anchoring Okta for AI Agents to Jamf’s endpoint enforcement, every agentic connection on a managed Mac is authenticated, authorized, and fully visible from the device to the data. Together, we’re helping organizations become secure agentic enterprises by giving them more control over what AI agents can access and on whose behalf.”

AI governance urgency is accelerating

The need for enterprise AI governance is accelerating as organizations adopt AI-powered tools across employee workflows. Jamf’s recently released AI Governance Survey found that organizations with deeply integrated AI are 40% more likely to report an incident than those still in the exploration phase, suggesting AI governance is quickly becoming an operational requirement rather than a future planning exercise.

Gartner mentions, “With spending on AI governance expected to reach $492 million in 2026 and surpass $1 billion by 2030, organizations are reassessing the tools and strategies needed to stay ahead of both regulatory and operational risk.”

Further, in its Top Cybersecurity Trends for 2026 report, Gartner also says that, “Cybersecurity leaders must identify both sanctioned and unsanctioned AI agents, enforce robust controls for each and develop incident response playbooks to address potential risks.”


from Help Net Security https://ift.tt/v6DNkx4