The world’s most advanced, autonomous AI-powered cybersecurity platform. We empower the world to run securely, with leading organizations trusting us to Secure Tomorrow™. Secure your enterprise: http://sentinelone.com/request-demo/
SentinelOne
Loading...
Frontier AI isn't being built in isolation. Neither is the frontier of cyber defense. That’s why we’re proud to be a partner in OpenAI’s Trusted Access for Cyber (TAC) Program.
Read more: s1.ai/GPT5-5Cyb
Microsoft, Apple, Google — in that order, in one chain. The victim never sees a single unfamiliar name.
“At SentinelOne, the real value of AI is how quickly it helps us turn signals into an actionable advantage for defenders. GPT-5.5 helps analysts connect telemetry, focus on what matters, and strengthen how organizations investigate, detect, and respond to emerging threats.”
A new macOS stealer called Reaper — a SHub variant tracked by @sentinellabs.bsky.social — runs an infection chain where each stage hides behind a different trusted brand.
The lesson for defenders isn't "watch for Reaper." It's that brand recognition is not a signal of safety — it signals the attack. Unexpected AppleScript activity, outbound traffic after Script Editor runs, LaunchAgents in trusted-vendor namespaces — that's where to look.
This is what a realistic AI-era attack chain looks like. Drawn from 11,000+ anonymized cloud environments in our 2026 report.
No zero-day. No prompt injection research paper. No novel technique. What we see instead is a misconfigured bucket, one hardcoded key, and a model connected to a CRM.
- The lure: a fake WeChat or Miro installer
- The delivery: a typo-squatted domain, mlcrosoft[.]co[.]com
- The execution: dressed up as an Apple XProtectRemediator security update
- The persistence: a fake Google Software Update directory, beaconing every 60 seconds
Full research from @philofishal.bsky.social: s1.ai/shub-reaper
Today’s attacks are credentials nobody rotated and a model left isolated.
📄 The 2026 AI & Cloud Verified Exploit Paths & Secrets Scanning Report: s1.ai/AISecrets
🔗 The Accompanying Blog: s1.ai/AISecr-Bl
New Signals & Stories episode with @hegel.bsky.social from @sentinelone.com & @invisig0th.bsky.social
We discuss:
🔹DPRK IT workers posing as job applicants
🔹Cross-functional intelligence sharing
🔹AI in CTI
🔹And more!
#CyberSecurity #CTI #ThreatIntelligence
www.youtube.com/watch?v=uQ1_...
