IT, Telecom & Cyber · Australia (Perth)

Cut AI-Prompt Blind Spots by Securing Identity and Training

Published May 8, 2026, 6:06 AM AWSTAPACFull category signal
Ask AI
Experts warn passwords no longer sufficient in AI era

In 60 seconds

Top move

Password-based authentication is now a procurement liability: articles show AI‑amplified credential theft and prompt leakage make passwords ineffective, so prioritize passwordless (FIDO2/passkey) requirements and migration support in upcoming identity and SSO renewals

Key takeaways

  • Password-based authentication is now a procurement liability: articles show AI‑amplified credential theft and prompt leakage make passwords ineffective, so prioritize passwordless (FIDO2/passkey) requirements and migration support in upcoming identity and SSO renewals.[1]
  • Generative-AI prompt leakage from unmanaged personal accounts creates forensic blind spots: require prompt logging, retention/export rights and contractual audit access from AI/SaaS providers where prompts or hosted inputs can contain sensitive data.[2]
  • Developer-side risk is now buyable through mainstream awareness vendors — secure-coding content is available as an add-on, so procurement can reduce application-layer risk by buying seats or SOWs via incumbents instead of sourcing new suppliers.[3]
  • Vendors are packaging monitoring, public-safety sensors and AI oversight into bundles that shift costs from CAPEX to recurring connectivity and analytics OPEX; capture these OPEX items and integration SOWs in commercial evaluations.[4]
  • Service-desk and log-management gaps keep surfacing as operational attack paths; insist on exportable raw logs, runbook ownership and tested handoffs in supplier contracts rather than accepting dashboard-only visibility.[5]

What changed since last run

  • Shifted procurement priority from telemetry-export discovery to identity controls and passwordless pilots after fresh reporting showing high-risk GenAI prompts and credential theft (new identity-first trigger).
  • New vendor moves: mainstream awareness platforms now include developer secure-coding modules and monitoring vendors are bundling P25 public-safety and AI-oversight features—these create near-term SOW and OPEX negotiat...

Key facts

  • Vendor research: notable share of GenAI prompts flagged as high‑risk in recent sampling
  • Majority of risky prompts submitted via unmanaged personal accounts, creating blind spots
  • Report citing many high‑risk prompts concentrated in a fraction of GenAI usage
  • Evidence of harvested AI credentials appearing for sale on the dark web
  • 31 learning activities across nine learning series
  • Content supports multiple programming languages and OWASP topics

Why it matters

Password-based authentication is now a procurement liability: articles show AI‑amplified credential theft and prompt leakage make passwords ineffective, so prioritize passwordless (FIDO2/passkey) requirements and migration support in upcoming identity and SSO renewals. Generative-AI prompt leakage from unmanaged personal accounts creates forensic blind spots: require prompt logging, retention/export rights and contractual audit access from AI/SaaS providers where prompts or hosted inputs can contain sensitive data. Developer-side risk is now buyable through mainstream awareness vendors — secure-coding content is available as an add-on, so procurement can reduce application-layer risk by buying seats or SOWs via incumbents instead of sourcing new suppliers. Vendors are packaging monitoring, public-safety sensors and AI oversight into bundles that shift costs from CAPEX to recurring connectivity and analytics OPEX; capture these OPEX items and integration SOWs in commercial evaluations

Cost / money

  • Adopting passwordless (FIDO2/passkey) will raise near-term integration and device-binding costs for identity platforms, SSO and endpoint policies.[1]
  • Requiring prompt retention or export from AI vendors increases hosting, logging and potential e‑discovery costs that should be budgeted into SaaS line items.[2]
  • Bundled monitoring and public‑safety sensor offers move spend toward recurring connectivity and cloud analytics OPEX rather than one-off hardware buys, changing TCO calculations.[4]

Supplier / commercial

  • Identity vendors who deliver turnkey passwordless options gain leverage — use procurement to lock in migration support, defined rollback clauses and device-exemption terms.[1]
  • Awareness vendors expanding into developer training create upsell pathways; insist on seat portability, measurable outcomes and explicit SOW deliverables to avoid content lock-in.[3]
  • Monitoring/AI-oversight bundles may push longer managed-service terms and separate analytics pricing; require SLAs, telemetry export rights and clear pricing for connectivity/analytics OPEX.[4]

Safety / operations

  • Credential compromise now threatens physical systems (badging, cameras) as well as IT; operations must coordinate cyber and physical runbooks and validate manual overrides with suppliers.[1]
  • P25 indoor monitoring can improve public-safety checks but operational value depends on validated connectivity, placement and integration with incident workflows before wide rollout.[4]

What to watch

  • Early-signal: Vendors may market autonomous-agent controls as replacements for multi-supplier coordination — verify escalation paths, manual override obligations and contractual ownership before reducing operator roles.[5]
  • Early-signal: Some AI/SaaS suppliers may not offer straightforward prompt-export features — confirm technical feasibility and cost for prompt retention/export before embedding requirements in templates.[2]

Top stories

Story 1SecurityBrief Australia

Experts warn passwords no longer sufficient in AI era

Signal strongSource-grounded
Source notes [1]Read source

What happened

Australian experts warn passwords are no longer sufficient as AI and credential-theft tactics scale attacker access. The article cites vendor research showing a measurable share of GenAI prompts carry high-risk data leakage and that unmanaged personal accounts drive much of the exposure. Watch whether organisations accelerate FIDO2/passkey adoption and require prompt-logging from AI providers

Buyer takeaway

Elevate passwordless and prompt-visibility requirements in procurements because passwords are shown to be ineffective against infostealers and AI-amplified prompt leakage

Cost / money

Expect integration and device-binding costs when adopting FIDO2 and updating SSO/endpoint processes; budget these as part of identity renewals

Supplier / commercial

Identity and access vendors may demand migration/support fees; require migration SLAs, rollback provisions and device-exemption policies in offers

Safety / operations

Credential compromise affects both IT and physical security; ops must have tested manual overrides and coordinated cyber-physical runbooks

What to watch

Watch vendor claims of 'phishing-proof' solutions; require pilot evidence and contractual rollback rights before committing

Key facts

  • Vendor research: notable share of GenAI prompts flagged as high‑risk in recent sampling
  • Majority of risky prompts submitted via unmanaged personal accounts, creating blind spots

Source excerpts

Physical impact New research from Genetec suggests physical security environments also face growing credential-related risks as systems connect to corporate networks
"Genetec encourages organisations to move beyond isolated credential controls and adopt a governance-first approach to identity management in physical security environments, including: Strengthen identity and credential controls: Organisations should eliminate default and shared credentials, enforce strong authentication such as passkeys and adopt multi-factor authentication to reduce common attack entry points
"Here are some ways organisations can defend themselves in 2026: Embrace passwordless and FIDO2: The only true defence against phishing and infostealers is removing the password entirely
Story 2SecurityBrief Australia

Why "strong passwords" can't save you from AI

Signal strongSource-grounded
Source notes [2]Read source

What happened

A lead technologist explains why complex passwords can't stop infostealers and accidental insider leaks from employees pasting corporate secrets into public AI tools. The piece highlights that many high-risk prompts come from unmanaged accounts and points to dark-web harvesting of AI credentials. Watch vendor responses on prompt retention, export capabilities and costs for forensic access

Buyer takeaway

Treat GenAI prompt handling like any other log data: require export, retention and audit rights so investigations remain possible

Cost / money

Requiring prompt retention/export may increase SaaS hosting or logging costs; capture these in contract discussions

Supplier / commercial

AI-platform vendors could price extended retention/export features; test price/performance during procurement evaluations

Safety / operations

Without prompt visibility, incident response teams face longer investigations and reduced containment speed

What to watch

Early-signal: not all suppliers expose prompt logs easily—verify technical feasibility and cost before building requirements into templates

Key facts

  • Report citing many high‑risk prompts concentrated in a fraction of GenAI usage
  • Evidence of harvested AI credentials appearing for sale on the dark web

Source excerpts

According to Check Point Research, for the month of March 2026, one in every 28 GenAI prompts submitted from enterprise environments posed a high risk of sensitive data leakage, impacting 91% of organisations that use GenAI tools regularly
As we look ahead, the future of enterprise security relies on verifying behaviour, not just a string of characters
Threat intelligence firm Group-IB reported that at least 225,000 sets of OpenAI/ChatGPT credentials were put up for sale on the dark web after being harvested by infostealers. When employees use personal devices infected with infostealers to log into AI tools with corporate credentials, the data loop is devastating
Story 3SecurityBrief Australia

KnowBe4 adds AI secure coding training with partner

Signal moderateSource-grounded
Source notes [3]Read source

What happened

KnowBe4 partnered with Secure Code Warrior to add developer-focused secure-coding training into its catalogue, targeting AI-assisted development risks. The offering includes multi-language modules mapped to OWASP topics and is available through specific subscription tiers, making it operationally real for buyers with existing KnowBe4 contracts. Watch which tiers include the content and whether incumbents support lab environments

Buyer takeaway

Leverage incumbent awareness suppliers to procure developer training faster, but require measurable outcomes and portability because content alone doesn't change behaviour

Cost / money

Expect recurring licence or seat-based spend; include portability and renewal terms to avoid surprise cost increases

Supplier / commercial

Partnerships enable bundled upsells; negotiate fixed pricing and defined SOW deliverables for technical training modules

Safety / operations

Developer training should be tied to release gates and secure-release checklists to reduce application-layer vulnerabilities

What to watch

Confirm which subscription tiers include the modules and whether the vendor will provide hands-on lab support

Key facts

  • 31 learning activities across nine learning series
  • Content supports multiple programming languages and OWASP topics

Source excerpts

Training vendors have responded by building content that goes beyond general cyber awareness into role-specific instruction for engineers, developers and security teams
Best known for security awareness training for employees, the company can now reach organisations seeking support for developer teams as well as broader staff populations. Secure Code Warrior, an Australian scale-up, specialises in developer-focused security training and AI software governance
JOSEPH GABRIEL LAGONSIN News Editor AI risk overview KnowBe4 has partnered with Secure Code Warrior to offer secure coding training for organisations with technical teams, adding specialist content to KnowBe4's training library. The new offering targets businesses managing the security implications of AI-assisted software development
Story 4SecurityBrief Australia

Australian News - SecurityBrief Australia

Signal moderateDirectional
Source notes [4]Read source

What happened

Local market reporting shows vendors adding public-safety monitoring (P25) to network testers and launching joint AI oversight products, creating bundled monitoring + oversight offers. These moves make monitoring an integration project and introduce recurring connectivity and analytics OPEX that buyers must evaluate. Watch whether suppliers lock analytics into proprietary platforms or provide exportable telemetry

Buyer takeaway

Treat bundled monitoring/oversight offers as integration projects; demand SLAs, telemetry export and pricing clarity for analytics OPEX

Cost / money

Bundles may reduce procurement friction but increase recurring cloud/analytics costs that should be captured in TCO models

Supplier / commercial

Suppliers offering combined monitoring can push longer managed-service terms; use negotiation to retain exit and data-export rights

Safety / operations

P25 monitoring can improve situational awareness, but requires validated connectivity and integration into incident workflows

What to watch

Confirm whether monitoring results are exportable and whether sensor/connectivity OPEX is included or charged separately

Key facts

  • Ranlytics added P25 public-safety monitoring to its KALLO network tester
  • Vocus partnered with Fortinet on a Secure Shield-style AI oversight product

Source excerpts

By Mark Tarre • 10 min read • Yesterday Data Analytics Ranlytics adds P25 monitoring to KALLO network tester Ranlytics expands KALLO network tester with P25 public safety monitoring for continuous indoor coverage checks across buildings and critical sites
By Mark Tarre • 3 min read • Last week Software-as-a-Service Nearly half of Australian firms hit by AI incidents Nearly half of Australian organisations with AI security controls have faced incidents as firms rush agents into customer service, email and cloud systems. By Sean Mitchell • 4 min read • Last week EduTech Macquarie University & tech group deepen digital ties Macquarie University and Macquarie Technology Group strike strategic pact to bolster cloud, cyber security and data centre skills
By Joseph Gabriel Lagonsin • 4 min read • Yesterday Ransomware Experts warn passwords no longer sufficient in AI era Australian cyber security experts say passwords are no longer enough as AI use grows, with identity the new perimeter and passkeys urged. By Mark Tarre • 10 min read • Yesterday Data Analytics Ranlytics adds P25 monitoring to KALLO network tester Ranlytics expands KALLO network tester with P25 public safety monitoring for continuous indoor coverage checks across buildings and critical sites
Story 5SecurityBrief Australia

Expert Opinions - SecurityBrief Australia

Signal limitedDirectional
Source notes [5]Read source

What happened

A set of expert pieces flags service-desk weaknesses, log-management cost pressures and rising risks from voice phishing and standing privileges in outsourced support. These are operational signals that dashboards alone are insufficient; buyers should demand raw log access and runbook clarity from service-desk and observability suppliers. Watch for vendors pitching automated remediation as a substitute for clarified handoffs

Buyer takeaway

Treat service-desk and log management as contractually enforced observability elements: require raw-log export, runbook ownership and change-control clauses

Cost / money

Higher log volumes translate into higher cloud-hosting and ingestion costs; model these in renewals and SOWs

Supplier / commercial

Outsourced service-desk suppliers may resist exporting raw telemetry; insist on contractual exports and escalation pathways

Safety / operations

Automated remediation without clear handoffs increases single‑point-of-failure risk; operations need manual-override and rollback clauses

What to watch

Limited relevance: opinion pieces are directional but operational when tied to specific renewals or SOWs—verify vendor capabilities before acting

Key facts

  • Multiple expert columns highlighting service-desk as an emerging frontline for attackers
  • Reporting that log-management costs are rising with cloud-native data growth

Source excerpts

By Raymond McCullagh • 5 min read • 4 days ago Multi-factor authentication Stolen credentials don't have to mean a breach Stolen logins can still trigger chaos, but modern access controls that verify device and context can stop attackers from turning them into a breach
By Lovan • 7 min read • 3 days ago Virtual Private Networks Why service desks are emerging as a critical security weakness Service desks emerge as cyber criminals' new frontline, with voice phishing, standing privileges and outsourced support fuelling identity breaches. By Christopher Hills • 4 min read • 4 days ago Virtualisation Why Australian enterprises can no longer afford to ignore the log management problem Australian enterprises face soaring log management bills as cloud-native systems drive 100-fold d
By Christopher Hills • 4 min read • 4 days ago Virtualisation Why Australian enterprises can no longer afford to ignore the log management problem Australian enterprises face soaring log management bills as cloud-native systems drive 100-fold data growth and expose legacy tools

VP Snapshot

Executive Risk & Action View

Password-based authentication is now a procurement liability: articles show AI‑amplified credential theft and prompt leakage make passwords ineffective, so prioritize passwordless (FIDO2/passkey) requirements and migration support in upcoming identity and SSO renewals.

Overall
66
Cost
97
Supply
25
Schedule
20
Compliance
15

Top signals

0-30dcost

Signal 1: Cost / money

Adopting passwordless (FIDO2/passkey) will raise near-term integration and device-binding costs for identity platforms, SSO and endpoint policies.

30-180dcost

Signal 2: Cost / money

Requiring prompt retention or export from AI vendors increases hosting, logging and potential e‑discovery costs that should be budgeted into SaaS line items.

Signal 3: Cost / money

Bundled monitoring and public‑safety sensor offers move spend toward recurring connectivity and cloud analytics OPEX rather than one-off hardware buys, changing TCO calculations.

30-180dcommercial

Signal 4: Supplier / commercial

Identity vendors who deliver turnkey passwordless options gain leverage — use procurement to lock in migration support, defined rollback clauses and device-exemption terms.

Signal 5: Supplier / commercial

Awareness vendors expanding into developer training create upsell pathways; insist on seat portability, measurable outcomes and explicit SOW deliverables to avoid content lock-in.

180d+commercial

Signal 6: Supplier / commercial

Monitoring/AI-oversight bundles may push longer managed-service terms and separate analytics pricing; require SLAs, telemetry export rights and clear pricing for connectivity/analytics OPEX.

Recommended actions

ContractsDue 3d

Request current identity architecture, MFA/passkey inventory, GenAI usage summary and supplier runbook/telemetry-export matrices from security and major SaaS vendors.

Collected identity and telemetry matrices to attach to near-term renewals and procurement scopes.

CategoryDue 21d

Run a contained pilot for passwordless (FIDO2/passkey) including rollback tests and device-exemption flows to map integration effort and vendor support needs.

Pilot report documenting integration effort, user impact, and recommended procurement SOW for scaled deployment.

ContractsDue 21d

Negotiate an add-on SOW or seat-based amendment with incumbent awareness/training suppliers to include developer secure-coding modules (OWASP/Large‑Model topics) and lab support.

Contract amendment or SOW specifying content scope, portability rights and acceptance criteria for developer training.

ContractsDue 60d

Update RFx and renewal templates to require exportable telemetry (including prompt logs where hosted), agent-inventory APIs, explicit rollback/runbook ownership and contractual...

Revised RFx/SOW language securing telemetry export rights, agent inventory reporting and runbook ownership for new and renewed contracts.

OpsDue 60d

Run a cross-functional tabletop exercise simulating credential compromise via AI prompts and a social-engineering service-desk vector; validate manual overrides for physical acc...

Validated cross-supplier playbooks, updated escalation matrices and identified contract changes to enforce runbook and data-export responsibilities.

Risk register

RiskTriggerMitigation
Early-signal: Vendors may market autonomous-agent controls as replacements for multi-supplier coordination — verify escalation paths, manual override obligations and contractual ownership before reducing operator roles.Early-signal: Vendors may market autonomous-agent controls as replacements for multi-supplier coordination — verify escalation paths, manual override obligations and contractual ownership before reducing operator roles.Confirm exposure with category, contracts, and operations before the next supplier commitment.
Early-signal: Some AI/SaaS suppliers may not offer straightforward prompt-export features — confirm technical feasibility and cost for prompt retention/export before embedding requirements in templates.Early-signal: Some AI/SaaS suppliers may not offer straightforward prompt-export features — confirm technical feasibility and cost for prompt retention/export before embedding requirements in templates.Confirm exposure with category, contracts, and operations before the next supplier commitment.

CM Snapshot

Category Manager Decision Detail

Today's priorities

Request current identity architecture, MFA/passkey inventory, GenAI usage summary and supplier runbook/telemetry-export matrices from security and major SaaS vendors.

because recent reporting shows credential theft and prompt leakage are active exposure points and procurement needs those artifacts to set realistic RFx requirements.

Due 3d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Run a contained pilot for passwordless (FIDO2/passkey) including rollback tests and device-exemption flows to map integration effort and vendor support needs.

because passwordless is recommended as the effective defence against phishing/infostealers and a pilot surfaces integration costs and exception handling before enterprise rollout.

Due 21d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Negotiate an add-on SOW or seat-based amendment with incumbent awareness/training suppliers to include developer secure-coding modules (OWASP/Large‑Model topics) and lab support.

because developer-focused secure-coding content is now packaged into mainstream training platforms and buying via incumbents reduces onboarding overhead and speeds delivery.

Due 21d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Update RFx and renewal templates to require exportable telemetry (including prompt logs where hosted), agent-inventory APIs, explicit rollback/runbook ownership and contractual...

because unchecked GenAI prompt handling and limited telemetry exports create investigative blind spots that only contractual rights can reliably close.

Due 60d

high

CM move

Use this as the immediate supplier or contract action to move before the next sourcing gate.

Supplier radar

SecurityBrief Australia

high

Observed supplier signal

Identity vendors who deliver turnkey passwordless options gain leverage — use procurement to lock in migration support, defined rollback clauses and device-exemption terms.

Commercial implication

Identity vendors who deliver turnkey passwordless options gain leverage — use procurement to lock in migration support, defined rollback clauses and device-exemption terms.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

SecurityBrief Australia

high

Observed supplier signal

Awareness vendors expanding into developer training create upsell pathways; insist on seat portability, measurable outcomes and explicit SOW deliverables to avoid content lock-in.

Commercial implication

Awareness vendors expanding into developer training create upsell pathways; insist on seat portability, measurable outcomes and explicit SOW deliverables to avoid content lock-in.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

SecurityBrief Australia

high

Observed supplier signal

Monitoring/AI-oversight bundles may push longer managed-service terms and separate analytics pricing; require SLAs, telemetry export rights and clear pricing for connectivity/analytics OPEX.

Commercial implication

Monitoring/AI-oversight bundles may push longer managed-service terms and separate analytics pricing; require SLAs, telemetry export rights and clear pricing for connectivity/analytics OPEX.

Next step: Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.

Negotiation levers

Request current identity architecture, MFA/passkey inventory, GenAI usage summary and supplier runbook/telemetry-export matrices from security and major SaaS vendors.

When to use: because recent reporting shows credential theft and prompt leakage are active exposure points and procurement needs those artifacts to set realistic RFx requirements.

Expected outcome: Collected identity and telemetry matrices to attach to near-term renewals and procurement scopes.

Commercial mechanism to carry into the next supplier conversation

Run a contained pilot for passwordless (FIDO2/passkey) including rollback tests and device-exemption flows to map integration effort and vendor support needs.

When to use: because passwordless is recommended as the effective defence against phishing/infostealers and a pilot surfaces integration costs and exception handling before enterprise rollout.

Expected outcome: Pilot report documenting integration effort, user impact, and recommended procurement SOW for scaled deployment.

Commercial mechanism to carry into the next supplier conversation

Negotiate an add-on SOW or seat-based amendment with incumbent awareness/training suppliers to include developer secure-coding modules (OWASP/Large‑Model topics) and lab support.

When to use: because developer-focused secure-coding content is now packaged into mainstream training platforms and buying via incumbents reduces onboarding overhead and speeds delivery.

Expected outcome: Contract amendment or SOW specifying content scope, portability rights and acceptance criteria for developer training.

Commercial mechanism to carry into the next supplier conversation

Update RFx and renewal templates to require exportable telemetry (including prompt logs where hosted), agent-inventory APIs, explicit rollback/runbook ownership and contractual...

When to use: because unchecked GenAI prompt handling and limited telemetry exports create investigative blind spots that only contractual rights can reliably close.

Expected outcome: Revised RFx/SOW language securing telemetry export rights, agent inventory reporting and runbook ownership for new and renewed contracts.

Commercial mechanism to carry into the next supplier conversation

Talking points

Password-based authentication is now a procurement liability: articles show AI‑amplified credential theft and prompt leakage make passwords ineffective, so prioritize passwordless (FIDO2/passkey) requirements and migration support in upcoming identity and SSO renewals.
Generative-AI prompt leakage from unmanaged personal accounts creates forensic blind spots: require prompt logging, retention/export rights and contractual audit access from AI/SaaS providers where prompts or hosted inputs can contain sensitive data.
Developer-side risk is now buyable through mainstream awareness vendors — secure-coding content is available as an add-on, so procurement can reduce application-layer risk by buying seats or SOWs via incumbents instead of sourcing new suppliers.
Vendors are packaging monitoring, public-safety sensors and AI oversight into bundles that shift costs from CAPEX to recurring connectivity and analytics OPEX; capture these OPEX items and integration SOWs in commercial evaluations.

Supplier radar

SupplierSignalImplicationNext stepConfidence
SecurityBrief AustraliaIdentity vendors who deliver turnkey passwordless options gain leverage — use procurement to lock in migration support, defined rollback clauses and device-exemption terms.Identity vendors who deliver turnkey passwordless options gain leverage — use procurement to lock in migration support, defined rollback clauses and device-exemption terms.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high
SecurityBrief AustraliaAwareness vendors expanding into developer training create upsell pathways; insist on seat portability, measurable outcomes and explicit SOW deliverables to avoid content lock-in.Awareness vendors expanding into developer training create upsell pathways; insist on seat portability, measurable outcomes and explicit SOW deliverables to avoid content lock-in.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high
SecurityBrief AustraliaMonitoring/AI-oversight bundles may push longer managed-service terms and separate analytics pricing; require SLAs, telemetry export rights and clear pricing for connectivity/analytics OPEX.Monitoring/AI-oversight bundles may push longer managed-service terms and separate analytics pricing; require SLAs, telemetry export rights and clear pricing for connectivity/analytics OPEX.Validate the source-backed signal with incumbents and alternates before the next award or pricing decision.high

Negotiation levers

  • Request current identity architecture, MFA/passkey inventory, GenAI usage summary and supplier runbook/telemetry-export matrices from security and major SaaS vendors.because recent reporting shows credential theft and prompt leakage are active exposure points and procurement needs those artifacts to set realistic RFx requirements.Collected identity and telemetry matrices to attach to near-term renewals and procurement scopes.

    high confidence

  • Run a contained pilot for passwordless (FIDO2/passkey) including rollback tests and device-exemption flows to map integration effort and vendor support needs.because passwordless is recommended as the effective defence against phishing/infostealers and a pilot surfaces integration costs and exception handling before enterprise rollout.Pilot report documenting integration effort, user impact, and recommended procurement SOW for scaled deployment.

    high confidence

  • Negotiate an add-on SOW or seat-based amendment with incumbent awareness/training suppliers to include developer secure-coding modules (OWASP/Large‑Model topics) and lab support.because developer-focused secure-coding content is now packaged into mainstream training platforms and buying via incumbents reduces onboarding overhead and speeds delivery.Contract amendment or SOW specifying content scope, portability rights and acceptance criteria for developer training.

    high confidence

  • Update RFx and renewal templates to require exportable telemetry (including prompt logs where hosted), agent-inventory APIs, explicit rollback/runbook ownership and contractual...because unchecked GenAI prompt handling and limited telemetry exports create investigative blind spots that only contractual rights can reliably close.Revised RFx/SOW language securing telemetry export rights, agent inventory reporting and runbook ownership for new and renewed contracts.

    high confidence

What to do / What to watch

What to do now

  • Request current identity architecture, MFA/passkey inventory, GenAI usage summary and supplier runbook/telemetry-export matrices from security and major SaaS vendors.

    Why: because recent reporting shows credential theft and prompt leakage are active exposure points and procurement needs those artifacts to set realistic RFx requirements.

    Owner: Contracts

    Expected outcome: Collected identity and telemetry matrices to attach to near-term renewals and procurement scopes.

    [1]

Next few weeks

  • Run a contained pilot for passwordless (FIDO2/passkey) including rollback tests and device-exemption flows to map integration effort and vendor support needs.

    Why: because passwordless is recommended as the effective defence against phishing/infostealers and a pilot surfaces integration costs and exception handling before enterprise rollout.

    Owner: Category

    Expected outcome: Pilot report documenting integration effort, user impact, and recommended procurement SOW for scaled deployment.

    [1]
  • Negotiate an add-on SOW or seat-based amendment with incumbent awareness/training suppliers to include developer secure-coding modules (OWASP/Large‑Model topics) and lab support.

    Why: because developer-focused secure-coding content is now packaged into mainstream training platforms and buying via incumbents reduces onboarding overhead and speeds delivery.

    Owner: Contracts

    Expected outcome: Contract amendment or SOW specifying content scope, portability rights and acceptance criteria for developer training.

    [3]

Longer view

  • Update RFx and renewal templates to require exportable telemetry (including prompt logs where hosted), agent-inventory APIs, explicit rollback/runbook ownership and contractual...

    Why: because unchecked GenAI prompt handling and limited telemetry exports create investigative blind spots that only contractual rights can reliably close.

    Owner: Contracts

    Expected outcome: Revised RFx/SOW language securing telemetry export rights, agent inventory reporting and runbook ownership for new and renewed contracts.

    [2]
  • Run a cross-functional tabletop exercise simulating credential compromise via AI prompts and a social-engineering service-desk vector; validate manual overrides for physical acc...

    Why: because credential theft now spans digital and physical domains and exercises reveal commercial handoffs procurement must capture contractually between suppliers.

    Owner: Ops

    Expected outcome: Validated cross-supplier playbooks, updated escalation matrices and identified contract changes to enforce runbook and data-export responsibilities.

    [1]

What to watch

  • Early-signal: Vendors may market autonomous-agent controls as replacements for multi-supplier coordination — verify escalation paths, manual override obligations and contractual ownership before reducing operator roles
  • Early-signal: Some AI/SaaS suppliers may not offer straightforward prompt-export features — confirm technical feasibility and cost for prompt retention/export before embedding requirements in templates
  • Early-signal: Vendors may market autonomous-agent controls as replacements for multi-supplier coordination — verify escalation paths, manual override obligations and contractual ownership before reducing operator roles.: Early-signal: Vendors may market autonomous-agent controls as replacements for multi-supplier coordination — verify escalation paths, manual override obligations and contractual ownership before reducing operator roles
  • Early-signal: Some AI/SaaS suppliers may not offer straightforward prompt-export features — confirm technical feasibility and cost for prompt retention/export before embedding requirements in templates.: Early-signal: Some AI/SaaS suppliers may not offer straightforward prompt-export features — confirm technical feasibility and cost for prompt retention/export before embedding requirements in templates
  • Password-based authentication is now a procurement liability: articles show AI‑amplified credential theft and prompt leakage make passwords ineffective, so prioritize passwordless (FIDO2/passkey) requirements and migration support in upcoming identity and SSO renewals
  • Generative-AI prompt leakage from unmanaged personal accounts creates forensic blind spots: require prompt logging, retention/export rights and contractual audit access from AI/SaaS providers where prompts or hosted inputs can contain sensitive data
  • Developer-side risk is now buyable through mainstream awareness vendors — secure-coding content is available as an add-on, so procurement can reduce application-layer risk by buying seats or SOWs via incumbents instead of sourcing new suppliers
  • Vendors are packaging monitoring, public-safety sensors and AI oversight into bundles that shift costs from CAPEX to recurring connectivity and analytics OPEX; capture these OPEX items and integration SOWs in commercial evaluations

Market pulse

IndexLatestChangeAs of
Palo Alto (PANW)320 +0.00 (+0.00%)May 7, 2026, 10:10 PM
CrowdStrike (CRWD)285 +0.00 (+0.00%)May 7, 2026, 10:10 PM
Zscaler (ZS)195 +0.00 (+0.00%)May 7, 2026, 10:10 PM
Fortinet (FTNT)72 +0.00 (+0.00%)May 7, 2026, 10:10 PM
  • Palo Alto: Identity-driven controls and NGFWs with identity integration are gaining attention; consider shifting renewal evaluations to favour identity-aware feature sets
  • CrowdStrike: Endpoint and identity telemetry demand is rising; buyer focus on telemetry export and agent inventories may increase leverage in endpoint renewals

Sources

Inline citations jump here. Expand a source to read the excerpt, the AI interpretation, and the original link.

[1] Experts warn passwords no longer sufficient in AI era

securitybrief.com.au · n.d.

Expand

AI reading

Australian experts warn passwords are no longer sufficient as AI and credential-theft tactics scale attacker access. The article cites vendor research showing a measurable share of GenAI prompts carry high-risk data leakage and that unmanaged personal accounts drive much of the exposure. Watch whether organisations accelerate FIDO2/passkey adoption and require prompt-logging from AI providers

Buyer takeaway

Elevate passwordless and prompt-visibility requirements in procurements because passwords are shown to be ineffective against infostealers and AI-amplified prompt leakage

Cost / money

Expect integration and device-binding costs when adopting FIDO2 and updating SSO/endpoint processes; budget these as part of identity renewals

Supplier / commercial

Identity and access vendors may demand migration/support fees; require migration SLAs, rollback provisions and device-exemption policies in offers

Safety / operations

Credential compromise affects both IT and physical security; ops must have tested manual overrides and coordinated cyber-physical runbooks

What to watch

Watch vendor claims of 'phishing-proof' solutions; require pilot evidence and contractual rollback rights before committing

Key facts

  • Vendor research: notable share of GenAI prompts flagged as high‑risk in recent sampling
  • Majority of risky prompts submitted via unmanaged personal accounts, creating blind spots

Source excerpts

Physical impact New research from Genetec suggests physical security environments also face growing credential-related risks as systems connect to corporate networks
"Genetec encourages organisations to move beyond isolated credential controls and adopt a governance-first approach to identity management in physical security environments, including: Strengthen identity and credential controls: Organisations should eliminate default and shared credentials, enforce strong authentication such as passkeys and adopt multi-factor authentication to reduce common attack entry points
"Here are some ways organisations can defend themselves in 2026: Embrace passwordless and FIDO2: The only true defence against phishing and infostealers is removing the password entirely

Used in this brief

  • Safety / operations: Credential compromise now threatens physical systems (badging, cameras) as well as IT; operations must coordinate cyber and physical runbooks and validate manual overrides with suppliers
  • Next 72 hours — Request current identity architecture, MFA/passkey inventory, GenAI usage summary and supplier runbook/telemetry-export matrices from security and major SaaS vendors.. Rationale: because recent reporting shows credential theft and prompt leakage are active exposure points and procurement needs those artifacts to set realistic RFx requirements.. Owner: Contracts. KPI: Collected identity and telemetry matrices to attach to near-term renewals and procurement scopes
  • Next 2-4 weeks — Run a contained pilot for passwordless (FIDO2/passkey) including rollback tests and device-exemption flows to map integration effort and vendor support needs.. Rationale: because passwordless is recommended as the effective defence against phishing/infostealers and a pilot surfaces integration costs and exception handling before enterprise rollout.. Owner: Category. KPI: Pilot report documenting integration effort, user impact, and recommended procurement SOW for scaled deployment
Open original source

[2] Why "strong passwords" can't save you from AI

securitybrief.com.au · n.d.

Expand

AI reading

A lead technologist explains why complex passwords can't stop infostealers and accidental insider leaks from employees pasting corporate secrets into public AI tools. The piece highlights that many high-risk prompts come from unmanaged accounts and points to dark-web harvesting of AI credentials. Watch vendor responses on prompt retention, export capabilities and costs for forensic access

Buyer takeaway

Treat GenAI prompt handling like any other log data: require export, retention and audit rights so investigations remain possible

Cost / money

Requiring prompt retention/export may increase SaaS hosting or logging costs; capture these in contract discussions

Supplier / commercial

AI-platform vendors could price extended retention/export features; test price/performance during procurement evaluations

Safety / operations

Without prompt visibility, incident response teams face longer investigations and reduced containment speed

What to watch

Early-signal: not all suppliers expose prompt logs easily—verify technical feasibility and cost before building requirements into templates

Key facts

  • Report citing many high‑risk prompts concentrated in a fraction of GenAI usage
  • Evidence of harvested AI credentials appearing for sale on the dark web

Source excerpts

According to Check Point Research, for the month of March 2026, one in every 28 GenAI prompts submitted from enterprise environments posed a high risk of sensitive data leakage, impacting 91% of organisations that use GenAI tools regularly
As we look ahead, the future of enterprise security relies on verifying behaviour, not just a string of characters
Threat intelligence firm Group-IB reported that at least 225,000 sets of OpenAI/ChatGPT credentials were put up for sale on the dark web after being harvested by infostealers. When employees use personal devices infected with infostealers to log into AI tools with corporate credentials, the data loop is devastating

Used in this brief

  • Next quarter — Update RFx and renewal templates to require exportable telemetry (including prompt logs where hosted), agent-inventory APIs, explicit rollback/runbook ownership and contractual.... Rationale: because unchecked GenAI prompt handling and limited telemetry exports create investigative blind spots that only contractual rights can reliably close.. Owner: Contracts. KPI: Revised RFx/SOW language securing telemetry export rights, agent inventory reporting and runbook ownership for new and renewed contracts
  • Early-signal: Some AI/SaaS suppliers may not offer straightforward prompt-export features — confirm technical feasibility and cost for prompt retention/export before embedding requirements in templates
  • A lead technologist explains why complex passwords can't stop infostealers and accidental insider leaks from employees pasting corporate secrets into public AI tools. The piece highlights that many high-risk prompts come from unmanaged accounts and points to dark-web harvesting of AI credentials. Watch vendor responses on prompt retention, export capabilities and costs for forensic access
Open original source

[3] KnowBe4 adds AI secure coding training with partner

securitybrief.com.au · n.d.

Expand

AI reading

KnowBe4 partnered with Secure Code Warrior to add developer-focused secure-coding training into its catalogue, targeting AI-assisted development risks. The offering includes multi-language modules mapped to OWASP topics and is available through specific subscription tiers, making it operationally real for buyers with existing KnowBe4 contracts. Watch which tiers include the content and whether incumbents support lab environments

Buyer takeaway

Leverage incumbent awareness suppliers to procure developer training faster, but require measurable outcomes and portability because content alone doesn't change behaviour

Cost / money

Expect recurring licence or seat-based spend; include portability and renewal terms to avoid surprise cost increases

Supplier / commercial

Partnerships enable bundled upsells; negotiate fixed pricing and defined SOW deliverables for technical training modules

Safety / operations

Developer training should be tied to release gates and secure-release checklists to reduce application-layer vulnerabilities

What to watch

Confirm which subscription tiers include the modules and whether the vendor will provide hands-on lab support

Key facts

  • 31 learning activities across nine learning series
  • Content supports multiple programming languages and OWASP topics

Source excerpts

Training vendors have responded by building content that goes beyond general cyber awareness into role-specific instruction for engineers, developers and security teams
Best known for security awareness training for employees, the company can now reach organisations seeking support for developer teams as well as broader staff populations. Secure Code Warrior, an Australian scale-up, specialises in developer-focused security training and AI software governance
JOSEPH GABRIEL LAGONSIN News Editor AI risk overview KnowBe4 has partnered with Secure Code Warrior to offer secure coding training for organisations with technical teams, adding specialist content to KnowBe4's training library. The new offering targets businesses managing the security implications of AI-assisted software development

Used in this brief

  • Supplier / commercial: Awareness vendors expanding into developer training create upsell pathways; insist on seat portability, measurable outcomes and explicit SOW deliverables to avoid content lock-in
  • Next 2-4 weeks — Negotiate an add-on SOW or seat-based amendment with incumbent awareness/training suppliers to include developer secure-coding modules (OWASP/Large‑Model topics) and lab support.. Rationale: because developer-focused secure-coding content is now packaged into mainstream training platforms and buying via incumbents reduces onboarding overhead and speeds delivery.. Owner: Contracts. KPI: Contract amendment or SOW specifying content scope, portability rights and acceptance criteria for developer training
  • KnowBe4 partnered with Secure Code Warrior to add developer-focused secure-coding training into its catalogue, targeting AI-assisted development risks. The offering includes multi-language modules mapped to OWASP topics and is available through specific subscription tiers, making it operationally real for buyers with existing KnowBe4 contracts. Watch which tiers include the content and whether incumbents support lab environments
Open original source

[4] Australian News - SecurityBrief Australia

securitybrief.com.au · n.d.

Expand

AI reading

Local market reporting shows vendors adding public-safety monitoring (P25) to network testers and launching joint AI oversight products, creating bundled monitoring + oversight offers. These moves make monitoring an integration project and introduce recurring connectivity and analytics OPEX that buyers must evaluate. Watch whether suppliers lock analytics into proprietary platforms or provide exportable telemetry

Buyer takeaway

Treat bundled monitoring/oversight offers as integration projects; demand SLAs, telemetry export and pricing clarity for analytics OPEX

Cost / money

Bundles may reduce procurement friction but increase recurring cloud/analytics costs that should be captured in TCO models

Supplier / commercial

Suppliers offering combined monitoring can push longer managed-service terms; use negotiation to retain exit and data-export rights

Safety / operations

P25 monitoring can improve situational awareness, but requires validated connectivity and integration into incident workflows

What to watch

Confirm whether monitoring results are exportable and whether sensor/connectivity OPEX is included or charged separately

Key facts

  • Ranlytics added P25 public-safety monitoring to its KALLO network tester
  • Vocus partnered with Fortinet on a Secure Shield-style AI oversight product

Source excerpts

By Mark Tarre • 10 min read • Yesterday Data Analytics Ranlytics adds P25 monitoring to KALLO network tester Ranlytics expands KALLO network tester with P25 public safety monitoring for continuous indoor coverage checks across buildings and critical sites
By Mark Tarre • 3 min read • Last week Software-as-a-Service Nearly half of Australian firms hit by AI incidents Nearly half of Australian organisations with AI security controls have faced incidents as firms rush agents into customer service, email and cloud systems. By Sean Mitchell • 4 min read • Last week EduTech Macquarie University & tech group deepen digital ties Macquarie University and Macquarie Technology Group strike strategic pact to bolster cloud, cyber security and data centre skills
By Joseph Gabriel Lagonsin • 4 min read • Yesterday Ransomware Experts warn passwords no longer sufficient in AI era Australian cyber security experts say passwords are no longer enough as AI use grows, with identity the new perimeter and passkeys urged. By Mark Tarre • 10 min read • Yesterday Data Analytics Ranlytics adds P25 monitoring to KALLO network tester Ranlytics expands KALLO network tester with P25 public safety monitoring for continuous indoor coverage checks across buildings and critical sites

Used in this brief

  • Safety / operations: P25 indoor monitoring can improve public-safety checks but operational value depends on validated connectivity, placement and integration with incident workflows before wide rollout
  • Local market reporting shows vendors adding public-safety monitoring (P25) to network testers and launching joint AI oversight products, creating bundled monitoring + oversight offers. These moves make monitoring an integration project and introduce recurring connectivity and analytics OPEX that buyers must evaluate. Watch whether suppliers lock analytics into proprietary platforms or provide exportable telemetry
  • Buyer bottom line: combined monitoring and AI-oversight simplifies supplier lists but shifts costs and integration risk—capture OPEX and export rights contractually
Open original source

[5] Expert Opinions - SecurityBrief Australia

securitybrief.com.au · n.d.

Expand

AI reading

A set of expert pieces flags service-desk weaknesses, log-management cost pressures and rising risks from voice phishing and standing privileges in outsourced support. These are operational signals that dashboards alone are insufficient; buyers should demand raw log access and runbook clarity from service-desk and observability suppliers. Watch for vendors pitching automated remediation as a substitute for clarified handoffs

Buyer takeaway

Treat service-desk and log management as contractually enforced observability elements: require raw-log export, runbook ownership and change-control clauses

Cost / money

Higher log volumes translate into higher cloud-hosting and ingestion costs; model these in renewals and SOWs

Supplier / commercial

Outsourced service-desk suppliers may resist exporting raw telemetry; insist on contractual exports and escalation pathways

Safety / operations

Automated remediation without clear handoffs increases single‑point-of-failure risk; operations need manual-override and rollback clauses

What to watch

Limited relevance: opinion pieces are directional but operational when tied to specific renewals or SOWs—verify vendor capabilities before acting

Key facts

  • Multiple expert columns highlighting service-desk as an emerging frontline for attackers
  • Reporting that log-management costs are rising with cloud-native data growth

Source excerpts

By Raymond McCullagh • 5 min read • 4 days ago Multi-factor authentication Stolen credentials don't have to mean a breach Stolen logins can still trigger chaos, but modern access controls that verify device and context can stop attackers from turning them into a breach
By Lovan • 7 min read • 3 days ago Virtual Private Networks Why service desks are emerging as a critical security weakness Service desks emerge as cyber criminals' new frontline, with voice phishing, standing privileges and outsourced support fuelling identity breaches. By Christopher Hills • 4 min read • 4 days ago Virtualisation Why Australian enterprises can no longer afford to ignore the log management problem Australian enterprises face soaring log management bills as cloud-native systems drive 100-fold d
By Christopher Hills • 4 min read • 4 days ago Virtualisation Why Australian enterprises can no longer afford to ignore the log management problem Australian enterprises face soaring log management bills as cloud-native systems drive 100-fold data growth and expose legacy tools

Used in this brief

  • Early-signal: Vendors may market autonomous-agent controls as replacements for multi-supplier coordination — verify escalation paths, manual override obligations and contractual ownership before reducing operator roles
  • A set of expert pieces flags service-desk weaknesses, log-management cost pressures and rising risks from voice phishing and standing privileges in outsourced support. These are operational signals that dashboards alone are insufficient; buyers should demand raw log access and runbook clarity from service-desk and observability suppliers. Watch for vendors pitching automated remediation as a substitute for clarified handoffs
  • Buyer bottom line: lock raw log exports and runbook ownership into service-desk and observability contracts to prevent operational blind spots
Open original source

[6] Palo Alto

finance.yahoo.com · n.d.

Expand
Open original source

[7] CrowdStrike

finance.yahoo.com · n.d.

Expand
Open original source
More from IT, Telecom & CyberBack to Executive View