Under ABA Rule 1.6, a client data breach is an ethics violation, not just a security incident.
That's why the 2026 wave hits differently:
→ LexisNexis breach (spring)
→ DocketWise breach (April, 116K affected)
→ Law firm ransomware nearly doubled YoY (BakerHostetler 2026 DSIR)
Auth Sentry maps identity as a graph. Real signal in context. Workflow uninterrupted.
gethumming.io/demo
The 2026 NASCIO-Deloitte study put a number on the state CISO accountability gap.
2022: 48% "extremely or very confident" protecting public data.
2026: 22%.
Not a competence problem. Accountability expanded faster than authority.
78% cite 3rd-party breaches as top threat. 63% "not very confident" in local gov/higher ed cyber. 16% report budget cuts.
A role-design problem, playing out simultaneously across all 50 states.
Education IT teams: Comparitech 2025 ransomware report.
251 attacks on educational institutions worldwide. 130 in US. 3.96M records exposed (+27% YoY).
The distinguishing factor: third-party attacks.
PowerSchool: 62M students + 9.5M teachers via ONE shared vendor.
CL0P/Oracle: 5 higher-ed breaches via ONE vendor zero-day.
The attack surface has changed shape. Not "inside the firewall." The web of identities you share.
AI agents in your environment look like attackers to a stack built for humans. Whitelist them = flying blind. Don't, analysts drown in false positives. Neither feels right, because neither is.
Auth Sentry maps identity as a graph, gives each one a risk score you can dig into, and gives you complete, explainable investigations with evidence - not isolated events, THEN updates your team on Slack.
You shouldn't have to choose between visibility and sanity.
Try us on for size:
gethumming.io/demo
Some are misreading the 2026 DBIR, skimming the headlines, but missing the bigger picture.
4 Takeaways:
1) Credentials appear in 39% of breaches across the full attack chain
2) Detection stacks often fire on auth events, but attackers have moved post-auth.
3) 3rd-party identity risk up 60% YoY
4) AI agents flagged as the next target. Vulns get them in. Identity is how they move.
We can help.
The 95-day window between infostealer & ransomware is well-known now, but many programs still lose ground inside it.
3 failure modes:
1) Treating infostealer exposure as an account problem. Password resets don't invalidate cookies, tokens, or device fingerprints.
2) Not watching what the credential does in the window. Reconnaissance is detectable as a graph, not as log lines.
3) Running response on a ticket clock when identity degrades in real time.
#ITDR #IVIP #Ransomware
"If AI runs the investigation, what's left for the analyst?"
Fair concern. Here's our line:
AI does the mechanical work like pulling logs, correlating events, validating with users via Slack. The 10–15 min per alert no one signed up for.
The decision stays human. High-impact actions need approval. Every AI step is auditable.
Augment, don't replace.
gethumming.io/responsible-ai
#ITDR #IVIP #ResponsibleAI
The AI agent security conversation focuses on individual agents.
The more interesting threat is one layer up at the communication layer between agents.
Inject into the message-passing layer, and a sub-agent executes instructions the orchestrator never issued. Valid credentials. Authorized calls. No obvious anomaly.
The agent that appears responsible may be entirely innocent - used as a relay.
That's the detection frontier. We can help.
gethumming.io
#ITDR #IVIP #IdentitySecurity #AIAgents
Enterprise Strategy Group says the average enterprise spends 11 person-hours investigating a single critical identity alert.
Not 11 minutes. 11 hours.
Attackers move laterally in minutes. and the gap between those two speeds is where system damage accumulates.
Auth Sentry's AI Analysis performs every investigation automatically & delivers real, actionable results.
Average time: under 2 minutes.
Try it free for 7 days:
gethumming.io/how-it-works
#ITDR #IVIP #IdentitySecurity #SecurityOps
