The March edition of the Unit 42 Threat Bulletin is now live, delivering the latest insights and analysis on emerging cyber threats and security trends.
This month, we look at two shifts changing risk faster than organizations can update their assumptions: the rise of agent-to-agent commerce, where AI “proxies” will increasingly transact on behalf of humans, and the expanding reality of internet-exposed operational technology (OT)—including a sharp year-over-year jump in exposed devices that challenges the idea that industrial environments are truly isolated.
In the sections below, Senior Principal Researcher Matt Brady breaks down what it means when the “customer” is software—and why reliability and trust become machine-graded requirements.
You’ll also find this month’s CISO Unscripted, where I sit down with Unit 42 Managing Director Chris George to pressure-test what the 2026 IR Report data means for identity-first intrusions, SaaS blast radius, non-human identities, and the browser as an entry point.
Then, Adam Robbie, head of OT threat research, shares what the latest OT telemetry is signaling, why the average “precursor phase” before physical impact matters, and how intelligence-driven defense can help teams disrupt attack chains earlier.
Mitch Mayne: Your article highlights the move toward agent-to-agent commerce via the Universal Commerce Protocol (UCP). What changes, fundamentally, when an AI agent is making the buying decision?
Matt Brady: The customer becomes a dual entity: the human principal with intent, and the AI proxy that executes the transaction. That proxy isn’t persuaded by brand “vibes”—it’s optimized for reliability. If your brand isn’t legible to agents through trustworthy data and secure workflows, you don’t just lose a transaction; you risk becoming invisible to the system making the decision.
MM: If fraud is executed by an agent instead of a human, why can the reputational hit be bigger than the dollar loss?
Christa McHugh: An agent doesn’t forgive the way a human might after a service interaction. If your platform gets flagged as a security liability in the agent’s logic model, you can be effectively blacklisted from that user’s digital ecosystem, turning a single bad incident into long-term loss of spend and loyalty. This isn’t just more fraud; it’s fraud at machine scale.
MM: Organized Retail Crime already costs retailers roughly $700K per $1B in sales. How does automation change the scale of risk?
MB: Today, many ORC schemes are limited by human and physical logistics. Agentic protocols can remove that constraint, enabling malicious automation across thousands of transactions simultaneously. The risk isn’t just “more fraud,” but speed: exploitation that can overwhelm controls and response before teams can intervene.
MM: What’s the first “now what” step for leaders who want AI shopping upsides without opening the floodgates?
CM: Start treating this as a governance and ecosystem problem, not just a feature rollout. Leaders should prioritize agent authentication standards now, before attackers standardize theirs.
This month for CISO Unscripted, Mitch Mayne sits down with Chris George, Managing Director of Global Customer Support at Unit 42 for a candid executive conversation grounded in the 2026 Unit 42 IR Report. Together, they unpack why attackers aren’t “hacking in” as much as logging in, with identity weaknesses implied in nearly 90% of investigations and a high volume of identity-driven initial access. They also examine: How SaaS sprawl expands impact, and how it has grown since 2022 (brace for it: from 6% to 23%); how non-human identities and over-permission multiply risk, especially in the cloud; and why the browser is now a consistent entry point in intrusions that frequently span multiple surfaces
Watch the video to dig into this year’s insights.
“The future is now—we need to constantly question how to be better about AI security.”
Securing the Future of AI Agents
Mitch Mayne: Your research highlights a staggering 332% increase in internet-exposed OT devices. For a CEO or board member who believes their industrial environment is “air-gapped” or isolated, how should this data fundamentally change their perception of their company’s digital attack surface?
Adam Robbie: The core takeaway is simple: if you’re assuming “air-gapped” is the default state today, that assumption is increasingly untenable. This 332% increase is year-over-year, and it reflects a broader reality we see across industrial environments: connectivity is expanding, often faster than governance keeps up. Technology convergence is a major driver; OT systems are being integrated with IT and IoT for visibility, efficiency and modernization, and that shift can unintentionally create paths to the internet. The practical message for executives is to replace “we think it’s isolated” with “we have verified it’s isolated.” There are ways to test whether environments are truly segmented, and leaders should insist on that evidence, not the mythology. This isn’t a five-year problem—exposure is expanding now, faster than governance cycles.
MM: You advocate for “Intelligence-Driven Active Defense” and tools like the Attack Chain Estimator (ACE). For an executive looking at a crowded budget, how does moving toward this model actually simplify the security stack or improve the efficiency of their OT-SOC operations?
AR: “Intelligence-driven active defense” is really about reducing waste: fewer guesses, fewer reactive pivots, and more focus on the next most likely adversary move. ACE (Attack Chain Estimator) is a predictive analysis approach developed by Idaho National Labs that uses historical attack-chain knowledge and real-world telemetry to estimate what an attacker is likely to do next. In a SOC, that translates into practical efficiency: instead of treating every alert as equal, teams get a structured way to prioritize actions that stop progression. The OT-SOC framework is designed as a starting point built from real scenarios and pitfalls, offering a clear operating model for shared IT/OT responsibility without collapsing the boundary between them.
MM: Looking toward 2026 and beyond, if a company successfully adopts the OT-SOC framework outlined in this paper, how does that move them from a “defensive crouch” to a position where security becomes a competitive advantage for their uptime and reliability?
AR: When OT security becomes operational, not ad hoc, you move from “hoping nothing happens” to running reliability as a discipline. The OT-SOC framework is aimed at creating repeatable routines: clearer ownership across IT and OT, better prioritization during the precursor window, and response motions that are rehearsed instead of invented mid-incident. Over time, that improves confidence in uptime: fewer surprises, faster containment, and less disruption when something does break through. For executives, that’s where security becomes advantage—not as a marketing claim, but as measurable performance: more predictable operations, reduced downtime risk, and higher resilience in the face of inevitable intrusion attempts.
UNIT42 THREAT BULLETIN