Posts by Patrick Spencer

Patrick Spencer, Senior Vice President, Americas Marketing & Industry Research, Kiteworks

Patrick is charged with building thought leadership and communications programs that increase brand awareness and engagement and propel lead-generation programs. He has nearly two decades of experience in various senior marketing roles within cybersecurity at Contrast Security, Fortinet, and Symantec.

He holds a doctorate from the University of Durham and two masters and a bachelor’s degree from Abilene Christian University.

Lockdown Mode Confirms Threat, Not Governance

OpenAI Lockdown Mode Is a Warning, Not a Solution

by Patrick Spencer June 10, 2026June 10, 2026 | Cybersecurity Risk Management

When OpenAI announced the general rollout of Lockdown Mode for ChatGPT in June 2026, the more consequential read is organizational. OpenAI has concluded that prompt injection-driven data exfiltration is a...

Seven AI Agent Attack Vectors Exposed

Microsoft Named 7 Ways Your AI Agents Can Be Hacked. One Is Already Happening in Production.

by Patrick Spencer June 8, 2026June 8, 2026 | Cybersecurity Risk Management

At Microsoft Build 2026, the security research team extended its existing AI agent threat taxonomy with seven new categories reflecting what adversaries are doing — and what defenders are missing...

Defending AI Agents from Memory Poisoning Attacks

OWASP Agent Memory Guard: Stop AI Agents from Being Weaponized Through Their Own Memory

by Patrick Spencer June 5, 2026June 5, 2026 | Cybersecurity Risk Management

AI agent memory poisoning exploits the fact that agents are stateful. Unlike a traditional API call that processes input and returns output without remembering anything, an agent maintains persistent state...

npm Package Silently Steals Codex Authentication Tokens

OpenAI Codex Authentication Tokens Stolen in npm Supply Chain Attack

by Patrick Spencer June 5, 2026June 5, 2026 | Cybersecurity Risk Management

Supply chain risk has traditionally focused on software dependencies that introduce vulnerabilities into compiled products — the type of compromise represented by SolarWinds and XZ Utils. The Codex token theft...

AI Agents Security: Closing the Widening Governance Gap

92% of Security Professionals Are Worried About AI Agents. The Data Shows Why.

by Patrick Spencer June 5, 2026June 5, 2026 | Cybersecurity Risk Management

Traditional security models assume human actors making deliberate choices. An employee decides to share a file, send an email, or access a system, and security controls intercept, log, or block...

AI Model Weights: The Overlooked Supply Chain Risk

BadBone and the AI Supply Chain: When the Model Itself Is the Risk

by Patrick Spencer June 5, 2026June 5, 2026 | Cybersecurity Risk Management

For three years, the enterprise security conversation about AI has focused almost entirely on what AI agents do with data once they are running. BadBone refocuses that conversation on something...

Securing AI Coding Tools from TrapDoor Supply Chain Attacks

AI Coding Tools Are Now a Supply Chain Attack Surface

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

Every developer on your team is collaborating with an AI. GitHub Copilot, Cursor, Claude — they sit inside the IDE, read project context, and suggest code. That’s the productivity story....

AI Governance Requires Controls, Not Just Logs

Monitoring AI Behavior Is Not the Same as Governing It

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

Anthropic made a significant announcement this week. Claude Enterprise now integrates with 28 security and compliance partners through the new Claude Compliance API, giving enterprise security teams programmatic access to...

Non-Human Identity Governance Reduces Breach Damage in Zero Trust

Authentication Gets You In. Governance Determines the Damage.

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

Seventy-one percent. That’s the share of enterprises that experienced an identity-related breach in 2025 according to new Sophos research. More than two-thirds of organizations had their identity systems compromised in...

AI Agents and the Lethal Trifecta Risk

AI Agent Security: The Lethal Trifecta Explained

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

In early 2026, security researchers found more than 900 AI agent gateways exposed on the public internet with no authentication — API keys, OAuth tokens, and full conversation histories stored...

AI Sandbox Bypasses Expose Data-Layer Control Gaps

When the Guardrail Fails: AI Coding Tools and the Data-Layer Question

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

There was no press conference. No breach notification letter. A flaw in a widely used AI coding assistant — one that researchers say could be chained with prompt injection to...

AI's Dual Impact on Cybersecurity Defenses

The AI Security Paradox: Same Technology, Opposite Verdicts

by Patrick Spencer May 29, 2026May 29, 2026 | Cybersecurity Risk Management

In a survey of 16,029 cybersecurity professionals by ISC2, AI was named the emerging technology with the greatest positive impact on security — and simultaneously the technology with by far...

Pre-Auth RCE Exposes RAG Data Vulnerabilities

When Your Vector Database Hands Out Pre-Auth RCE, RAG Has a Data-Layer Problem

by Patrick Spencer May 29, 2026May 29, 2026 | Cybersecurity Risk Management

On May 18, 2026, HiddenLayer published research on ChromaToast — formally CVE-2026-45829. CVSS score: 10.0. Attack vector: network. Privileges required: none. User interaction: none. The flaw lives in the ChromaDB...

Explore Kiteworks