https://itnerd.blog/2026/03/30/the-eu-gets-pwned-by-shinyhunters/
Bonfy mention:
UPDATE: Gidi Cohen, CEO & Co-founder, Bonfy.AI had this to say:
“Modern incidents like the European Commission’s cloud breach are less about a single misconfigured account and more about sprawling unstructured content moving across websites, SaaS apps, storage buckets, AI systems, and agents without unified, context‑aware governance. Cloud security posture management and traditional DLP/DSPM remain necessary, but they are no longer sufficient on their own; without adaptive content controls that understand the people, customers, and citizens behind the data, organizations will continue to be surprised by where sensitive information surfaces when a breach hits.
What matters now is not just where data lives but how it flows: public platforms and “content systems” quietly accumulate regulated and entity‑specific data in logs, backups, CMSes, and object stores, while AI and automation continuously read from and write to those same stores, creating a dense web of human, system, and agent access paths that legacy tools do not see end to end. In that environment, a cloud compromise becomes a test of whether an organization can quickly answer the only questions regulators and boards truly care about, whose data was exposed, through which systems, and how far it has already propagated.”