Zoho Launches Zia LLM and Deepens AI Portfolio with Prebuilt Agents, Custom Agent Builder, MCP, and Marketplace

Posted in Commentary with tags on July 17, 2025 by itnerd

 Zoho Corporation today announced additional investments and offerings in AI, including Zia LLM, a proprietary large language model; Zia Agents, with 25+ ready-to-deploy AI-powered agents available in Agent MarketplaceZia Agent Studio, a no-code agent builder; and a model context protocol (MCP) server to open up Zoho’s vast library of actions to third-party agents. These capabilities and investments are designed to help organizations fully realize and maximize the value of contextual, assistive and agentic AI technology. Immediately impacting daily workflows for diverse roles and use cases, Zoho’s latest AI developments deliver operational and financial efficiencies across entire organizations.

Zia LLM, Built from the Ground Up and Optimized for Business

Zoho has successfully launched its own large language model, Zia LLM, built completely in-house by leveraging NVIDIA’s AI accelerated computing platform. Trained with Zoho product use cases in mind—ranging from structured data extraction, summarization, RAG, and code generation—Zia LLM is comprised of three models with 1.3 billion, 2.6 billion and 7 billion parameters, each separately trained and optimized for contextual applicability that benchmark competitively against comparable open source models in the market. The three models allow Zoho to always optimize the right model for the right user context, striking the proper balance between power and resource management. This focus on right-sizing the model is an ongoing development strategy for Zoho.  

In addition to Zia LLM, Zoho is announcing two proprietary Automatic Speech Recognition (ASR) models for speech-to-text conversion for both English and Hindi. Optimized to perform on a low computer load without compromising on accuracy, the models benchmark up to 75% better than comparable models across standard tests. Language support for additional languages will be coming in the future. 

While Zoho supports many LLM integrations for users, including ChatGPT, Llama, and DeepSeek, Zia LLM continues Zoho’s commitment to data privacy by allowing customers to keep their data on Zoho servers, leveraging the latest AI capabilities without sending their data to AI cloud providers.

Zia LLM will be deployed across Zoho’s data centers in the US, India, and Europe. The model is currently testing for internal use cases across Zoho’s broad app portfolio, and will be available for customer use in coming months. 

Effective Native AI Agents Ready for Use

To enable immediate adoption of agentic technology, Zoho has developed a roster of AI agents contextually baked right into its products. These agents can be used across various business activities, handling relevant actions based on real-life organizational roles (including sales development, customer support, and account management).

Agents available today include: 

  1. New Version of Ask Zia : The latest version of Zoho’s platform-wide conversational AI assistant, Ask Zia‘s new BI skills are tailored to data engineers, analysts, and data scientists, yet supports any user within an organization. Ask Zia is now equipped with capabilities that directly address the unique pain points faced by each persona, whether it’s building end-to-end data pipelines for engineers, analyzing data, creating reports and dashboards in an interactive conversation mode for analysts, or helping to jump start building ML models for data scientists.
  2. Customer Service Agent: With the ability to process incoming customer requests, understand the context behind them, and either answer them directly or triage them to a human rep, the Customer Service Agent for Zoho Deskprovides an efficient yet reliable first line of assistance, paving the way for quicker responses and resolutions.  

AI Agent Studio and Marketplace

First announced earlier in 2025, Zoho has further simplified the Zia Agent Studio experience to be fully prompt-based (with the option to use low-code) and include ready-made access to over 700 actions across Zoho’s products. Agents built by users can be deployed autonomously, triggered through button clicks or rule-based automation, or summoned within customer conversations.

At the time of deployment, an agent can also be provisioned as a digital employee. Digital Employees respect defined user access permissions, maintaining the same permissions structures already defined within the organization. Admins are able to perform behavioural audits as well as performance and impact analyses on Digital Employees, ensuring that every agent is working as effectively as possible and within clear guardrails.

Zoho Marketplace, which supplies over 2500 reliable extensions and integrations for Zoho users, now houses the Agent Marketplace, a dedicated section for AI agents that can be deployed by customers quickly. Ecosystem partners, ISVs, and individual developers will soon be able to create agents and host them on the Zia Agents Marketplace, further simplifying the adoption of agentic technology by organizations. 

Some pre-built agents created with Zia Agent Studio (and available on the Zia Agent Marketplace) are:

1. Revenue Growth Specialist: Uncovers opportunities for upsell and cross-sell across existing customers, recommending the best marketing approach for each customer.

2. Deal Analyzer: Analyze deals and provide insights such as win probability, next best action, and follow-up suggestions.

3. Candidate Screener: Intelligently identifies and ranks the most suitable candidates for a specific job opening based on role requirements, skills, experience, and other key attributes.

Zoho will continue to add more pre-built agents to the Agent Marketplace over time to cover several valuable core and utility use cases across various business functions. The full list of available agents can be found under Additional Documentation.

With over 55 applications across one ecosystem, users can build agents to meet their organization’s every need, no matter how specific. With Zia Agent Studio, Zoho users have access to the same tools as Zoho’s developers, ensuring that any agent a customer dreams of can be created with ease. 

Interoperability with MCP

Zoho has adopted the model context protocol (MCP), offering its own MCP server with a rich action library across several applications, allowing any MCP client to tap into data and actions from various Zoho apps while respecting the customer’s defined permission structures.

Zoho’s MCP server has a library of actions from more than 15 Zoho applications exposed during Early Access. With Zoho Flow, third-party tools are also exposed. Additional Zoho applications will be onboarded in the coming months. Furthermore,, Zoho Analytics now offers support for a local MCP server. 

Roadmap

In the short term, Zoho will regularly scale Zia LLM’s model sizes, starting with the first of several planned parameter increases by the end of 2025. Future planned releases include expanding the available languages used by the speech-to-text model, beginning with languages spoken primarily across Europe and India, as well as the introduction of a reasoning language model (RLM).

Additional skills will be added to Ask Zia, allowing it to act as an assistant to Finance teams and Customer Support teams, with more skills added in the future.

Support for the Agent2Agent (A2A) protocol will be implemented, allowing for Zia Agents to interact and collaborate with each other, as well as collaborate with agents on other platforms.

Additional Documentation
Zia Agents Marketplace – Full list of available agents at launch

Availability and Pricing

Zia LLM will be available to Zoho customers in the coming months. Zia Agents, Zia Agent Studio, Agent Marketplace, and Zoho MCP Server are being rolled out to customers who are currently on the early access waiting list. General availability for these offerings is expected towards the end of 2025. Zoho expects to study the usage patterns of these customers across use cases, industries, geographical regions, and sizes during this early access phase. A pricing structure for these offerings can be expected at the time of general availability.  

Leave a comment »

Saviynt Announces Availability of Saviynt MCP Server in the New AWS Marketplace AI Agents and Tools Category

Posted in Commentary with tags on July 16, 2025 by itnerd

Saviynt, a leading provider of identity security solutions, today announced the availability of Saviynt MCP Server in the new AI Agents and Tools category of AWS Marketplace. Customers can now use AWS Marketplace to easily discover, buy, and deploy AI agents solutions, including Saviynt MCP Server using their AWS accounts, accelerating AI agent and agentic workflow development.

Saviynt MCP Server helps organizations extend the capabilities of Saviynt Identity Cloud by empowering customers to turn natural language prompts into precise identity actions—such as retrieving and analyzing access patterns, evaluating cross-application access, and initiating governance workflows including access approvals and revocations.

Saviynt MCP Server delivers essential capabilities including unified identity visibility that instantly visualizes access across cloud, hybrid and on-premises environments. With context-rich governance powered by MCP-based queries, organizations can link access to policies, approvals, and usage. Its AI-ready integration streamlines automation and accelerates compliance through seamless workflow orchestration.

With the availability of AI Agents and Tools in AWS Marketplace, customers can significantly accelerate their procurement process to drive AI innovation, reducing the time needed for vendor evaluations and complex negotiations. With centralized purchasing using AWS accounts, customers maintain visibility and control over licensing, payments, and access through AWS.

Available as a SaaS solution, Saviynt MCP Server leverages Model Context Protocol (MCP) to power intelligent agent interactions—bringing full-spectrum access visibility and automated governance to the forefront of AI-powered enterprises.

To learn more about Saviynt MCP Server in AWS Marketplace, visit the website. To learn more about the new AI Agents and Tools category in AWS Marketplace, visit https://aws.amazon.com/marketplace/solutions/ai-agents-and-tools/.

Leave a comment »

Adoption Agency Data Breach Exposed 1M+ Records

Posted in Commentary with tags on July 16, 2025 by itnerd

Cybersecurity researcher Jeremiah Fowler discovered and reported to WebsitePlanet a non-password protected database belonging to the Gladney Center for Adoption a Texas-based organization providing adoption and family services.

What happened:
The database containing 1,115,061 records and totaling 2.49 GB was found accessible to anyone with an internet connection. The data includes sensitive PII of children, adoptive parents, and internal employees, along with case notes, applications, decisions related to adoption cases and more.

Why it matters:
This kind of exposure raises serious privacy concerns, as the information could be exploited to run phishing scams, commit identity theft, impersonate agency staff, and more.

You can find the full report here: https://www.websiteplanet.com/news/gladney-breach-report/

Leave a comment »

KnowBe4 Wins 2025 Top Workplaces Industry Award

Posted in Commentary with tags on July 16, 2025 by itnerd

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, announced today that it is a 2025 Top Workplaces Industry winner. This recognition comes from Energage, a purpose-driven organization that develops solutions to build and brand Top Workplaces. The Top Workplaces program has a 17-year history of surveying and celebrating organizations nationally and across 60 regional markets. Top Workplaces Industry awards celebrate organizations that have built people-first workplace cultures within their sector. 

The award marks the winners as an employer of choice for those seeking employment in the industry. Top Workplaces awards are based on feedback from a research-backed employee engagement survey. Details about how KnowBe4 builds a great workplace culture are available on Top Workplaces.

To see open positions at KnowBe4, visit www.knowbe4.com/careers

Leave a comment »

Salt Typhoon Hacked National Guard for Nearly a Year…. WTF??

Posted in Commentary with tags on July 16, 2025 by itnerd

It is being reported that Salt Typhoon, an elite Chinese cyberspy group, hacked at least one US state’s National Guard network for nearly a year, the Department of Defense has found. Rather than quote anything, click the link and read for yourself. It will blow your mind.

Ensar Seker, CISO at SOCRadar:

“The revelation that Salt Typhoon maintained access to a U.S. National Guard network for nearly a year is a serious escalation in the cyber domain. This isn’t just an opportunistic intrusion. It reflects deliberate, long-term espionage designed to quietly extract strategic intelligence. The group’s sustained presence suggests they were gathering more than just files, they were likely mapping infrastructure, monitoring communication flows, and identifying exploitable weak points for future use. What’s deeply concerning is that this activity went undetected for so long in a military environment. It raises questions about visibility gaps, segmentation policies, and detection capabilities in hybrid federal-state defense networks. It’s another reminder that advanced persistent threat actors like Salt Typhoon are not only targeting federal agencies but also state-level components where the security posture might be more varied.”

Erich Kron, Security Awareness Advocate at KnowBe4

“In a time where we are often fooled into thinking cybercrime means somebody telling us that we missed jury duty, or convincing our loved ones of a long-distance romantic relationship, we sometimes miss the fact that this is more than a game and is played at the nation state level. Cybercrime has real dangers for real people and real governments as well.”

“The Typhoon groups, several different alleged Chinese-backed cybercrime groups that carry the ‘Typhoon’ moniker as part of their name, have been known to be very stealthy and very effective. This is just another example of the trouble they can cause and danger that they pose. While this was at the state level with the National Guard, it still goes to demonstrate that even our military forces are at risk from these cybercrime groups. As we’ve seen in several recent conflicts, cyberattacks play a critical role in military actions, often being coordinated with boots-on-the-ground actions as well.”

“These criminal groups must be taken seriously, which means that everyone from senior government leadership to the average citizen, needs to be at least somewhat aware of the threats, how to spot them, and who to report them to. Whether it’s stealing money from individuals to fund other operations, or trying to cripple infrastructure through cyberattacks, these bad actors are a clear and present danger

The fact that this group was able to basically stroll into this environment, pitch a tent, start a campfire and stay there for an entire year is crazy. It really shows that organizations seriously need to try harder to keep the bad guys out. Because who knows what these threat actors were able to do with the access that they had.

Leave a comment »

Sage and Stripe help small businesses get paid faster with Tap to Pay

Posted in Commentary with tags on July 16, 2025 by itnerd

Sage has today announced the launch of Tap to Pay in Sage Accounting. The new feature, powered by Stripe, is available to Canadian customers and enables small businesses and sole traders to take in-person payments using only their mobile phone, via the Sage Accounting app.

Tap to Pay removes friction from how businesses get paid. It forms part of a smarter, connected experience in Sage Accounting, where tasks like creating invoices, taking payments, reconciling accounts and tracking cashflow happen more seamlessly. Combined with Sage Copilot, it helps business owners stay on top of their cashflow with less effort and more confidence. Tap to Pay brings together Stripe’s trusted payments infrastructure with Sage’s deep understanding of how small businesses work to solve a real and everyday challenge: slow and inconsistent cashflow.

Research from Good Business Pays highlights that businesses in the last year are reporting a 20% increase in average payment times – now exceeding 80 days. The knock-on impact can be significant. With Tap to Pay, payment is automatically applied to the invoice and reconciled in the customer’s accounts, removing the need for manual input, hardware like card readers and chasing for invoices.

What Tap to Pay means for Sage Accounting customers

With support across the two main mobile operating systems, small businesses now have the flexibility to take payments in the moment, using the devices they already own.

The new feature supports mobile businesses and sole traders by making it easier to get paid at the point of service. From independent tradespeople and fitness instructors to market stallholders and consultants, customers can now take payment on the spot, without having to follow up later.

It means that customers can:

  • Take payments anywhere using a mobile device
  • Accept contactless cards and digital wallets
  • Automatically reconcile payments in Sage Accounting
  • No need for additional card readers or payment terminals
  • Secure and compliant processing, powered by Stripe

Strengthening Sage’s partnership with Stripe

This marks the latest step in Sage’s partnership with Stripe, following last year’s announcement to embed payment capabilities across its small business solutions. With Tap to Pay, small businesses and sole traders can now accept contactless payments from cards or digital wallets directly via the Sage Accounting app.

To find out more about Sage Accounting and Tap to Pay visit here: https://www.sage.com/en-ca/sage-business-cloud/accounting/

Leave a comment »

Flashpoint releases “The Flashpoint Method for Threat-Informed Vulnerability Prioritization

Posted in Commentary with tags on July 16, 2025 by itnerd

This morning, minutes ago, threat intelligence firm Flashpoint released a new report titled “The Flashpoint Method for Threat-Informed Vulnerability Prioritization.”  

The guide provides security teams with the following: 

  1. A clear framework for assessing which vulnerabilities demand immediate attention and why.
  2. A checklist of key prioritization criteria based on real-world exploitation, business impact, and threat intelligence.
  3. Insights into how Flashpoint’s vulnerability intelligence platform and analyst expertise can help put threat-informed vulnerability management into action, at scale.

As organizations expand their digital footprints, the number of vulnerabilities discovered each year climbs, growing faster than the ability of most security teams to respond effectively. With more than 31% of vulnerabilities rated high or critical using CVSSv3, and exploit code publicly available for nearly 42% of all disclosures, teams that rely solely on severity scores realize that it is no longer enough. 

This guide offers a smarter, data-driven approach that helps security teams focus on the vulnerabilities that pose the greatest real-world risk to their specific organizations. Backed by Flashpoint’s proprietary intelligence, this method moves beyond static scoring to incorporate exploit activity, threat actor behavior, business context, and more – so you can cut through the noise and take decisive action faster. 

There will be a two-part blog series as part of the release with the first blog post live at this link.

Leave a comment »

iOS Fitness app Fitify exposes 138K user private photos 

Posted in Commentary with tags on July 16, 2025 by itnerd

The Cybernews research team has uncovered data leak involving Fitify, a popular fitness app with over 25 million installs globally. Researchers discovered that 373,000 sensitive user files — including 138,000 progress photos — were stored in a publicly accessible Google Cloud bucket — with no password protection or encryption at rest, meaning anyone could access them.

Among the leaked files were:

  • 206,000 user profile photos
  • 138,000 progress pictures uploaded by users to track fitness changes
  • 13,000 AI coach message attachments, which may include images or text
  • 6,000 body scan files, including photos and AI-generated metadata (e.g., lean mass, body fat, posture)

Key research highlights 

  • Many of the exposed photos were semi-nude body scans, captured by users trying to document weight loss or muscle growth.
  • Fitify promises encryption in transit, but the lack of basic access controls poses serious privacy risks.
  • Researchers also found hardcoded secrets embedded in the app’s code — including Google API and Client IDs, Firebase database URLs, Facebook tokens, and even an Algolia API key, which wasn’t disclosed in the privacy policy.
  • These exposed credentials could let attackers access backend infrastructure, impersonate users, or inject malicious content.

To read the full research report and see samples of screenshots, please click here.

Leave a comment »

EnGenius Announces Affordable ECW520 Access Point

Posted in Commentary with tags on July 16, 2025 by itnerd

EnGenius Technologies is pleased to announce the release of the ECW520, the latest addition to its Wi-Fi 7 portfolio. Engineered to provide enterprise-grade wireless performance at a highly cost-effective price point, the ECW520 is designed to empower small and medium-sized businesses (SMBs) with next-generation connectivity—without the traditional enterprise cost.

EnGenius ECW520: High-Performance Wi-Fi 7, Optimized for SMBs

Powered by the Qualcomm® Networking Pro 1220 Wi-Fi 7 platform, the ECW520 delivers robust tri-band 2x2x2 performance with combined throughput capabilities of up to 10.8 Gbps. At an MSRP of $189, the ECW520 redefines value in the wireless networking space, offering a professional-grade solution for IT professionals, managed service providers (MSPs), and integrators seeking high-capacity, reliable connectivity for SMB deployments.

The ECW520 is equipped with essential features including:

  • License-free EnGenius Cloud management for centralized visibility and control.
  • Mobile-first provisioning via the EnGenius Cloud To-Go app.
  • Advanced security protocols with WPA3 Enterprise support.
  • An industry-leading 5-year warranty that underscores long-term reliability.

Strategic Affordability Meets Technical Excellence

ECW520 incorporates the latest Wi-Fi 7 innovations, including:

  • 320 MHz and 240 MHz channel widths4096-QAM, and Multi-Link Operation (MLO) to enhance throughput, reduce latency, and improve spectrum efficiency.
  • Multi-RU puncturing to optimize channel utilization in congested environments.
  • 2.5 Gigabit Ethernet interface with PoE+ support and a maximum power consumption of just 21W, ensuring compatibility with existing infrastructure.
  • Backward compatibility with legacy Wi-Fi standards, simplifying transitions from older networks.

This combination of technical sophistication and affordability makes the ECW520 an ideal solution for high-density environments such as multi-family, educational institutions, hospitality, and professional office settings.

Operational Efficiency Through Cloud-Driven Simplicity

Through integration with the EnGenius Cloud platform, the ECW520 enables IT teams to monitor, configure, and troubleshoot networks remotely and at scale—without ongoing licensing fees. Its zero-touch provisioning and intuitive interface significantly reduce deployment time and operational complexity.

Key Benefits at a Glance

  • Cost-Effective Enterprise Performance: Brings Wi-Fi 7 to SMBs at a disruptive price point.
  • Comprehensive Cloud Management: Remote visibility, control, and automation from anywhere.
  • Streamlined Deployment: Quick setup via Cloud To-Go app in under five minutes.
  • Secure and Scalable: WPA3 Enterprise Encryption, multi-AP cloud scalability.
  • Installation Flexibility: Includes click-and-twist mounting system and Kensington lock slot.
  • Extended Product Assurance: Backed by a limited 5-year warranty.

Availability

The ECW520 will be available from EnGenius authorized resellers and distribution partners by the end of July. For additional product specifications and purchasing information, visit:
https://www.engeniustech.com/high-performance-wifi7.html

Leave a comment »

A New And Dangerous #Scam That Uses The Names Of Rogers & The CRTC To Further The Scam Is Making The Rounds

Posted in Commentary with tags , on July 16, 2025 by itnerd

It appears that a new scam involving Rogers is making the rounds. And it uses the CRTC to get you to fall for the scam. Here’s the scam:

  • You get a phone call from a number that starts with 416-935-xxxx
  • When you pick up the phone, the scammer will claim to be someone from Rogers calling on behalf of the CRTC.
  • They will have some basic information about you or a relative, and claim that a suspicious SIM activation has been traced back to you or a relative.

Now the person who got this call hung up as they clued in that it was a scam. Thus I do not know what their endgame was. But here’s some random thoughts based on what was told to me.

First of all, the CRTC has nothing to do with investigating “suspicious” SIM activations. In fact they don’t really investigate much at all. If you want to see what the mandate of the CRTC is, click this link. But what the scammers are counting on is that you don’t know what the CRTC actually does and fall for the scam.

Second, the scammers are spoofing a phone number that starts with 416-935-xxxx. Why is that important? Using a random number may result in someone either not answering the call, or hanging up very quickly. But by using 416-935-xxxx make the call appear to come from Rogers because that is the local phone number of Rogers HQ in downtown Toronto. And more importantly it will appear in a Google search. Meaning that they are counting on the fact that at worst, you will Google the number, see that it comes back to Rogers, and be more likely to fall for the scam. Assuming that you don’t recognize the number immediately and just get sucked into the scam as a result.

Third, the fact that the scammers have some basic information about you implies that that this is a targeted attack via customer data belonging to Rogers making its way into the hands of scammers. I’ve personally experienced something like this before. And what it tells me is that Rogers really needs to investigate the handling of their customer data as this is the second time that I have seen scammers utilize Rogers customer data to try and scam their customers.

This is really dangerous as I can see people easily falling for this scam. As I said earlier, I don’t know what the endgame of these scammers is, but it can’t be good for you. Thus if you get a call that fits this description, your best course of action is to hang up and move on with your life.

Leave a comment »

« Older Entries
Newer Entries »