Josys Launches Three Industry-First Features to Strengthen Ransomware Defense

Josys, Inc. (Headquarters: Minato-ku, Tokyo; CEO: Yasusuke Matsumoto, hereinafter 'Josys'), a provider of identity security infrastructure, has launched three new, industry-first (*2) features for its 'Josys' platform to strengthen defense against cyberattacks such as ransomware (*1).

The first feature, 'Leaked Credential Detection,' monitors and detects leaked credentials originating from sources such as the dark web (*3). The second, 'AI Agent Detection and Management,' automatically discovers AI agents operating within the company and manages their permissions and credentials. The third, 'AI-Automated Policy Execution,' allows AI to detect risks based on established policies and automatically rectify them.

These features belong to the 'Identity Security' (*4) domain, which integrates the management and defense of all identity credentials across humans, AI, and systems, including employee accounts, AI agents, and service accounts.

*1 Ransomware: A cyberattack technique that encrypts devices or files, rendering them unusable, and demands a ransom for restoration.
*2 Both features are the first of their kind for a Japanese company (based on company research).
*3 Dark Web: An area of the internet inaccessible via standard search engines, known for high anonymity and used as a marketplace for leaked credentials and personal information.
*4 Identity: Refers to authentication information, including IDs and passwords used to log into services.

Background of Development

Since 2022, Josys has provided the SaaS integration management platform 'Josys,' supporting SaaS management for over 1,000 companies globally. Since 2025, there has been a surge in consultations regarding cybersecurity, with companies expressing desires to understand credential leakage status, prevent ransomware attacks, and monitor AI agent usage. This backdrop involves large-scale ransomware attacks targeting major Japanese corporations. Current attacks are characterized not by exploiting vulnerabilities, but by logging in as legitimate users using credentials stolen by information-stealing malware known as 'InfoStealers' (*5), causing corporate security to shift from 'Network Defense' to 'Identity Defense.'

This expansion of features realizes 'Identity Defense' that protects all credentials. Moving forward, Josys aims to expand into an 'Identity Security Infrastructure' that integrates AI agent identity management and autonomous security operations, striving to 'protect all credentials with AI.' Furthermore, the company aims for adoption by over 50% of Nikkei 225 companies within three years, promoting an environment where Japanese companies can conduct business with peace of mind.

Changes Surrounding Ransomware Attacks

In recent years, ransomware attack techniques have changed significantly. In addition to traditional 'attacks entering by exploiting system vulnerabilities,' 'attacks logging in as legitimate users using stolen real IDs and passwords' are expanding. For example, the 2025 attack on Askul was exacerbated by unauthorized logins using leaked credentials.

This is driven by the expansion of 'InfoStealers.' Infections on employees' personal PCs or contractor terminals lead to stolen credentials and cookies, causing unauthorized access that bypasses MFA (Multi-Factor Authentication).

In response, companies are required to strengthen identity security to 'protect all credentials comprehensively.' Cybersecurity is also gaining importance from an economic security perspective, as evidenced by the Ministry of Economy, Trade and Industry's publication of the 'SCS Evaluation System' (*6) and its designation as one of the 17 strategic fields by the Takaichi administration.

Challenges for Information Systems Departments

Identities to be managed within companies are increasing rapidly. Because identities other than humans, such as AI agents and service accounts, are increasing in addition to employee accounts, cases are arising where information systems departments cannot grasp 'who (or what) is accessing which data.'

Furthermore, credential leakage and malware infections occur outside of enterprise management, such as on employees' personal PCs or contractor terminals, leading to company identities circulating on the dark web. Meanwhile, the shortage of security personnel is becoming severe, making it difficult to respond quickly to the increasing number of alerts and complex privilege management.