Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Featured Post

Anthropic and The Monster Outside the Fable

The reports surrounding Anthropic's Mythos 5 and Fable 5 have generated the usual reactions. Some see a necessary security measure and others see government overreach. Anthropic has disputed portions of the reporting and pushed back that the models represent an extraordinary threat. And now we're in a familiar grey area that is Anthropic models.

AI Pentesting for Compliance

For two decades, “penetration testing” has meant the same thing: once a year, you hire a firm, a human tester spends a week or two on your systems, and you get a PDF. Most compliance frameworks were written around exactly that ritual, a slow, manual, point-in-time engagement. Software doesn’t ship once a year anymore. It ships many times a day.

9-Step AI Governance Implementation Strategy and the Solutions to Know

TL;DR: AI governance solutions help organizations inventory, secure, and monitor AI systems. Best for AI security and shadow AI: Mend AI; enterprise risk and compliance: Credo AI and IBM watsonx.governance; model monitoring: Fiddler AI. Effective AI governance implementation involves establishing a cross-functional committee, compiling an AI bill of materials (AI-BOM) to identify risks, and implementing policies based on frameworks like NIST AI RMF.

What Is Network Security Assurance?

Every security leader has a version of the network in their head. They know which systems should be segmented, which applications should be reachable, which ports should never be open, and which access paths should not exist. They know how the architecture is supposed to work. The harder question is whether the live environment is actually enforcing that design right now. That question is getting more difficult to answer.

OWASP Top 10 for Agentic Applications 2026: What It Means for Enterprise AI Security

OWASP, the Open Worldwide Application Security Project, has published Top 10 lists for over two decades to help security teams prioritize the risks that matter most. The original OWASP Top 10 for web applications became the industry’s default checklist for application security. When large language models moved into production, OWASP followed with the Top 10 for LLM Applications, addressing risks like prompt injection and sensitive information disclosure in single-turn model responses.

It's the speed we're adopting it

AI! It's in everything, everywhere, all at once! It’s reading emails, summarising meetings, drafting documents, and writing code, and it’s no longer just giving us answers. We now also have agents that act on their own, access other systems, and make decisions with little to no human oversight. From a capability standpoint, it’s amazing.

Sleep Deprivation

Still sleeping on your AI app risk problem? Save yourself the insomnia-induced eye twitch. Without adopting a goat (you’ll understand once you watch this vid with @AlexisGay)... Vanta monitors all your vendors so you can track risky app usage. Even the AI apps that sneak past procurement. So don’t stress about who’s using AI apps and also has prod access. Just sleep well knowing you can review and approve every tool in one place.

The Five Eyes Just Said AI Is Breaking Every Assumption in Your Security Program

The Five Eyes just put a number on something most security teams haven't priced in: AI is shrinking the gap between "vulnerability" and "actively exploited" faster than patch cycles can keep up. Adrian Culley and Tova Dvorin explain why CVSS scores alone can't tell you what's actually reachable in your environment — and why attack path validation is becoming the only way to know.