Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How to Use AI for Vulnerability Management

With over 48,000 CVEs published in 2025 and attackers weaponizing vulnerabilities in as little as 20 hours, traditional vulnerability management is no longer enough. This post breaks down the key findings from the SANS whitepaper The Exposure Gap: From Vulnerability Management to AI-Driven Control, and what it means for security teams trying to get ahead of risk. In 2025, over 48,000 CVEs were published. That’s roughly 130 new vulnerabilities every single day.

How to Setup AI Rules, Skills, Hooks and MCPs

In this video, we break down how to properly set up and use AI extension points - specifically MCP (Model Context Protocol) servers, Rules, Skills, and Hooks - to supercharge your development workflow. Using practical, security-flavored examples with Claude Code and Snyk, you'll learn how to configure a local project environment that automatically catches vulnerabilities before they ever hit your codebase. Whether you use the Claude CLI, VS Code extensions, or alternate AI ecosystems like Cursor or Gemini, you can use these exact steps as a blueprint to automate any workflow in your project.

5 Agentic AI Security Use Cases Every Security Leader Must Know in 2026

A human employee who wants to delete a customer record, issue a refund, or push a config change has to ask, click, and confirm. An AI agent doing the same thing can plan, decide, and execute the action in one pass, often through a tool it picked itself, in a sequence no one explicitly approved. That shift, from systems that respond to systems that act, is why most application security stacks fall short the moment agentic AI enters the picture.

AI changed what you ship. It also changed what you have to secure.

Two years ago, your teams shipped software. Today they ship two different things. They ship software that AI mostly wrote. And they ship AI systems they built themselves: models, agents, features that reason and act. Most security programs are still scoped for the first and blind to the second. That gap is not a tooling problem. It is a category problem. And the way the industry is drawing the categories is making it worse.

Securing ChatGPT, Copilot, and Gemini: A Practical Guide for Enterprise Security Teams

ChatGPT, Copilot, and Gemini are already part of daily work in many companies. People use them to draft text, summarize notes, review code, and move faster on routine tasks. That speed is useful, but it also opens a new path for data to move in ways security teams may not see at first. This guide looks at the most common risks, the controls that matter, and the simple steps that help teams keep AI use safe without slowing work down. It is built for people who need clear answers, not a pile of jargon.

Why PDF-to-Video Conversion Is Becoming Standard Practice in Compliance and Risk Teams

Most compliance documents don't get read. Risk managers and compliance officers know this - the annual policy updates, the security awareness reminders, the regulatory change summaries that go out as PDFs and are opened by 12% of the organization. The people who most need to understand the content are exactly the ones who find dense text formats least accessible. This isn't a motivation problem. It's a format problem. And PDF to video conversion is one of the more practical solutions that's gained traction in risk and compliance teams over the past two years.

Top Continuous API Discovery Tools for 2026 (Enterprise SaaS & AI-First Apps)

Not all API discovery tools solve the same problem. Some help teams discover APIs once. Others help maintain a live inventory as APIs change across cloud services, microservices, third-party integrations, and increasingly, AI-driven applications. That is where continuous API discovery stands apart. In this guide, we compare the top platforms using shared capability tags instead of forcing each tool into a single “best for” category.

How to Manage AI Agent Access Control

AI agent access control is about governing what autonomous software agents are allowed to do and access across your cloud infrastructure, data systems, and internal tools at runtime. It’s about identity ownership and action-level authorization, so your AI agents operate within tightly scoped, time-bound, and policy-enforced permissions that you can keep track of.

ChatGPhish: When AI Assistants Become the Phishing Surface

You can no longer blindly bank on the security boundary you trusted most, and no one is talking about it enough. For years, phishing took a familiar form, such as emails, URLs, and login pages. ChatGPhish breaks that stereotype, though. Permiso Security’s Andi Ahmeti disclosed this technique on 29 May 2026.