Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Move over, Mythos. Here comes... pretty much any other model with a good harness

Mythos doesn’t need to be treated as the biggest and baddest in the room. Don’t get me wrong. Depending on the benchmark you’re evaluating against, Mythos is among the top models available today, and generally the best at reasoning. But it’s not leaps and bounds ahead of the race. And when it comes to practical use cases, throwing a general model, even a cutting-edge frontier model, at a problem doesn’t get the best results. Nor is it scalable or cost-effective.

When Cosine Similarity Works Great, and When It Does Not

In my last post, I explained the math behind cosine similarity. Cosine similarity is a powerful search technique. When you are dealing with thousands or millions of chunks, it provides a fast, scalable way to find content conceptually similar to the user’s question. That is a major breakthrough. Without vector search, modern RAG would be much harder to build. But the mistake is pushing every retrieval problem into vector search. That is where practical retrieval starts breaking down.

MCP vs. Traditional API Security: Why Your Existing Controls Don't Protect MCP-Powered AI Agents

Traditional API security protects deterministic systems with known endpoints and explicit actions, while MCP-powered AI agents operate through inferred intent, dynamic tool chaining, and natural language interactions. This requires MCP-specific security controls such as tool governance, behavioral monitoring, and semantic anomaly detection.

What to Log for AI Agent Activity: The Minimum Viable Audit Trail

The first time a security team needs an AI agent audit trail is usually 72 hours after the agent has already done something it shouldn’t have. Detection fires. Someone pulls every relevant log from the SIEM (Kubernetes audit, container runtime, cloud audit) and three hours in realizes the events that actually matter were never written. Which prompt triggered the tool call. Which parameters the agent passed. Which output left the cluster.

AI-SPM Tools for Attack Detection: Where Posture Meets Runtime

Every AI-SPM tool runs posture and detection with a single arrow: runtime evidence flowing back to rank posture findings. The load-bearing direction runs the opposite way, and almost nothing runs it — posture flowing forward to tell the detection layer what an attack even looks like.

Secure Shadow AI at the Control Plane with Falcon for IT

CrowdStrike is introducing AI Discovery and Governance for CrowdStrike Falcon for IT, a new capability that helps organizations identify, assess, and govern AI technologies across enterprise environments. Enterprise IT infrastructure is the control plane for modern organizations. It determines how systems communicate, how identities authenticate, and how workloads execute across endpoints, servers, and clouds. This foundation supports the rapid implementation of AI across businesses.

Falcon for IT: Accelerating AI Discovery & Governance

As AI adoption accelerates, so does shadow AI. Without a complete inventory of AI tools, models, agents, and activity, organizations are exposed to unapproved usage, unmanaged access, and data risk, especially when AI activity happens locally, on endpoints, or outside traditional controls. In this video, you’ll see how Falcon for IT helps teams.

Reducing Time-to-Protect with Cato's Self-Evolving Vulnerability Protection Agent

TL;DR: In the age of frontier AI models, vulnerability discovery and exploit development are scaling faster than human defenders can manually respond. Security teams already face growing CVE volumes, shorter exploitation windows, and manual workflows for researching vulnerabilities, creating protections, validating them, and preparing them for deployment. As attackers weaponize vulnerabilities faster than organizations can patch them, time-to-protect is becoming a critical security metric.

Best AI governance tools and platforms in 2026

Most AI deployments run without formal controls over what data they can reach, what decisions they make, or how they behave in production, yet regulators now require answers to all three. AI governance tools address these risks across three distinct layers: model governance, data access governance, and observability. Most enterprises need coverage across more than one layer. AI governance has shifted from a voluntary best practice into a formal compliance requirement.