Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Independence is the moat

Why the independent layer keeps winning as the models get better, not despite them. This series has been building to one question, and it is the objection every honest reader has been holding since the first piece. If the frontier models keep getting better this fast, why does an independent security layer keep winning? Why not wait for the model that writes safe code and verifies its own work?

Dependency management tools: Key features and 6 tools to know in 2026

Dependency management tools are software solutions designed to automate and streamline the process of handling external libraries, modules, or packages that a project relies on. These tools help developers specify, install, update, and track dependencies, ensuring that all required components are present and compatible.

Why Project Glasswing Changes the Rules of AppSec

The old application security playbook is broken. With Anthropic’s Claude Mythos and the release of Project Glasswing, AI agents can now autonomously chain low-severity bugs into working zero-day exploits, collapsing the time between vulnerability discovery and active exploitation. In this video, Mend.io's Saoirse Hinksmon (Head of Product Marketing) and Daniel Wyrzykowski (Product Manager) break down the structural shifts in the threat landscape and what security teams must do to keep pace.

The ECB just gave banks four months to fix AI vulnerability gaps. Most of the work starts in the software supply chain.

On July 7, 2026, the European Central Bank sent a letter to the CEO of every bank it directly supervises with an unambiguous instruction: build a formal action plan against AI-enabled cyberattacks, and submit it to your supervisory team by October 31.

Best AI Governance Platforms for Enterprises: Top 6 in 2026

AI governance platforms provide enterprises with centralized oversight to manage AI risks, ensure regulatory compliance, and automate policy enforcement across the AI lifecycle. Leading solutions include security-oriented tools like Mend.io, HiddenLayer, and Prompt Security, as well as end-to-end governance platforms like IBM watsonx.governance and Microsoft Purview.

9-Step AI Governance Implementation Strategy and the Solutions to Know

TL;DR: AI governance solutions help organizations inventory, secure, and monitor AI systems. Best for AI security and shadow AI: Mend AI; enterprise risk and compliance: Credo AI and IBM watsonx.governance; model monitoring: Fiddler AI. Effective AI governance implementation involves establishing a cross-functional committee, compiling an AI bill of materials (AI-BOM) to identify risks, and implementing policies based on frameworks like NIST AI RMF.

Evaluating AI Security Posture Management Tools: 7 Key Criteria

Evaluating AI Security Posture Management (AI-SPM) tools is a critical process for organizations integrating AI, specifically Generative AI (GenAI) and Large Language Models (LLMs), into their workflows. Unlike traditional security tools, AI-SPM focuses on the unique risks of AI, including Shadow AI, prompt injection, data poisoning, model theft, and improper model configuration. When assessing AI-SPM tools, security leaders should prioritize the following capabilities.

RubyGems supply chain attack: malware used as a credential exfiltration dead drop

Package registries have a well-known abuse pattern: attackers upload malicious packages, and unsuspecting developers install them. Our researchers just found the pattern working in reverse, in a RubyGems supply chain attack that turns the registry into a place to stash stolen data rather than deliver it.