Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your CNAPP flags a misconfigured service account. Your CSPM warns about an overly permissive IAM role. Your container scanner reports vulnerabilities in a model-serving image. But none of these tools can tell you that an AI agent just called an internal admin API it has never touched before — or that a prompt injection caused your LLM to leak customer data through a RAG connector.

Your SOC gets three alerts in quick succession: an unusual outbound connection from a container, a file read on a Kubernetes service account token, and a process spawn that doesn’t match the workload’s baseline. Three different tools, three separate dashboards, three tickets.

Two new features this week, both pushing in the same direction: make certificate lifetimes someone else’s problem.

OAuth and OpenID Connect are the backbone of modern cloud-native identity and access management. From SaaS platforms and internal APIs to Kubernetes microservices, these protocols are responsible for verifying who is allowed to access what. When a vulnerability appears in a widely used authentication library, the impact can cascade across entire application ecosystems.

Today, we’re launching System Prompt Hardening, Mend.io’s new capability that defends the hidden instructions that control how your AI systems behave. Unlike user-facing prompts, system prompts live behind the scenes, and when attackers manipulate them, the result can be data leaks, policy bypasses, or unsafe model behavior. System prompt hardening stops those attacks at the source and gives security, engineering, and risk teams a practical, auditable way to secure AI in production.

Why do traditional intrusion detection systems fail in Kubernetes? Legacy IDS tools were built for static servers with fixed IPs and clear network perimeters—Kubernetes breaks all of those assumptions. Ephemeral pods, east-west traffic, encrypted service mesh communication, and dynamic IP addresses make perimeter-focused, signature-based detection effectively blind inside clusters.

Why do 3,000 CVEs not mean 3,000 real problems? Most vulnerability scanners flag every CVE in your container images without checking whether the vulnerable code is actually loaded and executed at runtime. Only 2–5% of alerts typically require action, which means your team is likely spending days triaging theoretical risks while genuinely exploitable vulnerabilities stay buried.