Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI Threat Modeling: A Practical Guide for Enterprise GenAI Security

Here is a number that should stop every CISO cold. Gartner projects that by 2028, 25% of enterprise GenAI applications will face five or more security incidents per year, nearly triple the 9% recorded in 2025. The acceleration is not slowing. Meanwhile, research by OpenText and the Ponemon Institute finds that 79% of organizations have not yet reached full AI maturity in cybersecurity, meaning most enterprises are deploying generative AI without the foundational controls needed to govern it.

Beyond Masking: The Challenge of Safe Data Reveal

You can build a masking demo in an afternoon. Run a regex for credit card patterns, swap the match for XXXX, and ship it. The demo works, the compliance slide says “no PII sent to the LLM,” and everyone moves on. That demo is fooling you by leaving things out. It works because the input is a) clean (card 4111 1111 1111 1111), b) because the only sensitive thing in it is a textbook PII pattern, and c) because nobody downstream ever needs to use the value again.

What the Black Hat NOC taught me about MCP & agentic SOCs (Chapter 2 of 4)

The first time an MCP (Model Context Protocol) server felt real to me, it wasn't because of a clean demo. It was because of the noise. TL;DR: The harness matters more than the protocol, and the evidence matters more than both. MCP earns its keep when it shortens the path from a good security question to trustworthy evidence, and almost everything interesting about making that work happens in the harness wrapped around the model. In this series, I will cover how to build an MCP for an AI SOC.

From days of training to three better rules in a minute

A few years ago, I was part of a team responding to a high-profile security incident. After the incident was resolved, I was given a list of NDR rules to add to my firewalls. The issue was that the rules were not made for Suricata, the IDS I was using in this position at that time, so they generated false positives. With all that extra noise, I made it my goal to eliminate that excess noise.

When AI Agents Call AWS, Who Does AWS Think They Are?

In Part 1, Your AI Agent Needs to Know Who You Are, we showed how Teleport JWTs give MCP tools a verified identity for every request. This post extends that pattern to AWS, specifically to Amazon Bedrock AgentCore, where the same identity gap exists but requires a different solution stack. You ask an AI agent to list your S3 buckets. The agent calls an MCP tool. The tool reaches out to AWS. However, CloudTrail records the action under something like agentcore-bot, but not your identity.

Certificate deployments just got an easy mode

The old deployment flow expected a lot from you. You had to know what format your certificate needed to be in. You had to know where it should be stored on the target system. Then you had to review and customize a deployment script in a code editor before anything ran. It turns out most of you don’t want to do that. And fair enough, staring at a script editor when you just want a certificate on your Exchange server is a little intimidating.

5 Common AI Governance Mistakes Enterprises Make

Enterprise AI adoption has outpaced enterprise AI governance. Seventy-eight percent of organizations now use AI in at least one business function, up from 55% the year before, and most of that adoption happened before governance teams finished drafting their first policy. The result is a familiar pattern: leadership approves a rollout, security builds guardrails around the tools it knows about, and sensitive data keeps moving through channels nobody mapped.

Hybrid Cloud Security: A CISO's Guide for 2026

A hybrid breach now costs an average of $5.05 million per incident, and that's 26% more expensive than breaches in traditional on-premises-only environments according to AppSecure's 2025 cloud security statistics. That number changes the conversation. Hybrid cloud security isn't a side project for infrastructure teams. It's a board-level risk issue with direct impact on resilience, audit readiness, and operating cost.

How to Prioritize Vulnerability Remediation Based on Validated Active Risk Exposure

Prioritizing based on exploitability scores alone no longer works. AI has made that signal too unreliable, turning vulnerability prioritization into a guessing game. True vulnerability triage requires more than a score: it needs exploit validation in your specific environment, clear ownership of the fix, and a defined remediation path. That’s exactly what Seemplicity’s AI Analysts deliver, so your team can respond to the right findings, fast.

Seeing Thousands of Real Incidents Means I Have No Choice But to Share What I Know

A few years ago, I was sitting across from a security leader at a large enterprise. They had just deployed their first wave of AI agents. When I asked how they were thinking about the security of it, they paused for a moment and then said something I haven’t forgotten. I felt that. Not just as a researcher, but as someone who had been in enough of those rooms to know it was not one person’s gap. It was the whole industry’s gap.