Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

There’s a growing acceptance that AI is no longer optional in security. That battle is largely won. The more interesting question — and the one I keep getting asked — is what we actually believe AI should be responsible for, and where human authority must ultimately sit.

On 11th March, our CEO, Rory Innes, stood before the London Assembly’s Police and Crime Committee to represent a group of people who are too often overlooked: victims of digital fraud, cybercrime and online harm. In a session focused on how the Metropolitan Police Service’s Cyber Crime Unit is protecting Londoners from digital fraud, Rory made a direct and powerful case for why the current system is failing the public.

The evolution of cybersecurity challenges and the rapid pace of digital transformation have led security leaders to focus increasingly on robust and adaptive security frameworks. Among them, zero-trust identity management has emerged as a cornerstone of modern security strategies.

Agentic AI promises to improve work processes in all domains and industries. R&D is no different. Recently, Cato R&D built an internal self-evolving pull request (PR) review agent that keeps reviewers in flow by commenting only on high-impact, high-confidence issues, validating every change against its spec from the PR and Jira, and learning continuously from developer feedback through long-term, episodic memory. What were the results?

Insider threats account for 34% of all data breaches, yet most organizations are still building security programs designed to stop attackers from the outside. The harder truth? The risk is already inside your walls, and it doesn't always look like a criminal. Not every insider threat is malicious. Some are distracted. Some are overworked. Some are just trying to get things done faster.

On April 2, 1796, a full house packed the Drury Lane Theatre in London, eager to witness the first showing of a newly discovered Shakespeare play. The problem was that William Henry Ireland wrote the play, Vortigern, and the entire production was a hoax. Although there was some controversy before opening day, several experts reviewed the manuscript and supporting documents and confirmed that the play was a long-lost Shakespeare original.

On March 16, 2026, two React Native npm packages from the AstrOOnauta were backdoored in a coordinated supply chain attack. Both releases added an identical install-time loader that fetches and executes a multi-stage Windows credential and crypto stealer, triggered by nothing more than a routine npm install. The affected packages are react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8.

We log into tons of apps each day, running on digital identities. With just one click, you can access thousands of apps without breaking a sweat. However, digital identities bring with them cyber threats, which are growing sharper each day, and compliance is getting tighter. So, who is the right person to trust to safeguard your digital identities? As organizations, you collect, store, analyze, and process sensitive data, which needs to be safeguarded with the right tech and tools.

Hybrid cloud environments rarely start as a carefully planned architecture. Most organizations reach that point gradually. A few workloads move to the cloud first. Then development teams adopt additional cloud services. Meanwhile, critical systems continue running on-premise because they cannot easily migrate. Over time, the result is an enterprise hybrid cloud environment that spans multiple infrastructure layers. From a business perspective, this flexibility is useful.

Tokenization and encryption both protect sensitive data, but they work differently and reduce different risks. Tokenization removes sensitive values from operational systems and can shrink compliance scope; encryption keeps data present but unreadable without keys. Choosing the right approach depends on data type, access patterns, and regulatory requirements like PCI DSS and HIPAA. Encryption and tokenization both protect sensitive data, support compliance, and appear in every major security framework.