Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most security teams are being asked to "enable AI" before they have any real sense of which tools are safe to use. That gap is costing them. Cyberhaven's research found that the majority of AI tools in active enterprise use today fall into high or critical risk categories, and more than 80% of enterprise data flowing into AI is going to those risky tools, not to platforms built with serious security in mind. To help security teams cut through the noise, we built the Cyberhaven AI App Risk Checker.

CMMC enforcement is here. With DFARS clauses 7021 and 7025 now active across the defense industrial base (DIB), contractors face enforceable obligations that extend beyond prime contractors to every tier of the supply chain. While primes have received significant attention, subcontractors encounter distinct challenges in managing CMMC risk from pre-award decisions through contract execution and ongoing compliance maintenance.

A blanket “no AI” policy is not the answer for most organizations. Prohibiting something people find genuinely useful just drives it further underground.

If you’ve been in security operations for more than a few years, you’ve lived through the automation hype cycle at least twice. First, it was SIEM that was going to solve everything. Then SOAR was supposed to fix what SIEM couldn’t. Now, AI SOC platforms are delivering what SOAR always promised but never actually could.

Maxime Lamothe-Brassard, founder and CEO of LimaCharlie, sought answers on AI’s current capabilities in the SecOps space. Plenty of benchmarks exist to test AI's knowledge of cybersecurity, but none test whether a model actually does the work. There's a significant difference between an AI that can answer trivia questions about CVEs and one that can pick up an alert, investigate it, and produce an incident report.That gap matters more now than ever.

Editor's note: This guest article by Tanium Senior Sirector, Product Management, Julia Grunewald was originally published in SC Media Exposure management has emerged as a powerful alternative to traditional vulnerability management for good reason. A proactive, always‑on security discipline that continuously identifies an organization’s exposures and prioritizes them based on risk helps us know where to best focus our limited resources.

Migrating from Atlassian Data Center (DC) to Cloud is a strategic move for many organizations. While migration brings scalability, flexibility, and cost benefits, it also introduces challenges, especially around secure external access, data sharing, and business continuity. This is where Secure Share for Jira and Confluence becomes a powerful ally.

Broadly defined, web security threats are any malicious attempts to gain unauthorized access to a computer system, network, or data via the internet. These website security issues range from automated bot attacks to sophisticated social engineering. Essentially, any vulnerability in a web application or browser that a cybercriminal can exploit falls under this category. Understanding these web security threats is the first step toward building a resilient defence.

At Tines, we power important workflows for some of the most demanding teams in the world, and for years, that always meant supporting deterministic, auditable automation. But as reasoning models have matured, our customers have started asking a different question: what if the workflow itself could reason?

Modern SOC teams are overwhelmed by volume, fragmented tools, and manual pivots. Here’s how integrated intelligence turns Tier 1 alerts into decisive, evidence-backed action without escalation. Security operations today are defined by scale, speed, and scrutiny. Tier 1 analysts face a constant stream of alerts, many of which lack context, prioritization, or clear indicators of impact. Every manual pivot between tools introduces delay. Every delayed verdict increases risk.