Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What is the NIS2 Directive: A practical overview for organisations

The NIS2 Directive is the European Union’s updated cybersecurity framework, designed to improve cyber resilience across critical sectors. Building on its predecessor, the Network and Information Systems (NIS) Directive, NIS2 significantly expands its scope to include industries such as healthcare, manufacturing, energy, transport and managed services. NIS2 also introduces stricter cybersecurity requirements, direct accountability for senior management and defined incident reporting timelines.

What is IT Security? Understanding the fundamentals

Information Technology (IT) security is the practice of protecting an organization’s systems, data and networks from unauthorized access and cyber threats. It encompasses a wide range of processes, policies and technologies designed to secure everything from employee devices to cloud infrastructure.

Why Insider Threats Don't Trigger Alerts

Insider threats often don’t trigger alerts because the activity relies on valid credentials, approved tools, and authorized workflows. When viewed as individual events, this behavior looks normal and stays below traditional rule thresholds. Risk accumulates across otherwise valid actions without producing a signal that meets alert thresholds.

Agentic workflow automation: governing AI agents inside workflows

AI agents don't behave like the playbooks security and IT teams have spent years building. They form intent, select tools at runtime, and chain actions across systems in sequences nobody pre-authored. This means dropping an LLM into an existing automation sequence and expecting it to act like a smarter playbook is the fastest route to ungoverned, unpredictable outcomes.

Turn Jira Service Management into a Governed Access Control Platform

As a fintech organization, you depend on multiple systems like AWS, Databricks, Snowflake, Power BI, Stripe Treasury, Identity Providers (IdP), developer tools, internal operational platforms, and many more. Managing access and access level across platforms is often disconnected and spread across emails, Slack approvals, tickets, and sometimes spreadsheets. Obviously, this is inefficient. There'll be delays in onboarding. But that's the least of your worries.

After Executive Order 14409: Next Steps for Securing AI

Adversaries are using AI to attack with unprecedented speed and precision. This trend, coupled with the rapidly growing use of agentic AI, means it is now necessary to use AI to protect and defend the modern tech stack. It is timely that on June 2, 2026, President Trump signed Executive Order 14409 on Promoting Advanced Artificial Intelligence Innovation and Security. At a high level, this EO validates that security is fundamental to reaping the benefits of AI.

Active FortiBleed Campaign Impacting Fortinet Devices Across 194 Countries

In mid-June 2026, security researchers identified an active, large-scale credential compromise campaign affecting Fortinet FortiGate firewalls, dubbed FortiBleed. Threat actors have been systematically extracting configuration files from internet-facing FortiGate devices and cracking the stored credential hashes, resulting in verified working administrator credentials for between 30,000 and 75,000 devices across 194 countries.

The AI jailbreak problem isn't going away, and compliance frameworks need to catch up

A few weeks ago, the U.S. government issued a directive requiring Anthropic to suspend access to two of its frontier AI models, Fable 5 and Mythos 5, citing concerns about a reported jailbreak technique. Anthropic complied, even while publicly disputing whether the finding warranted such a dramatic response. I'm not here to relitigate that specific decision. But the incident forced a question our industry has been dancing around for too long.

Visibility Isn't Security: Why Agentic AI Requires Business Logic Enforcement

Organizations are investing heavily in securing their AI initiatives. New governance frameworks are being established, AI usage policies are being drafted, and security teams are deploying tools that provide visibility into AI agents, models, APIs, MCP servers, and connected applications. Across the industry, visibility has become the first priority in securing agentic AI. This focus is understandable. Most organizations are still trying to answer foundational questions.

What Is Cybersecurity Asset Management? A 2026 Guide to CAASM

Security teams spend enormous energy responding to threats, but many of the most damaging incidents trace back to a surprisingly simple failure: the organization didn't have an accurate picture of what it owned, what was exposed, and what its tools were actually doing about it. That gap between assumed coverage and actual coverage is where attackers operate, and adding more tools doesn't fix the underlying visibility problem.