|
By Ben Hirschberg
Most enterprise AI agent governance programs publish policies at the bottom three rungs of a runtime enforceability ladder while their architecture diagrams claim rung four. Almost no program reaches rung five, the only rung that produces evidence an auditor cannot dispute. The mismatch shows up in the audit committee meeting. The CISO walks in with the NIST AI RMF mapping, the AUP, the model cards, and the vendor risk assessments for every third-party API the agents call.
|
By Shauli Rozen
A CNAPP isn’t a single instrument. It bundles five separately-instrumented security domains — CSPM, CWPP, CIEM, CDR, and a fifth add-on module marketed as AI security — each watching a different observation point. So when leadership asks whether your CNAPP can secure the AI agents your team has shipped, you don’t get one answer. You get five.
|
By Ben Hirschberg
Your platform team already runs a production-readiness review on every workload that ships to Kubernetes. When the workload is an AI agent, the PRR doesn’t get thrown out — it gets a delta. Most of the items still apply; specific ones need extension when the workload is non-deterministic, calls tools dynamically, and exercises identity at runtime in ways the manifest didn’t predict.
|
By Yossi Ben Naim
Most threat modeling assumes the attacker has to break something. AI agents change that assumption. An attacker who controls a prompt can make the agent misbehave without breaking anything at all. The prompt can be a customer support ticket the agent reads, a document it retrieves, or a tool response it processes — any input the agent treats as context is an attack surface. On Kubernetes, that attack surface has physical form.
|
By Ben Hirschberg
Every guide to AI agent observability tells you what to capture — prompts, tool calls, token usage, traces, syscalls. Almost none address which of those signal sources you can still trust when the agent itself is part of the threat model. That distinction is the entire difference between observability that helps your SRE team debug a slow reasoning chain and observability that helps your security team investigate a breach.
|
By Shauli Rozen
When AI agent workloads start generating more alerts than your SOC can keep up with, the instinct most teams reach for is to deploy more triage on top of what they already have. If the SIEM is producing thousands of atomized alerts, plug in something downstream that can cluster, prioritize, and auto-resolve them faster than a human can. The market has consolidated around exactly this answer.
|
By Yossi Ben Naim
At 2:47 PM on a Tuesday, a customer support agent receives a routine ticket asking about return policy edge cases. The agent retrieves a section from your internal policy wiki through RAG to formulate the response. Three weeks earlier, an attacker had planted a hidden instruction in that wiki page. Bedrock Guardrails scored the retrieved context at 0.04 — well within benign range.
|
By Ben Hirschberg
MITRE ATLAS catalogs sixteen tactics and eighty-four techniques adversaries use against AI systems, including fourteen agent-focused techniques added through the October 2025 Zenity Labs collaboration. It is the canonical taxonomy a security architect’s CISO, auditor, or RFP will name. It is not a detection plan. ATLAS organizes around adversary objectives.
|
By Shauli Rozen
It usually starts the same way. The CISO comes back from a board meeting having signed off on agentic AI for production. The SOC lead is told, in roughly that many words, to build detection for the agents. And the security stack she has — CNAPP for posture, EDR on the nodes, container runtime sensors, a SIEM ingesting everything — was architected before AI agents existed as a workload class.
|
By Yossi Ben Naim
A platform team finishes a two-week observation window on a new internal research agent. The baseline is stable; the sensor produced a clean profile. By Friday, no policy has shipped — and the blocker isn’t tooling.
|
By ITProTV
With the short week for the Thanksgiving holiday in the US, the Technado team decided to have a little fun by looking back at some of the dumbest tech headlines from 2019. Romanian witches online, flat-earthers, and fake food for virtual dogs - what a time to be alive. Then, Shauli Rozen joined all the way from Israel to talk about a zero-trust environment in DevOps. IT skills & certification training that’s effective & engaging. Binge-worthy learning for IT teams & individuals with 4000+ hours of on-demand video courses led by top-rated trainers. New content added daily.
- May 2026 (19)
- April 2026 (30)
- March 2026 (31)
- February 2026 (13)
- January 2026 (14)
- December 2025 (2)
- November 2025 (3)
- October 2025 (1)
- September 2025 (2)
- August 2025 (2)
- July 2025 (2)
- June 2025 (3)
- May 2025 (3)
- April 2025 (7)
- March 2025 (6)
- February 2025 (7)
- January 2025 (6)
- December 2024 (9)
- November 2024 (3)
- October 2024 (3)
- September 2024 (6)
- August 2024 (5)
- July 2024 (4)
- June 2024 (4)
- May 2024 (2)
- April 2024 (3)
- March 2024 (4)
- February 2024 (4)
- January 2024 (7)
- December 2023 (5)
- November 2023 (4)
- October 2023 (3)
- September 2023 (5)
- August 2023 (6)
- July 2023 (4)
- June 2023 (4)
- May 2023 (4)
- April 2023 (2)
- March 2023 (4)
- February 2023 (3)
- January 2023 (2)
- December 2022 (4)
- November 2022 (5)
- October 2022 (3)
- September 2022 (4)
- August 2022 (2)
- July 2022 (4)
- June 2022 (6)
- May 2022 (1)
- April 2022 (4)
- March 2022 (4)
- February 2022 (4)
- January 2022 (4)
- December 2021 (6)
- November 2021 (1)
- October 2021 (1)
- September 2021 (2)
- August 2021 (2)
- July 2021 (3)
- April 2021 (3)
- February 2021 (1)
- December 2020 (1)
- October 2020 (1)
- September 2020 (1)
- July 2020 (2)
- June 2020 (1)
- March 2020 (1)
- February 2020 (1)
- January 2020 (4)
- December 2019 (2)
ARMO closes the gap between development and security, giving development, DevOps, and DevSecOps the flexibility and ease to ensure high grade security and data protection no matter the environment – cloud native, hybrid, or legacy.
ARMO is driving a paradigm shift in the way companies protect their cloud native and hybrid environments. We help companies move from a “close-the-hole-in-the-bucket” model, installing firewalls, defining access control lists, etc. to a streamlined DevOps- and DevSecOps led model in which environments are deployed with inherent zero-trust.
Security at the Speed of DevOps:
- Runtime workload identity and protection: Identifies workloads based on application code analysis, creating cryptographic signatures based on Code DNA to prevent unauthorized code from running in the environment to access and exfiltrate protected data. The patent-pending technology signs and validates workloads in runtime throughout the entire workload lifecycle.
- Transparent data encryption: Transparent data encryption – keyless encryption – robustly and uniformly encrypts and protects files, objects, and properties, requiring no application changes, service downtime, or impact on functionality. It eases the adoption of encryption by removing the complexity of key management and providing an out-of-the-box solution for key protection in use, key rotations, and disaster recover procedures.
- Identity-based communication tunneling: Transparent communication tunneling ensures only authorized and validated applications and services can communicate. Even if attackers steal valid access credentials, they are useless because the malicious code will be unsigned. Create API access polices to build identity-based policies and enforce correct workload behaviors.
- Application-specific secret protection: Application-specific protection of secrets ensures cryptographic binding between continuously validated specific workload identities and their confidential data, delivering complete protection against access by unauthorized applications.
- Visibility & compliance: Visibility and compliance monitoring provide granular details about workloads and running environments, including individual processes, file names and locations, open listening ports, actual connections, mapped volumes, opened files, process privilege levels, connections to external services, and more. Alerts can be used for continuous compliance verification.
Bringing Together Run-Time Workload And Data Protection To Seamlessly Establish Identity Based, Zero-Trust Service-To-Service Control Planes.