|
By Nicholas Sollitto
Welcome to vulnerability management's big bang. If it feels like your security team is running a marathon on a treadmill set to a permanent incline of 12.0 with 50lb sandbags tied around each ankle, you're in good company. We have officially entered the era of the Great Vulnerability Acceleration. To put this recent synthetic bloom into perspective, consider this: in the last five years, the cybersecurity community has identified and recorded over 150,000 new vulnerabilities.
|
By Nicholas Sollitto
In August 2023, while thousands of students at William Jewell College were hauling mini-fridges and textbooks into dorms, the invisible, digital heart of the campus was flatlining. There was no internet. No email. Even the HVAC system, tied to a compromised network, had shut down in the sweltering Missouri heat. The culprit? LockBit, a prolific ransomware syndicate that just hit Boeing days prior.
|
By Shane Moosa
Most guidance published on AI agent security is written for enterprise organizations. It assumes dedicated AI security functions, red teams, platform engineering groups, and the budget to commission purpose-built tooling. If your security team is three people covering five hundred employees and a cloud environment that grows faster than you can document it, that guidance was not written for you. The five posts in this series have established the threat landscape.
|
By Shane Moosa
In 2012, the "Shadow IT" crisis was employees putting files in Dropbox for convenience. In 2026, the crisis is Shadow MCP. Instead of a simple file storage app, security teams are now facing unvetted AI agents with the power to read from and write to internal systems. These servers are often running on infrastructure that was never reviewed, never approved, and remains entirely invisible to governance.
|
By Shane Moosa
The Common Vulnerability Scoring System (CVSS) remains the bedrock of risk communication for many mid-market organizations. Assigning numerical values to vulnerabilities enables a unified dialogue among security researchers, vendors, and IT teams, ensuring everyone speaks the same language when a new threat emerges. However, relying on a static score is no longer enough to defend a modern enterprise.
|
By Shane Moosa
Financial services cybersecurity has evolved into a prerequisite for institutional solvency, moving far beyond traditional perimeter defense into the realm of total digital operational resilience. As the industry scales toward hyper-connected API ecosystems and decentralized service delivery, the sector’s risk profile has expanded significantly.
|
By Shane Moosa
In July 2025, an AI agent reviewed a support ticket, queried a production database, and leaked integration tokens directly to the attacker watching the thread. Months earlier, another AI followed "hidden instructions" in a public repository, exfiltrating private code into a visible pull request. In both cases, the AI wasn't broken; it simply obeyed the attacker instead of the developer.
|
By Revashni Moodley
Another ping. And another. Employees are urgently logging IT tickets, trying to figure out why their trusted SaaS writing assistant subscription has expired. Meanwhile, your InfoSec team is frantically looking through the avalanche of alerts across the network, scouring vendor policies, and digging into procurement records to determine exactly when the organization provisioned this SaaS tool. Spoiler alert: The organization didn’t.
|
By Shane Moosa
In May 2025, a developer using Claude with the GitHub MCP server asked their AI assistant to do something entirely routine: review the open issues in a public repository. The repository contained a malicious GitHub issue planted by a researcher demonstrating a security vulnerability. The issue contained hidden instructions. The AI read them, followed them, accessed the developer's private repositories, and posted the contents in a publicly visible pull request. No credentials were stolen.
|
By Shane Moosa
Researchers recently analyzed 18,000 Claude Code configuration files pulled from public GitHub repositories. What they found was straightforward and alarming: developers are already installing mistyped, misconfigured, and near-identical MCP server names — often without realizing it. The human-error condition that makes typosquatting work was already present at scale before any attacker needed to exploit it.
|
By UpGuard
The Onboarding Blueprint: Engineering a Gold-Standard Process Learn how to leverage the Vendor Onboarding Portal to stop chasing shadow IT and mitigate risk before exposure. Our Customer Education team will provide a tactical framework to automate vendor tiering and transform manual bottlenecks into a self-executing intake engine. Interested in finding out more about UpGuard?
|
By UpGuard
The Supply Chain Uplift: Driving Ecosystem Maturity Stop acting as an auditor and start acting as a partner. Learn how Combe Inc. uses real-time telemetry to identify vendor risks before they are reported, creating a positive feedback loop that hardens the entire supply chain. Interested in finding out more about UpGuard?
|
By UpGuard
The MCP Exposure: Governing the Newest Entry Point, MCP has created a silent governance gap in the AI ecosystem. Learn how to gain the visibility needed to detect brand impersonation, identify malicious servers, and vet AI agent connections to prevent unauthorized data access. Interested in finding out more about UpGuard?
|
By UpGuard
The MCP Exposure: Governing the Newest Entry Point MCP has created a silent governance gap in the AI ecosystem. Learn how to gain the visibility needed to detect brand impersonation, identify malicious servers, and vet AI agent connections to prevent unauthorized data access. Interested in finding out more about UpGuard?
|
By UpGuard
The MCP Exposure: Governing the Newest Entry Point MCP has created a silent governance gap in the AI ecosystem. Learn how to gain the visibility needed to detect brand impersonation, identify malicious servers, and vet AI agent connections to prevent unauthorized data entry.
|
By UpGuard
The Zero-Lag Posture See how UpGuard is moving beyond static defense to a model that identifies emerging vectors like MCP servers and neutralizes browser-based threats in real time. Interested in finding out more about UpGuard?
|
By UpGuard
In 2026, a slow assessment is a security risk. Every day spent in manual handoffs is a day of exposure for your organization. Join us at UpGuard Summit to see how our new Risk Automations engine transforms TPRM from a static checklist into an autonomous system. We will show you how to automate everything from vendor follow-ups to instant Jira routing for IT and Legal.
|
By UpGuard
How many new vendors did your team engage with today? If you’re looking at your official procurement list, the answer might be zero. But if you’re looking at employee behavior, the reality is likely much higher. Find out more about the shadow supply chain in our most recent research report: Interested in finding out more about UpGuard?
|
By UpGuard
Shift to a proactive posture and automate outcomes. Explore how our new Risk Automations connects UpGuard to your existing security stack to resolve threats across your ecosystem in real-time.
|
By UpGuard
Modern threats move faster than humans can process. Join UpGuard CISO Phil Ross to discover how to replace manual bottlenecks with a machine-speed operating system for risk that orchestrates vendor, human, and attack surface defenses into one unified strategy.
|
By UpGuard
You understand the risks that third party vendors pose to your business, and you're ready to do something about it. What are the capabilities you need to understand your cyber risk, manage your vendors, and avoid data breaches?
|
By UpGuard
The fact that one has to "make a case" for Microsoft in the DevOps sphere puts them at a disadvantage, especially competing against major open source options with large community bases and proven performance. But, moving forward, one can expect the gap between Microsoft and other tools to close further, as they continue pressing their business in this direction.
|
By UpGuard
Perhaps your organization is looking to make a transition from traditional IT operations and development practices to DevOps, or you're looking to realign your career path with DevOps to position yourself more favorably to future opportunities. Whatever your motivations are, this eBook will provide you with foundation knowledge for boosting your career with DevOps.
|
By UpGuard
ServiceNow® customers optimizing their IT service delivery and management processes require deeper context and detail level behind IT asset changes--information the leading help desk automation and incident reporting platform does not provide. In this report you'll learn how UpGuard fills this visibility and awareness gap, keeping ServiceNow® in line with the true state of your environment.
|
By UpGuard
Cybersecurity is officially dead. Worldwide spending on security-related hardware, software and services rose to $73.7 billion in 2016 from $68.2 billion a year earlier, according to researcher IDC. This number is expected to approach $90 billion in 2018.
|
By UpGuard
Selecting a security provider is no easy feat-it includes months of designing a company's security strategy, evaluating different solutions, budgeting accordingly, and assuring stakeholders the investment will pay off by keeping their business safe.
|
By UpGuard
DevOps and ITIL should be compared with an eye towards the problem you're trying to solve, with a focus on the tangible benefits you and your team would see from using each.
|
By UpGuard
With the enterprise so dependent on technology and digitized assets, how can it prevent data-related disasters from sinking the business? The answer is by taking a new approach to managing cyber risk as a function of business risk at large. McKinsey calls this "Digital Resilience", but it can simply be thought of as conducting business safely in today's connected environments.
|
By UpGuard
Software engineering is changing and DevOps is at the heart of it. An organization's ability to be responsive to the business requires better collaboration, communication, and integration across IT.
|
By UpGuard
There is no doubt that the DevOps movement has gone mainstream. When even IBM and HP are dedicating sites to it there is no longer any question. If we were to place it on the Gartner Hype Cycle even the most devoted proponents would have to admit that it's rapidly approaching the "Peak of Inflated Expectations".
- June 2026 (4)
- May 2026 (11)
- April 2026 (7)
- March 2026 (8)
- February 2026 (1)
- January 2026 (4)
- December 2025 (10)
- November 2025 (14)
- October 2025 (8)
- September 2025 (14)
- August 2025 (7)
- July 2025 (2)
- June 2025 (14)
- May 2025 (13)
- April 2025 (11)
- March 2025 (11)
- February 2025 (9)
- January 2025 (4)
- December 2024 (5)
- November 2024 (9)
- October 2024 (4)
- September 2024 (6)
- August 2024 (12)
- July 2024 (11)
- June 2024 (15)
- May 2024 (20)
- April 2024 (28)
- March 2024 (24)
- February 2024 (11)
- January 2024 (22)
- December 2023 (22)
- November 2023 (12)
- October 2023 (23)
- September 2023 (27)
- August 2023 (37)
- July 2023 (23)
- June 2023 (19)
- May 2023 (17)
- April 2023 (17)
- March 2023 (15)
- February 2023 (15)
- January 2023 (9)
- December 2022 (7)
- November 2022 (23)
- October 2022 (13)
- September 2022 (28)
- August 2022 (32)
- July 2022 (6)
- June 2022 (21)
- May 2022 (20)
- April 2022 (16)
- March 2022 (15)
- February 2022 (8)
- January 2022 (12)
- December 2021 (16)
- November 2021 (11)
- October 2021 (9)
- September 2021 (12)
- August 2021 (13)
- July 2021 (6)
- June 2021 (4)
- May 2021 (14)
- April 2021 (7)
- March 2021 (11)
- February 2021 (10)
- January 2021 (4)
- December 2020 (15)
- November 2020 (7)
- October 2020 (17)
- August 2020 (9)
- July 2020 (2)
- June 2020 (8)
- May 2020 (12)
- April 2020 (17)
- March 2020 (19)
- February 2020 (15)
- January 2020 (15)
- December 2019 (10)
- November 2019 (13)
- October 2019 (14)
- September 2019 (10)
- August 2019 (10)
- July 2019 (2)
- June 2019 (1)
- May 2019 (2)
- March 2019 (1)
- November 2018 (4)
- October 2018 (1)
- September 2018 (12)
- August 2018 (2)
- July 2018 (3)
- June 2018 (2)
- May 2018 (5)
- April 2018 (6)
- March 2018 (1)
- February 2018 (1)
- January 2018 (1)
- December 2017 (1)
- November 2017 (1)
A better, smarter way to protect your data and prevent breaches. Our products help security, risk and vendor management teams take control of cyber risk and move faster with confidence.
UpGuard gathers complete information across every digital surface, stores it in a single, searchable repository, and provides continuous validation and insightful visualizations so companies can make informed decisions.
UpGuard then aggregates this information into an industry standard cyber risk score called CSTAR. The CSTAR score is a single, easy-to-understand value representing an organization's aptitude in monitoring compliance, tracking unwanted change, and detecting vulnerabilities in their infrastructure.
Businesses depend on trust, but breaches and outages erode that trust. UpGuard is the world’s first cyber resilience platform, designed to proactively assess and manage the business risks posed by technology.