Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What RSAC 2026 Actually Told Us About Your Security Debt

I recently attended the RSA Conference 2026 (RSAC 2026) in San Francisco. I have been attending and speaking at RSAC for a long time, and every year I try to figure out what actually changed versus what just looks new. This year felt different, but not in the way the expo floor would suggest.

Breaking Down the Axios Supply Chain Attack

Apr 2, 2026 Mastering Software Supply Chain Management in 2026 Read More Natalie Tischler Mar 31, 2026 Why Security Debt Should Be a Board-Level Priority Read More Natalie Tischler Mar 26, 2026 Prioritize, Protect, Prove: A Roadmap for Application Security Transformation Read More Natalie Tischler.

Mastering Software Supply Chain Management in 2026

Engineering teams face a dual mandate: ship high-quality features faster and keep the underlying infrastructure secure. As development velocity increases, so does the complexity of the tools, libraries, and third-party components that make up your applications. Software Supply Chain Management is the discipline of securing these interconnected components.

Why Security Debt Should Be a Board-Level Priority

Security debt (the accumulation of unresolved vulnerabilities that are over a year old) is no longer just a technical problem. It has become a significant business liability that directly impacts risk, revenue, and reputation. For too long, it has remained a concern siloed within IT departments. That approach is no longer sustainable. It is time to elevate security debt to a board-level key performance indicator (KPI) and tie its reduction to strategic business objectives.

Prioritize, Protect, Prove: A Roadmap for Application Security Transformation

The pace of software flaw creation is officially outpacing remediation capacity. Right now, 82% of organizations carry security debt. Traditional security methods simply cannot keep up with modern development speeds. As engineering teams ship code faster than ever, vulnerability backlogs grow, compounding challenges and leaving organizations exposed to threats. Data from the 2026 State of Software Security Report reveals a 36% relative increase in high-risk vulnerabilities.

Spring 2026 GenAI Code Security Update: Despite Claims, AI Models Are Still Failing Security

The last six months have been nothing short of revolutionary for AI-powered coding. OpenAI‘s “Code Red” release brought us GPT-5.1 and 5.2. Google unveiled Gemini 3 with its touted “unprecedented reasoning capabilities.” Anthropic rolled out Claude 4.5 and 4.6, powering the increasingly ubiquitous Claude Code features. Enterprise adoption of tools like OpenClaw has exploded, with developers praising unprecedented productivity gains.

Secure Your Future with a Compliance-First AppSec Posture

If you treat compliance as a final hurdle before deployment, you are already behind. For years, organizations have viewed regulatory compliance as a box to check—a necessary evil that slows down development and frustrates engineering teams. The standard approach involves scrambling before an audit, manually aggregating data from spreadsheets, and patching vulnerabilities at the last possible minute.

Tackling Third-Party Risks: The Persistent Software Supply Chain Challenge

Modern software development relies on open-source components to accelerate innovation. This efficiency, however, introduces significant risk. Your application’s security is now tied to a vast and complex supply chain of code you did not write. The persistent software supply chain challenge is that this external code is a primary source of critical vulnerabilities and a hard.

AI, Application Security, and the Illusion of Control

Over the past year, AI-generated code has moved from novelty to normal. Developers are shipping faster, prototyping faster, refactoring faster… sometimes without fully understanding what they just merged. From the outside, it looks like a productivity renaissance. From the inside, it feels like something else: a new kind of operational risk that doesn’t behave like the old kind.

The 36% Surge in High-Risk Vulnerabilities: What It Means for Your Business

The concentration of dangerous software flaws is accelerating. The number of high-risk vulnerabilities – those with both high severity and high exploitability – has surged by 36% year-over-year, according to the 2026 State of Software Security Report. This trend indicates a critical problem: more risk is entering your codebase faster than ever before.