Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Quick-Service Restaurant Sector: Enterprise-Grade Security in Under 24 Hours

A fully managed, end-to-end CrowdStrike deployment delivered at enterprise scale by Kroll A global quick-service restaurant brand needed to establish consistent, enterprise-grade protection and centralized visibility to quickly strengthen its security posture. It had to move fast without disrupting global operations or overburdening a lean IT team.

The Future of Secure Remote Access Starts with Zero Trust

For years, VPNs have been the standard for securing remote access. But today's hybrid work environments, cloud applications, and evolving cyber threats have exposed the limitations of a security model built on implicit trust. Once a user authenticates through a traditional VPN, they often gain broad access to the corporate network. If those credentials are compromised, attackers can move laterally, access sensitive resources, and escalate an attack. Zero Trust takes a different approach.

Token Torching: Why Attackers Care About Your Usage Limits

AI is becoming part of almost everything: customer support, security operations, software development, research, analytics, internal workflows, and, most importantly, drafting emails. AI is increasingly embedded in real business processes, and that creates new risks, not to mention the level of unprecedented access mainly of these platforms to our data. Token torching (a type of Denial-of-Wallet (DoW) attack) is one emerging AI risk.

AI Threat Modeling: A Practical Guide for Enterprise GenAI Security

Here is a number that should stop every CISO cold. Gartner projects that by 2028, 25% of enterprise GenAI applications will face five or more security incidents per year, nearly triple the 9% recorded in 2025. The acceleration is not slowing. Meanwhile, research by OpenText and the Ponemon Institute finds that 79% of organizations have not yet reached full AI maturity in cybersecurity, meaning most enterprises are deploying generative AI without the foundational controls needed to govern it.

Beyond Masking: The Challenge of Safe Data Reveal

You can build a masking demo in an afternoon. Run a regex for credit card patterns, swap the match for XXXX, and ship it. The demo works, the compliance slide says “no PII sent to the LLM,” and everyone moves on. That demo is fooling you by leaving things out. It works because the input is a) clean (card 4111 1111 1111 1111), b) because the only sensitive thing in it is a textbook PII pattern, and c) because nobody downstream ever needs to use the value again.

What the Black Hat NOC taught me about MCP & agentic SOCs (Chapter 2 of 4)

The first time an MCP (Model Context Protocol) server felt real to me, it wasn't because of a clean demo. It was because of the noise. TL;DR: The harness matters more than the protocol, and the evidence matters more than both. MCP earns its keep when it shortens the path from a good security question to trustworthy evidence, and almost everything interesting about making that work happens in the harness wrapped around the model. In this series, I will cover how to build an MCP for an AI SOC.

From days of training to three better rules in a minute

A few years ago, I was part of a team responding to a high-profile security incident. After the incident was resolved, I was given a list of NDR rules to add to my firewalls. The issue was that the rules were not made for Suricata, the IDS I was using in this position at that time, so they generated false positives. With all that extra noise, I made it my goal to eliminate that excess noise.

When AI Agents Call AWS, Who Does AWS Think They Are?

In Part 1, Your AI Agent Needs to Know Who You Are, we showed how Teleport JWTs give MCP tools a verified identity for every request. This post extends that pattern to AWS, specifically to Amazon Bedrock AgentCore, where the same identity gap exists but requires a different solution stack. You ask an AI agent to list your S3 buckets. The agent calls an MCP tool. The tool reaches out to AWS. However, CloudTrail records the action under something like agentcore-bot, but not your identity.

Certificate deployments just got an easy mode

The old deployment flow expected a lot from you. You had to know what format your certificate needed to be in. You had to know where it should be stored on the target system. Then you had to review and customize a deployment script in a code editor before anything ran. It turns out most of you don’t want to do that. And fair enough, staring at a script editor when you just want a certificate on your Exchange server is a little intimidating.

5 Common AI Governance Mistakes Enterprises Make

Enterprise AI adoption has outpaced enterprise AI governance. Seventy-eight percent of organizations now use AI in at least one business function, up from 55% the year before, and most of that adoption happened before governance teams finished drafting their first policy. The result is a familiar pattern: leadership approves a rollout, security builds guardrails around the tools it knows about, and sensitive data keeps moving through channels nobody mapped.