Technology

<p>The digital landscape is evolving at a rapid pace, and so are the threats that target organizations. With cyberattacks becoming more sophisticated and diverse, traditional security solutions often struggle to keep up. Businesses today need a more unified, proactive, and intelligent approach to detect and respond to threats. This is where Extended Detection and Response (XDR) comes into play.<br>XDR is an integrated security solution that unifies multiple security products into a single platform, offering comprehensive detection, investigation, and response capabilities across endpoints, networks, servers, and other IT environments. With the rise of advanced persistent threats (APTs), insider threats, and the increasing complexity of modern networks, XDR provides organizations with the visibility and tools they need to identify and mitigate threats faster and more effectively than traditional security solutions.<br>In this guide, we will explore what Extended Detection and Response (XDR) is, how it works, and why it’s crucial for modern organizations. We will also look at how Seceon leverages XDR to provide businesses with cutting-edge cybersecurity protection, helping them stay one step ahead of evolving cyber threats.</p><h2 class="wp-block-heading"><strong>What is Extended Detection and Response (XDR)?</strong></h2><p>Extended Detection and Response (XDR) is an integrated cybersecurity solution that unifies and correlates data from various security tools—such as endpoint detection and response (EDR), network traffic analysis (NTA), security information and event management (SIEM), and user and entity behavior analytics (UEBA)—to provide comprehensive detection, investigation, and automated response capabilities across an organization’s entire IT environment.<br>Unlike traditional security systems, which operate in silos (i.e., isolated tools for different parts of the infrastructure), XDR provides a holistic view of an organization’s security posture by correlating data from endpoints, network traffic, cloud systems, and more. This enables security teams to quickly detect, investigate, and respond to complex attacks across all layers of the IT infrastructure.</p><figure class="wp-block-image size-large"><img fetchpriority="high" decoding="async" width="1024" height="576" src="https://seceon.com/wp-content/uploads/2025/10/br-15-1024x576.png" alt="xdr" class="wp-image-28718" srcset="https://seceon.com/wp-content/uploads/2025/10/br-15-1024x576.png 1024w, https://seceon.com/wp-content/uploads/2025/10/br-15-300x169.png 300w, https://seceon.com/wp-content/uploads/2025/10/br-15-768x432.png 768w, https://seceon.com/wp-content/uploads/2025/10/br-15-1536x864.png 1536w, https://seceon.com/wp-content/uploads/2025/10/br-15-530x298.png 530w, https://seceon.com/wp-content/uploads/2025/10/br-15.png 1920w" sizes="(max-width: 1024px) 100vw, 1024px"></figure><h3 class="wp-block-heading"><strong>The Core Components of XDR</strong></h3><p><strong>Endpoint Detection and Response (EDR)<br></strong>EDR tools focus on detecting and responding to malicious activities on endpoints such as laptops, servers, and mobile devices. EDR solutions provide real-time monitoring of endpoint activities, enabling security teams to detect, analyze, and respond to threats on the endpoint level.</p><p><strong>Network Traffic Analysis (NTA)</strong><br>NTA solutions analyze network traffic to identify abnormal behaviors or suspicious communication patterns that may indicate an ongoing attack. By correlating data from multiple sources, NTA helps detect threats that bypass endpoint defenses, such as lateral movement within the network or data exfiltration attempts.</p><p><strong>Security Information and Event Management (SIEM)</strong><br>SIEM systems aggregate and analyze security event data from various sources to provide real-time insights into the security posture of the organization. SIEM solutions often serve as the foundation for incident detection and response, offering centralized visibility and monitoring.</p><p><strong>User and Entity Behavior Analytics (UEBA)</strong><br>UEBA solutions use machine learning and behavioral analytics to detect anomalies in user and entity behavior. This helps identify insider threats, compromised accounts, or abnormal access patterns that might otherwise go undetected by traditional security tools.</p><p><strong>Threat Intelligence Integration</strong><br>XDR platforms integrate threat intelligence feeds, allowing organizations to stay informed about emerging threats, attack techniques, and tactics. By leveraging up-to-date intelligence, security teams can better prepare for new attack vectors and mitigate risks effectively.</p><p><strong>The Benefits of Extended Detection and Response (XDR)</strong><br>As cyber threats become increasingly sophisticated, organizations need to take a more integrated, intelligent, and automated approach to cybersecurity. XDR is designed to provide organizations with a unified solution that improves detection, reduces response times, and enhances overall security efficiency. </p><h3 class="wp-block-heading"><strong>Here are some key benefits of XDR:</strong></h3><p><strong>1. Holistic Security Visibility</strong><br>One of the primary benefits of XDR is its ability to provide holistic visibility into an organization’s entire security infrastructure. By integrating data from multiple sources—such as endpoints, networks, cloud services, and identity management systems—XDR platforms offer security teams a comprehensive view of potential risks. This consolidated view allows teams to identify threats that might otherwise go undetected by standalone tools, such as multi-stage attacks or lateral movement across the network.<br>Traditional security solutions operate in silos, making it difficult to detect advanced attacks that span multiple environments. XDR breaks down these silos by aggregating data across endpoints, networks, and servers, providing security professionals with a unified view of the attack landscape.</p><p><strong>2. Faster Threat Detection and Response</strong><br>XDR enhances threat detection by correlating data from different sources and using machine learning and AI-driven analytics to identify suspicious patterns of activity. This allows security teams to detect attacks in real time, even those that attempt to bypass traditional defenses. By providing faster detection and automated responses, XDR reduces the time to containment, minimizing the impact of cyberattacks.<br>For instance, if a threat actor attempts to use lateral movement to escalate privileges or move across systems, XDR systems will detect the abnormal activity, analyze its context, and trigger an automated response, such as isolating the compromised endpoint or blocking malicious network traffic.</p><p><strong>3. Reduced Security Tool Fatigue</strong><br>Many organizations use a patchwork of security tools that generate a significant volume of alerts. This can lead to alert fatigue, where security teams are overwhelmed by too many notifications and struggle to prioritize critical threats. XDR addresses this challenge by correlating alerts from multiple security solutions, reducing the noise and enabling security teams to focus on high-priority incidents.<br>Moreover, XDR integrates automated response capabilities, allowing security teams to act on the most critical alerts without needing manual intervention. This automation reduces the burden on security analysts and improves response times, ensuring that organizations can respond to threats faster and more efficiently.</p><p><strong>4. Improved Incident Investigation and Forensics</strong><br>In the event of a security incident, XDR makes it easier to investigate and understand the scope of the attack. By correlating data across endpoints, network traffic, and user activities, XDR provides detailed insights into how an attack unfolded, which systems were affected, and the extent of the damage.<br>This level of visibility is crucial for conducting thorough investigations and understanding the tactics, techniques, and procedures (TTPs) used by attackers. With this information, organizations can improve their defenses and prevent future attacks.</p><p><strong>5. Simplified Security Management</strong><br>Managing multiple, disparate security tools can be a complex and time-consuming task. XDR simplifies security management by consolidating various security functions—such as threat detection, incident response, and threat intelligence—into a single platform. This unified approach not only streamlines operations but also reduces the complexity associated with managing different security tools.<br>Moreover, XDR platforms typically offer a centralized management console, allowing security teams to monitor and respond to threats from a single interface. This reduces the need for multiple consoles and facilitates more efficient security operations.</p><p><strong>How Seceon Enhances Cybersecurity with XDR</strong></p><p>Seceon’s AI-driven cybersecurity platform incorporates Extended Detection and Response (XDR) to offer organizations a unified, intelligent, and automated solution for detecting and responding to advanced threats. With its powerful AI, machine learning, and behavioral analytics capabilities, Seceon’s XDR solution provides a robust defense against the evolving threat landscape.</p><p><strong>Key Features of Seceon’s XDR Solution:</strong><br><strong>Comprehensive Threat Detection:</strong><br> Seceon’s XDR solution aggregates data from a wide range of sources, including endpoints, networks, cloud environments, and user behavior, to provide deep visibility into potential threats. Powered by AI and machine learning, Seceon can detect a wide variety of attack types, from traditional malware to more advanced threats like fileless attacks, zero-day vulnerabilities, and ransomware.</p><p><strong>Automated Incident Response:</strong><br> Seceon’s platform offers automated response capabilities that can take immediate action in response to detected threats. Automated responses include actions such as isolating infected devices, blocking malicious IP addresses, or terminating compromised user sessions. This rapid response helps minimize the impact of attacks and ensures that security teams can focus on higher-priority tasks.</p><p><strong>Unified Security Monitoring:</strong><br> Seceon’s XDR platform provides a centralized dashboard that aggregates security data from multiple sources. This unified view makes it easier for security teams to monitor activity across their entire infrastructure, improving detection accuracy and reducing response times.</p><p><strong>Real-Time Threat Intelligence:</strong><br> Seceon integrates real-time threat intelligence to provide up-to-date information about emerging threats and attack techniques. This allows security teams to stay ahead of attackers and prepare for the latest threats, while also enabling the system to recognize and respond to new tactics used by adversaries.</p><p><strong>Advanced Forensics and Investigation:</strong><br> Seceon’s XDR platform provides detailed forensic data about detected incidents, allowing security teams to investigate the nature and origin of the attack. By correlating data from endpoints, network traffic, and user behavior, Seceon helps organizations understand how attacks unfold, enabling them to improve their defenses.</p><p><strong>Scalability and Flexibility:<br></strong> Seceon’s XDR solution is designed to scale with the needs of modern organizations. Whether you are a small business or a large enterprise, Seceon’s platform can adapt to your unique security requirements, providing consistent protection across all environments—on-premises, cloud, and hybrid.</p><p><strong>Why XDR is Essential for Modern Organizations</strong><br>In today’s rapidly evolving threat landscape, traditional security tools are often inadequate to handle advanced cyber threats. XDR represents the next step in the evolution of cybersecurity, offering organizations a more effective, unified, and intelligent approach to detecting and responding to incidents.<br>With its AI-driven detection, automated response, and comprehensive visibility, XDR enables organizations to stay ahead of attackers, reduce the time to respond to incidents, and improve overall security posture. As cyber threats become more sophisticated, embracing Extended Detection and Response is no longer optional—it is a strategic necessity for any organization that wants to protect its critical assets and data.</p><p><strong>Conclusion</strong><br>The increasing complexity of cyber threats, coupled with the growing volume of security data, makes traditional security solutions inadequate for today’s organizations. <a href="https://seceon.com/extended-detection-and-response-xdr/">Extended Detection and Response</a> (XDR) offers a unified, intelligent, and automated approach to cybersecurity, enabling organizations to detect, respond to, and mitigate advanced threats in real time.<br>Seceon’s <a href="https://seceon.com/xdr-platform/">XDR platform</a> provides businesses with the tools they need to secure their digital assets and protect against evolving threats. By integrating AI, machine learning, and automated incident response, Seceon helps organizations stay ahead of the curve and safeguard their operations against cyberattacks.<br>As cyber threats continue to evolve, XDR will play an increasingly critical role in securing modern IT infrastructures. By adopting Seceon’s XDR solution, organizations can ensure comprehensive, scalable protection that adapts to the dynamic nature of today’s threat landscape.</p><figure class="wp-block-image size-large"><a href="https://seceon.com/demo/"><img decoding="async" width="1024" height="301" src="https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1-1024x301.jpg" alt="Footer-for-Blogs-3" class="wp-image-22913" srcset="https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1-1024x301.jpg 1024w, https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1-530x156.jpg 530w, https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1-300x88.jpg 300w, https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1-768x226.jpg 768w, https://seceon.com/wp-content/uploads/2024/12/Footer-for-Blogs-3-1.jpg 1200w" sizes="(max-width: 1024px) 100vw, 1024px"></a></figure><p>The post <a href="https://seceon.com/extended-detection-and-response-xdr-a-new-era-in-cybersecurity/">Extended Detection and Response (XDR): A New Era in Cybersecurity</a> appeared first on <a href="https://seceon.com/">Seceon Inc</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/extended-detection-and-response-xdr-a-new-era-in-cybersecurity/" data-a2a-title="Extended Detection and Response (XDR): A New Era in Cybersecurity"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fextended-detection-and-response-xdr-a-new-era-in-cybersecurity%2F&amp;linkname=Extended%20Detection%20and%20Response%20%28XDR%29%3A%20A%20New%20Era%20in%20Cybersecurity" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fextended-detection-and-response-xdr-a-new-era-in-cybersecurity%2F&amp;linkname=Extended%20Detection%20and%20Response%20%28XDR%29%3A%20A%20New%20Era%20in%20Cybersecurity" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fextended-detection-and-response-xdr-a-new-era-in-cybersecurity%2F&amp;linkname=Extended%20Detection%20and%20Response%20%28XDR%29%3A%20A%20New%20Era%20in%20Cybersecurity" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fextended-detection-and-response-xdr-a-new-era-in-cybersecurity%2F&amp;linkname=Extended%20Detection%20and%20Response%20%28XDR%29%3A%20A%20New%20Era%20in%20Cybersecurity" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fextended-detection-and-response-xdr-a-new-era-in-cybersecurity%2F&amp;linkname=Extended%20Detection%20and%20Response%20%28XDR%29%3A%20A%20New%20Era%20in%20Cybersecurity" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://seceon.com/">Seceon Inc</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Pushpendra Mishra">Pushpendra Mishra</a>. Read the original post at: <a href="https://seceon.com/extended-detection-and-response-xdr-a-new-era-in-cybersecurity/">https://seceon.com/extended-detection-and-response-xdr-a-new-era-in-cybersecurity/</a> </p>

<p>Vulnerabilities disclosed this week in MCP servers from Anthropic and Microsoft put a spotlight on security concerns about a protocol that is being widely adopted in the agentic AI era.</p><p>Security researchers with AI security startup Cyata this week reported <a href="https://cyata.ai/blog/cyata-research-breaking-anthropics-official-mcp-server/" target="_blank" rel="noopener">finding three vulnerabilities</a> in the Git MCP server maintained by Anthropic, the AI company that created the Model Context Protocol to give AI models and agents a standardized way of accessing external data, tools, and services.</p><p>The same day, BlueRock Security, which offers a runtime security platform, wrote that their researchers found a <a href="https://www.bluerock.io/post/mcp-furi-microsoft-markitdown-vulnerabilities" target="_blank" rel="noopener">server-side request forgery (SSRF) vulnerability</a> in MarkItDown, Microsoft’s popular MCP server, and that further analysis of more than 7,000 MCP servers found that 36.7% could be exposed to the security flaw.</p><p>These latest reports not only highlight ongoing <a href="https://securityboulevard.com/2025/10/mcptotal-unfurls-hosting-service-to-secure-mcp-servers/" target="_blank" rel="noopener">security concerns about MCP servers</a>, but also the general risk-and-reward nature of AI technologies, from large language models (LLMs) to agents.</p><p>“We’re rushing toward a new connectivity standard with the Model Context Protocol … essentially a universal USB port for AI,” said Uma Reddy, founder and executive vice president of product and technology for cloud and endpoint security company Uptycs. “It’s powerful, but it also introduces <a href="https://securityboulevard.com/2025/11/the-mcp-server-risk-ais-overlooked-supply-chain-threat/" target="_blank" rel="noopener">serious supply-chain risk</a>. Plugging an LLM directly into the internet or internal systems without guardrails is like leaving your digital front door wide open.”</p><p>Reddy added that “downloading an MCP server today feels like the early days of the internet. You might be getting a useful tool, or you might be installing a supply-chain implant. Security leaders need to apply the same zero-trust discipline to AI connections that they do to any other privileged access.”</p><h3>MCP’s ‘Double-Edge Sword’</h3><p>In a <a href="https://redcanary.com/blog/threat-detection/mcp-ai-workflows/" target="_blank" rel="noopener">blog post</a> last year, Jesse Griggs, senior threat researcher at cybersecurity firm Red Canary, wrote about he called the “double-edged sword of MCP,” noting that securing MCP servers is comparable to securing any code execution environment. As with Python or PowerShell, which also can perform a broad array of actions on a system – including harmful ones if not properly secured – MCP, by enabling AI agents to execute code and interact with resources, brings similar risks.</p><p>“MCP by itself does not include security mechanisms,” Griggs wrote. “The absence of built-in security is not a defect, but instead emphasizes the expectation that developers will implement standard security best practices. MCP enables powerful capabilities through tool execution, and with this functionality comes important security and trust considerations that all developers must carefully address.”</p><h3>Three Anthropic Vulnerabilities</h3><p>According to Yarden Porat, core team engineer for Cyata, the three vulnerabilities – tracked as <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68143" target="_blank" rel="noopener">CVE-2025-68143</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68145" target="_blank" rel="noopener">CVE-2025-68145</a>, and <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-68144" target="_blank" rel="noopener">CVE-2025-68144</a> – in Anthropic’s Git MCP server can be exploited via prompt injection attacks, in which a bad actor inserts malicious instructions into the user input or external data to cause the AI model to bypass its safety rules.</p><p>The three flaws could be chained together to create a remote code execution exploit. The security flaws can let an attacker access git repository on the system, not only the one initially configured for it, and could create a new git repository in any directory on the filesystem.</p><p>“Combine these two, and you have a powerful primitive,” Porat wrote. “Take any directory … turn it into a git repository with git_init, then use git_log or git_diff to read its contents. The files get loaded into the LLM context, effectively leaking sensitive data to the AI.”</p><p>Then a bad actor could abuse CVE-2025-68114 to delete a file or write in any file. Cyata alerted Anthropic to the vulnerabilities, with the AI company fixing them late last year. Organizations should update the Git MCP server to version 2025.12.18 or later, he wrote.</p><h3>SSRF Risks in MarkItDown MCP</h3><p>In the case of Microsoft and its MarkItDown MCP server, the security gap is about file conversion. MarkItDown is a Python tool used to convert files like PDFs, HTML, and Word to Markdown, a lightweight and simpler language that AI systems can understand. Microsoft created a MCP server for MarketItDown to help LLMs get this conversion done. Users give MarkItDown a uniform resource identifier (URI), and MarkItDown fetches the files that are in there.</p><p>That said, there are no real restrictions on the URI, according to David Onwukwe, principal solutions engineer at BlueRock.</p><p>“This vulnerability allows an attacker to execute the Markitdown MCP tool convert_to_markdown to call an arbitrary … URI,” Onwukwe wrote in a report. “The lack of any boundaries on the URI allows any user, agent or attacker calling the tool to access any http or file resource.”</p><p>BlueRock ran its research into the vulnerability on Amazon Web Services (AWS) EC2 instances running Instance Metadata Service Version 1 (IDMSv1), an older and less secure method for retrieving metadata that also can affect any cloud provider using it.</p><p>That’s where the threat of SSRF comes in. Users can use the MarkItDown MCP to query the instance metadata a system, but in some circumstances, they also can obtain credentials for the instance, giving them access of AWS account data like secret keys.</p><p>“Depending on the level of access the EC2 role has, this could lead to full admin access of the AWS account,” he wrote. “If the user has configured this MCP server on HTTP, the metadata can be queried from a remote server.”</p><h3>The ‘Iceberg Problem’</h3><p>The vulnerability shows how traditional security focuses on prompts – what agents are asked to do, Onwukwe wrote. However, the real risk is in what the AI agent does when it runs. Focusing on the request layer means that security teams are missing what MCP servers do, from fetching URLs and reading files to executing code and accessing data.</p><p>“This is the iceberg problem,” he said. “Gateways see tool requests – the tip. But the real exposure is below the waterline: the runtime layer where agents access internal resources, exfiltrate data, and escalate privileges. That’s where this vulnerability lives. And that’s where the next hundred vulnerabilities will live, too.”</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/anthropic-microsoft-mcp-server-flaws-shine-a-light-on-ai-security-risks/" data-a2a-title="Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fanthropic-microsoft-mcp-server-flaws-shine-a-light-on-ai-security-risks%2F&amp;linkname=Anthropic%2C%20Microsoft%20MCP%20Server%20Flaws%20Shine%20a%20Light%20on%20AI%20Security%20Risks" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fanthropic-microsoft-mcp-server-flaws-shine-a-light-on-ai-security-risks%2F&amp;linkname=Anthropic%2C%20Microsoft%20MCP%20Server%20Flaws%20Shine%20a%20Light%20on%20AI%20Security%20Risks" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fanthropic-microsoft-mcp-server-flaws-shine-a-light-on-ai-security-risks%2F&amp;linkname=Anthropic%2C%20Microsoft%20MCP%20Server%20Flaws%20Shine%20a%20Light%20on%20AI%20Security%20Risks" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fanthropic-microsoft-mcp-server-flaws-shine-a-light-on-ai-security-risks%2F&amp;linkname=Anthropic%2C%20Microsoft%20MCP%20Server%20Flaws%20Shine%20a%20Light%20on%20AI%20Security%20Risks" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fanthropic-microsoft-mcp-server-flaws-shine-a-light-on-ai-security-risks%2F&amp;linkname=Anthropic%2C%20Microsoft%20MCP%20Server%20Flaws%20Shine%20a%20Light%20on%20AI%20Security%20Risks" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<h2>The SAML Service Provider Dilemma in B2B</h2><p>Ever tried explaining to a board why your "enterprise-ready" SaaS is stuck in a 6-month sales cycle because of a login button? It’s usually because big clients don't want more passwords—they want saml.</p><p>Building a service provider (SP) isn't just about the code; it’s about navigating the trust relationship between your app and their identity provider (idp). According to <a href="https://www.houseblend.io/articles/netsuite-login-authentication-guide">NetSuite</a>, companies like theirs use saml 2.0 to let employees jump into complex systems without a separate password, which is basically the gold standard for security now.</p><ul> <li><strong>The Trust Gap</strong>: You have to prove to their system that your app is legit using metadata and certificates. It’s a literal handshake.</li> <li><strong>Build vs Buy</strong>: You could spend months wrestling with XML signatures and replay attacks. To stop replays, your SP needs to track the unique 'ID' attribute of every assertion in a cache—if you see the same ID twice, someone is trying to spoof a session.</li> <li><strong>Industry Stakes</strong>: In sectors like finance or tech, these secure pipelines are mandatory to handle sensitive data across distributed systems.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/6853a4a8a2796a91bb994a76/687e6d61f6fe799d28851eff/architecting-enterprise-saml-service-provider-guide/mermaid-diagram-1.svg" alt="Diagram 1"><br> <em>Diagram 1 shows the high-level handshake where the user is redirected from your app to the IdP and back again.</em></p><p>I once saw a dev team at a retail firm lose a massive contract because their saml implementation couldn't handle "IdP-initiated" flows. Most devs build "SP-initiated" flows where the user clicks "Login" on <em>your</em> site. But in IdP-initiated flows, the user clicks an icon on their Okta or Azure dashboard and gets sent to your app without asking. It’s risky because there is no <code>InResponseTo</code> ID to verify, so you gotta be extra careful about validating the recipient and the timestamp.</p><p>Anyway, next we’ll look at the actual xml bits that make this work.</p><h2>Anatomy of a Secure SAML Handshake</h2><p>So, you’ve got the high-level flow down, but now we gotta look at the actual "guts" of the saml response. It’s mostly just a big pile of xml, but if you don't parse it right, you're basically leaving the door unlocked for any ai or script kiddie to walk right in.</p><p>First off, your app (the SP) sends an <code>AuthnRequest</code>. You need to make sure this is structured perfectly. At a minimum, you need an <code>Issuer</code> (your EntityID) and an <code>AssertionConsumerServiceURL</code> (where the idp sends the user back to). </p><pre><code class="language-xml">&lt;samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_123" Version="2.0" IssueInstant="2023-10-01T12:00:00Z" AssertionConsumerServiceURL="https://yourapp.com/saml/callback"&gt; &lt;saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"&gt;your-entity-id&lt;/saml:Issuer&gt; &lt;/samlp:AuthnRequest&gt; </code></pre><p>Once the idp does its thing, it sends back a <code>SAMLResponse</code>. This is where the real work happens.</p><ul> <li><strong>Signature Validation</strong>: This is non-negotiable. You have to check the digital signature against the public certificate you got during setup. </li> <li><strong>Handling Clock Skew</strong>: Systems are never perfectly in sync. Most libraries let you set a "clock skew" (usually 60-120 seconds) so you don't reject a legit login just because your server's clock is a hair fast.</li> <li><strong>Assertion Wrapping Attacks</strong>: This is a nasty one. Attackers sometimes nest a fake assertion inside a real, signed one. Always make sure your parser is looking at the <em>signed</em> part of the tree.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/6853a4a8a2796a91bb994a76/687e6d61f6fe799d28851eff/architecting-enterprise-saml-service-provider-guide/mermaid-diagram-2.svg" alt="Diagram 2"><br> <em>Diagram 2 illustrates the internal XML structure, highlighting where the digital signature sits within the assertion.</em></p><p>Most devs use a library like <code>passport-saml</code> because writing xml signatures from scratch is a special kind of hell. Here is how you actually inject that public key into your middleware:</p><pre><code class="language-javascript">const samlStrategy = new SamlStrategy({ path: '/login/callback', entryPoint: 'https://idp.com/saml2', issuer: 'your-app-entity-id', // THIS IS THE KEY: The IdP's public cert goes here to verify signatures cert: 'MIIDdTCCAl2gAwIBAgIJAL7...', }, (profile, done) =&gt; { return done(null, profile); }); // Extracting attributes after verification app.post('/saml/callback', (req, res) =&gt; { const profile = req.user; const email = profile['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress']; if (!db.users.find(email)) { db.users.create({ email, role: profile.role || 'viewer' }); } res.redirect('/dashboard'); }); </code></pre><p>Before you can even run that code, you have to do a "Metadata Exchange." This is just an XML file you swap with the client that contains your public keys and endpoints. It’s the "pre-game" handshake. To make this easier, many people use tools to automate the exchange.</p><h2>Scaling SSO with SSOJet</h2><p>Man, wrestling with saml is a headache nobody needs. Once you've got the xml basics, the real nightmare is scaling it across fifty different clients who all use different idps.</p><p>That's where offloading the heavy lifting to an api makes sense. Instead of writing custom logic for every new b2b customer, you can use a platform like <a href="https://ssojet.com/">SSOJet</a> to handle the mess.</p><ul> <li><strong>Unified directory sync</strong>: It keeps your user list in sync with their system automatically.</li> <li><strong>Pre-built flows</strong>: You get saml and oidc ready to go, so onboarding takes minutes, not weeks.</li> <li><strong>Fail-safe logins</strong>: If their sso goes down, magic links keep people from being locked out.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/6853a4a8a2796a91bb994a76/687e6d61f6fe799d28851eff/architecting-enterprise-saml-service-provider-guide/mermaid-diagram-3.svg" alt="Diagram 3"><br> <em>Diagram 3 shows how an intermediary API simplifies the connection between multiple IdPs and your single application.</em></p><p>Honestly, i've seen teams save months of dev time just by not building this from scratch. It lets you focus on your actual product. Next, we'll wrap things up with some best practices for keeping the whole system secure.</p><h2>DevOps and Security Best Practices</h2><p>Implementing saml isn't a "set it and forget it" kind of deal. If you don't stay on top of your metadata and certs, your users are gonna have a bad time when their session suddenly dies on a tuesday morning.</p><ul> <li><strong>Automate Cert Rotation</strong>: You should really be pulling metadata dynamically from the idp's metadata url. This lets your sp pick up new certificates before the old ones expire.</li> <li><strong>Monitoring is Key</strong>: Set up alerts for failed saml parses. If you see a spike in "Destination mismatch" errors, it usually means a client changed their entity id on the fly. </li> <li><strong>Enforce Encryption</strong>: If you're handling sensitive stuff, don't just sign the assertion; encrypt it. This keeps PII (Personally Identifiable Information) away from prying eyes.</li> <li><strong>Log Responsibly</strong>: You need logs for compliance, but for the love of god, don't log the raw saml xml if it contains PII or session tokens. SAML is great because you never see the user's password, but the XML still has enough info to be dangerous if it leaks.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/6853a4a8a2796a91bb994a76/687e6d61f6fe799d28851eff/architecting-enterprise-saml-service-provider-guide/mermaid-diagram-4.svg" alt="Diagram 4"><br> <em>Diagram 4 outlines the lifecycle of a certificate and the automated rotation process.</em></p><p>As mentioned earlier when we looked at how SSOJet handles the mess, the goal is to get out of the xml business and back to building features. Honestly, unless you're a glutton for punishment, don't roll your own security logic for every b2b client. Keep it simple, keep it automated, and you'll actually get some sleep.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/architecting-the-enterprise-saml-handshake-a-ctos-guide-to-service-provider-implementation/" data-a2a-title="Architecting the Enterprise SAML Handshake: A CTOs Guide to Service Provider Implementation"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Farchitecting-the-enterprise-saml-handshake-a-ctos-guide-to-service-provider-implementation%2F&amp;linkname=Architecting%20the%20Enterprise%20SAML%20Handshake%3A%20A%20CTOs%20Guide%20to%20Service%20Provider%20Implementation" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Farchitecting-the-enterprise-saml-handshake-a-ctos-guide-to-service-provider-implementation%2F&amp;linkname=Architecting%20the%20Enterprise%20SAML%20Handshake%3A%20A%20CTOs%20Guide%20to%20Service%20Provider%20Implementation" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Farchitecting-the-enterprise-saml-handshake-a-ctos-guide-to-service-provider-implementation%2F&amp;linkname=Architecting%20the%20Enterprise%20SAML%20Handshake%3A%20A%20CTOs%20Guide%20to%20Service%20Provider%20Implementation" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Farchitecting-the-enterprise-saml-handshake-a-ctos-guide-to-service-provider-implementation%2F&amp;linkname=Architecting%20the%20Enterprise%20SAML%20Handshake%3A%20A%20CTOs%20Guide%20to%20Service%20Provider%20Implementation" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Farchitecting-the-enterprise-saml-handshake-a-ctos-guide-to-service-provider-implementation%2F&amp;linkname=Architecting%20the%20Enterprise%20SAML%20Handshake%3A%20A%20CTOs%20Guide%20to%20Service%20Provider%20Implementation" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://ssojet.com/blog">SSOJet - Enterprise SSO &amp;amp; Identity Solutions</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by SSOJet - Enterprise SSO &amp; Identity Solutions">SSOJet - Enterprise SSO &amp; Identity Solutions</a>. Read the original post at: <a href="https://ssojet.com/blog/architecting-enterprise-saml-service-provider-guide">https://ssojet.com/blog/architecting-enterprise-saml-service-provider-guide</a> </p>

<h2>How Can AI Revolutionize Compliance Management?</h2><p>Are you leveraging AI technologies to optimize compliance management in your organization? Where compliance requirements continue to grow more complex across industries, the integration of Artificial Intelligence (AI) into compliance management is becoming increasingly essential. The call for efficient compliance management resonates especially with organizations operating in sectors such as financial services, healthcare, and technology, where regulatory obligations are dynamic and crucial.</p><h3>Understanding the Role of Non-Human Identities in Compliance</h3><p>Managing Non-Human Identities (NHIs) is pivotal. NHIs—comprised of machine identities with unique “secrets” like encrypted passwords or tokens—play a critical role in facilitating secure transactions across digital platforms. These identities are akin to tourists with visas, requiring both identity validation (the “passport”) and access permissions granted by systems (the “visa”).</p><p>Masterfully managing these NHIs contributes significantly to robust compliance management, particularly in cloud-based environments. Proper management involves securing NHIs throughout their entire lifecycle, from discovery to risk mitigation. By doing so, organizations can ensure comprehensive compliance with relevant standards and regulations, helping to minimize breaches while safeguarding sensitive data.</p><h3>Challenges and Innovations in AI Compliance Management</h3><p>AI-powered compliance management systems are redefining how organizations handle vast quantities of compliance data. These systems are particularly beneficial in addressing several challenges:</p><ul> <li><strong>Data Overload:</strong> The sheer volume of compliance data can be overwhelming. AI helps to streamline this data, identifying patterns and inconsistencies automatically.</li> <li><strong>Dynamic Regulations:</strong> Regulations evolve rapidly, and AI’s ability to adapt makes it essential for staying ahead of compliance requirements.</li> <li><strong>Complexity and Integration:</strong> Integrating AI with existing systems, such as NHIs, allows for seamless compliance monitoring across multiple platforms.</li> </ul><p>Indeed, AI can transform compliance management into a proactive rather than a reactive exercise, reducing the likelihood of errors and potential regulatory fines.</p><h3>Effective Strategies for Securing Cloud Environments</h3><p>Organizations increasingly rely on cloud platforms, making cloud security management a priority. AI compliance management solutions are instrumental, offering insights into access management, governance, and threat detection:</p><p>– <strong>Reduced Risk:</strong> Proactive identification of potential security threats is crucial. AI systems can preemptively detect and mitigate risks before they escalate.</p><p>– <strong>Improved Compliance:</strong> AI provides a systematic approach to policy enforcement, ensuring adherence to regulations and generating comprehensive audit trails.</p><p>– <strong>Enhanced Visibility and Control:</strong> AI platforms offer a centralized view of NHIs and their permissions, enabling better governance.</p><p>For those looking to delve deeper into managing AI-related security, it may be insightful to explore <a href="https://entro.security/blog/keeping-security-in-stride-why-we-built-entros-third-pillar-for-agentic-ai/">Entro’s third pillar for Agentic AI</a> and <a href="https://entro.security/blog/agentic-ai-owasp-research/">OWASP research on Agentic AI</a>.</p><h3>The Business Case for AI in Compliance Management</h3><p>Adopting AI into compliance strategies not only enhances security but also yields tangible business benefits:</p><p>– <strong>Increased Efficiency:</strong> By automating routine compliance tasks, AI allows security teams to engage in more strategic initiatives that drive organizational growth.</p><p>– <strong>Cost Savings:</strong> Automation reduces the need for extensive manual monitoring, thus decreasing operational costs. AI systems can handle tasks such as secrets rotation and NHIs decommissioning autonomously.</p><p>In addition to these advantages, embracing AI technologies also paves the way for companies to meet stricter regulatory standards while maintaining operational agility. For those keen on understanding compliance in various ecosystems, resources like the Essential Guide to Partner Program Compliance are invaluable.</p><h3>A Glimpse into the Future: AI and Cloud Compliance</h3><p>When organizations continue to migrate to the cloud, AI compliance management becomes not just beneficial but essential. The future holds vast potential for AI technologies to further influence how companies manage compliance efficiently, ensuring that they can not only meet current standards but also adapt swiftly to emerging regulations.</p><p>For those interested in exploring how AI identity governance can be advanced further, <a href="https://entro.security/blog/microsoft-agent-365-pushes-ai-identity-forward-but-enterprise-agents-still-need-cross-environment-governance/">explore insights on cross-environment governance for enterprise agents</a>.</p><p>AI compliance management is undoubtedly a game-changer, positioning organizations to handle compliance with greater accuracy, agility, and foresight. With digital continues to evolve, the strategic incorporation of AI into compliance efforts will be a cornerstone of robust and secure business operations.</p><h3>Simplifying Compliance with Artificial Intelligence and NHI Management</h3><p>Have you ever considered how artificial intelligence paired with Non-Human Identity (NHI) management can streamline compliance processes in your organization? Leveraging these technologies can significantly ease the burden of regulatory conformity across multiple industries. The strategic implementation of AI aids in deciphering complex regulatory language and applying it to real-world business contexts, ensuring that compliance doesn’t remain merely a checkbox exercise but becomes integral to operations.</p><p>Proper management of NHIs is integral to this process. By overseeing machine identities through their lifecycle—from discovery, validation, classification, to remediation—organizations not only fulfill compliance requirements but also bolster data breach defenses. This connectivity ensures robust access controls, benefiting sectors such as healthcare with its stringent patient confidentiality laws, or finance, where safeguarding sensitive transactional data is non-negotiable.</p><p>AI’s ability to adapt to dynamics in NHI enhances compliance adherence. Where regulations change or expand, AI effortlessly recalibrates parameters, accommodating new guidelines with minimal human intervention. For an in-depth analysis of non-compliance risks, especially with non-human identities, you might consider reviewing how <a href="https://entro.security/blog/the-compliance-black-hole-how-non-human-identities-break-the-rules/">NHIs can break the rules of compliance</a>.</p><h3>Data Insights and Proactive Measures in Cybersecurity</h3><p>What role do data-driven insights play in reinforcing the security framework of an organization? By leveraging AI’s analytical prowess, organizations can mine crucial insights from vast data sets, aiding compliance and driving security effectiveness. This proactive approach helps in identifying potential security drift before it evolves into a breach.</p><p>On a practical level, AI technologies examine activity logs and machine communication patterns to reveal anomalies or inconsistencies that could go unnoticed in manual monitoring systems. By interpreting these patterns, organizations can preempt and neutralize threats, ensuring that compliance standards are consistently met.</p><p>Organizations are thereby positioned to transition from reactive to ballistic threat response strategies, where potential vulnerabilities are addressed proactively. With AI’s real-time capabilities, systems remain agile, maintaining compliance even amidst unanticipated changes in regulation or internal policy. A deeper understanding of these security measures can be gained from exploring <a href="https://entro.security/blog/practical-takeaways-from-the-owasp-securing-agentic-apps-guide/">practical insights from the OWASP Guide</a>.</p><h3>AI in Cross-Industry Compliance</h3><p>How can AI manage the growing intricacies of cross-industry compliance? Specific industries, each with its regulatory challenges, benefit from AI’s cross-compatibility, offering a universal approach to managing compliance.</p><p>In financial services, the automation of compliance checks and report generation through AI can drastically cut response times, improving overall efficiency and responsiveness to auditors. Healthcare, on the other hand, can leverage AI for tracking and safeguarding patient information, thus adhering to demanding privacy regulations.</p><p>The technology sector benefits extensively from AI when managing large volumes of data and ensuring compliance with international privacy laws such as GDPR or CCPA. For those navigating these regulatory waters, additional resources can be explored through <a href="https://uhurasolutions.com/riskregulatoryandcompliance/" rel="noopener">risk management strategies</a>.</p><p>NHIs, with their precise role delineation and strict credentialing measures, are invaluable for automating critical compliance tasks in DevOps and SOC teams. These groups focus on operational excellence without sidestepping compliance mandates.</p><h3>Optimizing Efficiency Through Automated Compliance Monitoring</h3><p>Are you tapping into the potential of automated compliance monitoring to optimize your organizational processes? AI infuses efficiency into compliance workflows by minimizing human error and reducing the time required to execute complex initiatives.</p><p>AI systems simplify compliance management by continually learning from past data to optimize future strategies. Organizations can then assess and refine processes, such as secrets rotation or NHI decommissioning, without disrupting internal workflows. This operational shift frees up resources, allowing teams to focus on strategic objectives that confer competitive advantages.</p><p>Moreover, automated systems effortlessly handle the drudgery associated with tracking and documenting compliance statuses, making regulatory audits less burdensome. AI also enhances audit readiness, facilitating robust audit trails dynamically updated in response to security breaches or policy updates.</p><p>For insights into automated compliance monitoring processes or evaluating your current standing regarding NHI and secrets management, it might be helpful to consult reports like the <a href="https://entro.security/blog/takeaways-nhi-secrets-risk-report/">NHI secrets risk report</a>.</p><h3>Ensuring Compliance Through Strategic AI Adoption</h3><p>Have you recognized the strategic impact AI adoption has on elevating compliance measures within your organization? By embracing AI as a cornerstone of your compliance strategy, you can seize numerous benefits, including operational efficiency, enhanced security, and cost reductions.</p><p>The sustained integration of AI in compliance frameworks does not only resolve existing challenges but also creates avenues for continuous improvement and capability expansion. Organizations globally aspire to refine their operational frameworks through innovative AI applications, ensuring comprehensive security, improved regulatory responsiveness, and an enduring competitive stance.</p><p>These implementations now form the basis of sophisticated compliance strategies that deliver multifaceted benefits, effectively transforming compliance into a self-sustaining component of broader security infrastructure. By maintaining vigilance and evolving alongside industry practice, organizations can ensure alignment with both current and future regulatory.</p><p>For those interested in advancing AI in compliance, a valuable resource might be exploring how <a href="https://fintech.global/2025/11/20/brighter-super-boosts-compliance-with-napier-ai/" rel="noopener">AI tools bolster compliance in finance</a>.</p><p>The post <a href="https://entro.security/can-ai-manage-compliance-requirements-efficiently/">Can AI manage compliance requirements efficiently?</a> appeared first on <a href="https://entro.security/">Entro</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/can-ai-manage-compliance-requirements-efficiently/" data-a2a-title="Can AI manage compliance requirements efficiently?"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fcan-ai-manage-compliance-requirements-efficiently%2F&amp;linkname=Can%20AI%20manage%20compliance%20requirements%20efficiently%3F" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fcan-ai-manage-compliance-requirements-efficiently%2F&amp;linkname=Can%20AI%20manage%20compliance%20requirements%20efficiently%3F" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fcan-ai-manage-compliance-requirements-efficiently%2F&amp;linkname=Can%20AI%20manage%20compliance%20requirements%20efficiently%3F" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fcan-ai-manage-compliance-requirements-efficiently%2F&amp;linkname=Can%20AI%20manage%20compliance%20requirements%20efficiently%3F" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fcan-ai-manage-compliance-requirements-efficiently%2F&amp;linkname=Can%20AI%20manage%20compliance%20requirements%20efficiently%3F" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://entro.security/">Entro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alison Mack">Alison Mack</a>. Read the original post at: <a href="https://entro.security/can-ai-manage-compliance-requirements-efficiently/">https://entro.security/can-ai-manage-compliance-requirements-efficiently/</a> </p>

<p><span style="font-weight: 400;">I’ve been around technology a long time. Long enough to know when something smells like crap. Long enough to know that when bad actors find an opening, they don’t knock — they walk right in and make themselves comfortable.</span></p><p><span style="font-weight: 400;">Yesterday afternoon, I found out someone opened an Instagram account impersonating me.</span></p><p><span style="font-weight: 400;">Not kind of impersonating me. Not a fan account. A straight-up imposter using the handle shimel.alan. That is not my Instagram name. Not even close. Brand new account. Zero history. Zero content. But already following about 85 people who follow me, and — here’s the part that should make everyone pause — 10 of those people followed the fake account back.</span></p><p><span style="font-weight: 400;">That’s how this starts. Quiet. Clean. No obvious red flags. No spam posts yet. Just enough credibility to slip through the cracks.</span></p><p><span style="font-weight: 400;">And before anyone says, “Well, nothing bad happened yet,” let me stop you right there. This is exactly how scams, social engineering, and identity abuse get traction. You don’t wait until the damage is done to call it a problem. If you do, you’ve already lost.</span></p><p><span style="font-weight: 400;">I did what any responsible, cyber-savvy person would do. I reached out directly to the ten people who followed the imposter and told them what was going on. Asked them to unfollow and block the account. I messaged the imposter themselves to let them know I was onto them and taking action. I posted a warning on my real Instagram account so my followers wouldn’t get fooled.</span></p><p><span style="font-weight: 400;">So far, the fake account hasn’t posted anything. I’m watching it like a hawk. But that’s not the point.</span></p><p><span style="font-weight: 400;">The point is what happened next — and this is where my blood really starts to boil.</span></p><p><span style="font-weight: 400;">I did what Meta tells us to do. I hit the Report button. I followed their flow. Click, click, click — straight into AI support hell.</span></p><p><span style="font-weight: 400;">Why are you reporting this account?</span></p><p><span style="font-weight: 400;">➡️ Impersonation.</span></p><p><span style="font-weight: 400;">Who is being impersonated?</span></p><p><span style="font-weight: 400;">➡️ Me.</span></p><p><span style="font-weight: 400;">What is the nature of the impersonation?</span></p><p><span style="font-weight: 400;">➡️ Scam.</span></p><p><span style="font-weight: 400;">Clear enough, right? Open and shut. Real person. Real name. Real account. Fake account copying it.</span></p><p><span style="font-weight: 400;">Fifteen minutes later — maybe less — I got the response.</span></p><p><span style="font-weight: 400;">No violation of community standards.</span></p><p><span style="font-weight: 400;">Nothing they could do.</span></p><p><span style="font-weight: 400;">That was it.</span></p><p><span style="font-weight: 400;">No appeal.</span></p><p><span style="font-weight: 400;">No escalation.</span></p><p><span style="font-weight: 400;">No way to talk to a human.</span></p><p><span style="font-weight: 400;">No request for verification.</span></p><p><span style="font-weight: 400;">No “we’re investigating.”</span></p><p><span style="font-weight: 400;">Just a cheery little follow-up with links suggesting I contact a suicide crisis hotline, reach out to a friend to talk about my feelings, or read more about Meta’s community standards.</span></p><p><span style="font-weight: 400;">I wish I were making that up.</span></p><p><span style="font-weight: 400;">That response tells you everything you need to know about Meta’s priorities — and none of it is good.</span></p><p><span style="font-weight: 400;">Let me be very clear: If Meta’s systems can’t identify an obvious impersonation of a real, verifiable person, then Meta is not serious about security. Period. Full stop.</span></p><p><span style="font-weight: 400;">And before anyone says, “Well, the AI probably didn’t have enough signal,” spare me. This wasn’t some edge case. This wasn’t satire. This wasn’t a gray area. This was a brand-new account using my name to target my network. If that doesn’t trip alarms, the alarms are broken — or worse, intentionally ignored.</span></p><p><span style="font-weight: 400;">What really gets me is this: Meta wants all of us to trust their platforms with our identities, our networks, our reputations, and our livelihoods — but when something goes wrong, they shrug and point to a policy page.</span></p><p><span style="font-weight: 400;">That’s not security. That’s negligence wrapped in automation.</span></p><p><span style="font-weight: 400;">I consider myself cyber-savvy. I’ve covered security, DevOps, and infrastructure for decades. I know how attackers operate. I know the playbooks. And if this can happen to me — someone paying attention, someone who knows what to look for — it can happen to anyone.</span></p><p><span style="font-weight: 400;">Your parents.</span></p><p><span style="font-weight: 400;">Your kids.</span></p><p><span style="font-weight: 400;">Your colleagues.</span></p><p><span style="font-weight: 400;">Your customers.</span></p><p><span style="font-weight: 400;">And when it does, they’re going to get the same AI-generated brush-off I got.</span></p><p><span style="font-weight: 400;">Let’s talk about what Meta does care about.</span></p><p><span style="font-weight: 400;">They care about posting.</span></p><p><span style="font-weight: 400;">They care about engagement.</span></p><p><span style="font-weight: 400;">They care about ad impressions.</span></p><p><span style="font-weight: 400;">They care about growth metrics that they can brag about on earnings calls.</span></p><p><span style="font-weight: 400;">What they clearly don’t care about is impersonation until it becomes a PR problem. And by then, the damage is already done.</span></p><p><span style="font-weight: 400;">We hear horror stories all the time — people scammed out of money, reputations destroyed, accounts hijacked, trust eroded. We clutch our pearls and ask, “How does this keep happening?”</span></p><p><span style="font-weight: 400;">Here’s how: The platform owners treat impersonation as a content moderation inconvenience instead of a security threat.</span></p><p><span style="font-weight: 400;">Impersonation is a security issue.</span></p><p><span style="font-weight: 400;">It is fraud enablement.</span></p><p><span style="font-weight: 400;">It is social engineering infrastructure.</span></p><p><span style="font-weight: 400;">And Meta’s current process actively enables it.</span></p><p><span style="font-weight: 400;">I’ve now had several other people report the fake account as well. Let’s see if volume does what common sense wouldn’t. But that’s not a system — that’s a lottery.</span></p><p><span style="font-weight: 400;">If anyone reading this works in Instagram or Facebook security, I could use your help. Seriously. Because right now, the official path is a dead end.</span></p><p><span style="font-weight: 400;">And Meta? Maybe take one of those massive AI data centers you love to hype and dedicate it to protecting real people from real harm. Because experience has shown me this: if you’re not serious about protecting my identity, you’re not serious about protecting anyone’s.</span></p><p><span style="font-weight: 400;">Not mine.</span></p><p><span style="font-weight: 400;">Not yours.</span></p><p><span style="font-weight: 400;">Not security. Period.</span></p><p><span style="font-weight: 400;">Shame on you, Meta.</span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/someone-is-impersonating-me-on-instagram-and-meta-doesnt-give-a-sht/" data-a2a-title="Someone Is Impersonating Me on Instagram — and Meta Doesn’t Give a Sh*t"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fsomeone-is-impersonating-me-on-instagram-and-meta-doesnt-give-a-sht%2F&amp;linkname=Someone%20Is%20Impersonating%20Me%20on%20Instagram%20%E2%80%94%20and%20Meta%20Doesn%E2%80%99t%20Give%20a%20Sh%2At" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fsomeone-is-impersonating-me-on-instagram-and-meta-doesnt-give-a-sht%2F&amp;linkname=Someone%20Is%20Impersonating%20Me%20on%20Instagram%20%E2%80%94%20and%20Meta%20Doesn%E2%80%99t%20Give%20a%20Sh%2At" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fsomeone-is-impersonating-me-on-instagram-and-meta-doesnt-give-a-sht%2F&amp;linkname=Someone%20Is%20Impersonating%20Me%20on%20Instagram%20%E2%80%94%20and%20Meta%20Doesn%E2%80%99t%20Give%20a%20Sh%2At" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fsomeone-is-impersonating-me-on-instagram-and-meta-doesnt-give-a-sht%2F&amp;linkname=Someone%20Is%20Impersonating%20Me%20on%20Instagram%20%E2%80%94%20and%20Meta%20Doesn%E2%80%99t%20Give%20a%20Sh%2At" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fsomeone-is-impersonating-me-on-instagram-and-meta-doesnt-give-a-sht%2F&amp;linkname=Someone%20Is%20Impersonating%20Me%20on%20Instagram%20%E2%80%94%20and%20Meta%20Doesn%E2%80%99t%20Give%20a%20Sh%2At" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<h2>The Enterprise Paradox: Why we still use XML in 2025</h2><p>It's 2025 and we are still arguing about xml tags while the rest of the world has moved on to json and sleek oidc flows. You'd think a tech stack from the early 2000s would be dead by now, but in the world of enterprise identity, saml is basically the cockroach that won't quit.</p><p>Honestly, it’s a weird paradox. We love to complain about how "heavy" or "verbose" saml feels compared to modern stuff, yet it remains the undisputed king of the b2b world. Why? Because when a ceo at a massive bank or a healthcare giant signs a contract, they don't care about your "modern" api-first approach—they care about their existing okta or microsoft entra id (formerly azure ad) setups.</p><p>The reality is that enterprise readiness isn't about using the newest shiny tool; it's about meeting the customer where they actually live. Here is why we're still stuck with xml:</p><ul> <li><strong>The Procurement Wall</strong>: If you're trying to sell to a fortune 500 company and you don't support saml, you aren't getting past the security review. It’s a "check the box" requirement that literally kills deals before they start.</li> <li><strong>Battle-Tested Stability</strong>: According to OneLogin, saml was built specifically to solve cross-domain authentication issues that older cookie-based sso just couldn't handle. It’s been poked and prodded for two decades. </li> <li><strong>Attribute Mapping Power</strong>: Enterprises need to pass more than just a username. They’re sending roles, departments, and cost centers. saml assertions are like a "sealed envelope" of data that handles this complexity better than a basic jwt often does.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/6853a4a8a2796a91bb994a76/687e6d61f6fe799d28851eff/architecting-enterprise-readiness-saml-b2b-auth/mermaid-diagram-1.svg" alt="Diagram 1"></p><p>I've seen this play out in everything from retail to finance. A large hospital system won't just "trust" your new app; they want to externalize authentication to their own idp so they can kill access the second a doctor leaves the practice. As Descope points out, this removes the burden of password management from the app developer entirely.</p><blockquote> <p>While some older reports had wilder numbers, current market data suggests the broader Identity and Access Management market—which saml dominates for enterprise—is growing steadily at a CAGR of around 13%, proving this "legacy" tech isn't going anywhere.</p> </blockquote><p>But saml isn't just about logging in—it's about the trust handshake that happens behind the scenes. Next, we'll look at how that actually works under the hood.</p><h2>Deconstructing the SAML 2.0 Handshake</h2><p>Ever wonder why your browser does a weird little dance of redirects when you click "Login with SSO"? It’s basically a high-stakes handshake where three different parties have to agree on who you are without actually sharing your password.</p><p>In the saml world, we talk about the Identity Provider (IdP) and the Service Provider (sp). But the real unsung hero is the <strong>User Agent</strong>—aka your browser. </p><ul> <li><strong>The Browser as the Mule</strong>: Unlike modern oidc flows where servers might talk directly, the actual <em>authentication flow</em> in saml is almost entirely indirect. The sp and IdP never actually speak to each other during the login. Instead, they pass signed xml "notes" back and forth through your browser. </li> <li><strong>Deep Linking and relaystate</strong>: If a doctor in a healthcare system clicks a link to a specific patient record in a third-party app, they don't want to land on a generic dashboard after logging in. We use a parameter called <code>relaystate</code> to keep track of where the user was trying to go before the auth redirect interrupted them.</li> <li><strong>Security through Redirection</strong>: Because the sp never sees the user's credentials, the attack surface is tiny. The user types their password into their own corporate IdP (like Okta or Microsoft Entra ID), and the sp just waits for a signed "thumbs up."</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/6853a4a8a2796a91bb994a76/687e6d61f6fe799d28851eff/architecting-enterprise-readiness-saml-b2b-auth/mermaid-diagram-2.svg" alt="Diagram 2"></p><p>When that xml finally hits your endpoint, it’s a big, messy envelope. According to WorkOS, saml is built on xml, which makes it more verbose than json, but that "heaviness" is what allows it to carry so much metadata.</p><p>Inside, you’ll find <strong>Assertions</strong>. These are statements from the IdP saying, "I know this guy, he's an admin, and he's in the Finance department." </p><ol> <li><strong>Authentication Statements</strong>: These prove the user actually logged in and tell you <em>how</em> (e.g., did they use mfa?).</li> <li><strong>Attribute Statements</strong>: This is where the gold is. You get the email, roles, and maybe a cost center. It’s why enterprise provisioning feels so seamless.</li> <li><strong>The X.509 Signature</strong>: This is the most common place where devs mess up. You have to validate the signature using the IdP's public certificate.</li> </ol><blockquote> <p><strong>Watch out for Assertion Wrapping</strong>: This is a nasty attack where a hacker injects malicious xml nodes into the message. If your parser is weak, it might get confused and read the fake "admin" node instead of the real, signed content. This is why we use battle-tested libraries—they're designed to ignore any unsigned junk and only trust the canonicalized, signed parts of the xml.</p> </blockquote><p>As Okta points out, the sp doesn't even know who the user is until that assertion comes back. It's a "trust but verify" model where the verification step is everything.</p><p>Honestly, if you're building this from scratch, just don't. Use a library. Handling xml namespaces and canonicalization manually is a great way to end up in a security post-mortem. </p><h2>SAML vs the World: Mapping the Auth Landscape</h2><p>So, you're looking at the auth landscape and wondering why we have multiple "standards" that don't always play nice together. It's easy to get confused when everything is just an acronym.</p><p>The technical differences are what really matter here. While oidc uses json web tokens (jwt) and relies on simple http headers, saml uses the heavy xml soap-style transport. This makes saml much better at carrying complex "federated" trust—where one organization trusts another's entire directory structure—whereas oidc is often more "chatty" and requires more back-and-forth server calls.</p><ul> <li><strong>Transport Layers</strong>: oidc is built for the modern web and mobile apps, using restful patterns. saml is more of a "document exchange" protocol.</li> <li><strong>Token Formats</strong>: saml assertions are way more flexible for deep metadata than a standard jwt, which can get bloated and slow if you cram too much in there.</li> <li><strong>The "OAuth is Auth" Myth</strong>: Don't fall for the trap of thinking oauth 2.0 is an authentication protocol. It's for <em>authorization</em>—giving a third-party app permission to access your data. OIDC is the identity layer that sits on top of it.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/6853a4a8a2796a91bb994a76/687e6d61f6fe799d28851eff/architecting-enterprise-readiness-saml-b2b-auth/mermaid-diagram-3.svg" alt="Diagram 3"></p><p>I've seen devs try to force oidc on a bank just because they hate xml, only to realize the bank's idp only speaks saml. It’s about technical compatibility with their existing infrastructure.</p><p>Next up, we’re going to look at the "Procurement Wall" and why your sales team is probably screaming for this integration right now.</p><h2>Scaling the Procurement Wall</h2><p>If you want to move from $50/month customers to $50,000/year contracts, you have to climb the procurement wall. This isn't just about code; it's about business requirements that the big guys won't budge on.</p><ul> <li><strong>Centralized Control</strong>: Large companies need to be able to turn off access for 500 apps at once when an employee leaves. If your app has its own password database, you're a security liability.</li> <li><strong>Compliance Boxes</strong>: Auditors for SOC2 or HIPAA often demand that all logins go through a central, audited gateway. saml is the standard way to prove you're doing this.</li> <li><strong>The "SSO Tax"</strong>: You've probably seen the websites that list which companies charge extra for sso. While controversial, it exists because enterprises are willing to pay for the security and management saml provides.</li> </ul><p>Building your own saml service from scratch to scale this wall is basically a rite of passage that nobody actually wants to go through. It starts with "how hard can xml be?" and ends with you crying over x.509 certificate rotation at 3 a.m. on a tuesday.</p><ul> <li><strong>Maintenance Hell</strong>: certificates expire, idp metadata changes without warning, and every new enterprise customer has a slightly different way of mapping "department" to "dept_name".</li> <li><strong>Centralizing complexity</strong>: instead of writing custom logic for every customer using okta or microsoft entra id, you should be looking at a single api-first integration.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/6853a4a8a2796a91bb994a76/687e6d61f6fe799d28851eff/architecting-enterprise-readiness-saml-b2b-auth/mermaid-diagram-4.svg" alt="Diagram 4"></p><p>If you're going to do this right, you need to think about what happens when things break. Because they will. I once saw a retail giant lose half their workforce's access because an admin accidentally deleted a public key.</p><ol> <li><strong>The Admin Backdoor</strong>: you absolutely need a "break-glass" login. Having a secret sign-in url that bypasses saml is a life saver when the idp goes down.</li> <li><strong>Automate or Die</strong>: don't let your support team copy-paste xml metadata files into your database. Use tools that allow customers to upload their own idp metadata.</li> <li><strong>Monitoring is key</strong>: watch your saml tokens for weirdness. If you see a sudden spike in failed assertions, it might not be a bug—it could be a credential stuffing attempt.</li> </ol><h2>Post-Implementation: Surviving the Security Audit</h2><p>So you finally got the saml flow working and the sales team is happy, but now the real fun starts. You've got a security audit coming up and some giant bank wants to know if your auth is actually "enterprise-grade" or just a pile of xml hacks.</p><p>First thing is mfa. Even if your app doesn't have a native mfa prompt, you should be enforcing it at the idp level. The beauty of saml is that you offload the "how" of auth to the customer. If they use hardware keys or biometrics, that's their business—you just need to make sure the assertion proves it happened.</p><ul> <li><strong>Auditing Assertions</strong>: Log everything. You should know exactly when a user logged in, which idp they used, and what attributes were passed. </li> <li><strong>The Logout Problem</strong>: saml logout is notoriously flaky. To do it right, you need <strong>SLO (Single Logout)</strong>. This requires a back-and-forth dance where the sp sends a request to the IdP, which then has to ping <em>every other</em> service the user is logged into to invalidate their sessions. It's so complex that many teams just skip it and use short session TTLs (Time To Live) instead.</li> <li><strong>Trust Establishment</strong>: While the login flow is indirect (via the browser), you should use a <strong>metadata url</strong> for configuration. This is a direct, out-of-band way for your server to fetch the latest keys from the IdP. It's much better than manual uploads because it handles key rotation automatically.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/6853a4a8a2796a91bb994a76/687e6d61f6fe799d28851eff/architecting-enterprise-readiness-saml-b2b-auth/mermaid-diagram-5.svg" alt="Diagram 5"></p><p>I've seen a healthcare provider fail an audit because they didn't rotate their public certificates. Don't be that guy. Use a metadata url that updates automatically so you don't have to manually swap keys at 2 am.</p><p>At the end of the day, saml is still winning the b2b war because it's the only language the big players speak fluently. It’s verbose, it’s old, but it works. Stick to the standards, don't hand-roll your xml, and you'll be fine.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/architecting-enterprise-readiness-why-saml-still-wins-the-b2b-auth-war/" data-a2a-title="Architecting Enterprise Readiness: Why SAML Still Wins the B2B Auth War"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Farchitecting-enterprise-readiness-why-saml-still-wins-the-b2b-auth-war%2F&amp;linkname=Architecting%20Enterprise%20Readiness%3A%20Why%20SAML%20Still%20Wins%20the%20B2B%20Auth%20War" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Farchitecting-enterprise-readiness-why-saml-still-wins-the-b2b-auth-war%2F&amp;linkname=Architecting%20Enterprise%20Readiness%3A%20Why%20SAML%20Still%20Wins%20the%20B2B%20Auth%20War" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Farchitecting-enterprise-readiness-why-saml-still-wins-the-b2b-auth-war%2F&amp;linkname=Architecting%20Enterprise%20Readiness%3A%20Why%20SAML%20Still%20Wins%20the%20B2B%20Auth%20War" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Farchitecting-enterprise-readiness-why-saml-still-wins-the-b2b-auth-war%2F&amp;linkname=Architecting%20Enterprise%20Readiness%3A%20Why%20SAML%20Still%20Wins%20the%20B2B%20Auth%20War" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Farchitecting-enterprise-readiness-why-saml-still-wins-the-b2b-auth-war%2F&amp;linkname=Architecting%20Enterprise%20Readiness%3A%20Why%20SAML%20Still%20Wins%20the%20B2B%20Auth%20War" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://ssojet.com/blog">SSOJet - Enterprise SSO &amp;amp; Identity Solutions</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by SSOJet - Enterprise SSO &amp; Identity Solutions">SSOJet - Enterprise SSO &amp; Identity Solutions</a>. Read the original post at: <a href="https://ssojet.com/blog/architecting-enterprise-readiness-saml-b2b-auth">https://ssojet.com/blog/architecting-enterprise-readiness-saml-b2b-auth</a> </p>

Coinbase has formed an independent advisory board to assess how advances in quantum computing could affect the cryptography used by major blockchain networks, including Bitcoin and Ethereum. In a We… [+3894 chars]

Allegion plc (NYSE:ALLE) is one of the stocks Jim Cramer talked about, along with market froth. During the lightning round, a caller asked about Cramers thoughts on the stock, and he replied: Thats … [+1534 chars]

As discussions surrounding the CLARITY Actoften referred to as the crypto market structure billcontinue in Washington, Kristin Smith, President of the Solana Policy Institute, has provided insights o… [+2973 chars]

This post contains affiliate links. OzBargain might earn commissions when you click through and make purchases. Please see this page for more information. Not as good as the last deal OUR MOST AFFO… [+1354 chars]

<div style="padding: 56.25% 0 0 0; position: relative;"><iframe style="position: absolute; top: 0; left: 0; width: 100%; height: 100%;" title="Amit Sheps on Managing Expanding Attack Surfaces in the Age of AI" src="https://player.vimeo.com/video/1155140528?badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479" frameborder="0"></iframe></div><p><script src="https://player.vimeo.com/api/player.js"></script></p><p>Amit Sheps, head of product marketing at CyCognito, discusses the growing challenges cybersecurity teams face as artificial intelligence accelerates the expansion of enterprise attack surfaces. He explains why visibility, continuous assessment, and proactive risk management are becoming essential in an AI-driven threat landscape.</p><p data-start="447" data-end="903">Sheps argues that most teams are still stuck in “vulnerability whack-a-mole” mode, chasing long lists that do not translate cleanly into actual risk. The practical problem is not a lack of tools, but a lack of visibility and context. If you cannot reliably enumerate internet-facing assets, understand ownership, and map what is truly reachable from the outside, then prioritization becomes guesswork and remediation turns into a noisy, never-ending queue.</p><p data-start="905" data-end="1424">A major focus is how security leaders can regain control by connecting external discovery with internal systems and workflows. The goal is a unified view that ties inventory, ticketing, and exposure findings together so teams can connect the dots, reduce duplicated effort, and focus on what is exploitable and business-relevant. Sheps emphasizes validation and reachability: what can an attacker actually see, touch, and chain into an impact, not what simply appears “critical” on a scanner report.</p><p data-start="1426" data-end="1804">AI shows up in two ways. First, it expands what must be secured, with new agents, MCP-style integrations, and rapid-fire deployments creating fresh entry points. Second, it can help practitioners move faster by assisting with investigation, triage, and data processing at scale, acting like a junior analyst that surfaces initial findings and patterns across logs and telemetry.</p><p data-start="1806" data-end="2319" data-is-last-node="" data-is-only-node="">Finally, Sheps tackles the executive conversation. He recommends framing exposure management in business terms, especially through compliance drivers and measurable operational impact, such as downtime, customer disruption, and revenue loss. The takeaway is straightforward: continuous assessment and proactive risk management are becoming table stakes, and the most effective teams will be the ones that can see their environment the way an adversary does and act on the small set of exposures that truly matter.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/why-ai-is-making-attack-surface-management-mandatory/" data-a2a-title="Why AI Is Making Attack Surface Management Mandatory"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhy-ai-is-making-attack-surface-management-mandatory%2F&amp;linkname=Why%20AI%20Is%20Making%20Attack%20Surface%20Management%20Mandatory" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhy-ai-is-making-attack-surface-management-mandatory%2F&amp;linkname=Why%20AI%20Is%20Making%20Attack%20Surface%20Management%20Mandatory" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhy-ai-is-making-attack-surface-management-mandatory%2F&amp;linkname=Why%20AI%20Is%20Making%20Attack%20Surface%20Management%20Mandatory" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhy-ai-is-making-attack-surface-management-mandatory%2F&amp;linkname=Why%20AI%20Is%20Making%20Attack%20Surface%20Management%20Mandatory" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhy-ai-is-making-attack-surface-management-mandatory%2F&amp;linkname=Why%20AI%20Is%20Making%20Attack%20Surface%20Management%20Mandatory" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<h2>What Role Do AI Secrets Play in Ensuring Cloud Security?</h2><p>Where digital threats loom larger than ever, how do organizations navigate complex cloud security? The answer lies in effectively managing AI secrets. This approach ensures that machine identities, an often overlooked aspect of cybersecurity, are adequately protected.</p><h3>Unveiling Non-Human Identities (NHIs)</h3><p>The cornerstone of modern cybersecurity is the management of Non-Human Identities (NHIs). NHIs refer to machine identities, crucial in regulating who or what has access to sensitive data and systems. They are composed of a “Secret”—an encrypted credential—and the permissions allowed by a server. To imagine this system, think of NHIs as tourists their “passport” (i.e., the secret) which grants them access or “visas” to various systems.</p><p>For organizations operating on the cloud, managing these secrets is vital. It prevents unauthorized access and ensures that only verified identities engage with sensitive data. The effective management of NHIs reduces the risk of breaches, upholding an organization’s integrity and trustworthiness.</p><h3>A Holistic Approach to NHI Management</h3><p>While many solutions provide partial security, a holistic approach to NHI management is more effective. This comprehensive strategy involves every lifecycle stage, from discovery to classification and threat detection to remediation.</p><p>This thorough process contrasts with standalone solutions like simple secret scanners, which, while beneficial, can’t provide the depth of protection needed. A platform designed for NHI management not only keeps secrets secure but also offers insights into permissions, usage patterns, and vulnerabilities. This enables organizations to make informed decisions and enhance security throughout.</p><h3>The Strategic Benefits of Effective Secrets Management</h3><p>Implementing robust secrets management practices delivers several key benefits:</p><ul> <li><strong>Reduced Risk:</strong> By proactively identifying and addressing security risks, organizations can significantly lower the probability of security breaches and data leaks.</li> <li><strong>Improved Compliance:</strong> Through policy enforcement and audit trails, organizations can meet regulatory requirements with more ease.</li> <li><strong>Increased Efficiency:</strong> Automation of NHI and secrets management allows security teams to focus on more strategic initiatives.</li> <li><strong>Enhanced Visibility and Control:</strong> A centralized view for access management and governance enhances control over sensitive systems.</li> <li><strong>Cost Savings:</strong> Automating secrets rotation and NHI decommissioning reduces operational costs.</li> </ul><p>For example, a decentralized organization may find that <a href="https://entro.security/blog/good-secrets-management-for-cutting-security-budget/">strong secrets management</a> can significantly cut security budgets by streamlining operations.</p><h3>Industry Relevance Across Sectors</h3><p>Effective NHI management is versatile, benefiting multiple sectors, including financial services, healthcare, travel, DevOps, and Security Operations Center (SOC) teams. Each of these industries handles sensitive information and requires rigorous security measures.</p><p>For instance, in financial services, protecting machine identities is critical to maintaining customer trust. Similarly, healthcare organizations must ensure that patient data remains confidential, meeting legal and ethical standards. Furthermore, DevOps teams can optimize workflows by securing machine interactions, fostering innovation without sacrificing security.</p><h3>Beyond Machine Identities: Addressing Real-world Challenges</h3><p>The challenge of managing NHIs extends beyond simple identity verification. Organizations must also consider the behavior of these machine identities within systems. Just as a tourist’s activities after entering a country can impact perceptions, so too can the behavior of NHIs.</p><p>Monitoring and managing these behaviors are crucial in preventing suspicious activities that could lead to data breaches. Security teams must have tools that provide context-aware security to recognize and mitigate potential threats swiftly.</p><p>In a discussion on <a href="https://www.reddit.com/r/devops/comments/10a7hmd/selfhosted_secrets_management_service/" rel="noopener">DevOps communities</a>, professionals often exchange tips for managing secrets, emphasizing the need for tools that offer both preventive and responsive measures.</p><h3>The Importance of Collaboration in Security</h3><p>Addressing the disconnect between security and R&amp;D teams is another vital aspect of effective NHI management. Collaboration between these teams can significantly enhance security strategies. The expertise of security professionals combined with the innovative approaches of R&amp;D can lead to comprehensive solutions that cover all potential security gaps.</p><p>For organizations invested in the cloud, ensuring that security strategies are aligned with development objectives is essential. This alignment can be difficult to achieve but is critical for creating an environment where NHIs are managed effectively.</p><p>It’s clear that secrets security is not just about protecting data but about integrating security at every level of an organization. As discussions on <a href="https://discuss.google.dev/t/secret-manager-with-abap-sdk-for-google-cloud/133736" rel="noopener">Google developer forums</a> indicate, leveraging the right tools can streamline this integration, allowing for more seamless operations.</p><p>In conclusion, managing AI secrets and NHIs effectively is not just about mitigating risk—it’s about fostering a culture of security awareness and responsibility. By focusing on holistic approaches, automation, and collaboration, organizations can safeguard their cloud environments and avoid the pitfalls of cybersecurity breaches.</p><h3>Adopting Best Practices in NHI Management</h3><p>Organizations must adopt robust best practices to effectively manage NHIs and their secrets. These encompass proper secret storage, timely rotation, and controlled access protocols. Utilizing secure credential stores, such as <a href="https://innovation.ebayinc.com/stories/kubernetes-secrets-a-secure-credential-store-for-jenkins/" rel="noopener">Kubernetes Secrets</a>, ensures that sensitive data is shielded from unauthorized access. Regular audits and continuous monitoring are essential to maintaining a secure perimeter.</p><p>To deepen security measures, integrating secrets as environmental variables can reduce the risk of exposure. The approach taken by leading tech infrastructures, discussed in platforms like <a href="https://docs.run.ai/v2.19/Researcher/best-practices/secrets-as-env-var-in-cli/" rel="noopener">Run:AI</a>, showcases the efficacy of this method. It’s critical for organizations to adopt these strategies early to embed security in their architecture fundamentally.</p><h3>The Role of Automation in Secrets Management</h3><p>Automation stands as a cornerstone. Tasks such as secrets generation, rotation, monitoring, and revocation can be streamlined through automation, saving time and reducing human error. This efficiency translates to fewer operational burdens on security teams, allowing them to focus their resources on more pressing security challenges.</p><p>For instance, automated systems can identify when a secret has been compromised and takes immediate action to rotate and invalidate affected credentials. This proactive approach not only upholds security standards but also aligns with industry best practices. Incorporating automated tools that utilize AI and machine learning for threat detection and response can significantly enhance an organization’s security posture.</p><h3>Aligning with Compliance Standards</h3><p>Where regulatory compliance is paramount, aligning NHI management strategies with international standards is essential. Compliance with guidelines such as GDPR, HIPAA, and others ensures organizations not only avoid hefty fines but also build trust with their stakeholders.</p><p>NHI management processes should include features that simplify the auditing process. This includes maintaining detailed logs of access and modifications to secrets, ensuring transparency and accountability. The availability of audit trails and compliance reporting tools helps organizations provide necessary documentation during regulatory inspections, positioning them favorably.</p><h3>Building a Culture of Cybersecurity Awareness</h3><p>A successful cybersecurity strategy involves more than technology—it’s about cultivating a culture of awareness and responsibility. Organizations must educate their workforce about the importance of NHIs and the potential repercussions of poor secrets management. Training initiatives should focus on both security personnel and general employees, highlighting best practices and common pitfalls in digital identity management.</p><p>Security is everyone’s responsibility, and fostering a collaborative culture among all teams, including R&amp;D, DevOps, and security, enhances resilience to cyber threats. This approach encourages accountability and vigilance, empowering staff to identify and respond to potential threats proactively.</p><h3>Future Outlook: Adaptive Security Solutions</h3><p>With technology continues to evolve, so too must security solutions. Organizations must be prepared to adapt their NHI and secrets management strategies to address emerging threats and leverage new opportunities. The focus should be on developing adaptive security frameworks that incorporate real-time threat intelligence and predictive analytics.</p><p>By employing advanced data analytics and AI-powered tools, organizations can better anticipate and mitigate risks before they manifest. This forward-thinking approach aligns with industry trends and provides companies with a competitive advantage.</p><p>Investing in research and collaboration with security experts can lead to innovative solutions that enhance overall security frameworks. It also enables organizations to navigate the complexities of cloud security successfully.</p><p>Mastering the art of secrets management and non-human identity management is crucial. Where organizations continue their digital transformation, maintaining secure cloud environments will be a defining factor in their longevity and success.</p><p>The post <a href="https://entro.security/how-do-ai-secrets-ensure-cloud-security/">How do AI secrets ensure cloud security?</a> appeared first on <a href="https://entro.security/">Entro</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/how-do-ai-secrets-ensure-cloud-security/" data-a2a-title="How do AI secrets ensure cloud security?"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fhow-do-ai-secrets-ensure-cloud-security%2F&amp;linkname=How%20do%20AI%20secrets%20ensure%20cloud%20security%3F" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fhow-do-ai-secrets-ensure-cloud-security%2F&amp;linkname=How%20do%20AI%20secrets%20ensure%20cloud%20security%3F" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fhow-do-ai-secrets-ensure-cloud-security%2F&amp;linkname=How%20do%20AI%20secrets%20ensure%20cloud%20security%3F" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fhow-do-ai-secrets-ensure-cloud-security%2F&amp;linkname=How%20do%20AI%20secrets%20ensure%20cloud%20security%3F" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fhow-do-ai-secrets-ensure-cloud-security%2F&amp;linkname=How%20do%20AI%20secrets%20ensure%20cloud%20security%3F" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://entro.security/">Entro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alison Mack">Alison Mack</a>. Read the original post at: <a href="https://entro.security/how-do-ai-secrets-ensure-cloud-security/">https://entro.security/how-do-ai-secrets-ensure-cloud-security/</a> </p>

<p>Imagine you work at a drive-through restaurant. Someone drives up and says: “I’ll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer.” Would you hand over the money? Of course not. Yet this is what <a href="https://spectrum.ieee.org/tag/large-language-models">large language models</a> (<a href="https://spectrum.ieee.org/tag/llms">LLMs</a>) do.</p><p><a href="https://www.ibm.com/think/topics/prompt-injection">Prompt injection</a> is a method of tricking LLMs into doing things they are normally prevented from doing. A user writes a prompt in a certain way, asking for system <a href="https://spectrum.ieee.org/tag/passwords">passwords</a> or private data, or asking the LLM to perform forbidden instructions. The precise phrasing overrides the LLM’s <a href="https://medium.com/data-science/safeguarding-llms-with-guardrails-4f5d9f57cff2">safety guardrails</a>, and it complies.</p><p>LLMs are vulnerable to <a href="https://fdzdev.medium.com/20-prompt-injection-techniques-every-red-teamer-should-test-b22359bfd57d">all sorts</a> of prompt injection attacks, some of them absurdly obvious. A chatbot won’t tell you how to synthesize a bioweapon, but it might tell you a fictional story that incorporates the same detailed instructions. It won’t accept nefarious text inputs, but might if the text is rendered as <a href="https://arxiv.org/abs/2402.11753">ASCII art</a> or appears in an image of a <a href="https://www.lakera.ai/blog/visual-prompt-injections">billboard</a>. Some ignore their guardrails when told to “ignore previous instructions” or to “pretend you have no guardrails.”</p><p>AI vendors can block specific prompt injection techniques once they are discovered, but general safeguards are <a href="https://llm-attacks.org/">impossible</a> with today’s LLMs. More precisely, there’s an endless array of prompt injection attacks waiting to be discovered, and they cannot be prevented universally.</p><p>If we want LLMs that resist these attacks, we need new approaches. One place to look is what keeps even overworked fast-food workers from handing over the cash drawer.</p><h3>Human Judgment Depends on Context</h3><p>Our basic human defenses come in at least three types: general instincts, social learning, and situation-specific training. These work together in a layered defense.</p><p>As a social species, we have developed numerous instinctive and cultural habits that help us judge tone, motive, and risk from extremely limited information. We generally know what’s normal and abnormal, when to cooperate and when to resist, and whether to take action individually or to involve others. These instincts give us an intuitive sense of risk and make us <a href="https://www.nature.com/articles/srep08242">especially careful</a> about things that have a large downside or are impossible to reverse.</p><p>The second layer of defense consists of the norms and trust signals that evolve in any group. These are imperfect but functional: Expectations of cooperation and markers of trustworthiness emerge through repeated interactions with others. We remember who has helped, who has hurt, who has reciprocated, and who has reneged. And emotions like sympathy, anger, guilt, and gratitude motivate each of us to <a href="https://ncase.me/trust/">reward cooperation with cooperation</a> and punish defection with defection.</p><p>A third layer is institutional mechanisms that enable us to interact with multiple strangers every day. Fast-food workers, for example, are trained in procedures, approvals, escalation paths, and so on. Taken together, these defenses give humans a strong sense of context. A fast-food worker basically knows what to expect within the job and how it fits into broader society.</p><p>We reason by assessing multiple layers of context: perceptual (what we see and hear), relational (who’s making the request), and normative (what’s appropriate within a given role or situation). We constantly navigate these layers, weighing them against each other. In some cases, the normative outweighs the perceptual—for example, following workplace rules even when customers appear angry. Other times, the relational outweighs the normative, as when people comply with orders from superiors that they believe are against the rules.</p><p>Crucially, we also have an interruption reflex. If something feels “off,” we naturally pause the <a href="https://spectrum.ieee.org/tag/automation">automation</a> and reevaluate. Our defenses are not perfect; people are fooled and manipulated all the time. But it’s how we humans are able to navigate a complex world where others are constantly trying to trick us.</p><p>So let’s return to the drive-through window. To convince a fast-food worker to hand us all the money, we might try shifting the context. Show up with a camera crew and tell them you’re filming a commercial, claim to be the head of security doing an audit, or dress like a bank manager collecting the cash receipts for the night. But even these have only a slim chance of success. Most of us, most of the time, can smell a scam.</p><p>Con artists are astute observers of human defenses. Successful <a href="https://spectrum.ieee.org/tag/scams">scams</a> are often slow, undermining a mark’s situational assessment, allowing the scammer to manipulate the context. This is an old story, spanning traditional confidence games such as the Depression-era “big store” cons, in which teams of scammers created entirely fake businesses to draw in victims, and modern <a href="https://dfpi.ca.gov/news/insights/pig-butchering-how-to-spot-and-report-the-scam/">“pig-butchering” frauds</a>, where online scammers slowly build trust before going in for the kill. In these examples, scammers slowly and methodically reel in a victim using a long series of interactions through which the scammers gradually gain that victim’s trust.</p><p>Sometimes it even works at the drive-through. One scammer in the 1990s and 2000s <a href="https://en.wikipedia.org/wiki/Strip_search_phone_call_scam">targeted fast-food workers by phone</a>, claiming to be a police officer and, over the course of a long phone call, convinced managers to strip-search employees and perform other bizarre acts.</p><h3>Why LLMs Struggle With Context and Judgment</h3><p>LLMs behave as if they have a notion of context, but it’s different. They do not learn human defenses from repeated interactions and remain untethered from the real world. LLMs flatten multiple levels of context into text similarity. They see “tokens,” not hierarchies and intentions. LLMs don’t reason through context, they only reference it.</p><p>While LLMs often get the details right, they can easily miss the <a href="https://spectrum.ieee.org/tag/big-picture">big picture</a>. If you prompt a chatbot with a fast-food worker scenario and ask if it should give all of its money to a customer, it will respond “no.” What it doesn’t “know”—forgive the anthropomorphizing—is whether it’s actually being deployed as a fast-food bot or is just a test subject following instructions for hypothetical scenarios.</p><p>This limitation is why LLMs misfire when context is sparse but also when context is overwhelming and complex; when an LLM becomes unmoored from context, it’s hard to get it back. AI expert Simon Willison <a href="https://simonwillison.net/2025/Sep/12/claude-memory/">wipes context clean</a> if an LLM is on the wrong track rather than continuing the conversation and trying to correct the situation.</p><p>There’s more. LLMs are <a href="https://www.cmu.edu/dietrich/news/news-stories/2025/july/trent-cash-ai-overconfidence.html">overconfident</a> because they’ve been designed to give an answer rather than express ignorance. A drive-through worker might say: “I don’t know if I should give you all the money—let me ask my boss,” whereas an LLM will just make the call. And since LLMs are designed to be <a href="https://hai.stanford.edu/news/large-language-models-just-want-to-be-liked">pleasing</a>, they’re more likely to satisfy a user’s request. Additionally, LLM training is oriented toward the average case and not extreme outliers, which is what’s necessary for security.</p><p>The result is that the current generation of LLMs is far more gullible than people. They’re naive and regularly fall for manipulative <a href="https://arstechnica.com/science/2025/09/these-psychological-tricks-can-get-llms-to-respond-to-forbidden-prompts/">cognitive tricks</a> that wouldn’t fool a third-grader, such as flattery, appeals to groupthink, and a false sense of urgency. There’s a <a href="https://www.bbc.com/news/articles/ckgyk2p55g8o">story</a> about a Taco Bell AI system that crashed when a customer ordered 18,000 cups of water. A human fast-food worker would just laugh at the customer.</p><h3>The Limits of <a href="https://spectrum.ieee.org/tag/agentic-ai">AI Agents</a></h3><p>Prompt injection is an unsolvable problem that <a href="https://www.computer.org/csdl/magazine/sp/5555/01/11194053/2aB2Rf5nZ0k">gets worse</a> when we give AIs tools and tell them to act independently. This is the promise of <a href="https://spectrum.ieee.org/tag/agentic-ai">AI agents</a>: LLMs that can use tools to perform multistep tasks after being given general instructions. Their flattening of context and identity, along with their baked-in independence and overconfidence, mean that they will repeatedly and unpredictably take actions—and sometimes they will take the <a href="https://www.theregister.com/2025/10/28/ai_browsers_prompt_injection/"> wrong ones</a>.</p><p>Science doesn’t know how much of the problem is inherent to the way LLMs work and how much is a result of deficiencies in the way we train them. The overconfidence and obsequiousness of LLMs are training choices. The lack of an interruption reflex is a deficiency in engineering. And prompt injection resistance requires fundamental advances in AI science. We honestly don’t know if it’s possible to build an LLM, where trusted commands and untrusted inputs are processed through the <a href="https://cacm.acm.org/opinion/llms-data-control-path-insecurity/">same channel</a>, which is immune to prompt injection attacks.</p><p>We humans get our model of the world—and our facility with overlapping contexts—from the way our brains work, years of training, an enormous amount of perceptual input, and millions of years of evolution. Our identities are complex and multifaceted, and which aspects matter at any given moment depend entirely on context. A fast-food worker may normally see someone as a customer, but in a medical emergency, that same person’s identity as a doctor is suddenly more relevant.</p><p>We don’t know if LLMs will gain a better ability to move between different contexts as the models get more sophisticated. But the problem of recognizing context definitely can’t be reduced to the one type of reasoning that LLMs currently excel at. Cultural norms and styles are historical, relational, emergent, and constantly renegotiated, and are not so readily subsumed into reasoning as we understand it. Knowledge itself can be both logical and discursive.</p><p>The AI researcher Yann LeCunn believes that improvements will come from embedding AIs in a physical presence and giving them “<a href="https://medium.com/@AnthonyLaneau/beyond-llms-charting-the-next-frontiers-of-ai-with-yann-lecun-09e84f1978f9">world models</a>.” Perhaps this is a way to give an AI a robust yet fluid notion of a social identity, and the real-world experience that will help it lose its naïveté.</p><p>Ultimately we are probably faced with a <a href="https://www.computer.org/csdl/magazine/sp/5555/01/11194053/2aB2Rf5nZ0k">security trilemma</a> when it comes to AI agents: fast, smart, and secure are the desired attributes, but you can only get two. At the drive-through, you want to prioritize fast and secure. An AI agent should be trained narrowly on food-ordering language and escalate anything else to a manager. Otherwise, every action becomes a coin flip. Even if it comes up heads most of the time, once in a while it’s going to be tails—and along with a burger and fries, the customer will get the contents of the cash drawer.</p><p><em>This essay was written with Barath Raghavan, and originally appeared in <a href="https://spectrum.ieee.org/prompt-injection-attack">IEEE Spectrum</a>.</em></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/why-ai-keeps-falling-for-prompt-injection-attacks/" data-a2a-title="Why AI Keeps Falling for Prompt Injection Attacks"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhy-ai-keeps-falling-for-prompt-injection-attacks%2F&amp;linkname=Why%20AI%20Keeps%20Falling%20for%20Prompt%20Injection%20Attacks" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhy-ai-keeps-falling-for-prompt-injection-attacks%2F&amp;linkname=Why%20AI%20Keeps%20Falling%20for%20Prompt%20Injection%20Attacks" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhy-ai-keeps-falling-for-prompt-injection-attacks%2F&amp;linkname=Why%20AI%20Keeps%20Falling%20for%20Prompt%20Injection%20Attacks" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhy-ai-keeps-falling-for-prompt-injection-attacks%2F&amp;linkname=Why%20AI%20Keeps%20Falling%20for%20Prompt%20Injection%20Attacks" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhy-ai-keeps-falling-for-prompt-injection-attacks%2F&amp;linkname=Why%20AI%20Keeps%20Falling%20for%20Prompt%20Injection%20Attacks" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.schneier.com/">Schneier on Security</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Bruce Schneier">Bruce Schneier</a>. Read the original post at: <a href="https://www.schneier.com/blog/archives/2026/01/why-ai-keeps-falling-for-prompt-injection-attacks.html">https://www.schneier.com/blog/archives/2026/01/why-ai-keeps-falling-for-prompt-injection-attacks.html</a> </p>

<p>ZEST Security today added a set of artificial intelligence (AI) agents that identify whether a vulnerability represents an actual threat to an application environment.</p><p>Company CEO Snir Ben Shimol said <a href="https://www.zestsecurity.io/resources/content/zest-releases-ai-sweeper-agents" target="_blank" rel="noopener">AI Sweeper Agents</a> make it possible to reduce the number of patches that need to be created by eliminating any request to fix a vulnerability that can’t actually be exploited.</p><p>As the amount of code being created using AI coding tools continues to exponentially increase, so too does the number of vulnerabilities being discovered. The AI Sweeper Agents developed by ZEST Security make it easier to prioritize the most pressing issue based on actual risk versus relying on a generic severity score that has been assigned by whoever initially discovered a vulnerability, said Ben Shimol.</p><p>The goal is achieved first by using an AI agent to analyze each vulnerability to extract its exploitation requirements using data found in vulnerability research publications, exploit documentation, and technical disclosures.</p><p>A second agent evaluates the IT environment to compare it to the exploitation requirements to determine what conditions must be present for exploitation to be possible. Once a determination is made, a third agent validates the conclusion and produces clear reasoning and evidence that can be used to generate a report for a potential audit request</p><p>Armed with that level of insight, it then becomes possible to significantly reduce the overall size of the backlog of requests for patches to vulnerabilities that can easily number in the thousands in a large enterprise, he added. According to ZEST Security research, more than 90% of high and critical vulnerabilities found in those backlogs are not actually exploitable in the specific IT environment that cybersecurity teams are trying to protect.</p><p>In total, ZEST Security claims cybersecurity teams that have had early access to AI Sweeper Agents have, in the past six months, already been able to dismiss 11 million vulnerabilities.</p><p><a href="https://securityboulevard.com/wp-content/uploads/2026/01/AI-Sweepers-Image.png"><img fetchpriority="high" decoding="async" class="aligncenter wp-image-2081974 size-full" src="https://securityboulevard.com/wp-content/uploads/2026/01/AI-Sweepers-Image.png" alt="" width="2048" height="1120" srcset="https://securityboulevard.com/wp-content/uploads/2026/01/AI-Sweepers-Image.png 2048w, https://securityboulevard.com/wp-content/uploads/2026/01/AI-Sweepers-Image-300x164.png 300w, https://securityboulevard.com/wp-content/uploads/2026/01/AI-Sweepers-Image-1024x560.png 1024w, https://securityboulevard.com/wp-content/uploads/2026/01/AI-Sweepers-Image-768x420.png 768w, https://securityboulevard.com/wp-content/uploads/2026/01/AI-Sweepers-Image-1536x840.png 1536w" sizes="(max-width: 2048px) 100vw, 2048px"></a></p><p>The overall goal is to provide cybersecurity teams with a set of AI agents that enable them to identify relevant vulnerabilities, rather than creating a long list of potential issues that is then shared with an application development team that is usually already far behind schedule. Instead of randomly remediating the easiest vulnerabilities to fix, the AI Sweeper Agents make it simpler for cybersecurity teams to explain why a specific vulnerability should be remediated as soon as possible, said Snir Ben Shimol.</p><p>Ultimately, <a href="https://techstrong.tv/videos/aws-reinvent-2025/snir-ben-shimol-on-modern-vulnerability-management-and-ai-driven-security-with-zest-security-aws-reinvent-2025" target="_blank" rel="noopener">the goal is to enable auto-remediation</a> by enabling AI agents to invoke DevOps platforms and automation frameworks to create and apply a patch, he added. The patch itself can be created and validated by AI agents and then applied using the guardrails and context provided by the same DevOps platform and automation framework that human application developers are using to build and deploy code, noted Snir Ben Shimol.</p><p>Each organization will need to determine for itself what level of comfort it will have with autoremediation of vulnerabilities, but in the meantime, there is a clear opportunity to at the very least reduce much of the toil that today conspires to make securing application environments more tedious than anyone involved especially enjoys.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/zest-security-adds-ai-agents-to-identify-vulnerabilities-that-pose-no-actual-risk/" data-a2a-title="ZEST Security Adds AI Agents to Identify Vulnerabilities That Pose No Actual Risk"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fzest-security-adds-ai-agents-to-identify-vulnerabilities-that-pose-no-actual-risk%2F&amp;linkname=ZEST%20Security%20Adds%20AI%20Agents%20to%20Identify%20Vulnerabilities%20That%20Pose%20No%20Actual%20Risk" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fzest-security-adds-ai-agents-to-identify-vulnerabilities-that-pose-no-actual-risk%2F&amp;linkname=ZEST%20Security%20Adds%20AI%20Agents%20to%20Identify%20Vulnerabilities%20That%20Pose%20No%20Actual%20Risk" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fzest-security-adds-ai-agents-to-identify-vulnerabilities-that-pose-no-actual-risk%2F&amp;linkname=ZEST%20Security%20Adds%20AI%20Agents%20to%20Identify%20Vulnerabilities%20That%20Pose%20No%20Actual%20Risk" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fzest-security-adds-ai-agents-to-identify-vulnerabilities-that-pose-no-actual-risk%2F&amp;linkname=ZEST%20Security%20Adds%20AI%20Agents%20to%20Identify%20Vulnerabilities%20That%20Pose%20No%20Actual%20Risk" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fzest-security-adds-ai-agents-to-identify-vulnerabilities-that-pose-no-actual-risk%2F&amp;linkname=ZEST%20Security%20Adds%20AI%20Agents%20to%20Identify%20Vulnerabilities%20That%20Pose%20No%20Actual%20Risk" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/owasp-top-10-application-security-meets-ai-risk" title="" class="hs-featured-image-link"> <img decoding="async" src="https://www.sonatype.com/hubfs/blog_owasp_top_10.png" alt="Image of a digital lock representing application security" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div><p>The OWASP Top 10 has long served as a reality check for development teams: a concise, community-driven snapshot of the most critical web application security risks organizations face today.</p><p><img decoding="async" src="https://track.hubspot.com/__ptq.gif?a=1958393&amp;k=14&amp;r=https%3A%2F%2Fwww.sonatype.com%2Fblog%2Fowasp-top-10-application-security-meets-ai-risk&amp;bu=https%253A%252F%252Fwww.sonatype.com%252Fblog&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/owasp-top-10-application-security-meets-ai-risk/" data-a2a-title="OWASP Top 10: Application Security Meets AI Risk"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fowasp-top-10-application-security-meets-ai-risk%2F&amp;linkname=OWASP%20Top%2010%3A%20Application%20Security%20Meets%20AI%20Risk" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fowasp-top-10-application-security-meets-ai-risk%2F&amp;linkname=OWASP%20Top%2010%3A%20Application%20Security%20Meets%20AI%20Risk" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fowasp-top-10-application-security-meets-ai-risk%2F&amp;linkname=OWASP%20Top%2010%3A%20Application%20Security%20Meets%20AI%20Risk" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fowasp-top-10-application-security-meets-ai-risk%2F&amp;linkname=OWASP%20Top%2010%3A%20Application%20Security%20Meets%20AI%20Risk" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fowasp-top-10-application-security-meets-ai-risk%2F&amp;linkname=OWASP%20Top%2010%3A%20Application%20Security%20Meets%20AI%20Risk" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.sonatype.com/blog">2024 Sonatype Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Aaron Linskens">Aaron Linskens</a>. Read the original post at: <a href="https://www.sonatype.com/blog/owasp-top-10-application-security-meets-ai-risk">https://www.sonatype.com/blog/owasp-top-10-application-security-meets-ai-risk</a> </p>

<h2>Is Your Organization Ready to Scale NHIs Safely and Efficiently?</h2><p>Scaling Non-Human Identities (NHIs) is a complex endeavor, particularly in dynamic industries such as financial services, healthcare, and technology-driven sectors that rely heavily on cloud computing. Where NHIs serve as the backbone for automation, the question becomes: how can organizations use NHI management to achieve efficient scaling while ensuring robust security measures?</p><h3>Understanding the Core of NHIs</h3><p>Non-Human Identities represent machine identities within cybersecurity frameworks, crucial for maintaining seamless operations in cloud environments. These identities are formed when a “Secret” — an encrypted identifier such as a password, token, or key — pairs with the permissions granted by a destination server. The analogy is like a traveler (NHI) holding a passport (Secret) and obtaining a visa (permissions) to explore a new country (system).</p><p>The secure management of these machine identities extends beyond assigning credentials; it demands ongoing oversight to monitor behaviors, manage access, and detect threats throughout the lifecycle of the Secret. This intricate process requires a comprehensive strategy, ensuring that both the identities and their corresponding secrets are safe from unauthorized access.</p><h3>Why Efficient Scaling of NHIs Matters</h3><p>For organizations operating in the cloud, the efficient scaling of NHIs offers several advantages:</p><ul> <li><strong>Reduced Risk:</strong> With proactive identification and mitigation of security risks, efficient NHI management significantly lessens the threat of breaches and data leaks.</li> <li><strong>Improved Compliance:</strong> Meeting stringent regulatory requirements is essential. By enforcing security policies and maintaining audit trails, effective NHI management aids in compliance.</li> <li><strong>Increased Efficiency:</strong> Automating the management of NHIs and secrets allows security teams to redirect their focus toward strategic initiatives and innovation.</li> <li><strong>Enhanced Visibility and Control:</strong> A centralized view of access management streamlines governance processes, offering better oversight and security.</li> <li><strong>Cost Savings:</strong> Organizations can reduce operational expenses by automating secrets rotation and the decommissioning of NHIs.</li> </ul><h3>Addressing the Disconnect Between Security and R&amp;D Teams</h3><p>A major challenge for many enterprises is the disconnect between security and R&amp;D teams, which often leads to security gaps that compromise NHI management. Bridging this gap requires a strategic approach where the focus is on creating a secure and collaborative cloud environment. Now the question arises: what methodologies can promote such collaboration?</p><p>One effective solution is developing integrated platforms that provide insights into ownership, permissions, usage patterns, and potential vulnerabilities. This context-aware security methodology allows for comprehensive oversight and reduces the chances of fragmented security measures. Read more about <a href="https://entro.security/blog/cybersecurity-predictions-2025/">cybersecurity predictions for 2025</a> to understand future trends that might impact these strategies.</p><h3>The Strategic Importance of Context-Aware Platforms</h3><p>Unlike point solutions like secret scanners that offer limited protection, platforms dedicated to NHI management focus on lifecycle management, addressing discovery, classification, threat detection, and remediation. They provide a strategic advantage by ensuring that every stage of the NHI lifecycle is secure and compliant with industry standards.</p><p>Understanding the strategic importance of these context-aware platforms can significantly impact industries such as DevOps and SOC teams, enhancing operational resilience and security posture.</p><h3>Real-World Insights: Data-Driven Approaches</h3><p>Market trends suggest that organizations utilizing comprehensive NHI management strategies see marked improvements in security outcomes. By leveraging data-driven insights, businesses can optimize NHI management, resulting in superior performance and security enhancements.</p><p>Incorporating machine learning and artificial intelligence in NHI management can further enhance security measures, offering predictive insights that preempt potential threats. Organizations can harness AI to improve incident management and response times, as discussed in the article on <a href="https://entro.security/blog/harnessing-ai-in-ima-and-am/">harnessing AI in incident management</a>.</p><h3>A Timely Shift Toward Automated Solutions</h3><p>The shift toward automation in managing NHIs and secrets is not merely a trend but a necessity for scaling securely. Automation simplifies processes, reduces human error, and can dynamically adjust to changing security. Where businesses focus on digital transformation, deploying automated solutions becomes crucial for maintaining a competitive edge.</p><p>External links such as industry newsletters offer additional insights into how automation is reshaping cybersecurity frameworks across various sectors, highlighting the evolving nature of cyber threats and defense mechanisms.</p><p>Automation should align with the organization’s objectives, ensuring that security measures do not become bottlenecks but facilitators of growth and innovation. By choosing strategic partnerships and investing in technologies, companies can ensure scalable and secure management of NHIs and secrets, safeguarding their digital assets efficiently.</p><h3>Emerging Challenges in NHI Management</h3><p>With cloud computing becomes ubiquitous, organizations face an escalating number of challenges in managing NHIs effectively. But how do these challenges manifest, and what strategies are vital for overcoming them? A significant hurdle is the sheer volume of machine identities proliferating in complex environments. The dynamic nature of cloud environments necessitates constant adaptation, with NHIs frequently being created and retired. This cycle can lead to discrepancies in security policies and the eventual erosion of a unified security posture.</p><p>Organizations often struggle with the challenge of visibility across a hybrid infrastructure, especially when machine identities span on-premises and multiple cloud environments. Ensuring a cohesive security strategy in such a fragmented requires organizations to assess and adapt continuously. The integration of centralized monitoring tools that provide real-time insights into NHI behavior and anomalies is becoming increasingly crucial.</p><h3>Integrating NHI Management with Existing Frameworks</h3><p>To maximize the efficacy of NHI management, organizations must integrate these processes with existing Identity Access Management (IAM) frameworks. This seamless integration can avoid redundancies and ensure that machine identities are managed with the same rigor as human identities. By doing so, organizations can establish a more holistic security strategy that encompasses all operational facets.</p><p>Exploring how integration plays a role in organizational security frameworks, one can refer to resources on <a href="https://entro.security/blog/iam-and-ilm-lifecycle-stages/">IAM and ILM lifecycle stages</a>, which detail the inclusion of machine identities into broader security narratives. Such approaches can help avoid common pitfalls associated with isolated security measures and foster a comprehensive approach to access management.</p><h3>Strategizing for NHI Lifecycle Management</h3><p>An essential component of effective NHI management is robust lifecycle management. How can organizations formulate a comprehensive strategy that accounts for every phase of the NHI lifecycle, from creation to decommissioning? The answer lies in defining clear processes that include discovery and onboarding, consistent monitoring, timely rotation of secrets, and secure retirement protocols. These processes ensure that NHIs are not only created with security in mind but are also continuously managed throughout their operational existence.</p><p>Organizations can benefit from implementing advanced analytics tools that offer foresight into potential vulnerabilities. Regularly updating threat intelligence and incorporating it into secrets management platforms can further enhance the security posture.</p><p>Incorporating data-driven insights into the lifecycle strategy, teams can employ predictive analytics to anticipate and mitigate security threats before they materialize. This proactive approach, supported by continuous learning mechanisms, enhances the overall robustness of NHI management frameworks.</p><h3>Role of Regulatory Compliance in NHI Management</h3><p>Is regulatory compliance merely an obligation, or can it be leveraged when a strategic advantage in NHI management? Ensuring compliance with industry standards not only guards against legal repercussions but also positions organizations when trustworthy custodians of data. Compliance frameworks like SOC 2 and others provide guidelines that, when adhered to, significantly bolster the organization’s credibility and security interests.</p><p>In-depth explorations on maintaining compliance can be further scrutinized in discussions on secrets security and <a href="https://entro.security/blog/secrets-security-and-soc2-compliance/">SOC 2 compliance</a>, highlighting the seamless integration of these practices into NHI strategies. The frameworks provide a checklist that includes regular audits, policy updates, and real-time compliance monitoring, ensuring that NHI management evolves in tandem with regulatory changes.</p><h3>How NHI Management Facilitates Business Resilience</h3><p>In what ways does efficient NHI management contribute to overarching business resilience? By protecting essential machine identities and secrets, organizations can fortify their defenses against cyber threats that aim to disrupt business operations. A well-structured NHI management strategy ensures that business processes remain uninterrupted, fostering a resilient economic environment.</p><p>Moreover, organizations with sophisticated NHI strategies can swiftly adapt to disruptions, using automated solutions to reconfigure security measures in response to emerging threats. The agility afforded by advanced NHI management tools not only prevents potential disruptions but also enhances operational efficiency.</p><p>The link between NHI management and business resilience is evident through improved incident response capabilities and decreased downtime, critical factors in maintaining competitive advantages. Where businesses navigate the intricacies of digital transformation, strategic investments in NHI and secrets management are instrumental in sustaining resilience and driving innovation.</p><h3>Predictions for the Future</h3><p>What lies ahead for organizations while they refine their NHI management practices? The evolution of NHI is inexorably tied to advancements in artificial intelligence and machine learning, promising increased autonomy and predictive precision in threat detection. Organizations that harness this potential will lead the charge in developing more secure, efficient cloud environments.</p><p>Additionally, with more organizations shift toward hybrid and multi-cloud strategies, the demand for more sophisticated NHI management solutions will intensify. According to industry experts, these shifts will necessitate a reevaluation of existing security models, prompting businesses to invest in adaptive and scalable solutions capable of safeguarding NHIs.</p><p>By staying ahead of these trends, organizations will not only protect their digital assets but also unlock innovative opportunities that lie at the intersection of security and technology. When they continue to develop robust security frameworks, they will be better positioned to capitalize on the full potential of their technological investments, paving the way for a future defined by resilience and security.</p><p>The post <a href="https://entro.security/how-to-scale-nhis-safely-and-efficiently/">How to scale NHIs safely and efficiently?</a> appeared first on <a href="https://entro.security/">Entro</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/how-to-scale-nhis-safely-and-efficiently/" data-a2a-title="How to scale NHIs safely and efficiently?"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fhow-to-scale-nhis-safely-and-efficiently%2F&amp;linkname=How%20to%20scale%20NHIs%20safely%20and%20efficiently%3F" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fhow-to-scale-nhis-safely-and-efficiently%2F&amp;linkname=How%20to%20scale%20NHIs%20safely%20and%20efficiently%3F" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fhow-to-scale-nhis-safely-and-efficiently%2F&amp;linkname=How%20to%20scale%20NHIs%20safely%20and%20efficiently%3F" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fhow-to-scale-nhis-safely-and-efficiently%2F&amp;linkname=How%20to%20scale%20NHIs%20safely%20and%20efficiently%3F" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fhow-to-scale-nhis-safely-and-efficiently%2F&amp;linkname=How%20to%20scale%20NHIs%20safely%20and%20efficiently%3F" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://entro.security/">Entro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alison Mack">Alison Mack</a>. Read the original post at: <a href="https://entro.security/how-to-scale-nhis-safely-and-efficiently/">https://entro.security/how-to-scale-nhis-safely-and-efficiently/</a> </p>

<div is="fusion-wysiwyg" class=" normal__dots "> <div class="component"> <div class="content"> <p><span style="font-weight: 400;">DataDome Bot Protect now supports Web Bot Auth, an emerging IETF authentication standard that enables AI agents to prove their identity with cryptographic verification. This advancement allows DataDome customers to authenticate legitimate AI agents with unforgeable signatures while maintaining robust protection against impersonation and fraud—eliminating the lose-lose choice between blocking potential business or accepting fraud risk.</span></p> <h2><b>What is Web Bot Auth &amp; why is it important?</b></h2> <p><span style="font-weight: 400;">Consumer adoption of AI agents for e-commerce is still relatively small today, but it is growing rapidly. Security teams currently face a tough choice in how to respond to this new traffic type: block suspicious or unknown AI agents and risk losing legitimate business, or trust existing identifiers in user agent</span> <span style="font-weight: 400;">strings that fraudsters can easily forge and risk higher fraud costs. This lose-lose proposition exists because the identity of an AI agent is uncertain and imprecise.</span><span style="font-weight: 400;"><br> </span><span style="font-weight: 400;"><br> </span><span style="font-weight: 400;">For example, an agent can claim “I am ChatGPT” by simply adding the following text to its User-Agent header: </span><span style="font-weight: 400;">GPTBot/1.3; +https://openai.com/gptbot</span><span style="font-weight: 400;">. That’s it. No verification, no authentication: just a text string.</span></p> <p><span style="font-weight: 400;">Attackers know this. They </span><a href="https://datadome.co/threat-research/ai-agent-spoofing/"><span style="font-weight: 400;">impersonate search engines</span></a><span style="font-weight: 400;"> to scrape pricing data, pretend to be monitoring tools while probing for vulnerabilities, and masquerade as legitimate AI agents to bypass defenses. </span></p> <p>An emerging <a href="https://datatracker.ietf.org/doc/bofreq-nottingham-web-bot-auth/" rel="nofollow noopener">IETF standard</a>, Web Bot Auth, is a new authentication method for AI agents that addresses this problem by allowing AI agents to prove their identity with high confidence when interacting with web resources.<span style="font-weight: 400;"> </span></p> <p><span style="font-weight: 400;">Web Bot Auth uses unique cryptographic signatures, like digital passports, that can’t be forged in e-commerce interactions. </span><span style="font-weight: 400;">As a de facto solution, Web Bot Auth has already been widely adopted by p</span><span style="font-weight: 400;">ayment companies, AI platforms, and major cloud providers like</span><span style="font-weight: 400;"> Amazon Bedrock AgentCore.</span></p> <p><a href="https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-bedrock-agentcore-browser-web-bot-auth-preview/" rel="nofollow noopener"><i><span style="font-weight: 400;">Amazon Bedrock AgentCore</span></i></a><i><span style="font-weight: 400;"> now supports Web Bot Auth (in preview), providing AI agents with verifiable cryptographic identities. DataDome backs AgentCore to validate this verification process and minimize friction for verified AI agents across authorized domains. With DataDome and AgentCore, customers can establish continuous agent trust relationships for domains that require agentic AI access to meet business needs.</span></i></p> <h2><b>Unforgeable cryptographic proof</b></h2> <p><span style="font-weight: 400;">Web Bot Auth requires AI agents to attach a</span><b> cryptographic signature</b><span style="font-weight: 400;"> to every HTTP request validated by DataDome.</span></p> <p><span style="font-weight: 400;">Each signature proves two critical things: </span></p> <ul> <li style="font-weight: 400;" aria-level="1"><b>AI agent identity</b><span style="font-weight: 400;">: Identify which AI platform is making the request (e.g., OpenAI, AWS) and consequently </span><b>apply appropriate business policies</b></li> <li style="font-weight: 400;" aria-level="1"><b>Request integrity</b><span style="font-weight: 400;">: </span><span style="font-weight: 400;">Ensure requests remain unaltered, removing speculation and preventing fraudulent behavior</span></li> </ul> <div id="attachment_131318" style="width: 1034px" class="wp-caption alignnone"><img fetchpriority="high" decoding="async" aria-describedby="caption-attachment-131318" class="wp-image-131318 size-large" src="https://datadome.co/wp-content/uploads/2026/01/Web-Auth-Diagram-1024x658.png" alt="Web Bot Auth diagram" width="1024" height="658" srcset="https://datadome.co/wp-content/uploads/2026/01/Web-Auth-Diagram-1024x658.png 1024w, https://datadome.co/wp-content/uploads/2026/01/Web-Auth-Diagram-300x193.png 300w, https://datadome.co/wp-content/uploads/2026/01/Web-Auth-Diagram-768x494.png 768w, https://datadome.co/wp-content/uploads/2026/01/Web-Auth-Diagram.png 1406w" sizes="(max-width: 1024px) 100vw, 1024px" title="Web Bot Auth: Verifying User Identity &amp; Ensuring Agent Trust Through the Customer Journey"> <p id="caption-attachment-131318" class="wp-caption-text"><span style="color: rgba(16, 82, 109, 0.8); font-family: Polymath, Poppins, arial; font-size: 20px; letter-spacing: 0.28px;">Let’s deep dive into how Web Bot Auth works:</span></p> </div> <ol> <li style="font-weight: 400;" aria-level="1"><span style="font-size: 20px;"><span style="font-weight: 400;">The AI agent includes its signed data, as well as some metadata (validity, key ID, tag, etc.) inside the </span><b>Signature and Signature-input </b><span style="font-weight: 400;">request headers.</span></span></li> <li style="font-weight: 400;" aria-level="1"><span style="font-size: 20px;"><span style="font-weight: 400;">DataDome analyzes 100% of the requests by the AI agent and verifies the signature using the public key from the provider platform, which is available</span><span style="font-weight: 400;"> at a well-known location,</span><span style="font-weight: 400;"> continuously.</span></span></li> <li style="font-weight: 400;" aria-level="1"><span style="font-size: 20px;"><span style="font-weight: 400;">With </span><b>agent authentication established,</b> <span style="font-weight: 400;">guesswork and impersonation are eliminated. In DataDome’s dashboard, </span><span style="font-weight: 400;">customers can then enforce granular traffic policies tailored to specific endpoints. For example, they can allow access to product pages while rate limiting login attempts for a particular agent.</span></span></li> </ol> <p><span style="font-weight: 400;">Example using Amazon Bedrock AgentCore:</span></p> <pre class="EnlighterJSRAW" data-enlighter-language="generic"><span style="font-size: 20px;">GET /products/xba456 HTTP/1.1 Host: yourdomain.com User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Amazon-Bedrock-AgentCore-Browser/1.0 (Chromium; +https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/browser-tool.html) Signature-Agent:"https://zxy...5abc.keydirectory.signer.us-east-1.on.aws" Signature-Input: sig1=("@authority" "signature-agent");created=176762217;alg="ed25519";keyid="WNTmN5bl8...PcD476nwN";tag="web-bot-auth";expires=1767625817;nonce="YkfwQ...X_DvyHAbIRmsdnyjI" Signature:sig1=:K+XW0IAT2yCK...aFCG7kZSEER8tgAQ==: Accept: application/json</span></pre> <p> </p> <p><span style="font-weight: 400;">Web Bot Auth is a key enabler of </span><span style="font-weight: 400;">DataDome’s Bot Protect with </span><a href="https://datadome.co/products/agent-trust-management/"><span style="font-weight: 400;">Agent Trust</span></a><span style="font-weight: 400;">. It works by authenticating every digital interaction from an AI agent that follows this protocol, constantly verifying its identity. </span><span style="font-weight: 400;">These verified identities enable organizations to set granular access policies per AI agent. Decide which parts of your site they can access: welcome them on product pages and public content, while protecting login flows, checkout processes, or sensitive customer data. </span></p> <p><span style="font-weight: 400;">Instead of blocking AI agents entirely or leaving your site exposed, you set guardrails that align with your business strategy to ensure controlled growth.</span></p> <h2><b>What Web Bot Auth means for your security posture</b></h2> <ul> <li style="font-weight: 400;" aria-level="1"><b>Eliminate false identity risks and manual allow-list overhead with cryptographically verified agentic authentication</b><span style="font-weight: 400;">. Distinguish legitimate search crawlers, partner APIs, and AI agents from sophisticated impersonators. Your security team stops managing allow lists manually, reducing operational burden while closing impersonation attack vectors.</span></li> <li style="font-weight: 400;" aria-level="1"><b>Guarantee business continuity for critical automated traffic. </b><span style="font-weight: 400;">Authenticated bots and AI agents pass through instantly with cryptographic verification. No manual security reviews delaying partner integrations. No false positives damaging SEO rankings or blocking essential services. Protection with zero friction.</span></li> <li style="font-weight: 400;" aria-level="1"><b>Reduced operational overhead. </b><span style="font-weight: 400;">Stop investigating “is this really ChatGPT?” tickets. Stop maintaining brittle IP allowlists that break when services change infrastructure.</span></li> <li style="font-weight: 400;" aria-level="1"><b>Zero setup</b><span style="font-weight: 400;"> for existing customers and fast onboarding for new customers.</span><span style="font-weight: 400;"><br> </span><span style="font-weight: 400;">DataDome manages public keys, validates signatures, handles caching, and</span><span style="font-weight: 400;"> protects the verification pipeline. </span><span style="font-weight: 400;">Your team deploys nothing.</span></li> </ul> <h2><b>The agentic AI era needs Agent Trust</b></h2> <p><span style="font-weight: 400;">AI agents are multiplying fast. Some play by the rules and </span><a href="https://datadome.co/agent-trust-management/ai-agent-spoofing/"><span style="font-weight: 400;">identify themselves properly</span></a><span style="font-weight: 400;">. Many don’t. As agentic traffic grows in the following months, cryptographic authentication will become the baseline expectation, not a nice-to-have capability.</span></p> <p><span style="font-weight: 400;">But Web Bot Auth only solves half the problem. It tells you </span><i><span style="font-weight: 400;">which</span></i><span style="font-weight: 400;"> agentic platform the request is coming from, but doesn’t tell you </span><i><span style="font-weight: 400;">what the AI agents are trying to do</span></i><span style="font-weight: 400;">.</span></p> <p><span style="font-weight: 400;">That’s where </span><a href="https://datadome.co/bot-management-protection/why-intent-based-detection-matters-in-the-age-of-ai-agents/"><span style="font-weight: 400;">intent-based detection</span></a> <span style="font-weight: 400;">matters. DataDome validates legitimate users and AI agents with continuous identity verification and intent-based detection. Our Cyberfraud Protection Platform analyzes behavior in real-time by examining every click, request pattern, and interaction throughout the customer journey to determine whether an agent’s actions align with legitimate use. </span><span style="font-weight: 400;"><br> </span></p> <p><span style="font-weight: 400;">For example, a verified agent could technically follow the Web Bot Auth protocol while hoarding inventory to block human customers, proving that cryptographic identity alone is insufficient. A cryptographically verified—authenticated and known—agent can still abuse the service without pre-established and enforceable guardrails.</span></p> <p><span style="font-weight: 400;">This abuse is significant, including inventory hoarding in e-commerce, which prevents legitimate purchases, degrades user experience, and bypasses traditional detection. Authenticated AI agents and bots can also be used for data scraping, credential stuffing, or DDoS attacks, exploiting verified trust to mask malicious intent.</span></p> <p><span style="font-weight: 400;">DataDome implements Agent Trust as a crucial defense layer that moves beyond “who are you?” to intensely focus on “what is your intent and behavior?” Every digital interaction with an AI agent is authenticated, accountable, and aligned with legitimate business value and terms of service.</span></p> <p><a href="https://datadome.co/products/agent-trust-management/"><span style="font-weight: 400;">Agent Trust</span></a><span style="font-weight: 400;"> continuously assesses </span><i><span style="font-weight: 400;">what</span></i><span style="font-weight: 400;"> the AI agent is doing, </span><i><span style="font-weight: 400;">why</span></i><span style="font-weight: 400;"> it’s doing it, and </span><i><span style="font-weight: 400;">whether</span></i><span style="font-weight: 400;"> it continues to deserve trust as it acts. This enables frictionless interactions for verified and trusted AI agents within defined guardrails, while automatically blocking malicious AI and limiting untrusted agents before they can cause damage.</span></p> <p><b>Web Bot Auth signature verification is live now for all DataDome customers.</b><span style="font-weight: 400;"> No setup required.</span></p> <p><span style="font-weight: 400;">Need verification for your AI agent? <a href="https://datadome.co/resources/ai-agent-verification/#submitnow">Pre-verify your AI agent with DataDome</a> to guarantee uninterrupted access across your protected sites while ensuring legitimate automation operates without friction and automated threats are blocked. </span></p> </div> </div> </div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/web-bot-auth-verifying-user-identity-ensuring-agent-trust-through-the-customer-journey/" data-a2a-title="Web Bot Auth: Verifying User Identity &amp; Ensuring Agent Trust Through the Customer Journey"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fweb-bot-auth-verifying-user-identity-ensuring-agent-trust-through-the-customer-journey%2F&amp;linkname=Web%20Bot%20Auth%3A%20Verifying%20User%20Identity%20%26%20Ensuring%20Agent%20Trust%20Through%20the%20Customer%20Journey" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fweb-bot-auth-verifying-user-identity-ensuring-agent-trust-through-the-customer-journey%2F&amp;linkname=Web%20Bot%20Auth%3A%20Verifying%20User%20Identity%20%26%20Ensuring%20Agent%20Trust%20Through%20the%20Customer%20Journey" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fweb-bot-auth-verifying-user-identity-ensuring-agent-trust-through-the-customer-journey%2F&amp;linkname=Web%20Bot%20Auth%3A%20Verifying%20User%20Identity%20%26%20Ensuring%20Agent%20Trust%20Through%20the%20Customer%20Journey" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fweb-bot-auth-verifying-user-identity-ensuring-agent-trust-through-the-customer-journey%2F&amp;linkname=Web%20Bot%20Auth%3A%20Verifying%20User%20Identity%20%26%20Ensuring%20Agent%20Trust%20Through%20the%20Customer%20Journey" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fweb-bot-auth-verifying-user-identity-ensuring-agent-trust-through-the-customer-journey%2F&amp;linkname=Web%20Bot%20Auth%3A%20Verifying%20User%20Identity%20%26%20Ensuring%20Agent%20Trust%20Through%20the%20Customer%20Journey" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://datadome.co">DataDome</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Andrew Hendry">Andrew Hendry</a>. Read the original post at: <a href="https://datadome.co/changelog/web-bot-auth-verifying-user-identity-ensuring-agent-trust/">https://datadome.co/changelog/web-bot-auth-verifying-user-identity-ensuring-agent-trust/</a> </p>

<p><img decoding="async" src="https://blog.gitguardian.com/content/images/2026/01/Boards-NHI-Governance.png" alt="Boards Focus On Risk, Resilience, and Operational Realities: Where NHI Governance Fits In"></p><p>Boards of Directors (BoDs) do three things exceptionally well when cyber is framed correctly. They set risk appetite, they allocate capital, and they demand evidence that the business can withstand disruption without losing momentum.</p><p>Boards do not want a deep dive on token formats, vault policies, or why one Kubernetes access pattern is better than another. They care about outcomes that map to enterprise value, including material exposure, downtime, and regulatory risk. They care about customer impact, and they are deeply concerned about whether the company can keep operating under stress.</p><p>Many cyber conversations fail at the very first step. Security leaders too often walk into the boardroom with a pile of findings and expect trust. The board hears complexity, uncertainty, and loudest of all, costs.</p><p>Most BoDs want a small, stable set of business indicators that show risk is going down and resilience is going up <strong>over time</strong>. If leaders adopt that lens, the scope naturally broadens beyond “cybersecurity.” It becomes operational resilience, and it includes efficiency.</p><h2 id="why-cyber-keeps-becoming-a-board-topic"><strong>Why Cyber Keeps Becoming A Board Topic</strong></h2><p>A board generally spends the most time addressing cyber when they have to, not by choice. If there is a material incident, cyber temporarily becomes the board’s number one issue because disclosure, customer impact, and financial exposure collapse into one event. </p><p>For example, U.S. public companies are required by the SEC’s cybersecurity disclosure rules to disclose material cybersecurity incidents under Item <a href="https://www.sec.gov/newsroom/press-releases/2023-139?ref=blog.gitguardian.com"><u>1.05 of Form 8-K, generally within four business days of determining materiality</u></a>. They must also describe governance and oversight, including the board’s role, in annual disclosures.</p><p>Oversight expectations are also rising. <a href="https://www.deloitte.com/us/en/programs/center-for-board-effectiveness/articles/audit-committee-report.html?ref=blog.gitguardian.com"><u>Deloitte’s Audit Committee Practices reporting</u></a> shows that cyber sits squarely in audit committee priorities, with 50% of respondents identifying cybersecurity as the number one area of focus for their audit committee over the next 12 months. That same report found that 62% said audit committees have primary oversight of cybersecurity risk. </p><h3 id="balancing-risk-with-keeping-up-with-tech">Balancing Risk With Keeping Up With Tech</h3><p>Boards are also pushing innovation. <a href="https://corpgov.law.harvard.edu/2025/12/28/bdos-2025-board-survey/?ref=blog.gitguardian.com"><u>BDO’s 2025 Board Survey summary</u></a> highlights that many directors see emerging technology as both an opportunity and a governance burden, with a meaningful share saying tech advancements will require significant board attention. The same report also notes that 63% of directors plan to increase strategic investment in cybersecurity in the year ahead. </p><p>Boards are balancing two pressures that often collide. They need to move faster on technology, while at the same time reducing exposure resulting from any change in technology. The only sustainable way to do that is to treat cyber as operational resilience rather than a separate technical function.</p><h2 id="operational-resilience-is-the-bridge-between-board-priorities-and-security-reality"><strong>Operational Resilience Is The Bridge Between Board Priorities And Security Reality</strong></h2><p>Operational resilience is the ability to keep delivering strategy through disruption. That includes preventing incidents, but it also includes reducing fragility, shrinking blast radius, and maintaining delivery speed when conditions are imperfect.</p><p>This framing aligns with what boards already recognize:</p><ul> <li> The organization can accept some risk, but only if you have controls, monitoring, and response capacity that keep losses within acceptable limits.</li> <li> The organization can invest in transformation, but only if transformation does not turn into operational chaos and cause spikes in costs.</li> <li> The organization can innovate, but only if the basics are disciplined enough to survive the consequences of change.</li> </ul><p>But this goal of investing wisely and safely in tech does not match the planning for many organizations. According to <a href="https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/global-digital-trust-insights.html?ref=blog.gitguardian.com"><u>PwC’s Global Digital Trust Insights</u></a>, only 24% of organizations report spending significantly more on proactive measures than reactive measures, while 67% report spending is roughly even across both categories. PwC explicitly frames proactive investment as the healthier posture, and warns that reactive costs are often underestimated because they are dispersed across the business. </p><p>Boards should understand this intuitively. They already know it is cheaper to maintain a factory than to rebuild it after a disaster. The same logic should apply to identity, access, and the infrastructure that keeps digital operations running. The disconnect is partly a result of how fast change is happening with regard to AI and non-human identity governance needs. </p><h2 id="the-identity-layer-is-now-the-operations-layer-especially-for-non-human-identities"><strong>The Identity Layer Is Now The Operations Layer, Especially For Non-Human Identities</strong></h2><p>When boards talk about identity, they often default to humans and initiatives around MFA adoption, onboarding, privileged access reviews, and insider risk. Those are important, but they are no longer the whole identity story.</p><p>Modern businesses run on systems made up of non-human identities. Service accounts, API keys, CI tokens, OAuth apps, workload identities, and agent credentials now power all the integrations, automation, cloud workloads, and data pipelines that keep our customers using our digital products. As the number of machines and workloads needing access grows, the governance surface area continually expands.</p><p><a href="https://www.cyberark.com/press/machine-identities-outnumber-humans-by-more-than-80-to-1-new-report-exposes-the-exponential-threats-of-fragmented-identity-security/?utm_source=chatgpt.com"><u>CyberArk has reported that machine identities outnumber human identities by more than 80-to-1</u></a>. Other estimates across the industry think we have crossed the 100-to-1 threshold as automation accelerates. </p><p>In most organizations, the majority of secrets exist because, traditionally, that was how legacy systems were safely connected to other systems. We needed an access mechanism for these identities, so we again reached for passwords, in the form of API keys and tokens, to get the job done. But those long-lived access keys, most of which grant more permissions than strictly necessary, have a <a href="https://www.gitguardian.com/state-of-secrets-sprawl-report-2025?ref=blog.gitguardian.com"><u>tendency to sprawl by the millions</u></a>. </p><p>In other words, "secrets sprawl," the leaking of credentials into plaintext across systems, is really a symptom of non-human identity sprawl. </p><p>The conversation needs to change from “how do we stop developers from making mistakes” to “how do we govern machine access at enterprise scale without slowing the business down.” Helping the board have this exact conversation is the difference between fighting for security budgets and finding paths forward for real organizational change. </p><h2 id="making-the-business-case-with-gitguardians-insights"><strong>Making The Business Case With Gitguardian's Insights</strong></h2><p><a href="https://blog.gitguardian.com/the-hidden-cost-of-secrets-sprawl/"><u>GitGuardian’s “Hidden Cost of Secrets Sprawl” report</u></a> is useful precisely because it quantifies what boards tend to suspect: credential chaos is a productivity tax.</p><p>This report makes it clear that manual secrets management costs organizations $172,000+ annually per 10 developers. The math is grounded in three hours per week per developer, and a fully loaded cost model that puts senior developer time at around $120 per hour.</p><figure class="kg-card kg-image-card"><a href="https://blog.gitguardian.com/the-hidden-cost-of-secrets-sprawl/"><img decoding="async" src="https://blog.gitguardian.com/content/images/2026/01/data-src-image-3eac0815-5029-40fc-89de-2a73bef67aa4.png" class="kg-image" alt="Boards Focus On Risk, Resilience, and Operational Realities: Where NHI Governance Fits In" loading="lazy" width="1960" height="1146" srcset="https://blog.gitguardian.com/content/images/size/w600/2026/01/data-src-image-3eac0815-5029-40fc-89de-2a73bef67aa4.png 600w, https://blog.gitguardian.com/content/images/size/w1000/2026/01/data-src-image-3eac0815-5029-40fc-89de-2a73bef67aa4.png 1000w, https://blog.gitguardian.com/content/images/size/w1600/2026/01/data-src-image-3eac0815-5029-40fc-89de-2a73bef67aa4.png 1600w, https://blog.gitguardian.com/content/images/2026/01/data-src-image-3eac0815-5029-40fc-89de-2a73bef67aa4.png 1960w" sizes="auto, (min-width: 720px) 720px"></a></figure><p>The more important point for a board is that the cost shows up in several predictable places across the lifecycle of delivery and response.</p><p>Costs show up in engineering throughput. When developers spend hours requesting, finding, rotating, or debugging credentials, they are not building features. GitGuardian describes how this friction compounds as organizations grow, turning a small tax into a competitive disadvantage. </p><p>Costs show up in security and operations bandwidth. Alert fatigue and manual investigation pull teams away from strategic work, and estimates show that automation can recover at least 1.2 FTE worth of capacity. </p><p>Costs show up in onboarding and time to productivity. Access and credential setup can stretch onboarding timelines, keeping new hires from becoming productive while they wait for access and learn informal processes. </p><p>Costs show up during incidents. When a key leaks, teams often lose time simply understanding what the key can touch, where it is used, and what needs to be rotated. GitGuardian includes customer examples that emphasize how long this mapping can take in real environments. </p><p>Costs show up in audit readiness. Audit prep is frequently a scavenger hunt for evidence of control and ownership, made worse when credentials and machine access are spread across teams and tools. This is an avoidable operational burden, not just a compliance annoyance. </p><p>The “hidden cost” is operational inefficiency that increases risk by consuming the exact bandwidth you need to improve resilience.</p><h2 id="the-board-question-to-anchor-the-conversation"><strong>The Board Question To Anchor The Conversation</strong></h2><p>If you want to boil it down to one board-level question that forces clarity without dragging the room into technical weeds, it is this:</p><p>How are we governing non-human identities and their access, and what is our confidence in the inventory?</p><p>That single question ties to everything boards already care about:</p><ul> <li>Risk appetite – unknown access creates unknowable exposure.</li> <li>Continuity – fragile access breaks operations during change.</li> <li>Accountability – “no owner” means “no control.”</li> <li>Cost – manual access work is a measurable operational drag.</li> <li>Crisis Response – containment speed depends on visibility and ownership.</li> </ul><p>The job of a security leader is not to get them to ask this specific question; it is to answer it proactively before they know to ask. </p><p>Framing security, DevOps, and IAM work as a unified front that can speed innovation while limiting risks sets you up for wider success than focusing on a single tool choice or team-siloed initiative ever could. </p><h2 id="the-challenge-of-up-front-investment-to-move-away-from-long-lived-secrets"><strong>The Challenge Of Up-Front Investment To Move Away From Long-Lived Secrets</strong></h2><p>Boards are often comfortable with funding end states. But engineering teams live in transitions. Bridging that gap, without bogging down in the weeds, is the real challenge. </p><p>Moving from long-lived secrets to identity-based authentication for NHIs is a real modernization effort. It can require refactoring authentication patterns, adjusting CI pipelines, replacing brittle integrations, and introducing new controls like workload identity or signed assertions. It also requires building governance muscles that many organizations never had to build when credentials were informal.</p><p>That is why so many of these types of programs stall. The product always has to ship. Reliability work competes with feature work, and security initiatives compete with operational debt.</p><p>This is where board oversight becomes valuable. The board can do what engineering teams often cannot do alone, like protecting time for foundational work, insisting on measurable progress, and preventing risk from silently compounding while the company scales.</p><h3 id="prepping-for-operational-realities">Prepping For Operational Realities</h3><p>In practical terms, the board should expect a phased approach to stabilize what exists by reducing unmanaged long-lived credentials and improving discovery, ownership, and rotation discipline.</p><p>Part of the data BoDs should demand is exactly which systems are mission-critical, meaning they would cause loss if they were affected by an incident or outage. Shifting workloads and integrations toward short-lived, identity-based access takes time, so priority should be given to "critical" infrastructure and systems first. </p><p>Boards must expect the orgs' executives and leaders to institutionalize governance across NHIs. The goal is to ensure machine access does not drift back into chaos as teams change and new systems arrive. This is a goal most organizations are just beginning to grapple with, and where partnering with the right technologies can make a significant difference. </p><p>The board does not need to choose individual protocols or tools. BoDs need to fund the journey and demand evidence that the journey is reducing both risk and operational drag.</p><h2 id="move-toward-full-nhi-governance-with-gitguardian"><strong>Move Toward Full NHI Governance With GitGuardian</strong></h2><p>GitGuardian can help you move towards true <a href="https://www.gitguardian.com/nhi-governance?ref=blog.gitguardian.com"><u>NHI Governance</u></a> because our platform starts where the pain is most visible and measurable, then expands into where the long-term control must exist.</p><p>When most people think of GitGuardian, they immediately think of the <a href="https://www.gitguardian.com/state-of-secrets-sprawl-report-2025?ref=blog.gitguardian.com"><u>State of Secrets Sprawl</u></a>, our annual report on finding millions of publicly leaked credentials. That is indeed where we started our journey as an organization, focused on secrets. Along the way, we realized that <a href="https://blog.gitguardian.com/identities-do-not-exist-in-a-vacuum/"><u>secrets don't exist in a vacuum</u></a>, and what we have really been tracking all along is access mechanisms for identities, in particular, non-human identities. This shift might seem subtle at first, but the sea change is evident in the platform's recent release notes, where we talk about <a href="https://docs.gitguardian.com/releases/saas/2025/12/12/changelog?ref=blog.gitguardian.com"><u>expanding NHI Governance with integrations that discover and enumerate NHIs tied to platforms like Airbyte, Anthropic, N8n, OpenAI, CyberArk Secrets Manager Self Hosted, and Slack</u></a>. The emphasis is on identity context, permissions, accessed resources, and an identity-first inventory view, not on new types of detectors. </p><figure class="kg-card kg-image-card"><img decoding="async" src="https://blog.gitguardian.com/content/images/2026/01/data-src-image-0ed4317c-9805-4606-b721-38827da1b342.png" class="kg-image" alt="Boards Focus On Risk, Resilience, and Operational Realities: Where NHI Governance Fits In" loading="lazy" width="1892" height="1010" srcset="https://blog.gitguardian.com/content/images/size/w600/2026/01/data-src-image-0ed4317c-9805-4606-b721-38827da1b342.png 600w, https://blog.gitguardian.com/content/images/size/w1000/2026/01/data-src-image-0ed4317c-9805-4606-b721-38827da1b342.png 1000w, https://blog.gitguardian.com/content/images/size/w1600/2026/01/data-src-image-0ed4317c-9805-4606-b721-38827da1b342.png 1600w, https://blog.gitguardian.com/content/images/2026/01/data-src-image-0ed4317c-9805-4606-b721-38827da1b342.png 1892w" sizes="auto, (min-width: 720px) 720px"></figure><p>And right before we ended 2025, <a href="https://docs.gitguardian.com/releases/saas/2025/12/31/changelog?ref=blog.gitguardian.com"><u>GitGuardian expanded NHI Governance coverage into additional critical platforms, including Datadog, Snowflake, Okta, and Auth0</u></a>. We are now helping teams close blind spots and enabling unified identity risk assessment. </p><figure class="kg-card kg-image-card kg-card-hascaption"><img decoding="async" src="https://blog.gitguardian.com/content/images/2026/01/data-src-image-906618be-fdeb-41b5-b558-9277229ccbed.png" class="kg-image" alt="Boards Focus On Risk, Resilience, and Operational Realities: Where NHI Governance Fits In" loading="lazy" width="2000" height="1119" srcset="https://blog.gitguardian.com/content/images/size/w600/2026/01/data-src-image-906618be-fdeb-41b5-b558-9277229ccbed.png 600w, https://blog.gitguardian.com/content/images/size/w1000/2026/01/data-src-image-906618be-fdeb-41b5-b558-9277229ccbed.png 1000w, https://blog.gitguardian.com/content/images/size/w1600/2026/01/data-src-image-906618be-fdeb-41b5-b558-9277229ccbed.png 1600w, https://blog.gitguardian.com/content/images/2026/01/data-src-image-906618be-fdeb-41b5-b558-9277229ccbed.png 2048w" sizes="auto, (min-width: 720px) 720px"><figcaption><span style="white-space: pre-wrap;">GitGuardian's Analytics views give you the right information in real time</span></figcaption></figure><p>This aligns well with BoDs' mindsets. It begins with exposure and operational friction that is already costing money, then builds toward a durable identity governance layer that scales with the business.</p><h2 id="what-boards-should-demand-and-what-management-should-deliver"><strong>What Boards Should Demand, And What Management Should Deliver</strong></h2><p>Boards do not need to become security architects. They need to govern the enterprise in the reality in which it operates. Today, that reality means identity is the control plane for resilience, and non-human identities are the fastest-growing part of it.</p><p>Non-human identities are now a core part of that resilience equation because they represent scaled access to systems, data, and automation. If they are unmanaged, your exposure is unknowable, and your operations are fragile. If they are well-governed, you reduce the blast radius and reclaim operational capacity at the same time. This is why GitGuardian matters when communicating risks and your strategy to your board.</p><p>Partnering with GitGuardian can help you report periodically on NHI governance with trend lines, not just point-in-time snapshots. This includes progress on your modernization path away from long-lived credentials. Our platform will help you treat incident readiness as a control, including containment speed and the ability to rotate or revoke access without downtime.</p><p><a href="https://www.gitguardian.com/book-a-demo?ref=blog.gitguardian.com"><u>We would be happy to set up a demo</u></a> and help you align your next board of directors conversations with your operational realities and needs. </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/boards-focus-on-risk-resilience-and-operational-realities-where-nhi-governance-fits-in/" data-a2a-title="Boards Focus On Risk, Resilience, and Operational Realities: Where NHI Governance Fits In"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fboards-focus-on-risk-resilience-and-operational-realities-where-nhi-governance-fits-in%2F&amp;linkname=Boards%20Focus%20On%20Risk%2C%20Resilience%2C%20and%20Operational%20Realities%3A%20Where%20NHI%20Governance%20Fits%20In" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fboards-focus-on-risk-resilience-and-operational-realities-where-nhi-governance-fits-in%2F&amp;linkname=Boards%20Focus%20On%20Risk%2C%20Resilience%2C%20and%20Operational%20Realities%3A%20Where%20NHI%20Governance%20Fits%20In" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fboards-focus-on-risk-resilience-and-operational-realities-where-nhi-governance-fits-in%2F&amp;linkname=Boards%20Focus%20On%20Risk%2C%20Resilience%2C%20and%20Operational%20Realities%3A%20Where%20NHI%20Governance%20Fits%20In" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fboards-focus-on-risk-resilience-and-operational-realities-where-nhi-governance-fits-in%2F&amp;linkname=Boards%20Focus%20On%20Risk%2C%20Resilience%2C%20and%20Operational%20Realities%3A%20Where%20NHI%20Governance%20Fits%20In" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fboards-focus-on-risk-resilience-and-operational-realities-where-nhi-governance-fits-in%2F&amp;linkname=Boards%20Focus%20On%20Risk%2C%20Resilience%2C%20and%20Operational%20Realities%3A%20Where%20NHI%20Governance%20Fits%20In" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://blog.gitguardian.com/">GitGuardian Blog - Take Control of Your Secrets Security</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Dwayne McDaniel">Dwayne McDaniel</a>. Read the original post at: <a href="https://blog.gitguardian.com/boards-focus-on-risks-nhi-governance/">https://blog.gitguardian.com/boards-focus-on-risks-nhi-governance/</a> </p>

<p>Many new teachers step into classrooms that still reflect traditional, teacher-centered models. These classrooms often place the teacher at the front, the curriculum at the center, and students in the role of listeners. Today’s learners live, think, and communicate differently, so they need more than memorization and recall. They need learning environments that value curiosity, voice, and collaboration.</p><p>Welcome to the rise of student-centered learning, which aligns teaching with the realities of modern students. It recognizes diverse learning styles, cultural backgrounds, and the increasing presence of <a href="https://managedmethods.com/blog/what-are-digital-footprints/">digital learning in everyday life</a>. A student-centered learning environment shifts attention toward student agency and meaningful participation in the learning process.</p><p>Student-centered learning is a modern teaching method that prioritizes student voice, student choice, and active involvement in learning. It focuses on <a href="https://managedmethods.com/blog/integrated-classroom/">creating an integrated classroom</a> that supports interaction, reflection, and real-world problem solving. In this article, you’ll learn what student-centered learning is, how it differs from teacher-centered models, and how to bring it to life in real classrooms.</p><h2 class="wp-block-heading" id="h-what-is-student-centered-learning"><strong>What is student-centered learning?</strong></h2><p>Student-centered learning is an instructional approach that invites students to play an active role in their own learning process. The learner helps shape goals, activities, and even pacing. The classroom <a href="https://gsehd.gwu.edu/shifting-student-centered-learning">shifts away from lecture-driven instruction</a> toward inquiry-based learning, reflection, and participation. Students don’t sit back and receive information. They question, create, discuss, and apply what they learn.</p><p>Student-centered education strives for individual student progress and growth rather than a single or blanket measure for all learners. Each learner brings strengths, interests, and needs, so instruction adapts to those very differences. Teachers use <a href="https://managedmethods.com/blog/classroom-management-styles/">classroom management styles</a> that support exploration, collaboration, and responsibility instead of enforcing control and compliance.</p><p>Student autonomy becomes a defining feature of this model. Students learn to set goals, monitor their progress, and adjust strategies. They learn <em>how</em> to learn, not only what to learn, thus making the learning process more visible and meaningful to the student.</p><p>The great news is that student-centered learning applies to K–12 classrooms and higher education settings alike, which explains its <a href="https://www.vitaeready.org/learning-hub/the-rise-of-student-centered-learning-and-its-global-challenges/">82% adoption in North America</a> alone. In both environments, the goal remains the same: The learner drives the experience, while the teacher supports growth through feedback, guidance, and structure. This makes learning more personal and relevant, which leads to stronger ownership and deeper understanding.</p><p><a href="https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/click?encryptedPayload=AVxigLJ2ujx2QQ5wcZWqyOFcWQO%2F%2FHlcMqrmGw%2BwV%2F8svIQ8rsqK7Jh%2FTWIteBvNCoKMPl%2BpNtKRhoF7AevSshj%2BzrfQFPomrcdHTTE%2BsoNrArFxQAUZipOdL%2FY8UUvz%2FJaNGFspAPPfvARaK1u5iA8Odi%2F%2FBkLDFQ4QRUkTa9dfoiGq6MMg0%2FCg0hH6rF9BHNSzclgKDcFZBf306A%3D%3D&amp;portalId=6834707" rel="noreferrer noopener"><strong>VIDEO: Experience ManagedMethods Solutions in Less Than 20 Minutes. No Forms! &gt;&gt;</strong></a></p><h2 class="wp-block-heading" id="h-student-centered-learning-vs-teacher-centered-learning"><strong>Student-centered learning vs. teacher-centered learning</strong></h2><p><a href="https://onlinedegrees.sandiego.edu/teacher-centered-vs-student-centered-learning/">Teacher-centered learning</a> places the educator at the forefront of instruction. In a teacher-centered classroom, the teacher talks, explains, and directs while students listen and take notes. The curriculum moves at a uniform pace. Lessons often rely on lectures, worksheets, and recall-based assessments. Learning becomes a one-way experience where students receive information rather than shape it.</p><p>A student-centered classroom looks and feels refreshingly different. The student becomes an active participant instead of a passive listener. <a href="https://managedmethods.com/blog/collaboration-in-the-classroom/">Collaboration in the classroom</a> takes priority. Students connect ideas in groups, discuss problems, and learn from one another. The teacher’s role shifts from main speaker to facilitator and learning partner.</p><h3 class="wp-block-heading" id="h-breaking-down-the-differences-even-further"><strong>Breaking down the differences even further</strong></h3><p>Teacher-centered learning treats the class as a single group that moves together. Student-centered learning treats the classroom as a community of unique learners with different paths toward understanding. A student-centered classroom encourages flexible pacing, choice, and exploration. It values voices, questions, and ideas from students.</p><p>Teacher-centered classrooms rely heavily on passive learning, whereas student-centered learning encourages ownership, discussion, and decision-making. A strict focus on only covering the curriculum takes a back seat; student-centered learning redirects learners toward understanding concepts, applying knowledge, and developing skills that surpass standard testing. </p><p>This shift helps students see themselves as capable contributors to knowledge-making and critical problem-solving.</p><h2 class="wp-block-heading" id="h-core-principles-of-student-centered-learning"><strong>Core principles of student-centered learning</strong></h2><p>The foundational principles that shape a student-centered learning environment include the following:</p><ul class="wp-block-list"> <li><strong>Student voice and choice</strong> in topics, activities, or learning paths. Students help make decisions about what they learn or how to best demonstrate that learning.</li> <li><strong>Personalized learning</strong> aligned to student needs and learning styles. Instruction adapts to how students learn best, where learners aren’t necessarily expected to respond to the same method in the same way.</li> <li><strong>Active and collaborative learning</strong>, including project-based learning and inquiry-based learning. Students work together, investigate real questions, and produce meaningful work.</li> <li><strong>Competency-based learning</strong>, where progress reflects mastery, not just seat time. Students move forward confidently when they can demonstrate proper understanding beyond merely chasing a classroom calendar.</li> </ul><p>These student-centered learning strategies form the core of a student-centered approach. They help create a learning journey that feels relevant and engaging as opposed to distant or imposed. Students take responsibility for thinking, planning, and reflecting, which strengthens long-term understanding.</p><p>Through these principles, student-centered learning supports lifelong learners who know how to collaborate, solve problems, and adapt to new challenges. The focus remains on deep, meaningful educational experiences, not simple task completion.</p><h2 class="wp-block-heading" id="h-benefits-of-student-centered-learning"><strong>Benefits of student-centered learning</strong></h2><p>Student-centered learning supports students academically, socially, and emotionally. When students feel ownership of learning, motivation grows and participation increases. They feel that learning belongs to them, not only to the school.</p><p>Key benefits include:</p><ul class="wp-block-list"> <li><strong>Increased student engagement</strong> and motivation because learning connects to student interests and goals.</li> <li><strong>Stronger critical thinking</strong> and problem-solving skills are fostered through discussion, collaboration, and real-world challenges.</li> <li><strong>Improved student progress</strong> through clear goals and ownership of learning outcomes.</li> <li><strong>Greater confidence</strong> and independence as learners evaluate their own understanding.</li> </ul><p>Student learning deepens when students explore, question, and apply knowledge. Instead of memorizing information for a short period, students build connections that support long-term retention. In this way, the learning experience becomes meaningful, not mechanical.</p><p>Student engagement grows when students see value in learning. They participate more fully, share ideas, and support others. This strengthens the learning journey and contributes to overall student success both in and after formal schooling.</p><p><a href="https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/click?encryptedPayload=AVxigLJ2ujx2QQ5wcZWqyOFcWQO%2F%2FHlcMqrmGw%2BwV%2F8svIQ8rsqK7Jh%2FTWIteBvNCoKMPl%2BpNtKRhoF7AevSshj%2BzrfQFPomrcdHTTE%2BsoNrArFxQAUZipOdL%2FY8UUvz%2FJaNGFspAPPfvARaK1u5iA8Odi%2F%2FBkLDFQ4QRUkTa9dfoiGq6MMg0%2FCg0hH6rF9BHNSzclgKDcFZBf306A%3D%3D&amp;portalId=6834707" rel="noreferrer noopener"><strong>VIDEO: Experience ManagedMethods Solutions in Less Than 20 Minutes. No Forms! &gt;&gt;</strong></a></p><h2 class="wp-block-heading" id="h-the-roles-of-teachers-and-students-in-student-centered-learning"><strong>The roles of teachers and students in student-centered learning</strong></h2><p>In student-centered learning, the role of the teacher evolves. The educator does far more than deliver lessons. The teacher also becomes a facilitator, guide, mentor, and coach by designing learning environments that support curiosity and independence. The teacher listens to the student’s voice, responds to student needs, and models how to think critically.</p><p>Teachers plan instruction that encourages exploration and collaboration, plus provide feedback that helps students grow rather than only grades to judge performance. They support diverse learning styles and needs through flexible tools and approaches.</p><p>Students also take on a new role in this type of learning environment. Instead of waiting for directions, students participate actively. They help set goals, reflect on progress, and collaborate with peers. They also accept responsibility for parts of their learning, which builds ownership and maturity. Ultimately, students learn how to advocate for their needs and ideas respectfully.</p><h3 class="wp-block-heading" id="h-the-importance-of-professional-development"><strong>The importance of professional development</strong></h3><p>Professional learning plays an important role in helping teachers transition to student-centered instruction. Ongoing reflection, collaboration with colleagues, and exposure to student-centered models support growth for educators as well as students.</p><h2 class="wp-block-heading" id="h-faqs-student-centered-learning-in-practice"><strong>FAQs: Student-centered learning in practice</strong></h2><p>Looking for quick answers to some common questions? Here’s what teachers often ask when considering student-centered learning in real classrooms.</p><h3 class="wp-block-heading" id="h-what-does-student-centered-learning-look-like-practically"><strong>What does student-centered learning look like practically?</strong></h3><p>You may see discussion circles, small group projects, learning stations, and opportunities for student choice. Students ask questions, share ideas, and explain their thinking rather than only answer recall questions.</p><h3 class="wp-block-heading" id="h-what-s-the-teacher-s-role-in-student-centered-learning"><strong>What’s the teacher’s role in student-centered learning?</strong></h3><p>The teacher guides learning, asks thoughtful questions, provides structure, and supports reflection. The teacher doesn’t dominate instruction but supports students as they work toward goals.</p><h3 class="wp-block-heading" id="h-what-s-the-student-s-role-in-student-centered-learning"><strong>What’s the student’s role in student-centered learning?</strong></h3><p>The student participates actively, collaborates with peers, reflects on progress, and directs parts of the learning journey. Furthermore, students take responsibility for effort and engagement.</p><h3 class="wp-block-heading" id="h-what-s-a-key-feature-of-student-centered-learning"><strong>What’s a key feature of student-centered learning?</strong></h3><p>A key feature is student autonomy supported by clear expectations, feedback, and guidance.</p><h3 class="wp-block-heading" id="h-which-is-the-best-example-of-a-student-centered-assignment"><strong>Which is the best example of a student-centered assignment?</strong></h3><p>A strong example is a project-based learning task where students select a topic, design questions, choose research tools, and present findings in their preferred format.</p><h3 class="wp-block-heading" id="h-what-tips-can-teachers-adopt-in-modern-classrooms"><strong>What tips can teachers adopt in modern classrooms?</strong></h3><p>Teachers looking for simple and effective strategies for student-centered instruction can experiment with these easy tips:</p><ol class="wp-block-list"> <li>Start small. </li> <li>Build routines. </li> <li>Offer structured choices. </li> <li>Use active learning strategies. </li> <li>Integrate <a href="https://managedmethods.com/blog/access-to-technology/">digital tools</a> that support collaboration and reflection.</li> </ol><h2 class="wp-block-heading" id="h-build-classrooms-around-students-not-systems"><strong>Build classrooms around students, not systems</strong></h2><p>Student-centered learning places students at the heart of the educational experience, where a dynamic classroom environment supports curiosity, independence, and lifelong learning skills. Students learn how to think critically, express ideas, and collaborate in meaningful ways.</p><p>For new teachers, this shift doesn’t need to happen overnight. It can grow through small, intentional changes such as offering choice, facilitating meaningful discussion, and designing collaborative activities.</p><p>To support this kind of learning, districts need technology that works <em>with</em> instruction — not against it. ManagedMethods brings together <strong>Classroom Manager, Content Filter, and Cloud Monitor</strong> in a unified platform that simplifies digital safety, supports focus in the classroom, and protects students without disrupting learning.</p><p>That’s safer learning, simplified.</p><figure class="wp-block-image"><img decoding="async" src="https://no-cache.hubspot.com/cta/default/6834707/interactive-182990107747.png" alt="CTA - Demo on demand - Blog"></figure><p><a href="https://cta-service-cms2.hubspot.com/web-interactives/public/v1/track/redirect?encryptedPayload=AVxigLI%2FZMPJAeSSQE9cgf%2FEwTzsqXE7jHuACVWHWFK5ZGIi1ZyMVJbMQtDhzs9iGB0kRPV0ajc3PrH9dSDIQarBQi1d41wQzJfn530FXSwUCABYE0x0h1xmIKVPoOT5WtOW9XhowqT1nidJsuyEn9MG3taO6fpNM3NPyO7Xn0j1f5%2FA2wHKp61NUBGSyWMRecX9jq4YcXNP2GqnUQ%3D%3D&amp;webInteractiveContentId=182990107747&amp;portalId=6834707" rel="noreferrer noopener"></a></p><p>The post <a href="https://managedmethods.com/blog/what-is-student-centered-learning/">What Is Student-Centered Learning? A Practical Guide for New Teachers</a> appeared first on <a href="https://managedmethods.com/">ManagedMethods Cybersecurity, Safety &amp; Compliance for K-12</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/what-is-student-centered-learning-a-practical-guide-for-new-teachers/" data-a2a-title="What Is Student-Centered Learning? A Practical Guide for New Teachers"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhat-is-student-centered-learning-a-practical-guide-for-new-teachers%2F&amp;linkname=What%20Is%20Student-Centered%20Learning%3F%20A%20Practical%20Guide%20for%20New%20Teachers" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhat-is-student-centered-learning-a-practical-guide-for-new-teachers%2F&amp;linkname=What%20Is%20Student-Centered%20Learning%3F%20A%20Practical%20Guide%20for%20New%20Teachers" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhat-is-student-centered-learning-a-practical-guide-for-new-teachers%2F&amp;linkname=What%20Is%20Student-Centered%20Learning%3F%20A%20Practical%20Guide%20for%20New%20Teachers" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhat-is-student-centered-learning-a-practical-guide-for-new-teachers%2F&amp;linkname=What%20Is%20Student-Centered%20Learning%3F%20A%20Practical%20Guide%20for%20New%20Teachers" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fwhat-is-student-centered-learning-a-practical-guide-for-new-teachers%2F&amp;linkname=What%20Is%20Student-Centered%20Learning%3F%20A%20Practical%20Guide%20for%20New%20Teachers" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://managedmethods.com/feed/">ManagedMethods Cybersecurity, Safety &amp;amp; Compliance for K-12</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alexa Sander">Alexa Sander</a>. Read the original post at: <a href="https://managedmethods.com/blog/what-is-student-centered-learning/">https://managedmethods.com/blog/what-is-student-centered-learning/</a> </p>

The Golden Raspberry Awards have unleashed their 2026 nominations, and the results are delightfully brutal. This years list of cinematic misfires is led by Snow White and War of the Worlds, with both… [+3234 chars]

The Razzies 2026 nominations are in – and it's bad news for War of the Worlds. The sci-fi thriller, which stars Ice Cube as a computer security analyst who uncovers dark government secrets in the mi… [+3452 chars]

A parliamentary majority has asked the current caretaker and upcoming new Cabinet to do everything in their power to prevent Dutch DigiD data from ending up in the United States governments hands. Th… [+2450 chars]

European Commission Press release Jan 20, 2026Strasbourg Europe faces daily cyber and hybrid attacks on essential services and democratic institutions, carried out by sophisticated state and crimi… [+5808 chars]

CAMBRIDGE, Mass., Jan. 21, 2026 (GLOBE NEWSWIRE) -- Akamai (NASDAQ: AKAM) today announced that Deutsche Telekom Security, an Akamai Partner Connect program member, is using Akamais Security Certifi… [+5870 chars]

<div class="col-xs-12 col-sm-9 two2575Right"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <p><b><i>“The only constant is change.” — Heraclitus</i></b></p> <p> </p> <p>The landscape of cybersecurity is perpetually changing. Faced with emerging technologies and evolving threats, organizations can never stay pat or let their guards down. As we head into 2026, the convergence of advancing AI, evolving regulations, and sophisticated attack vectors presents both unprecedented challenges and remarkable opportunities.</p> <p>We sat down with Black Duck’s Chief Product and Technology Officer Dipto Chakravarty to discuss navigating this dynamic terrain. A visionary leader in AppSec and secure software development, Dipto shares his expert predictions on how the above forces will impact organizations, the critical shifts we can expect in vulnerability management, the strategic importance of talent, and the steps that leaders must take to stay ahead.<b></b></p> </div> </section></div> </div> <div class="text aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-top-sm vert-pad-bottom-sm "> <div class="container "> <section class="component-textcomp text-align-left "> <div class="component-text"> </div> <hr class="separator"> </section> </div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="1" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2>What’s the one AppSec norm that you expect to be disrupted in 2026—and what should engineering and security leaders do to stay ahead of it?</h2> <p>“The traditional approach to vulnerability management and security testing will certainly be disrupted, primarily driven by the increasing adoption of AI in cybersecurity. The old software world is gone, giving way to a new set of truths defined by AI. AI will significantly alter how organizations identify and mitigate vulnerabilities, becoming both a tool for attackers and defenders. Threat actors will leverage AI to automate and scale attacks, while defenders will use AI to enhance detection and response capabilities.</p> <p>“Organizations will need to invest in <a href="https://www.blackduck.com/blog/black-duck-signal-ai-application-security.html">AI-driven vulnerability scanning</a> and predictive analytics to stay ahead of emerging threats. AI-powered security tools will enable security teams to analyze vast amounts of data, identify patterns, and predict potential threats before they materialize.</p> <p>“The role of AI in AppSec will be transformative, and organizations that fail to adapt risk being left behind. As AI continues to evolve, it’s essential for security leaders to prioritize AI-driven security measures and invest in the necessary skills and technologies to stay ahead of the threats.”</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="2" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2>What regulatory or geopolitical shift do you believe will most impact open source software usage, software supply chain security, or AppSec practices in 2026?</h2> <p>“One regulatory shift expected to significantly impact open source software usage and software supply chain security is the continued rollout and enforcement of cybersecurity regulations and standards, particularly those related to AI and supply chain security.</p> <p>“The European Union’s push for greater sovereignty over its digital resources and services, as well as the implementation of acts like the EU AI Act, will likely have far-reaching implications for organizations operating within or with the EU. Moreover, recent cybersecurity executive orders in the U.S. have targeted quantum computing, AI, and supply chain security, indicating a growing regulatory focus on these areas.</p> <p>“The increasing adoption of AI in cybersecurity will be a double-edged sword, bringing both enhanced defensive capabilities and new attack vectors. Organizations will need to navigate these changes while ensuring compliance with evolving standards like <a href="https://www.blackduck.com/blog/nist-ssdf-secure-software-development.html">NIST SP 800-218</a>.</p> <p>“To stay ahead, engineering and security leaders should prioritize AI-driven security measures, enhance software supply chain security practices, and invest in the necessary skills and technologies to address emerging threats. By doing so, organizations can build more resilient security posture and improve their ability to detect and respond to emerging threats.”</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="3" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2>What emerging technology (beyond GenAI) do you believe will gain real traction in secure software development or supply chain integrity next year?</h2> <p>“Agentic AI, which involves autonomous systems capable of complex decision-making and adaptation, is expected to transform various industries. In secure software development, agentic AI can enhance security by autonomously detecting and responding to threats in real time.</p> <p>“With the advent of quantum computing, the need for quantum-resistant cryptography is becoming increasingly critical. Organizations must begin transitioning to cryptographic systems that can withstand quantum attacks. This involves identifying and classifying high-value, long-term sensitive data and evaluating vendor quantum-resistance. Post-quantum cryptography (PQC) is emerging as a critical technology to safeguard data infrastructure. The European Union has already initiated a coordinated effort for Member States to transition to PQC by 2030, highlighting its importance. Organizations should begin transitioning to PQC standards, auditing their cryptographic assets, and investing in future-proof security frameworks.</p> <p>“Edge AI (processing data locally on devices) will enhance real-time decision-making and reduce latency. Neuromorphic computing, inspired by the human brain, will further advance edge AI capabilities, making devices more efficient and adaptive.”</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="4" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2>What were some of the most common challenges you saw with customers in 2025 related to secure development?</h2> <p>“I observed that customers in 2025 continued to grapple with several key challenges related to secure development. The evolving threat landscape, driven by advancements in AI and Generative AI, has significantly impacted secure development practices.</p> <p>“One of the primary concerns is the increasing sophistication of AI-enabled attacks, making it essential for development teams to integrate robust security measures into their workflows.</p> <p>“Additionally, securing AI systems across their life cycle is another critical challenge. This involves not only developing AI software securely but also protecting AI models and large language models from vulnerabilities such as data poisoning and prompt injection attacks. Traditional security measures, including monitoring, logging, and intrusion detection, are also crucial in managing AI systems.</p> <p>“Supply chain attacks remain a significant threat. The compromise of software components, whether open source or commercial, can have far-reaching consequences. Organizations must prioritize managing and monitoring software supply chain risks, including the use of <a href="https://www.blackduck.com/blog/building-sbom-with-black-duck.html">Software Bills of Materials</a> and rigorous patch management.</p> <p>“The proliferation of regulatory requirements around cybersecurity adds another layer of complexity. Organizations must navigate a fragmented landscape of regional and global compliance requirements, making it challenging to maintain compliance and ensure the security of their development processes.”</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="5" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2>What talent or workforce trend do you expect to define competitive advantage in AppSec or secure software engineering in 2026?</h2> <p>“I anticipate that the talent or workforce trend that will define competitive advantage in AppSec or secure software engineering in 2026 is the ability to effectively leverage AI and machine learning security capabilities. The increasing sophistication of AI-enabled attacks and the growing importance of securing AI systems will require organizations to invest in talent with expertise in AI governance, AI security, and machine learning.</p> <p>“Professionals who can develop and implement AI models and algorithms, as well as secure AI systems, will be in high demand. As cloud usage continues to grow, expertise in cloud security will become increasingly important. Knowledge of Zero-Trust implementation will be crucial in protecting against identity-based attacks.”</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="6" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2>What’s one risk area in the software development life cycle that leaders are underestimating heading into 2026, and what’s your advice for mitigating it?</h2> <p>“The security risks associated with AI systems. While organizations are rapidly adopting AI technologies, many are not adequately addressing the unique security challenges these systems present. AI models can be vulnerable to attacks such as data poisoning, model inversion, and evasion attacks. The complexity of AI models can make it difficult to understand their decision-making processes, making it challenging to identify potential security risks. Additionally, AI systems require specialized testing and validation to ensure they are functioning as intended and are secure.</p> <p>“To mitigate these risks, leaders should establish clear policies and guidelines for the development and deployment of AI systems, including requirements for security testing and validation. Leverage tools and technologies specifically designed to secure AI systems, such as those that provide model explainability and vulnerability detection. Invest in training and reskilling programs to develop the necessary expertise to secure AI systems.”</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="7" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2>How do you expect AI agents or autonomous systems to reshape secure coding, vulnerability management, and developer workflows in the next year?</h2> <p>“When it comes to secure coding, AI-powered tools will become more prevalent in code review processes, helping to identify potential security vulnerabilities earlier in the development life cycle. AI-driven systems will be able to suggest and even implement fixes for common security issues, reducing the burden on developers.</p> <p>“In terms of vulnerability management, AI agents will analyze codebases and predict potential vulnerabilities, enabling proactive measures to mitigate risks. Autonomous systems will streamline patch management by identifying, testing, and deploying patches more efficiently.</p> <p>“For development workflows, AI will integrate into development environments to provide real-time feedback, suggestions, and automations, enhancing developer productivity and security. AI will facilitate the shift-left approach by embedding security checks and balances earlier in the development process.”</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="8" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2><span class="text-color-synopsys-purple"><span class="text-color-black">What’s one bold move you think more companies should make in 2026 to strengthen their application security posture, even if it feels uncomfortable or disruptive?</span></span></h2> <p>“Adopt a comprehensive, AI-native application security testing (AST) strategy that integrates with their existing DevSecOps pipelines. This involves leveraging tools to identify vulnerabilities, predict threat vectors, and automate remediation efforts. Utilize tools that employ AI to detect complex vulnerabilities and predict potential threats. Integrate AST tools with existing development and security pipelines to ensure continuous feedback. Implement automated remediation processes to address identified vulnerabilities, reducing the risk window.”</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="9" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-md "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2><span class="text-color-synopsys-purple">AppSec non-negotiables for 2026</span></h2> <p>As Dipto Chakravarty makes clear, 2026 will be a pivotal year. AI’s influence will pervade every facet of cybersecurity—from enhancing defensive capabilities to presenting new attack surfaces. Three non-negotiables stand out: Organizations must</p> <p>·      Proactively embrace AI-driven security measures</p> <p>·      Fortify their software supply chain practices</p> <p>·      Cultivate a workforce equipped with advanced AI and machine learning security expertise</p> <p>The regulatory tides, particularly around AI and supply chain security, demand vigilance. By integrating AI into development workflows and adopting a comprehensive AI-driven AppSec strategy, organizations will actively shape a more resilient and secure digital future.</p> <p> </p> <p style="text-align: center;"><span class="component-button primary"><a href="https://www.blackduck.com/contact-sales.html">Get Black Duck as your AppSec partner in 2026</a></span></p> </div> </section></div> </div> </div> <div class="blogsDev aem-GridColumn aem-GridColumn--default--12"> <div class="container "> <section class="cmp-blogsdev"> <ul class="cmp-blogsdev__pagetags-container"> <li data-page-tag="black-duck:content-type/blog/appsec-best-practices"><a href="https://www.blackduck.com/blog/category.appsec-best-practices.html" title="AppSec Best Practices">AppSec Best Practices</a></li> <li data-page-tag="black-duck:content-type/blog/artificial-intelligence"><a href="https://www.blackduck.com/blog/category.artificial-intelligence.html" title="Artificial Intelligence">Artificial Intelligence</a></li> <li data-page-tag="black-duck:content-type/blog/build-secure-software"><a href="https://www.blackduck.com/blog/category.build-secure-software.html" title="Build Security into DevOps">Build Security into DevOps</a></li> <li data-page-tag="black-duck:content-type/blog/manage-security-risks"><a href="https://www.blackduck.com/blog/category.manage-security-risks.html" title="Manage Security Risks">Manage Security Risks</a></li> <li data-page-tag="black-duck:content-type/blog/security-news-research"><a href="https://www.blackduck.com/blog/category.security-news-research.html" title="Security News &amp; Trends">Security News &amp; Trends</a></li> </ul> </section></div> </div> </div> </div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/01/navigating-the-ai-security-era-key-trends-for-software-leaders-in-2026/" data-a2a-title="Navigating the AI security era: Key trends for software leaders in 2026"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fnavigating-the-ai-security-era-key-trends-for-software-leaders-in-2026%2F&amp;linkname=Navigating%20the%20AI%20security%20era%3A%20Key%20trends%20for%20software%20leaders%20in%202026" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fnavigating-the-ai-security-era-key-trends-for-software-leaders-in-2026%2F&amp;linkname=Navigating%20the%20AI%20security%20era%3A%20Key%20trends%20for%20software%20leaders%20in%202026" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fnavigating-the-ai-security-era-key-trends-for-software-leaders-in-2026%2F&amp;linkname=Navigating%20the%20AI%20security%20era%3A%20Key%20trends%20for%20software%20leaders%20in%202026" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fnavigating-the-ai-security-era-key-trends-for-software-leaders-in-2026%2F&amp;linkname=Navigating%20the%20AI%20security%20era%3A%20Key%20trends%20for%20software%20leaders%20in%202026" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F01%2Fnavigating-the-ai-security-era-key-trends-for-software-leaders-in-2026%2F&amp;linkname=Navigating%20the%20AI%20security%20era%3A%20Key%20trends%20for%20software%20leaders%20in%202026" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.blackduck.com/blog.html">Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Dipto Chakravarty">Dipto Chakravarty</a>. Read the original post at: <a href="https://www.blackduck.com/blog/2026-ai-security-appsec-predictions.html">https://www.blackduck.com/blog/2026-ai-security-appsec-predictions.html</a> </p>