Technology

The 2022 LastPass breach was a wake-up call. I realized that even with an encrypted vault, I could still be at risk if my vault lives on servers outside my control. It may have taken a few years, bu… [+7109 chars]

An original actor from Avatar: The Last Airbender has seen the leaked sequel movie. The star has responded to the major leak of the show's movie sequel, Avatar Aang: The Last Airbender, admitting th… [+3464 chars]

THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY Subscribe now to read the latest news in your city and across Canada. <ul><li>Exclusive articles from Barbara Shecter, Joe O'Connor, Gabriel Friedman, … [+7478 chars]

A prevailing theme of this year’s White House Correspondents’ Association dinner will be how journalists make a statement in the presence of Donald Trump, whose attacks on the media have come in the … [+4905 chars]

FRANKFURT, April 21 : German central bank chief Joachim Nagel called on Tuesday for all institutions to have access to Anthropic's artificial intelligence model Mythos to keep the playing field even … [+2310 chars]

FRANKFURT, April 21 : Banking authorities must prevent the misuse of Anthropic's Mythos, its most advanced AI model to date, which opens the door to new and sophisticated cyber risks, Bundesbank Pres… [+525 chars]

<p><em>Seceon earns a 4.6 out of 5.0 overall rating from 82 verified customer reviews, with 90% of reviewers willing to recommend the platform, reflecting strong real-world satisfaction across the global services and financial sectors</em></p><p>WESTFORD, Mass., April 21, 2026 /PRNewswire/ — Seceon Inc., a leading provider of AI-driven cybersecurity solutions for enterprises and managed security service providers (MSSPs), today announced its inclusion in the “Voice of the Customer” for Security Information and Event Management (SIEM), published April 10, 2026. The recognition is based entirely on verified reviews and ratings submitted by Seceon customers on the Gartner Peer Insights platform over an 18-month period.</p><figure class="wp-block-image size-full is-resized"><img fetchpriority="high" decoding="async" width="1400" height="1562" src="https://seceon.com/wp-content/uploads/2026/04/Figure_1._Voice_of_the_Customer_for_Security_Information_and_Event_Management-1.png" alt="" class="wp-image-31248" style="width:787px;height:auto" title="Gartner's Peer Review Voice of the Customer Quadrant, recognized Seceon as a leading SIEM solution in 2026. Driven by verified customer feedback, Seceon delivers strong outcomes in threat detection, response, and compliance with high ratings across product capabilities, deployment, and support." srcset="https://seceon.com/wp-content/uploads/2026/04/Figure_1._Voice_of_the_Customer_for_Security_Information_and_Event_Management-1.png 1400w, https://seceon.com/wp-content/uploads/2026/04/Figure_1._Voice_of_the_Customer_for_Security_Information_and_Event_Management-1-269x300.png 269w, https://seceon.com/wp-content/uploads/2026/04/Figure_1._Voice_of_the_Customer_for_Security_Information_and_Event_Management-1-918x1024.png 918w, https://seceon.com/wp-content/uploads/2026/04/Figure_1._Voice_of_the_Customer_for_Security_Information_and_Event_Management-1-768x857.png 768w, https://seceon.com/wp-content/uploads/2026/04/Figure_1._Voice_of_the_Customer_for_Security_Information_and_Event_Management-1-1377x1536.png 1377w" sizes="(max-width: 1400px) 100vw, 1400px"><figcaption class="wp-element-caption">Gartner’s Peer Review Voice of the Customer Quadrant, recognized Seceon as a leading SIEM solution in 2026. Driven by verified customer feedback, Seceon delivers strong outcomes in threat detection, response, and compliance with high ratings across product capabilities, deployment, and support.</figcaption></figure><figure class="wp-block-image size-large is-resized"><img decoding="async" width="1024" height="535" src="https://seceon.com/wp-content/uploads/2026/04/Recognized-as-a-Customers-Choice-in-the-Gartner-Peer-Insights%E2%84%A2-Voice-of-the-Customer-Quadrant-2026-2-1024x535.png" alt="" class="wp-image-31249" style="aspect-ratio:1.9140527646242034;width:826px;height:auto" title='Seceon is included in the Gartner® Peer Insights™ "Voice of the Customer" for Security Information and Event Management (2026), based on verified reviews from customers across the globe. The recognition reflects strong feedback across deployment experience, usability, and operational effectiveness, highlighting how security teams are turning to unified platforms to improve visibility, accelerate response, and reduce operational complexity.' srcset="https://seceon.com/wp-content/uploads/2026/04/Recognized-as-a-Customers-Choice-in-the-Gartner-Peer-Insights™-Voice-of-the-Customer-Quadrant-2026-2-1024x535.png 1024w, https://seceon.com/wp-content/uploads/2026/04/Recognized-as-a-Customers-Choice-in-the-Gartner-Peer-Insights™-Voice-of-the-Customer-Quadrant-2026-2-300x157.png 300w, https://seceon.com/wp-content/uploads/2026/04/Recognized-as-a-Customers-Choice-in-the-Gartner-Peer-Insights™-Voice-of-the-Customer-Quadrant-2026-2-768x401.png 768w, https://seceon.com/wp-content/uploads/2026/04/Recognized-as-a-Customers-Choice-in-the-Gartner-Peer-Insights™-Voice-of-the-Customer-Quadrant-2026-2.png 1200w" sizes="(max-width: 1024px) 100vw, 1024px"><figcaption class="wp-element-caption">Seceon is included in the Gartner® Peer Insights<img decoding="async" src="https://s.w.org/images/core/emoji/17.0.2/72x72/2122.png" alt="™" class="wp-smiley" style="height: 1em; max-height: 1em;"> “Voice of the Customer” for Security Information and Event Management (2026), based on verified reviews from customers across the globe. The recognition reflects strong feedback across deployment experience, usability, and operational effectiveness, highlighting how security teams are turning to unified platforms to improve visibility, accelerate response, and reduce operational complexity.</figcaption></figure><p>Seceon achieved an overall rating of 4.6 out of 5.0 stars across 82 verified customer reviews, 210 total reviews, with 90% of reviewers indicating a willingness to recommend Seceon to peers. The company was recognized in the “Aspiring” Voice of the Customer Quadrant, reflecting above-market-average overall experience scores alongside a growing customer footprint.</p><p><em> “The SIEM market has long been dominated by solutions that are expensive to deploy, slow to deliver value, and difficult to manage without large teams. Our inclusion in the Gartner Peer Insights Voice of the Customer with a 4.6 rating and a top deployment experience score validates that there is a better way, and that our customers are living proof of it.”<br></em><strong>— Chandra Pandey, Founder &amp; CEO, Seceon Inc. </strong></p><p><strong>Why This Recognition Matters</strong></p><p>The Gartner Peer Insights “Voice of the Customer” is one of the most trusted peer-driven evaluations in enterprise technology. Inclusion requires a minimum of 20 verified reviews over 18 months, a 4.0 or higher overall rating, and sufficient ratings across capabilities and support delivery criteria that ensure only vendors with demonstrated customer satisfaction are represented. Across the entire SIEM market during this period, Gartner Peer Insights collected 2,673 total reviews and ratings.</p><p>For Seceon, earning a 90% Willingness to Recommend score, ahead of several larger, well-resourced competitors in the market, underscores the tangible value customers experience when deploying the Seceon Open Threat Management (OTM) Platform. Seceon’s Deployment Experience score of 4.6 out of 5.0 is particularly notable, reflecting the platform’s ease of onboarding and time-to-value relative to more complex legacy SIEM architectures.</p><p><strong>What Customers Value Most</strong></p><p>Across 82 verified reviews, Seceon customers predominantly from the services, finance, and communications sectors, spanning organizations in the US, Asia/Pacific, Europe, and globally — consistently highlight:</p><ul class="wp-block-list"> <li>  AI-driven, real-time threat detection and automated response that reduces analyst workload and alert fatigue</li> <li>  Superior deployment experience compared to legacy SIEM tools, with rapid time-to-value for resource-constrained teams</li> <li>  Strong MSSP and multi-tenant capabilities that enable service providers to deliver scalable, enterprise-grade protection</li> <li>  Consistent, high-quality customer support rated 4.5 out of 5.0 across 82 reviewers</li> <li>  Competitive total cost of ownership, making advanced threat detection accessible beyond large enterprise budgets</li> </ul><p>Read Seceon’s verified customer reviews and access the full Gartner Peer Insights Voice of the Customer for SIEM report at: <strong><u><a href="https://edge.prnewswire.com/c/link/?t=0&amp;l=en&amp;o=4669056-1&amp;h=147230541&amp;u=https%3A%2F%2Fseceon.com%2F2026-gartner-peer-insights-voice-of-the-customer-for-siem%2F&amp;a=https%3A%2F%2Fseceon.com%2F2026-gartner-peer-insights-voice-of-the-customer-for-siem%2F" rel="noreferrer noopener">https://seceon.com/2026-gartner-peer-insights-voice-of-the-customer-for-siem/</a></u></strong></p><p><strong>About the Seceon Open Threat Management Platform</strong></p><p>Seceon’s Open Threat Management (OTM) Platform combines AI, machine learning, and behavioral analytics to continuously monitor, detect, and automatically contain threats across on-premises, cloud, and hybrid environments in real time, 24/7. Designed for enterprises and MSSPs alike, the platform ingests and correlates data from across the full IT environment, eliminating the complexity, cost, and tuning burden of traditional SIEM deployments.</p><p><strong>Gartner Disclaimer</strong></p><p><em>Gartner, Voice of the Customer for Security Information and Event Management, Peer Community Contributors, 10 April 2026. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and PEER INSIGHTS is a trademark and service mark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates.</em></p><p><strong>Media Contact:<br></strong>Shikha Pandey<br><a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e8bb8081838089a89b8d8b8d8786c68b8785">[email protected]</a><br><a href="https://edge.prnewswire.com/c/link/?t=0&amp;l=en&amp;o=4527006-1&amp;h=2865169115&amp;u=http%3A%2F%2Fwww.seceon.com%2F&amp;a=www.seceon.com" rel="noreferrer noopener">www.seceon.com</a><br>+1 978-496-4058</p><p><strong>Reference Link:</strong> <a href="https://www.prnewswire.com/news-releases/seceon-recognized-in-the-2026-gartner-voice-of-the-customer-report-for-security-information-and-event-management-302748446.html">Seceon Recognized in the 2026 Gartner® “Voice of the Customer” Report for Security Information and Event Management</a></p><p>The post <a href="https://seceon.com/seceon-recognized-in-the-2026-gartner-voice-of-the-customer-report-for-security-information-and-event-management/">Seceon Recognized in the 2026 Gartner® “Voice of the Customer” Report for Security Information and Event Management</a> appeared first on <a href="https://seceon.com/">Seceon Inc</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/seceon-recognized-in-the-2026-gartner-voice-of-the-customer-report-for-security-information-and-event-management/" data-a2a-title="Seceon Recognized in the 2026 Gartner® “Voice of the Customer” Report for Security Information and Event Management"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fseceon-recognized-in-the-2026-gartner-voice-of-the-customer-report-for-security-information-and-event-management%2F&amp;linkname=Seceon%20Recognized%20in%20the%202026%20Gartner%C2%AE%20%E2%80%9CVoice%20of%20the%20Customer%E2%80%9D%20Report%20for%20Security%20Information%20and%20Event%20Management" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fseceon-recognized-in-the-2026-gartner-voice-of-the-customer-report-for-security-information-and-event-management%2F&amp;linkname=Seceon%20Recognized%20in%20the%202026%20Gartner%C2%AE%20%E2%80%9CVoice%20of%20the%20Customer%E2%80%9D%20Report%20for%20Security%20Information%20and%20Event%20Management" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fseceon-recognized-in-the-2026-gartner-voice-of-the-customer-report-for-security-information-and-event-management%2F&amp;linkname=Seceon%20Recognized%20in%20the%202026%20Gartner%C2%AE%20%E2%80%9CVoice%20of%20the%20Customer%E2%80%9D%20Report%20for%20Security%20Information%20and%20Event%20Management" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fseceon-recognized-in-the-2026-gartner-voice-of-the-customer-report-for-security-information-and-event-management%2F&amp;linkname=Seceon%20Recognized%20in%20the%202026%20Gartner%C2%AE%20%E2%80%9CVoice%20of%20the%20Customer%E2%80%9D%20Report%20for%20Security%20Information%20and%20Event%20Management" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fseceon-recognized-in-the-2026-gartner-voice-of-the-customer-report-for-security-information-and-event-management%2F&amp;linkname=Seceon%20Recognized%20in%20the%202026%20Gartner%C2%AE%20%E2%80%9CVoice%20of%20the%20Customer%E2%80%9D%20Report%20for%20Security%20Information%20and%20Event%20Management" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://seceon.com/">Seceon Inc</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Anamika Pandey">Anamika Pandey</a>. Read the original post at: <a href="https://seceon.com/seceon-recognized-in-the-2026-gartner-voice-of-the-customer-report-for-security-information-and-event-management/">https://seceon.com/seceon-recognized-in-the-2026-gartner-voice-of-the-customer-report-for-security-information-and-event-management/</a> </p>

<p style="font-weight: 400;">Reports from Iranian state media claim that U.S.-manufactured networking gear ceased functioning at critical moments during military strikes. The allegations, which cannot be independently verified, claim there were simultaneous failures across routers and switches produced by Cisco, Fortinet, Juniper Networks, and MikroTik during attacks on Iranian infrastructure.</p><p style="font-weight: 400;">According to accounts published by the Iranian <a href="https://farsnews.ir/FarsNews_eng">Fars News Agency</a>, the disruptions occurred as U.S. forces targeted sites in Iran’s Isfahan Province. Devices reportedly disconnected or rebooted despite the country having largely severed its connection to the global Internet. Iranian officials claimed the timing was deliberate, suggesting the presence of embedded vulnerabilities or dormant malware within the equipment.</p><p style="font-weight: 400;">Iranian sources say that the failures could not have resulted from conventional remote cyberattacks, given the country’s isolation from external networks during the strikes. Instead, they describe scenarios involving pre-positioned code within firmware or the activation of hidden backdoors capable of triggering disruptions without external connectivity.</p><p style="font-weight: 400;">U.S. vendors have not confirmed the existence of such vulnerabilities, and no independent technical analysis has been released.</p><p style="font-weight: 400;">Since the start of the conflict, authorities have maintained a near-total Internet shutdown. Only a limited group of approved users could access the Internet. This isolation is one of the reasons it is hard to verify claims of coordinated hardware failures.</p><p style="font-weight: 400;">The isolation also reveals Iran’s decision to build a centralized and controllable network architecture, which limits foreign influence and enhances domestic surveillance. The downside of such a centralized approach is that it includes the potential for single points of failure.</p><h2 style="font-weight: 400;"><strong>Sustained Cyber Battle </strong></h2><p style="font-weight: 400;">Whatever the truth of the claims about the networking gear, a sustained cyber battle is almost certainly being pursued by both the U.S. and Iran.</p><p style="font-weight: 400;">U.S. military officials have acknowledged using offensive cyber capabilities in recent conflicts. In briefings earlier this year, senior defense leaders described cyber units as first movers used to attack an adversary’s communication infrastructure before physical strikes begin.</p><p style="font-weight: 400;">Iran, according to U.S. authorities, made a series of intrusions into American critical infrastructure, compromising systems tied to oil, gas, and water operations, and causing operational disruptions. The attacks targeted programmable logic controllers, which bridge digital commands and physical machinery.</p><p style="font-weight: 400;">While the disruptions reported in the U.S. were limited, they show a persistent effort to establish footholds in critical systems that could be leveraged during conflicts.</p><p style="font-weight: 400;">Independent hacking groups aligned with Iran have also signaled their intent to continue cyber operations regardless of diplomatic developments. Following a recent ceasefire, one such group stated that attacks against U.S. targets would resume when conditions allow. Cyber conflict operates on a separate timeline from conventional warfare.</p><p style="font-weight: 400;">A key point here: the lack of verifiable evidence highlights the challenge of separating technical reality from information warfare. In a conflict where cyber capabilities are both real tools and instruments of propaganda, claims of sabotage can influence opinions even without confirmation.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/iran-alleges-us-networking-gear-was-deliberately-disabled/" data-a2a-title="Iran Alleges US Networking Gear Was Deliberately Disabled"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Firan-alleges-us-networking-gear-was-deliberately-disabled%2F&amp;linkname=Iran%20Alleges%20US%20Networking%20Gear%20Was%20Deliberately%20Disabled" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Firan-alleges-us-networking-gear-was-deliberately-disabled%2F&amp;linkname=Iran%20Alleges%20US%20Networking%20Gear%20Was%20Deliberately%20Disabled" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Firan-alleges-us-networking-gear-was-deliberately-disabled%2F&amp;linkname=Iran%20Alleges%20US%20Networking%20Gear%20Was%20Deliberately%20Disabled" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Firan-alleges-us-networking-gear-was-deliberately-disabled%2F&amp;linkname=Iran%20Alleges%20US%20Networking%20Gear%20Was%20Deliberately%20Disabled" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Firan-alleges-us-networking-gear-was-deliberately-disabled%2F&amp;linkname=Iran%20Alleges%20US%20Networking%20Gear%20Was%20Deliberately%20Disabled" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p><span data-contrast="none">Manhattan’s hard-nosed District Attorney Alvin Bragg, who secured 34 felony convictions against President Trump, is taking on Meta to hold the social media company accountable for immigration scams growing like wildfire on its platforms.</span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="none">In a </span><a href="https://manhattanda.org/wp-content/uploads/2026/04/Letter-to-Meta-4.9.26.pdf" target="_blank" rel="noopener"><span data-contrast="none">recent letter</span></a><span data-contrast="none">, Bragg urged Meta CEO Mark Zuckerberg to act to stop the scams, which he said were difficult to prosecute, and requested a meeting with the company’s representatives.</span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="none">Bragg noted that imposter accounts were using Meta’s platforms like Facebook and WhatsApp to “</span><span data-contrast="auto">falsely pose as pro bono legal services organizations, such as Catholic Charities” and then extract money for assistance from the victims. The funds typically make their way overseas, hampering prosecution and recovery.</span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="none">“These scams are especially dangerous because they target a vulnerable population who are in situations of emotional distress,” says Miks Aalto, cofounder and CEO at Hoxhunt. Impersonating trusted legal organizations or charities lends a sense of urgency that prompts victims to respond more quickly.</span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="none">The speed of the cycle makes pinning attackers and punishing them more difficult. “Even when fake accounts are reported and removed, attackers can create new ones very quickly using the same tactics but with just enough adaptations to fool the filters,” says Aalto, noting that AI is accelerating the “endless game of whack-a-mole.”</span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="auto">While the Manhattan DA’s office “investigates and prosecutes these crimes when able, your company can play an important role in protecting users from fraud and theft,” Bragg wrote, pointing out that the imposter accounts stand in violation of Meta’s terms of service that prohibit “accounts that provide false information or engage in unlawful or misleading conduct.”</span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="auto">But Meta doesn’t seem to be following its own terms for removing those accounts. “We have spoken with at least two institutional leaders of pro bono legal services organizations whose requests to remove false profiles were declined despite following this reporting protocol,” Bragg wrote. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">For Meta, protection seems to be a matter of priorities. The company “has built moderation that protects celebrities and abandons nonprofits, and scammers exploit that asymmetry as operational cover,” says Collin Hogue-Spears, senior director of solution management at Black Duck. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">He says that scammers “bought Facebook ads, cloned nonprofit logos, and migrated victims into WhatsApp where no moderation algorithm can follow.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">About one-third of all Catholic Charities agencies across the U.S. “have reported impersonation campaigns using their names and branding to extract payments from immigrants” but when “verified institutional leaders reported their own impersonators through Meta’s official process, Meta declined the removal requests.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">The reporting button, Hogue-Spears says, “exists to satisfy an audit… not to stop a scammer; it is a suggestion box.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="auto">If Meta is sincere about protecting its users as the company has claimed repeatedly, Bragg said it must “take necessary, proactive steps” to do so. </span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="auto">To that end, Bragg asked Zuckerberg to:</span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="auto">1) Add a reporting option to your Law Enforcement Online Requests Portal, allowing agencies like our office to report imposter accounts engaged in criminal conduct directly to Meta. </span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="auto">2) Prioritize addressing reports of imposter accounts where criminality is alleged and temporarily suspend those accounts while the investigation is conducted. </span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="auto">3) Ensure users claiming to represent organizations like legal services providers match the geographic locations of those organizations by strengthening verification tools and analyzing existing user data, such as IP address location.</span><span data-ccp-props='{"201341983":2,"335557856":16777215,"335559739":480,"335559740":487}'> </span></p><p><span data-contrast="none">Noting that the problem doesn’t belong solely to Meta but rather is a platform problem, Trey Ford, chief strategy and trust officer at Bugcrowd, says, “the DA’s letter should be a forcing function for the entire industry to build law enforcement escalation paths that match the severity of criminal activity, not just the volume of reports.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="none">What the DA is really describing, he says, “is an industry-wide gap — social platforms were architected for growth and connection, not for the kind of trust verification that criminal impersonation demands.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":360}'> </span></p><p><span data-contrast="auto">Outreach to the communities affected is critical, too. </span><span data-contrast="none">“We all must understand that if someone contacts you offering legal help or financial assistance through social media or messaging apps, don’t rely on the message itself, even if it appears to come from a source you’ve spent your life trusting, like church services,” says Aalto. “Verification and critical thinking are essential. Reach out to the organization through official channels to confirm the offer of assistance is real.” Good advice, although that might be a tall order for immigrants spooked by aggressive actions taken by ICE in the last year and who may be hesitant to reach out.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":360}'> </span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/manhattan-da-bragg-pushes-meta-to-put-a-stop-to-immigration-scams/" data-a2a-title="Manhattan DA Bragg Pushes Meta to Put a Stop to Immigration Scams "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fmanhattan-da-bragg-pushes-meta-to-put-a-stop-to-immigration-scams%2F&amp;linkname=Manhattan%20DA%20Bragg%20Pushes%20Meta%20to%20Put%20a%20Stop%20to%20Immigration%20Scams%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fmanhattan-da-bragg-pushes-meta-to-put-a-stop-to-immigration-scams%2F&amp;linkname=Manhattan%20DA%20Bragg%20Pushes%20Meta%20to%20Put%20a%20Stop%20to%20Immigration%20Scams%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fmanhattan-da-bragg-pushes-meta-to-put-a-stop-to-immigration-scams%2F&amp;linkname=Manhattan%20DA%20Bragg%20Pushes%20Meta%20to%20Put%20a%20Stop%20to%20Immigration%20Scams%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fmanhattan-da-bragg-pushes-meta-to-put-a-stop-to-immigration-scams%2F&amp;linkname=Manhattan%20DA%20Bragg%20Pushes%20Meta%20to%20Put%20a%20Stop%20to%20Immigration%20Scams%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fmanhattan-da-bragg-pushes-meta-to-put-a-stop-to-immigration-scams%2F&amp;linkname=Manhattan%20DA%20Bragg%20Pushes%20Meta%20to%20Put%20a%20Stop%20to%20Immigration%20Scams%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>The post <a href="https://ironscales.com/blog/two-mdo-field-reports-every-it-security-lead-should-read">Two MDO field reports every IT security lead should read</a> appeared first on <a href="https://ironscales.com/blog">Blog</a>.</p><p>Tyler Swinehart, Director of Global IT &amp; Security at IRONSCALES, has been publishing the kind of LinkedIn pieces I wish more practitioners would write. No vendor angle. No positioning. Just “here’s what I learned the hard way operating this thing in production, and here’s what nobody told me until it was too late.”</p><p>His last two posts are about Microsoft Defender for Office, specifically Explorer and Quarantine. If you operate MDO, you should read both. They’re under 10 minutes each, and they’ll save you hours the next time you’re deep in a phishing investigation wondering why your search results don’t add up.</p><p>I’ll resist the urge to recap them (Tyler explains his own work better than I will). But read both back to back and a pattern emerges. Native email security tooling has a transparency problem, and it shows up in the operational moments that vendor roadmaps never plan for.</p><h2>The Explorer post: search that “works” but doesn’t tell you what it’s doing</h2><p><img fetchpriority="high" decoding="async" src="https://ironscales.com/hs-fs/hubfs/Blog/2026/Microsoft%20Defender%20for%20Office%20Explorer.webp?width=360&amp;height=390&amp;name=Microsoft%20Defender%20for%20Office%20Explorer.webp" width="360" height="390" alt="Microsoft Defender for Office Explorer" style="height: auto; max-width: 100%; width: 360px; margin-left: 10px; margin-right: 0px; float: right;">Tyler’s first piece walks through MDO Explorer’s filtering limits. No regex. No OR statements. No “starts with” operator. Weird Unicode behavior that quietly drops matches. And a 30-day log retention cap that nobody mentions until someone asks you for 45-day-old logs and you have nothing to show. His workaround is KQL through Advanced Hunting Queries, which is the right answer if you’re willing to learn another query language.</p><p>Read the full post here: <a href="https://www.linkedin.com/pulse/microsoft-defender-office-explorer-stuff-nobody-tells-tyler-swinehart-vvrvc/">Microsoft Defender for Office Explorer (the stuff nobody tells you until it’s too late)</a></p><p>The strategic read is this. Explorer’s UI gives you a confidence interval Microsoft never actually promised. You search for a sender, get results, and assume you’ve seen everything that matches. You haven’t. Special characters might have dropped matches. The “contains” operator is doing fuzzy work you can’t see. The 30-day window is invisible until it bites you. The product is doing its job. It just isn’t telling you what its job actually is.</p><p>This pattern shows up across the native security category. Tools get built for the median use case and quietly fail the edge cases that matter most during an active investigation.</p><h2>The Quarantine post: a product that disagrees with you and won’t say why</h2><p><img decoding="async" src="https://ironscales.com/hs-fs/hubfs/Blog/2026/MDO%20Quarantine%20-%20the%20stuff%20nobody%20tells%20you.webp?width=410&amp;height=539&amp;name=MDO%20Quarantine%20-%20the%20stuff%20nobody%20tells%20you.webp" width="410" height="539" alt="MDO Quarantine - the stuff nobody tells you" style="height: auto; max-width: 100%; width: 410px; float: right; margin-left: 10px; margin-right: 0px;">Tyler’s second piece opens with a department head asking why a contract email never arrived. Quarantined as “High Confidence Phish.” No notification. No scoring breakdown. No indicator list. Just gone.</p><p>Read the full post here: <a href="https://www.linkedin.com/pulse/mdo-quarantine-stuff-nobody-tells-you-until-youre-policy-swinehart-lcfze/">MDO Quarantine (the stuff nobody tells you until you’re debugging a policy that quietly does nothing)</a></p><p>Then it gets worse. Microsoft hides the quarantine console entirely if you don’t have the right RBAC role (no grayed-out menu, no helpful “you need access” hint, just nothing). The submission workflow has two paths, neither well documented, neither carrying an SLA. Quarantined emails vanish after 30 days with no extension, no delegation, no archive. And the headline finding, which security admins should print and tape to their wall: preset security policies silently override your custom configurations with no warning, no conflict indicator, no UI signal that anything is being ignored.</p><p>You can spend an afternoon debugging quarantine behavior that isn’t doing what your custom policy says it’s doing, only to discover Microsoft picked a different policy and didn’t bother to mention it.</p><h2>The thread between both posts</h2><p>Both pieces describe products that work exactly as designed and fail their operators anyway. The detection logic is competent. The interface is usable. The features ship. What’s missing is the operational transparency that lets a security team trust the tool, debug it when it misbehaves, and explain its decisions to the business.</p><p>Most vendor evaluations underweight this dimension (mine included, in different ways). We benchmark catch rates, detection coverage, AI sophistication. We rarely benchmark whether a Tier 1 analyst can figure out why something happened, whether a custom policy is actually running, whether a search returned everything it should have, or whether last quarter’s logs are still available when legal asks for them.</p><p>Closing that gap means treating transparency as a feature in its own right, with its own roadmap, its own success metrics, and its own UX investment.</p><h2>What to do with this</h2><p>Two takeaways, depending on where you sit.</p><p>If you operate MDO: read both posts. Audit your preset policy stack against your custom configs (Tyler’s finding there alone could save you a week of confused troubleshooting). Get your KQL skills sharp enough to run real Advanced Hunting Queries when Explorer hits its limits. Forward your MDO logs somewhere with retention longer than 30 days before someone asks you for historical data.</p><p>If you evaluate email security tools: add operational transparency to your eval criteria. Ask vendors how analysts surface why a verdict was reached, how they validate that custom policies are actually applied, and how they expose log retention. The answers will tell you more than another detection benchmark will.</p><p>Tyler’s LinkedIn is <a href="https://www.linkedin.com/in/tyler-swinehart/">here</a> if you want to follow along. He’s writing more of these. They’re worth your time.</p><p><img loading="lazy" decoding="async" src="https://track.hubspot.com/__ptq.gif?a=20641927&amp;k=14&amp;r=https%3A%2F%2Fironscales.com%2Fblog%2Ftwo-mdo-field-reports-every-it-security-lead-should-read&amp;bu=https%253A%252F%252Fironscales.com%252Fblog&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/two-mdo-field-reports-every-it-security-lead-should-read/" data-a2a-title="Two MDO field reports every IT security lead should read"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ftwo-mdo-field-reports-every-it-security-lead-should-read%2F&amp;linkname=Two%20MDO%20field%20reports%20every%20IT%20security%20lead%20should%20read" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ftwo-mdo-field-reports-every-it-security-lead-should-read%2F&amp;linkname=Two%20MDO%20field%20reports%20every%20IT%20security%20lead%20should%20read" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ftwo-mdo-field-reports-every-it-security-lead-should-read%2F&amp;linkname=Two%20MDO%20field%20reports%20every%20IT%20security%20lead%20should%20read" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ftwo-mdo-field-reports-every-it-security-lead-should-read%2F&amp;linkname=Two%20MDO%20field%20reports%20every%20IT%20security%20lead%20should%20read" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ftwo-mdo-field-reports-every-it-security-lead-should-read%2F&amp;linkname=Two%20MDO%20field%20reports%20every%20IT%20security%20lead%20should%20read" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://ironscales.com/blog">Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Audian Paxson">Audian Paxson</a>. Read the original post at: <a href="https://ironscales.com/blog/two-mdo-field-reports-every-it-security-lead-should-read">https://ironscales.com/blog/two-mdo-field-reports-every-it-security-lead-should-read</a> </p>

<p>The post <a href="https://businessinsights.bitdefender.com/where-lean-it-teams-start-cybersecurity">A Cybersecurity Lifeline for Lean IT Teams: Introducing C.R.E.W.</a> appeared first on <a href="https://businessinsights.bitdefender.com">Business Insights</a>.</p><div class="hs-featured-image-wrapper"> <a href="https://businessinsights.bitdefender.com/where-lean-it-teams-start-cybersecurity?hsLang=en-us" title="" class="hs-featured-image-link"> <img decoding="async" src="https://businessinsights.bitdefender.com/hubfs/crew-lifeline-lean-security-teams.png" alt="A Cybersecurity Lifeline for Lean IT Teams: Introducing C.R.E.W." class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div><h3>“Too small to target” is a dangerous cybersecurity myth, while “Where do I start?,” is a legitimate cyber defense question.</h3><p><span>Imagine leaving your office unlocked overnight—not because you don’t have anything valuable, but because you assume no one would bother breaking in.</span></p><p><img decoding="async" src="https://track-eu1.hubspot.com/__ptq.gif?a=341979&amp;k=14&amp;r=https%3A%2F%2Fbusinessinsights.bitdefender.com%2Fwhere-lean-it-teams-start-cybersecurity&amp;bu=https%253A%252F%252Fbusinessinsights.bitdefender.com&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/a-cybersecurity-lifeline-for-lean-it-teams-introducing-c-r-e-w/" data-a2a-title="A Cybersecurity Lifeline for Lean IT Teams: Introducing C.R.E.W."><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fa-cybersecurity-lifeline-for-lean-it-teams-introducing-c-r-e-w%2F&amp;linkname=A%20Cybersecurity%20Lifeline%20for%20Lean%20IT%20Teams%3A%20Introducing%20C.R.E.W." title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fa-cybersecurity-lifeline-for-lean-it-teams-introducing-c-r-e-w%2F&amp;linkname=A%20Cybersecurity%20Lifeline%20for%20Lean%20IT%20Teams%3A%20Introducing%20C.R.E.W." title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fa-cybersecurity-lifeline-for-lean-it-teams-introducing-c-r-e-w%2F&amp;linkname=A%20Cybersecurity%20Lifeline%20for%20Lean%20IT%20Teams%3A%20Introducing%20C.R.E.W." title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fa-cybersecurity-lifeline-for-lean-it-teams-introducing-c-r-e-w%2F&amp;linkname=A%20Cybersecurity%20Lifeline%20for%20Lean%20IT%20Teams%3A%20Introducing%20C.R.E.W." title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fa-cybersecurity-lifeline-for-lean-it-teams-introducing-c-r-e-w%2F&amp;linkname=A%20Cybersecurity%20Lifeline%20for%20Lean%20IT%20Teams%3A%20Introducing%20C.R.E.W." title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://businessinsights.bitdefender.com">Business Insights</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Riana Dewi">Riana Dewi</a>. Read the original post at: <a href="https://businessinsights.bitdefender.com/where-lean-it-teams-start-cybersecurity">https://businessinsights.bitdefender.com/where-lean-it-teams-start-cybersecurity</a> </p>

<p>The post <a href="https://www.gopher.security/blog/lattice-based-signature-schemes-mcp-host-authentication">Lattice-based Signature Schemes for MCP Host Authentication</a> appeared first on <a href="https://www.gopher.security/blog">Read the Gopher Security's Quantum Safety Blog</a>.</p><h2>Why classical auth is failing our mcp hosts</h2><p>Ever wonder why we're still using math from the 70s to protect ai that's basically from the future? (<a href="https://www.quora.com/Whats-the-point-in-continuing-to-teach-mathematics-especially-at-the-collegiate-level-when-software-can-do-it-all-and-well-all-be-using-AI-in-a-few-years-anyway">What's the point in continuing to teach mathematics, …</a>) It’s kind of wild when you think about it. </p><p>Before we dive in, let's talk about what an mcp actually is. The Model Context Protocol (mcp) is basically the new standard for connecting ai models to different data sources and tools, making sure the ai actually knows what it's talking about. But the stuff keeping our mcp hosts safe right now—mostly rsa and ecdsa—is basically a sitting duck. According to NIST, we need new standards like ML-DSA because quantum computers will eventually just walk through classical pki like it isn't even there. (<a href="https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards">NIST Releases First 3 Finalized Post-Quantum Encryption Standards</a>)</p><ul> <li><strong>Shor’s Algorithm is the killer</strong>: It makes current encryption useless by solving the hard math problems we rely on in seconds.</li> <li><strong>Harvest Now, Decrypt Later</strong>: Bad actors are stealing ai context data today, just waiting for better tech to unlock it later.</li> <li><strong>mcp Vulnerability</strong>: These servers handle super sensitive stuff—think healthcare records or private financial data—making them "prime targets" as noted in <a href="https://www.mdpi.com/2410-387X/7/3/33">Cryptography 2023</a>.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/685d00d4cb08ab5f5934b924/690c83ae1ca595b8c6f91e0f/lattice-based-signature-schemes-mcp-host-authentication/mermaid-diagram-1.svg" alt="Diagram 1"></p><p>It's a mess, honestly. But that's why everyone is looking at lattices now. Let's look at the actual math.</p><h2>Understanding lattice-based signatures for ai</h2><p>Think of a lattice like a massive, infinite grid of points floating in a thousand-dimensional space. To us, it sounds like sci-fi, but for ai security, it's the ultimate shield because findind the "shortest" path between these points is a math problem so hard that even a quantum computer gets a headache trying to solve it.</p><p>Lattice-based security mostly relies on two big ideas: <strong>Module-LWE</strong> (Learning With Errors) and <strong>Module-SIS</strong> (Short Integer Solution). In simple terms, we’re hiding a secret inside a bunch of "noisy" math equations that look like random junk to anyone without the key.</p><ul> <li><strong>High-Dimensional Grids</strong>: Instead of simple numbers, we use vectors in modules, which gives us more flexibility than older "ring" versions.</li> <li><strong>Shortest Vector Problem</strong>: The security core is that you can't find the shortest non-zero vector in a complex lattice without basically guessing forever.</li> <li><strong>ML-DSA (dilithium)</strong>: This is the new gold standard. As noted in <a href="https://csrc.nist.gov/pubs/fips/204/final">FIPS 204</a>, this standard uses module lattices to make signatures that are "quantum-resistant" and super fast for mcp hosts.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/685d00d4cb08ab5f5934b924/690c83ae1ca595b8c6f91e0f/lattice-based-signature-schemes-mcp-host-authentication/mermaid-diagram-2.svg" alt="Diagram 2"></p><p>Honestly, the cool part is how fast this runs. I saw a demo where a dev swapped out rsa for a lattice scheme and the auth time barely budged, even though the security went through the roof.</p><h2>Implementing ML-DSA in MCP deployments</h2><p>So you've got the math down, but how do we actually drop this into a live mcp setup without breaking everything? It’s one thing to talk about grids, it's another to handle large keys while your server is screaming for lower latency.</p><p>Honestly, the biggest headache with ml-dsa is the signature size—it’s beefy compared to the tiny ecdsa stuff we’re used to. Gopher security is a framework used for securing distributed systems—it basically acts as a 4D security layer that helps mcp deployments handle these large lattice signatures by optimizing how they move through the pipes. </p><ul> <li><strong>Latency management</strong>: Since lattice signatures are bigger, you need smart buffering so your ai context doesn't lag while waiting for auth.</li> <li><strong>Automated compliance</strong>: It’s pretty handy for soc 2 because it bakes post-quantum crypto right into the audit logs.</li> <li><strong>Hybrid modes</strong>: A lot of folks are running "dual signatures"—classical and ml-dsa together—just in case one has a bug we don't know about yet.</li> </ul><p>If you’re messing around in python, you’ll probably use something like the <code>pqcrypto</code> or <code>oqs</code> wrappers. The main trick is handling the <strong>rejection sampling</strong>. This is a process where the algorithm checks if the signature might leak info about the secret key; if it does, it "rejects" it and tries again. For an mcp host, this means you might see a tiny bit of jitter in how long it takes to sign a request.</p><pre><code class="language-python"># Using Dilithium2 which is the core algorithm for the ML-DSA-44 standard # This library implements the FIPS 204 compatible logic for module-lattices from pqcrypto.sign import dilithium2 def verify_mcp_host(message, signature, public_key): try: # this is where the ml-dsa magic happens is_valid = dilithium2.verify(public_key, signature, message) if is_valid: print("host is legit, sharing context...") return True except Exception as e: print(f"auth failed: {e}") return False </code></pre><blockquote> <p>A 2023 paper in Cryptography points out that while these signatures are bigger, they actually run faster on cpu cycles than rsa—usually under 30ms for a full verify.</p> </blockquote><h2>Performance trade-offs and real-world issues</h2><p>Look, nobody likes a slow api, but switching to quantum-resistant auth isn't exactly free. The biggest "ouch" factor is definitely the size. For the standard ML-DSA-65 level, your public key is about 1.9kb, but the signature itself is around 3.3kb. When you add those together with other metadata, you're looking at a lot more data on the wire than old-school methods.</p><p>Lattice-based schemes are fast on the cpu, but they're heavy on the wire. If you're running a p2p mcp network with thousands of sub-second requests, that extra bandwidth starts to add up fast.</p><ul> <li><strong>Network Bloat</strong>: Moving several kilobytes of data per signature can choke low-bandwidth iot devices in a healthcare or retail setting.</li> <li><strong>CPU Wins</strong>: Even though the data is bigger, as noted earlier, the actual math is way faster than rsa, often verifying in under 5ms.</li> <li><strong>Hardware needs</strong>: For high-traffic mcp hosts, you might need dedicated acceleration just to handle the packet overhead without spiking your latency.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/685d00d4cb08ab5f5934b924/690c83ae1ca595b8c6f91e0f/lattice-based-signature-schemes-mcp-host-authentication/mermaid-diagram-3.svg" alt="Diagram 3"></p><p>You don't just flip a switch on this stuff. Most folks start with a <strong>hybrid mode</strong> where you use both classical and ml-dsa signatures together. It's a "belt and suspenders" approach—if one has a bug, the other still holds the line.</p><p>Also, watch out for <strong>tool poisoning</strong>. When you update your api schemas to handle these larger keys, make sure your validation logic isn't being tricked into skipping checks. A 2024 paper by Kunal Dey and others on <a href="https://arxiv.org/abs/2410.19220">arXiv</a> suggests that using module-based variants gives us the flexibility to tune these parameters so we don't totally kill our performance while staying secure.</p><p>Anyway, it's a bit of a balancing act. You're trading some bytes for peace of mind against future quantum threats, which, honestly, feels like a fair deal.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/lattice-based-signature-schemes-for-mcp-host-authentication/" data-a2a-title="Lattice-based Signature Schemes for MCP Host Authentication"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Flattice-based-signature-schemes-for-mcp-host-authentication%2F&amp;linkname=Lattice-based%20Signature%20Schemes%20for%20MCP%20Host%20Authentication" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Flattice-based-signature-schemes-for-mcp-host-authentication%2F&amp;linkname=Lattice-based%20Signature%20Schemes%20for%20MCP%20Host%20Authentication" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Flattice-based-signature-schemes-for-mcp-host-authentication%2F&amp;linkname=Lattice-based%20Signature%20Schemes%20for%20MCP%20Host%20Authentication" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Flattice-based-signature-schemes-for-mcp-host-authentication%2F&amp;linkname=Lattice-based%20Signature%20Schemes%20for%20MCP%20Host%20Authentication" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Flattice-based-signature-schemes-for-mcp-host-authentication%2F&amp;linkname=Lattice-based%20Signature%20Schemes%20for%20MCP%20Host%20Authentication" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.gopher.security/blog">Read the Gopher Security&amp;#039;s Quantum Safety Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Read the Gopher Security's Quantum Safety Blog">Read the Gopher Security's Quantum Safety Blog</a>. Read the original post at: <a href="https://www.gopher.security/blog/lattice-based-signature-schemes-mcp-host-authentication">https://www.gopher.security/blog/lattice-based-signature-schemes-mcp-host-authentication</a> </p>

<p>The post <a href="https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/">‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty</a> appeared first on <a href="https://krebsonsecurity.com">Krebs on Security</a>.</p><p>A 24-year-old British national and senior member of the cybercrime group “<strong>Scattered Spider</strong>” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. <strong>Tyler Robert Buchanan </strong>admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.</p><p>Buchanan’s hacker handle “<strong>Tylerb</strong>” once graced a leaderboard in the English-language criminal hacking scene that tracked the most accomplished cyber thieves. Now in U.S. custody and awaiting sentencing, the Dundee, Scotland native is facing the possibility of more than 20 years in prison.</p><div id="attachment_73476" style="width: 610px" class="wp-caption aligncenter"><img fetchpriority="high" aria-describedby="caption-attachment-73476" decoding="async" class="size-full wp-image-73476" src="https://krebsonsecurity.com/wp-content/uploads/2026/04/dailymail-tylerb.png" alt="A screenshot of two photos of Buchanan that appeared in a Daily Mail story dated May 3, 2025." width="600" height="807"> <p id="caption-attachment-73476" class="wp-caption-text">Two photos published in a Daily Mail story dated May 3, 2025 show Buchanan as a child (left) and as an adult being detained by airport authorities in Spain. “M&amp;S” in this screenshot refers to Marks &amp; Spencer, a major U.K. retail chain that suffered a ransomware attack last year at the hands of Scattered Spider.</p> </div><p>Scattered Spider is the name given to a prolific English-speaking cybercrime group known for using social engineering tactics to break into companies and steal data for ransom, often impersonating employees or contractors to deceive IT help desks into granting access.</p><p>As part of his guilty plea, Buchanan admitted conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022 that led to intrusions at a number of technology companies, including Twilio, LastPass, DoorDash, and Mailchimp.</p><p>The group then used data stolen in those breaches to carry out <a href="https://krebsonsecurity.com/category/sim-swapping/" rel="noopener">SIM-swapping attacks</a> that siphoned funds from individual cryptocurrency investors. In an unauthorized SIM-swap, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls to the victim’s device — such as one-time passcodes for authentication and password reset links sent via SMS. The U.S. Justice Department <a href="https://www.justice.gov/usao-cdca/pr/british-national-pleads-guilty-hacking-companies-and-stealing-least-8-million-virtual" rel="noopener">said</a> Buchanan admitted to stealing at least $8 million in virtual currency from individual victims throughout the United States.<span id="more-73470"></span></p><p>FBI investigators tied Buchanan to the 2022 SMS phishing attacks after discovering the same username and email address was used to register numerous phishing domains seen in the campaign. The domain registrar <strong>NameCheap</strong> found that less than a month before the phishing spree, the account that registered those domains logged in from an Internet address in the U.K. FBI investigators said the Scottish police told them the address was leased to Buchanan throughout 2022.</p><p>As <a href="https://krebsonsecurity.com/2024/06/alleged-boss-of-scattered-spider-hacking-group-arrested/" rel="noopener">first reported</a> by KrebsOnSecurity, Buchanan fled the United Kingdom in February 2023, after a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he gave up the keys to his cryptocurrency wallet. That same year, U.K. investigators found a device at Buchanan’s Scotland residence that included data stolen from SMS phishing victims and seed phrases from cryptocurrency theft victims.</p><p>Buchanan was <a href="https://krebsonsecurity.com/2025/04/alleged-scattered-spider-member-extradited-to-u-s/" rel="noopener">arrested by Spanish authorities in June 2024</a> while trying to board a flight to Italy. He was extradited to the United States and has remained in U.S. federal custody since April 2025.</p><p>Buchanan is the second known Scattered Spider member to plead guilty. <strong>Noah Michael Urban</strong>, 21, of Palm Coast, Fla., was <a href="https://krebsonsecurity.com/2025/08/sim-swapper-scattered-spider-hacker-gets-10-years/" rel="noopener">sentenced to 10 years in federal prison last year</a> and ordered to pay $13 million in restitution. Three other alleged co-conspirators — <strong>Ahmed Hossam Eldin Elbadawy</strong>, 24, a.k.a. “AD,” of College Station, Texas; <strong>Evans Onyeaka Osiebo</strong>, 21, of Dallas, Texas; and <strong>Joel Martin Evans</strong>, 26, a.k.a. “joeleoli,” of Jacksonville, North Carolina – still face criminal charges.</p><p>Two other alleged Scattered Spider members will soon be tried in the United Kingdom. <strong>Owen Flowers</strong>, 18, and <strong>Thalha Jubair</strong>, 20, are <a href="https://krebsonsecurity.com/2025/09/feds-tie-scattered-spider-duo-to-115m-in-ransoms/" rel="noopener">facing charges</a> related to the hacking and extortion of several large U.K. retailers, the London transit system, and healthcare providers in the United States. Both have pleaded not guilty, and their trial is slated to begin in June.</p><p>Investigators say the Scattered Spider suspects are part of <a href="https://krebsonsecurity.com/2024/09/the-dark-nexus-between-harm-groups-and-the-com/" rel="noopener">a sprawling cybercriminal community online</a> known as “<strong>The Com</strong>,” wherein hackers from different cliques boast publicly on Telegram and Discord about high-profile cyber thefts that almost invariably begin with social engineering — tricking people over the phone, email or SMS into giving away credentials that allow remote access to corporate internal networks.</p><p>One of the more popular SIM-swapping channels on Telegram has long maintained a leaderboard of the most rapacious SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. That leaderboard previously listed Buchanan’s hacker alias Tylerb at #65 (out of 100 hackers), with Urban’s moniker “Sosa” coming in at #24.</p><p>Buchanan’s sentencing hearing is scheduled for August 21, 2026. According to the Justice Department, he faces a statutory maximum sentence of 22 years in federal prison. However, any sentence the judge hands down in this case may be significantly tempered by a number of mitigating factors in the U.S. Sentencing Guidelines, including the defendant’s age, criminal history, time already served in U.S. custody, and the degree to which they cooperated with federal authorities.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/" data-a2a-title="‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fscattered-spider-member-tylerb-pleads-guilty%2F&amp;linkname=%E2%80%98Scattered%20Spider%E2%80%99%20Member%20%E2%80%98Tylerb%E2%80%99%20Pleads%20Guilty" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fscattered-spider-member-tylerb-pleads-guilty%2F&amp;linkname=%E2%80%98Scattered%20Spider%E2%80%99%20Member%20%E2%80%98Tylerb%E2%80%99%20Pleads%20Guilty" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fscattered-spider-member-tylerb-pleads-guilty%2F&amp;linkname=%E2%80%98Scattered%20Spider%E2%80%99%20Member%20%E2%80%98Tylerb%E2%80%99%20Pleads%20Guilty" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fscattered-spider-member-tylerb-pleads-guilty%2F&amp;linkname=%E2%80%98Scattered%20Spider%E2%80%99%20Member%20%E2%80%98Tylerb%E2%80%99%20Pleads%20Guilty" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fscattered-spider-member-tylerb-pleads-guilty%2F&amp;linkname=%E2%80%98Scattered%20Spider%E2%80%99%20Member%20%E2%80%98Tylerb%E2%80%99%20Pleads%20Guilty" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://krebsonsecurity.com">Krebs on Security</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by BrianKrebs">BrianKrebs</a>. Read the original post at: <a href="https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/">https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/</a> </p>

<p>The post <a href="https://www.tenable.com/blog/oracle-april-2026-critical-patch-update-addresses-241-cves">Oracle April 2026 Critical Patch Update Addresses 241 CVEs</a> appeared first on <a href="https://www.tenable.com/">Tenable Blog</a>.</p><div morss_own_score="2.473469387755102" morss_score="38.554761763568024"> <p><strong>Oracle addresses 241 CVEs in its second quarterly update of 2026 with 481 patches, including 34 critical updates.</strong></p> <h2>Key takeaways:</h2> <ol> <li>The second Critical Patch Update (CPU) for 2026 contains fixes for 241 unique CVEs in 481 security updates<br> </li> <li>34 issues (7.1% of all patches) were assigned a critical severity rating<br> </li> <li>Oracle Communications received the highest number of patches at 139, accounting for 28.9% of all patches<br> </li> </ol> <h2>Background</h2> <p>On April 21, Oracle released its <a href="https://www.oracle.com/security-alerts/cpuapr2026.html"><u>Critical Patch Update (CPU) for April 2026</u></a>, the second quarterly update of the year. This CPU contains fixes for 241 unique CVEs in 481 security updates across 28 Oracle product families. Out of the 481 security updates published this quarter, 7.1% of patches were assigned a critical severity. High severity patches accounted for the bulk of security patches at 45.9%, followed by medium severity patches at 44.1%.</p> <p>This quarter’s update includes 34 critical patches across 22 CVEs.</p> <table> <thead> <tr> <th><strong>Severity</strong></th> <th><strong>Issues Patched</strong></th> <th><strong>CVEs</strong></th> </tr> </thead> <tbody> <tr> <td>Critical</td> <td>34</td> <td>22</td> </tr> <tr> <td>High</td> <td>221</td> <td>99</td> </tr> <tr> <td>Medium</td> <td>212</td> <td>107</td> </tr> <tr> <td>Low</td> <td>14</td> <td>13</td> </tr> <tr> <td><strong>Total</strong></td> <td><strong>481</strong></td> <td><strong>241</strong></td> </tr> </tbody> </table> <h2>Analysis</h2> <p>This quarter, the Oracle Communications product family contained the highest number of patches at 139, accounting for 28.9% of the total patches, followed by Oracle Financial Services Applications at 75 patches, which accounted for 15.6% of the total patches.</p> <p>A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.</p> <table> <thead> <tr> <th><strong>Oracle Product Family</strong></th> <th><strong>Number of Patches</strong></th> <th><strong>Remote Exploit without Auth</strong></th> </tr> </thead> <tbody> <tr> <td>Oracle Communications</td> <td>139</td> <td>93</td> </tr> <tr> <td>Oracle Financial Services Applications</td> <td>75</td> <td>59</td> </tr> <tr> <td>Oracle Fusion Middleware</td> <td>59</td> <td>46</td> </tr> <tr> <td>Oracle MySQL</td> <td>34</td> <td>3</td> </tr> <tr> <td>Oracle PeopleSoft</td> <td>21</td> <td>7</td> </tr> <tr> <td>Oracle E-Business Suite</td> <td>18</td> <td>8</td> </tr> <tr> <td>Oracle Analytics</td> <td>15</td> <td>11</td> </tr> <tr> <td>Oracle Retail Applications</td> <td>15</td> <td>15</td> </tr> <tr> <td>Oracle Siebel CRM</td> <td>14</td> <td>13</td> </tr> <tr> <td>Oracle Java SE</td> <td>11</td> <td>7</td> </tr> <tr> <td>Oracle GoldenGate</td> <td>10</td> <td>7</td> </tr> <tr> <td>Oracle Enterprise Manager</td> <td>9</td> <td>8</td> </tr> <tr> <td>Oracle Virtualization</td> <td>9</td> <td>1</td> </tr> <tr> <td>Oracle Database Server</td> <td>8</td> <td>4</td> </tr> <tr> <td>Oracle Utilities Applications</td> <td>7</td> <td>6</td> </tr> <tr> <td>Oracle Hyperion</td> <td>6</td> <td>4</td> </tr> <tr> <td>Oracle Construction and Engineering</td> <td>4</td> <td>3</td> </tr> <tr> <td>Oracle Life Science Applications</td> <td>4</td> <td>3</td> </tr> <tr> <td>Oracle Supply Chain</td> <td>4</td> <td>2</td> </tr> <tr> <td>Oracle Blockchain Platform</td> <td>3</td> <td>2</td> </tr> <tr> <td>Oracle Commerce</td> <td>3</td> <td>2</td> </tr> <tr> <td>Oracle JD Edwards</td> <td>3</td> <td>3</td> </tr> <tr> <td>Oracle Adapter for Eclipse RDF4J</td> <td>2</td> <td>2</td> </tr> <tr> <td>Oracle Autonomous Health Framework</td> <td>2</td> <td>1</td> </tr> <tr> <td>Oracle REST Data Services</td> <td>2</td> <td>2</td> </tr> <tr> <td>Oracle Systems</td> <td>2</td> <td>1</td> </tr> <tr> <td>Oracle TimesTen In-Memory Database</td> <td>1</td> <td>1</td> </tr> <tr> <td>Oracle Hospitality Applications</td> <td>1</td> <td>1</td> </tr> </tbody> </table> <h2>Solution</h2> <p>Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the <a href="https://www.oracle.com/security-alerts/cpuapr2026.html"><u>April 2026 advisory</u></a> for full details.</p> <h2>Identifying affected systems</h2> <p>A list of Tenable plugins to identify these vulnerabilities will appear <a href="https://www.tenable.com/plugins/search?q=%22%28April+2026+CPU%29%22&amp;sort=&amp;page=1"><u>here</u></a> as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.</p> <h3>Get more information</h3> <p><em><strong>Join</strong></em> <em><strong>on Tenable Connect for further discussions on the latest cyber threats.</strong></em></p> <p><em><strong>Learn more about</strong></em> <em><strong>, the Exposure Management Platform for the modern attack surface.</strong></em></p> </div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/oracle-april-2026-critical-patch-update-addresses-241-cves/" data-a2a-title="Oracle April 2026 Critical Patch Update Addresses 241 CVEs"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Foracle-april-2026-critical-patch-update-addresses-241-cves%2F&amp;linkname=Oracle%20April%202026%20Critical%20Patch%20Update%20Addresses%20241%20CVEs" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Foracle-april-2026-critical-patch-update-addresses-241-cves%2F&amp;linkname=Oracle%20April%202026%20Critical%20Patch%20Update%20Addresses%20241%20CVEs" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Foracle-april-2026-critical-patch-update-addresses-241-cves%2F&amp;linkname=Oracle%20April%202026%20Critical%20Patch%20Update%20Addresses%20241%20CVEs" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Foracle-april-2026-critical-patch-update-addresses-241-cves%2F&amp;linkname=Oracle%20April%202026%20Critical%20Patch%20Update%20Addresses%20241%20CVEs" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Foracle-april-2026-critical-patch-update-addresses-241-cves%2F&amp;linkname=Oracle%20April%202026%20Critical%20Patch%20Update%20Addresses%20241%20CVEs" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.tenable.com/">Tenable Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Research Special Operations">Research Special Operations</a>. Read the original post at: <a href="https://www.tenable.com/blog/oracle-april-2026-critical-patch-update-addresses-241-cves">https://www.tenable.com/blog/oracle-april-2026-critical-patch-update-addresses-241-cves</a> </p>

<p>The post <a href="https://www.menlosecurity.com/blog/dlp-that-doesnt-make-you-choose-introducing-menlo-ai-adaptive-dlp">DLP That Doesn't Make You Choose: Introducing Menlo AI Adaptive DLP – Blog | Menlo Security</a> appeared first on <a href="https://www.menlosecurity.com">Menlo Security Blog</a>.</p><p>Blog Announcing Menlo AI Adaptive DLP – AI-based sensitive data detection and masking. File delivery rather than blocking. Cloud-based, zero endpoint footprint.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/dlp-that-doesnt-make-you-choose-introducing-menlo-ai-adaptive-dlp-blog-menlo-security/" data-a2a-title="DLP That Doesn’t Make You Choose: Introducing Menlo AI Adaptive DLP – Blog | Menlo Security"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fdlp-that-doesnt-make-you-choose-introducing-menlo-ai-adaptive-dlp-blog-menlo-security%2F&amp;linkname=DLP%20That%20Doesn%E2%80%99t%20Make%20You%20Choose%3A%20Introducing%20Menlo%20AI%20Adaptive%20DLP%20%E2%80%93%20Blog%20%7C%20Menlo%20Security" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fdlp-that-doesnt-make-you-choose-introducing-menlo-ai-adaptive-dlp-blog-menlo-security%2F&amp;linkname=DLP%20That%20Doesn%E2%80%99t%20Make%20You%20Choose%3A%20Introducing%20Menlo%20AI%20Adaptive%20DLP%20%E2%80%93%20Blog%20%7C%20Menlo%20Security" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fdlp-that-doesnt-make-you-choose-introducing-menlo-ai-adaptive-dlp-blog-menlo-security%2F&amp;linkname=DLP%20That%20Doesn%E2%80%99t%20Make%20You%20Choose%3A%20Introducing%20Menlo%20AI%20Adaptive%20DLP%20%E2%80%93%20Blog%20%7C%20Menlo%20Security" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fdlp-that-doesnt-make-you-choose-introducing-menlo-ai-adaptive-dlp-blog-menlo-security%2F&amp;linkname=DLP%20That%20Doesn%E2%80%99t%20Make%20You%20Choose%3A%20Introducing%20Menlo%20AI%20Adaptive%20DLP%20%E2%80%93%20Blog%20%7C%20Menlo%20Security" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fdlp-that-doesnt-make-you-choose-introducing-menlo-ai-adaptive-dlp-blog-menlo-security%2F&amp;linkname=DLP%20That%20Doesn%E2%80%99t%20Make%20You%20Choose%3A%20Introducing%20Menlo%20AI%20Adaptive%20DLP%20%E2%80%93%20Blog%20%7C%20Menlo%20Security" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.menlosecurity.com">Menlo Security Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Menlo Security Blog">Menlo Security Blog</a>. Read the original post at: <a href="https://www.menlosecurity.com/blog/dlp-that-doesnt-make-you-choose-introducing-menlo-ai-adaptive-dlp">https://www.menlosecurity.com/blog/dlp-that-doesnt-make-you-choose-introducing-menlo-ai-adaptive-dlp</a> </p>

<p class="wp-block-paragraph"><strong>TL;DR</strong></p><p class="wp-block-paragraph">AI risk doesn’t live in the model. It lives in the APIs behind it. Every AI interaction triggers a chain of API calls across your environment. Many of those APIs aren’t documented or tracked. That’s your real exposure.</p><p class="wp-block-paragraph">Shadow API discovery gives you visibility into those hidden endpoints, so you can find them before attackers do. If you don’t know which APIs your AI relies on, you can’t secure the system.</p><h2 class="wp-block-heading">AI Is Quietly Expanding Your API Footprint</h2><p class="wp-block-paragraph">Most AI security conversations focus on the model, including prompt handling, training data, and output behavior. Those are important areas, but they are not where most of the operational risk shows up. In practice, the bigger exposure sits in the systems surrounding the model, especially the APIs it depends on.</p><p class="wp-block-paragraph">AI applications do not operate in isolation. They rely on APIs to retrieve data, access internal services, and execute actions across other systems. What looks like a simple user request often triggers a chain of interactions behind the scenes.</p><p class="wp-block-paragraph">For example, when a user asks an AI assistant to check an account balance, that single request can initiate calls to authentication services, identity systems, account databases, internal business logic, and analytics platforms. What appears simple on the surface quickly becomes a distributed set of API calls across multiple systems.</p><p class="wp-block-paragraph">Each of those interactions introduces another opportunity for something to go wrong.</p><p class="wp-block-paragraph">The challenge is that most organizations do not have <a href="https://lab.wallarm.com/known-apis-myth-why-inventory-first-security-obsolete/" rel="noreferrer noopener">a complete or accurate inventory</a> of their APIs. Modern development practices make this difficult to maintain. Microservices architectures, rapid release cycles, and third-party integrations regularly introduce new endpoints that are never formally documented. Over time, those undocumented APIs become part of production, even if no one is actively tracking them.</p><p class="wp-block-paragraph">This is where <a href="https://lab.wallarm.com/shadow-ai-api-security-risk/" rel="noreferrer noopener">shadow APIs</a> come into play. These are real, functioning endpoints that exist outside of official visibility. Shadow API discovery is the process of identifying them so they can be understood and secured.</p><p class="wp-block-paragraph">As AI adoption grows, so does the number of these hidden connections. If you do not know which APIs your AI systems rely on, you do not have a clear picture of your attack surface.</p><h2 class="wp-block-heading">APIs Are Already a Primary Attack Surface</h2><p class="wp-block-paragraph">The importance of APIs is not theoretical. It shows up clearly in vulnerability data and real-world exploitation.</p><p class="wp-block-paragraph">In 2025, researchers <a href="https://lab.wallarm.com/inside-modern-api-attacks-what-we-learn-from-the-2026-api-threatstats-report/" rel="noreferrer noopener">analyzed</a> more than 67,000 vulnerabilities across technologies. Roughly 17% of those were API-related. More importantly, 43% of the vulnerabilities listed in CISA’s Known Exploited Vulnerabilities catalog involved APIs, which means attackers are not just finding these weaknesses, they are actively using them.</p><p class="wp-block-paragraph">Many of these vulnerabilities are also straightforward to exploit. Research <a href="https://www.wallarm.com/resources/2026-threatstats-report?r=092025" rel="noreferrer noopener">indicates</a> that 97% can be exploited with a single request, and 98% are considered easy or trivial to exploit.</p><p class="wp-block-paragraph">APIs offer attackers direct access to the systems that power business operations. They expose functionality, data, and workflows in ways that are often easier to reach than traditional interfaces. When organizations lack visibility into their APIs, especially shadow APIs, that access becomes even easier to take advantage of.</p><h2 class="wp-block-heading">Why Shadow API Discovery Matters More in AI Systems</h2><p class="wp-block-paragraph">Most security teams are already familiar with the concept of shadow APIs. These are endpoints created during development that never make it into formal documentation. They often begin as temporary solutions in testing environments or internal tools, but over time they persist and become part of the production environment.</p><p class="wp-block-paragraph">AI systems make this problem more complex.</p><p class="wp-block-paragraph">At first glance, an AI integration can look simple. A team connects an application to a model API and enables a new feature. In reality, that integration often expands quickly. The AI system may also connect to content management systems, document storage platforms, identity providers, and collaboration tools.</p><p class="wp-block-paragraph">Each of those integrations introduces additional API interactions across the environment.</p><p class="wp-block-paragraph">AI systems are also dynamic in how they operate. They do not always call the same APIs in the same way. Instead, they may select different endpoints based on user input, context, or workflow requirements. An onboarding assistant, for example, might interact with different internal systems depending on a customer’s profile or region.</p><p class="wp-block-paragraph">This variability makes it harder to track which APIs are actually in use at any given time. New endpoints can appear through integrations and automation without going through a formal security review.</p><p class="wp-block-paragraph">Without continuous discovery, it becomes difficult to maintain an accurate understanding of the API landscape that supports AI systems.</p><h2 class="wp-block-heading">Why Traditional Security Tools Miss Hidden APIs</h2><p class="wp-block-paragraph">Many traditional security tools were not designed for today’s API-driven environments. They still play an important role, but they do not solve the visibility problem.</p><p class="wp-block-paragraph"><a href="https://www.wallarm.com/what/waf-meaning" rel="noreferrer noopener">Web Application Firewalls</a> are a good example. They are effective at identifying known attack patterns such as <a href="https://lab.wallarm.com/api-attack-awareness-injection-attacks-apis-old-threat-new-surface/" rel="noreferrer noopener">SQL injection</a> or command injection. However, they rely on traffic that they can see and inspect.</p><p class="wp-block-paragraph">If an API is undocumented or exists outside of known traffic paths, it may never be inspected at all.</p><p class="wp-block-paragraph">This is common in cloud-native environments, where APIs are constantly created, updated, and retired. AI integrations accelerate that process by introducing new services, workflows, and connections across systems.</p><p class="wp-block-paragraph">As a result, organizations often end up protecting only the APIs they already know about. Attackers, on the other hand, actively look for the ones that are not being monitored.</p><h2 class="wp-block-heading">Business Logic Attacks Often Target Undiscovered APIs</h2><p class="wp-block-paragraph">AI systems are increasingly responsible for actions that have real business impact. They generate reports, update records, approve transactions, and trigger workflows.</p><p class="wp-block-paragraph">This kind of automation improves efficiency, but it also creates new opportunities for abuse.</p><p class="wp-block-paragraph">Not all attacks rely on technical vulnerabilities. In many cases, attackers take advantage of <a href="https://lab.wallarm.com/owasp-top-10-business-logic-abuse-what-you-need-to-know/" rel="noreferrer noopener">how a system is designed to behave</a>. If an AI assistant has permission to issue account credits, for example, an attacker might craft inputs that lead the system to approve refunds that should not be granted.</p><p class="wp-block-paragraph">From a technical standpoint, each API request in that process may appear valid. The issue is not broken code, but exposed business logic.</p><p class="wp-block-paragraph">When those APIs are undocumented or poorly monitored, this kind of abuse becomes much harder to detect. Some of the most impactful API attacks do not break systems at all. They simply use legitimate functionality in unintended ways.</p><h2 class="wp-block-heading">Shadow API Discovery Is the First Step in Securing AI</h2><p class="wp-block-paragraph">AI adoption will continue to expand, and with it, the number of APIs in use across an organization. New assistants, integrations, and autonomous workflows will keep adding to the environment.</p><p class="wp-block-paragraph">Security teams cannot manage that risk without visibility.</p><p class="wp-block-paragraph">Effective API security starts with understanding what actually exists. That includes not only documented APIs, but also the shadow APIs that are already part of production.</p><p class="wp-block-paragraph">In AI environments, this visibility spans multiple layers. There are direct integrations with model providers and AI services. There are downstream APIs that AI systems call to retrieve data and trigger workflows. And there is the infrastructure that supports AI agents, including orchestration and task management APIs.</p><p class="wp-block-paragraph">Continuous shadow <a href="https://www.wallarm.com/product/api-discovery" rel="noreferrer noopener">API discovery</a> helps map these layers. It allows security teams to identify unknown endpoints, understand how they are used, and assess the risk they introduce.</p><p class="wp-block-paragraph">Without that visibility, it is difficult to measure or manage the true size of the attack surface.</p><h2 class="wp-block-heading">Start by Discovering the APIs Behind Your AI</h2><p class="wp-block-paragraph">AI systems are becoming a core part of modern applications. They retrieve data, trigger processes, and automate decisions through APIs.</p><p class="wp-block-paragraph">That makes APIs the operational layer behind AI, and one of the most important areas to secure.</p><p class="wp-block-paragraph">Before you can protect AI-driven systems, you need to understand the APIs they rely on. That means identifying documented endpoints, uncovering shadow APIs, and mapping how those APIs interact across your environment.</p><p class="wp-block-paragraph">The model may be the most visible part of AI, but the API layer is where the risk grows.</p><h2 class="wp-block-heading">Understand Your External API Attack Surface</h2><p class="wp-block-paragraph">Before you can secure your APIs, you need to know which ones are exposed and accessible.</p><p class="wp-block-paragraph">Wallarm’s API Security Report helps you identify publicly accessible APIs, including shadow endpoints, and highlights areas of potential risk. It gives you a clearer view of what is already visible from the outside, so you can take action based on real exposure.</p><p class="wp-block-paragraph"><a href="https://www.wallarm.com/product/aasm-sign-up?step=home" rel="noreferrer noopener">Get your API Security Report</a></p><h2 class="wp-block-heading">FAQ</h2><h3 class="wp-block-heading">What is shadow API discovery?</h3><p class="wp-block-paragraph">Shadow API discovery is the process of identifying undocumented or unknown APIs running within an organization’s infrastructure. These APIs often appear through rapid development, third-party integrations, microservices, or automated systems like AI assistants. Continuous discovery helps security teams detect hidden endpoints that may expose sensitive systems or data.</p><h3 class="wp-block-heading">Why do AI systems increase the need for shadow API discovery?</h3><p class="wp-block-paragraph">AI systems interact with many internal and external services through APIs. A single AI request may trigger multiple downstream API calls across databases, identity systems, analytics platforms, and business applications. These integrations can create undocumented or dynamic API endpoints, which increases the number of hidden APIs security teams need to monitor.</p><p>The post <a href="https://lab.wallarm.com/why-api-discovery-is-the-first-step-to-securing-ai/">Why API Discovery Is the First Step to Securing AI</a> appeared first on <a href="https://lab.wallarm.com/">Wallarm</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/why-api-discovery-is-the-first-step-to-securing-ai/" data-a2a-title="Why API Discovery Is the First Step to Securing AI"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhy-api-discovery-is-the-first-step-to-securing-ai%2F&amp;linkname=Why%20API%20Discovery%20Is%20the%20First%20Step%20to%20Securing%20AI" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhy-api-discovery-is-the-first-step-to-securing-ai%2F&amp;linkname=Why%20API%20Discovery%20Is%20the%20First%20Step%20to%20Securing%20AI" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhy-api-discovery-is-the-first-step-to-securing-ai%2F&amp;linkname=Why%20API%20Discovery%20Is%20the%20First%20Step%20to%20Securing%20AI" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhy-api-discovery-is-the-first-step-to-securing-ai%2F&amp;linkname=Why%20API%20Discovery%20Is%20the%20First%20Step%20to%20Securing%20AI" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhy-api-discovery-is-the-first-step-to-securing-ai%2F&amp;linkname=Why%20API%20Discovery%20Is%20the%20First%20Step%20to%20Securing%20AI" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://lab.wallarm.com/">Wallarm</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Tim Erlin">Tim Erlin</a>. Read the original post at: <a href="https://lab.wallarm.com/why-api-discovery-is-the-first-step-to-securing-ai/">https://lab.wallarm.com/why-api-discovery-is-the-first-step-to-securing-ai/</a> </p>

<p>Credential stuffing is a cyberattack where attackers use stolen usernames and passwords, often obtained from data breaches or bought on the dark web, to gain unauthorized access to accounts on other platforms. These attacks are highly prevalent and a major contributor to data breaches, largely because 64% of users reuse passwords across multiple accounts. On platforms like Auth0, credential stuffing activities account for nearly half of daily login attempts. The risk continues to grow as billions of compromised credentials circulate online, giving attackers endless opportunities to exploit reused passwords.</p><p>The good news is that this can be mitigated with the right cybersecurity strategies. Understanding how these attacks work and taking proactive steps can significantly reduce the chances of your organization becoming a target.</p><h2 class="wp-block-heading">Why Credential Stuffing Is a Growing Threat?</h2><p>This isn’t rising due to advanced attackers; it’s scaling because the internet enables it. A steady stream of leaked credentials, widespread password reuse, and easy access to automation tools make these attacks highly effective. At the same time, users are juggling more online accounts than ever, which significantly expands the attack surface.</p><p>Recent insights from the Verizon Data Breach Investigations Report 2025 highlight the magnitude of the issue:</p><ul class="wp-block-list"> <li>Compromised credentials were responsible for initiating 22% of analyzed breaches.</li> <li>Only 49% of passwords were unique, meaning more than half were reused across platforms.</li> <li>Credential stuffing made up a median of 19% of daily authentication attempts, rising to 25% in enterprise environments.</li> </ul><p>Here’s why this threat continues to grow:</p><ul class="wp-block-list"> <li><strong>A Constant Supply of Stolen Credentials:</strong></li> </ul><p>Frequent data breaches expose billions of usernames and passwords, providing attackers with a steady stream of data to reuse. In 2025, the threat intelligence firm Synthient compiled around 2 billion unique email addresses from credential-stuffing lists circulating online.</p><ul class="wp-block-list"> <li><strong>Password Reuse Across Platforms:</strong></li> </ul><p>When users rely on the same credentials for multiple accounts, whether email, e-commerce, social media, or banking, a single breach can open the door to several services at once.</p><ul class="wp-block-list"> <li><strong>Sophisticated Automation at Scale:</strong></li> </ul><p>Modern tools automate attacks end-to-end. Bots can rotate IP addresses, imitate real user behavior, and even bypass basic defenses like CAPTCHA, enabling attackers to test massive credential sets while staying under the radar.</p><ul class="wp-block-list"> <li><strong>Expanding Digital Footprint:</strong></li> </ul><p>With work, finance, communication, and entertainment increasingly moving online, both individuals and organizations manage more accounts than ever, creating a larger attack surface.</p><ul class="wp-block-list"> <li><strong>Profitable even with low success rates:</strong></li> </ul><p>Credential stuffing doesn’t need high success rates to be effective. Even a small fraction of successful logins from millions of attempts can result in valuable account access, leading to fraud, identity theft, or resale of verified credentials on underground markets.</p><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><p> <!-- IMPORTANT: SEO control --><br> <meta name="robots" content="noindex, nofollow"></p><p> </p><title>Blog Form</title><br><div class="containers"> <!-- Left Section --> <div class="left-section"> <p class="heading-wrap">Book Your Free Cybersecurity Consultation Today!</p> <p> <img decoding="async" src="https://awareness.threatcop.ai/marketing/new_asset_blog_form.svg" alt="People working on cybersecurity" class="consultation-image"> </p></div> <p> <!-- Right Section --></p> <div class="right-section"> <div class="form-containers"> <form action="https://kratikal.com/thanks/thankyou-blog" method="get" onsubmit="return validateForm(this)"> <div class="form-group"> <label for="fullName">Full Name</label><br> <input type="text" required name="FullName" placeholder="Enter full name"> </div> <div class="form-group"> <label for="email">Email ID</label><br> <input type="email" required name="email" placeholder="your name @ example.com"> </div> <div class="form-group"> <label for="company">Company Name</label><br> <input type="text" required name="CompanyName" placeholder="Enter company name"> </div> <div class="form-group"> <label for="phone">Phone Number</label><br> <input type="number" required name="Phone" placeholder="Enter phone number"> </div> <p> <input type="hidden" name="BlogForm" value="BlogForm"><br> <button type="submit" class="submit-btnns" name="submit" value="I am interested!">I am interested!</button><br> </p></form> </div> </div> </div><p><!-- CSS Styles --></p><style> .containers{ display: flex; width: 100%; max-width: 800px; height: 500px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); border-radius: 4px; overflow: hidden; margin: 25px auto; } .left-section { width: 50%; background-color: #000; color: white; padding: 30px; display: flex; flex-direction: column; position: relative; overflow: hidden; } .left-section .heading-wrap { font-size: 24px; line-height: 40px; margin-bottom: 30px; z-index: 2; position: relative; color: white; } .consultation-image { position: absolute; bottom: 0; left: 0; width: 100%; height: 70%; object-fit: cover; object-position: center; } .right-section { width: 50%; background-color: white; padding: 30px; display: flex; flex-direction: column; justify-content: center; } .form-containers { width: 100%; } .form-group { margin-bottom: 20px; } label { display: block; color: #666; margin-bottom: 5px; font-size: 14px; } .right-section input { width: 88%; padding: 12px 15px; border: 1px solid #e0e0e0; border-radius: 8px; font-size: 16px; } .submit-btnns { width: 100%; padding: 15px; background: linear-gradient(to right, #e67e22, #d35400); border: none; border-radius: 8px; color: white; font-size: 18px; font-weight: bold; cursor: pointer; margin-top: 10px; } /* Responsive */ @media (max-width: 768px) { .containers { flex-direction: column; height: auto; } .left-section, .right-section { width: 100%; } .left-section { height: 400px; } .consultation-image { height: 60%; } } @media (max-width: 480px) { .left-section { padding: 20px; height: 350px; } .left-section .heading-wrap { font-size: 17px; line-height: 28px;width: 80%; } .right-section { padding: 20px; } .right-section input, .submit-btnns { padding: 10px; } } </style><p><!-- JS Validation --><br> <script> function validateForm(form) { const inputs = form.querySelectorAll("input[type=text], input[type=email], input[type=number]"); for (let i = 0; i < inputs.length; i++) { if (/[<>]/.test(inputs[i].value)) { alert("Tags and attributes are not allowed in form fields!"); return false; // prevent submission } } return true; // allow submission } </script><br> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9efd41f13ed536d9',t:'MTc3Njc4MzYxOA=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516" integrity="sha512-8DS7rgIrAmghBFwoOTujcf6D9rXvH8xm8JQ1Ja01h9QX8EzXldiszufYa4IFfKdLUKTTrnSFXLDkUEOTrZQ8Qg==" data-cf-beacon='{"version":"2024.11.0","token":"33edbdb5f462496f85e52978979b687b","server_timing":{"name":{"cfCacheStatus":true,"cfEdge":true,"cfExtPri":true,"cfL4":true,"cfOrigin":true,"cfSpeedBrain":true},"location_startswith":null}}' crossorigin="anonymous"></script> </p><h3 class="wp-block-heading"><strong>How Credential Stuffing Attacks Operate?</strong></h3><p> Attackers carry out credential stuffing attacks by feeding stolen username and password combinations into a botnet, which automates login attempts across multiple websites simultaneously. At scale, these bot-driven attacks can overwhelm IT infrastructure, with some organizations experiencing traffic spikes of up to 180 times their normal levels during an attack.</p><div class="wp-block-image"> <figure class="aligncenter size-large"><img fetchpriority="high" decoding="async" width="1024" height="296" src="https://kratikal.com/blog/wp-content/uploads/2026/04/Anatomy-of-a-credential-stuffing-attack-1024x296.jpg" alt="" class="wp-image-15047" srcset="https://kratikal.com/blog/wp-content/uploads/2026/04/Anatomy-of-a-credential-stuffing-attack-1024x296.jpg 1024w, https://kratikal.com/blog/wp-content/uploads/2026/04/Anatomy-of-a-credential-stuffing-attack-300x87.jpg 300w, https://kratikal.com/blog/wp-content/uploads/2026/04/Anatomy-of-a-credential-stuffing-attack-150x43.jpg 150w, https://kratikal.com/blog/wp-content/uploads/2026/04/Anatomy-of-a-credential-stuffing-attack-768x222.jpg 768w, https://kratikal.com/blog/wp-content/uploads/2026/04/Anatomy-of-a-credential-stuffing-attack-1536x443.jpg 1536w, https://kratikal.com/blog/wp-content/uploads/2026/04/Anatomy-of-a-credential-stuffing-attack.jpg 1829w" sizes="(max-width: 1024px) 100vw, 1024px"></figure> </div><p>When attackers successfully use stolen credentials on a website, they gain unauthorized access to user accounts and sensitive data, which they exploit in multiple ways. This often includes selling access to compromised accounts, commonly seen with streaming services like Netflix or Spotify, conducting e-commerce fraud by impersonating users to purchase high-value goods, and carrying out corporate or institutional espionage. In severe cases, attackers hijack employee or admin accounts to access sensitive data, causing major business and reputational damage.</p><p><strong>Cyber Incidents Triggered by Credential Stuffing</strong></p><p>This threat is far from theoretical; it impacts both everyday users and large enterprises. The attacks have compromised even well-resourced organizations, exposing sensitive data and causing reputational damage, regulatory penalties, and legal action.</p><h4 class="wp-block-heading"><strong>23andMe</strong></h4><p>In 2023, 23andMe experienced a credential stuffing attack in which threat actors reused login credentials obtained from unrelated data breaches to gain access to user accounts. By exploiting features such as “DNA Relatives,” attackers were able to harvest sensitive profile data, including ancestry and health-related information, impacting approximately 7 million users.</p><p>The incident drew regulatory scrutiny, resulting in a £2.31 million fine for failing to adequately safeguard the genetic data of UK users. It also highlighted how credential stuffing can expose highly sensitive personal information, even when an organization’s core infrastructure remains uncompromised.</p><h4 class="wp-block-heading"><strong>Uber</strong></h4><p>A major data breach exposed information belonging to 57 million riders and 7 million drivers. The incident occurred after developers inadvertently uploaded credentials to a GitHub repository, which attackers discovered and used to gain access to internal systems. Uber later acknowledged that it paid $100,000 to the attackers to delete the stolen data instead of promptly disclosing the breach.</p><h3 class="wp-block-heading"><strong>Business Impact of Credential Stuffing</strong></h3><p>For businesses, the consequences of a data breach can be significant. When customer accounts are compromised, they can be misused for fraud and unauthorized transactions, posing serious risks, especially for financial services and e-commerce organizations.</p><p>The financial impact is substantial, with companies incurring high remediation costs such as customer refunds, incident response efforts, and internal security investigations. Operational disruptions also follow, including forced password resets and urgent security enhancements. According to the IBM Cost of a Data Breach Report 2025, the global average cost of a data breach stands at $4.4 million.</p><p>Beyond direct financial losses, organizations also face reputational, operational, and regulatory challenges. Publicized incidents can erode customer trust, drive higher churn rates, and weaken long-term brand value. At the same time, large-scale automated login attempts can overload systems, impacting performance and disrupting access for legitimate users and employees.</p><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><br><title>Cyber Security Squad – Newsletter Signup</title><link rel="stylesheet" href="https://kratikal.com/blog/what-makes-credential-stuffing-difficult-to-detect/styles.css"><link rel="preconnect" href="https://fonts.googleapis.com/"><link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin><link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&amp;display=swap" rel="stylesheet"><style type="text/css"> /* Reset and base styles */</p> <p>.newsletterwrap .containerWrap { width: 100%; max-width: 800px; margin: 25px auto; }</p> <p>/* Card styles */ .newsletterwrap .signup-card { background-color: white; border-radius: 10px; overflow: hidden; box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1); border: 8px solid #e85d0f; }</p> <p>.newsletterwrap .content { padding: 30px; display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; }</p> <p>/* Text content */ .newsletterwrap .text-content { flex: 1; min-width: 250px; margin-right: 20px; }</p> <p>.newsletterwrap .main-heading { font-size: 26px; color: #333; font-weight: 900; margin-bottom: 0px; }</p> <p>.newsletterwrap .highlight { color: #e85d0f; font-weight: 500; margin-bottom: 15px; }</p> <p>.newsletterwrap .para { color: #666; line-height: 1.5; margin-bottom: 10px; }</p> <p>.newsletterwrap .bold { font-weight: 700; }</p> <p>/* Logo */ .newsletterwrap .rightlogo { display: flex; flex-direction: column; align-items: center; margin-top: 10px; }</p> <p>.newsletterwrap .logo-icon { position: relative; width: 80px; height: 80px; margin-bottom: 10px; }</p> <p>.newsletterwrap .c-outer, .c-middle, .c-inner { position: absolute; border-radius: 50%; border: 6px solid #e85d0f; border-right-color: transparent; }</p> <p>.newsletterwrap .c-outer { width: 80px; height: 80px; top: 0; left: 0; }</p> <p>.newsletterwrap .c-middle { width: 60px; height: 60px; top: 10px; left: 10px; }</p> <p>.newsletterwrap .c-inner { width: 40px; height: 40px; top: 20px; left: 20px; }</p> <p>.newsletterwrap .logo-text { color: #e85d0f; font-weight: 700; font-size: 0.9rem; text-align: center; }</p> <p>/* Form */ .newsletterwrap .signup-form { display: flex; padding: 0 30px 30px; }</p> <p>.newsletterwrap input[type="email"] { flex: 1; padding: 12px 15px; border: 1px solid #ddd; border-radius: 4px 0 0 4px; font-size: 1rem; outline: none; }</p> <p>.newsletterwrap input[type="email"]:focus { border-color: #e85d0f; }</p> <p>.newsletterwrap .submitBtn { background-color: #e85d0f; color: white; border: none; padding: 12px 20px; border-radius: 0 4px 4px 0; font-size: 1rem; cursor: pointer; transition: background-color 0.3s; white-space: nowrap; }</p> <p>.newsletterwrap button:hover { background-color: #d45000; }</p> <p>/* Responsive styles */ @media (max-width: 768px) { .newsletterwrap .content { flex-direction: column; text-align: center; }</p> <p> .newsletterwrap .text-content { margin-right: 0; margin-bottom: 20px; }</p> <p> .newsletterwrap .rightlogo { margin-top: 20px; } }</p> <p>@media (max-width: 480px) { .newsletterwrap .signup-form { flex-direction: column; }</p> <p> .newsletterwrap input[type="email"] { border-radius: 4px; margin-bottom: 10px; }</p> <p> .newsletterwrap .submitBtn { border-radius: 4px; width: 100%; } } </style><p><br> </p><div class="containerWrap"> <div class="signup-card"> <div class="content"> <div class="text-content"> <h1 class="main-heading">Get in!</h1> <p class="para">Join our weekly <span style="color: #e75d10;">newsletter</span> and stay updated</p> </div> <div class="rightlogo"> <div class="logo-icon"> <div class="c-outer"></div> <div class="c-middle"></div> <div class="c-inner"></div> </div> <div class="logo-text">CYBER SECURITY SQUAD</div> </div> </div> <form class="signup-form" action="https://kratikal.com/thanks/thankyou-newsletter" method="get"> <input type="email" name="email" value="" placeholder="Email" required><br> <input type="submit" name="submit" value="I am interested!" class="submitBtn"><br> </form> </div> </div><p><br> </p><h3 class="wp-block-heading"><strong>Mitigating the Risk of Credential Stuffing Attacks</strong></h3><p>Although users know password reuse is risky, many still do it due to the difficulty of managing numerous passwords, and password manager adoption remains low. As a result, organizations must take the lead in preventing credential stuffing by implementing stronger controls or even eliminating passwords, so stolen credentials can’t be misused. Based on guidance from <a href="https://kratikal.com/blog/top-10-non-human-identities-risks-by-owasp/"><mark class="has-inline-color has-luminous-vivid-orange-color">OWASP</mark></a>, several effective measures can help achieve this.</p><h4 class="wp-block-heading"><strong>Credential Hashing</strong></h4><p>Credential hashing is a foundational step in safeguarding user credentials. It transforms passwords into unreadable strings before storing them in a database, so even if data is compromised, attackers can’t easily use the stolen information. However, not all hashing methods offer the same level of protection. While hashing alone won’t stop credential stuffing attacks, it significantly reduces the value of stolen credentials and limits the damage attackers can cause.</p><h4 class="wp-block-heading"><strong>Protection Against Breached Passwords</strong></h4><p>Breached password protection works by checking user login credentials against known databases of compromised passwords, such as Have I Been Pwned, to identify and block risky logins in real time.</p><p>For instance, Auth0 offers breached password detection that can alert users, prevent login attempts, or trigger additional verification steps like multi-factor authentication (MFA) when credentials are linked to known breaches or when suspicious activity, such as logins from unusual IP addresses, is detected.</p><h4 class="wp-block-heading"><strong>Anomaly Detection</strong></h4><p>Continuous monitoring is essential for detecting and stopping attacks at an early stage. With clear visibility into traffic, organizations can quickly identify suspicious activity and take action to mitigate threats. Using Auth0, Log Streams enable near real-time tracking of events. Once configured, logs are sent to your monitoring platform to analyze events and detect threats in real time.</p><h3 class="wp-block-heading"><strong>Conclusion</strong></h3><p>Credential stuffing has become a persistent and scalable threat, driven not by highly advanced techniques but by widespread password reuse, continuous data breaches, and automated attack tools. As users and organizations manage more digital accounts, the attack surface continues to expand, making it easier for attackers to exploit compromised credentials across platforms. These attacks are particularly challenging to detect because they often mimic legitimate login behavior, allowing them to bypass basic security controls. The real challenge lies in the fact that these attacks often mimic legitimate user behavior, making them difficult to detect without the right visibility and controls in place. </p><h3 class="wp-block-heading">FAQs</h3><div class="schema-how-to wp-block-yoast-how-to-block"> <p class="schema-how-to-description"> </p><ol class="schema-how-to-steps"> <li class="schema-how-to-step" id="how-to-step-1776686064824"><strong class="schema-how-to-step-name"><strong>How is credential stuffing different from brute force attacks?</strong></strong> <p class="schema-how-to-step-text">Unlike brute force attacks that guess passwords, credential stuffing uses already stolen credentials, making it faster and more effective.</p> </li> <li class="schema-how-to-step" id="how-to-step-1776686077151"><strong class="schema-how-to-step-name"><strong>How can businesses detect credential stuffing attacks?</strong></strong> <p class="schema-how-to-step-text">By monitoring login patterns, identifying unusual traffic spikes, and using anomaly detection tools to flag suspicious behavior.</p> </li> <li class="schema-how-to-step" id="how-to-step-1776686093549"><strong class="schema-how-to-step-name"><strong>Where do attackers get credentials for credential stuffing?</strong></strong> <p class="schema-how-to-step-text">From previous data breaches, leaked databases, and underground marketplaces on the dark web.</p> </li> <li class="schema-how-to-step" id="how-to-step-1776686107092"><strong class="schema-how-to-step-name"><strong>Can CAPTCHA stop credential stuffing attacks?</strong></strong> <p class="schema-how-to-step-text"> It can slow attackers down, but advanced bots can bypass basic CAPTCHA mechanisms.</p> </li> </ol> </div><p>The post <a href="https://kratikal.com/blog/what-makes-credential-stuffing-difficult-to-detect/">What Makes Credential Stuffing Difficult to Detect?</a> appeared first on <a href="https://kratikal.com/blog">Kratikal Blogs</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/what-makes-credential-stuffing-difficult-to-detect/" data-a2a-title="What Makes Credential Stuffing Difficult to Detect?"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhat-makes-credential-stuffing-difficult-to-detect%2F&amp;linkname=What%20Makes%20Credential%20Stuffing%20Difficult%20to%20Detect%3F" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhat-makes-credential-stuffing-difficult-to-detect%2F&amp;linkname=What%20Makes%20Credential%20Stuffing%20Difficult%20to%20Detect%3F" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhat-makes-credential-stuffing-difficult-to-detect%2F&amp;linkname=What%20Makes%20Credential%20Stuffing%20Difficult%20to%20Detect%3F" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhat-makes-credential-stuffing-difficult-to-detect%2F&amp;linkname=What%20Makes%20Credential%20Stuffing%20Difficult%20to%20Detect%3F" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fwhat-makes-credential-stuffing-difficult-to-detect%2F&amp;linkname=What%20Makes%20Credential%20Stuffing%20Difficult%20to%20Detect%3F" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://kratikal.com/blog/">Kratikal Blogs</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Shikha Dhingra">Shikha Dhingra</a>. Read the original post at: <a href="https://kratikal.com/blog/what-makes-credential-stuffing-difficult-to-detect/">https://kratikal.com/blog/what-makes-credential-stuffing-difficult-to-detect/</a> </p>

<p>The post <a href="https://www.malwarebytes.com/blog/news/2026/04/real-apple-notifications-are-being-used-to-drive-tech-support-scams">Real Apple notifications are being used to drive tech support scams</a> appeared first on <a href="https://www.malwarebytes.com/">Malwarebytes</a>.</p><p>Scammers have found a way to abuse legitimate Apple account notification emails to trick targets into calling fake tech support numbers.</p><p>According to a report from <a href="https://www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/" rel="noreferrer noopener nofollow">BleepingComputer</a>, scammers create an Apple account and insert a phishing message into the personal information fields, then modify the account so that Apple sends a genuine security alert about the change to the target.</p><p>BleepingComputer was able to replicate the attack.</p><p>The attacker creates an Apple ID they control, then stuffs the phishing message into the personal information fields (first name, last name, possibly address), splitting it across fields because they will not fit into just one.</p><p>To launch the phish, the attacker changes something benign on their specially created Apple account, such as shipping information, which causes Apple’s systems to send a “Your Apple account was updated” security email.</p><p>While the original alert is addressed to the attacker’s iCloud email, they are then able to redistribute it to a wider victim list, for example through a mailing list.</p><p>In the copy the targets receive, the email headers still show a legitimate Apple sender, and the presence of the attacker’s iCloud address can even make it look like “someone else” has gained access to the account.</p><figure class="wp-block-image aligncenter size-full is-resized"><img decoding="async" loading="lazy" width="625" height="466" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2026/04/reconstruction.png" alt="Reconstruction. Image courtesy of BleepingComputer" class="wp-image-402329" style="aspect-ratio:1.341246688797237;width:625px;height:auto"></figure><p>Because Apple includes those user-supplied fields in the security email, the phishing text is delivered inside a legitimate message sent from Apple’s own infrastructure.</p><p>This method, called call-back phishing, filters out suspicious users, so the scammers can focus on the people who fell for the first part. </p><p>The emails come from a legitimate source, sail through every security filter because of that, and look convincing enough to scare the receiver into thinking someone spent $899 from their PayPal account.</p><figure class="wp-block-image aligncenter size-full"><img decoding="async" loading="lazy" width="614" height="661" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2026/04/email_screenshot_1fc86b.png" alt="Phishing email screenshot, courtesy of BleepingComputer " class="wp-image-402331"></figure><p>But the structure of the email does not make sense.</p><p>“Dear User” is immediately followed by the scam message where your name should have been. The header says it’s about account information rather than a purchase. And the iCloud account does not belong to the recipient. So, once you know how it’s done, they’re not impossible to spot. Which is why we wrote this blog.</p><p>And when in doubt, you can always ask Malwarebytes Scam Guard.</p><hr class="wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex"> <div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:15%"> <figure class="wp-block-image aligncenter size-large is-resized"><img decoding="async" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2024/11/phishing-scam-protection-icon-0B73D5.svg?w=1024" alt="" class="wp-image-120125" style="aspect-ratio:0.7764298093587522;width:59px;height:auto"></figure> </div> <div class="wp-block-column is-vertically-aligned-center is-layout-flow wp-container-core-column-is-layout-10073889 wp-block-column-is-layout-flow" style="padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30);flex-basis:60%"> <h3 class="wp-block-heading has-dark-blue-color has-text-color has-link-color wp-elements-206cb12516cf7911541848b4cf513a38" id="h-scam-nbsp-or-legit-scam-guard-knows">Scam or legit? Scam Guard knows.</h3> </div> <div class="wp-block-column is-vertically-aligned-center has-global-padding is-content-justification-right is-layout-constrained wp-container-core-column-is-layout-f1f2ed93 wp-block-column-is-layout-constrained" style="flex-basis:30%"> <div class="wp-block-malware-bytes-button mb-button" id="mb-button-a2b2e60f-b6c4-45fc-8aac-20ae3cf27e09"> <div class="mb-button__row u-justify-content-center"> <div class="mb-button__item mb-button-item-0"> <p class="btn-main"><a href="https://www.malwarebytes.com/solutions/scam-guard" data-type="link" data-id="https://www.malwarebytes.com/scamguard" rel="noreferrer noopener">TRY IT NOW</a></p> </div> </div> </div> </div> </div><hr class="wp-block-separator aligncenter has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><figure class="wp-block-image aligncenter size-full"><img decoding="async" loading="lazy" width="935" height="419" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2026/04/scam-detection.png" alt="Is this a scam?" class="wp-image-402332"><figcaption class="wp-element-caption">Asking Scam Guard</figcaption></figure><p>Scam Guard identified the screenshot as a scam and guides users through the next steps.</p><p>Scams like these work, because many users still view phone calls as more trustworthy than email, especially if the email itself passed all the usual technical authenticity checks and they initiated the call themselves.</p><h2 class="wp-block-heading" id="h-how-to-stay-safe">How to stay safe</h2><p><a href="https://www.malwarebytes.com/blog/news/2016/05/tech-support-scams" rel="noreferrer noopener">Tech support scammers</a> will try to convince callers to install some kind of remote desktop application to steal data from your computer, or ask for financial details so they can steal your money.</p><p>To stay safe from these scammers:</p><ul class="wp-block-list"> <li>Be wary of unexpected alerts about high‑value purchases you do not recognize. They are suspicious even if they come from a real domain.</li> <li>Never call a number sent to you by unsolicited means or even found in sponsored search results.</li> <li>Carefully read emails and text messages, even if they come form trustworthy addresses. Does the email make sense from a structural and linguistic point of view?</li> <li>If someone claiming to be support for a legitimate company asks for remote access or payment details during a call, hang up and contact the company through official channels.</li> <li>Use <a href="https://www.malwarebytes.com/blog/product/2026/02/scam-guard-for-desktop-a-second-set-of-eyes-for-suspicious-moments" rel="noreferrer noopener">Malwarebytes Scam Guard</a> to analyze any kind of message that alarms you or urges you to take immediate action.</li> </ul><hr class="wp-block-separator has-alpha-channel-opacity is-style-wide"><h3 class="wp-block-heading" id="h-something-feel-off-check-it-before-you-click-nbsp-nbsp"><strong>Something feel off? Check it before you click. </strong> </h3><p><strong>Malwarebytes Scam Guard</strong> helps you analyze suspicious links, texts, and screenshots instantly.  </p><p>Available with <a href="https://www.malwarebytes.com/premium" rel="noreferrer noopener">Malwarebytes Premium Security</a> for all your devices, and in the <a href="https://www.malwarebytes.com/mobile" rel="noreferrer noopener">Malwarebytes app for iOS and Android</a>.  </p><p><a href="https://www.malwarebytes.com/solutions/scam-guard" rel="noreferrer noopener">Try it free →</a> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/real-apple-notifications-are-being-used-to-drive-tech-support-scams/" data-a2a-title="Real Apple notifications are being used to drive tech support scams"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Freal-apple-notifications-are-being-used-to-drive-tech-support-scams%2F&amp;linkname=Real%20Apple%20notifications%20are%20being%20used%20to%20drive%20tech%20support%20scams" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Freal-apple-notifications-are-being-used-to-drive-tech-support-scams%2F&amp;linkname=Real%20Apple%20notifications%20are%20being%20used%20to%20drive%20tech%20support%20scams" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Freal-apple-notifications-are-being-used-to-drive-tech-support-scams%2F&amp;linkname=Real%20Apple%20notifications%20are%20being%20used%20to%20drive%20tech%20support%20scams" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Freal-apple-notifications-are-being-used-to-drive-tech-support-scams%2F&amp;linkname=Real%20Apple%20notifications%20are%20being%20used%20to%20drive%20tech%20support%20scams" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Freal-apple-notifications-are-being-used-to-drive-tech-support-scams%2F&amp;linkname=Real%20Apple%20notifications%20are%20being%20used%20to%20drive%20tech%20support%20scams" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.malwarebytes.com/">Malwarebytes</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Malwarebytes">Malwarebytes</a>. Read the original post at: <a href="https://www.malwarebytes.com/blog/news/2026/04/real-apple-notifications-are-being-used-to-drive-tech-support-scams">https://www.malwarebytes.com/blog/news/2026/04/real-apple-notifications-are-being-used-to-drive-tech-support-scams</a> </p>

<p>The post <a href="https://xkcd.com/3218/">Randall Munroe’s XKCD 'Subduction Retrieval'</a> appeared first on <a href="https://www.infosecurity.us/">Infosecurity.US</a>.</p><figure class=" sqs-block-image-figure intrinsic "> <p> <a class=" sqs-block-image-link " href="https://xkcd.com/3218/"></a></p> <p> <img data-stretch="false" data-image="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/cd9805f2-c2f4-432e-a428-4084dd75f234/subduction_retrieval.png" data-image-dimensions="502x347" data-image-focal-point="0.5,0.5" alt="" data-load="false" elementtiming="system-image-block" src="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/cd9805f2-c2f4-432e-a428-4084dd75f234/subduction_retrieval.png?format=1000w" width="502" height="347" sizes="auto, (max-width: 640px) 100vw, (max-width: 767px) 100vw, 100vw" onload='this.classList.add("loaded")' srcset="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/cd9805f2-c2f4-432e-a428-4084dd75f234/subduction_retrieval.png?format=100w 100w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/cd9805f2-c2f4-432e-a428-4084dd75f234/subduction_retrieval.png?format=300w 300w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/cd9805f2-c2f4-432e-a428-4084dd75f234/subduction_retrieval.png?format=500w 500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/cd9805f2-c2f4-432e-a428-4084dd75f234/subduction_retrieval.png?format=750w 750w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/cd9805f2-c2f4-432e-a428-4084dd75f234/subduction_retrieval.png?format=1000w 1000w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/cd9805f2-c2f4-432e-a428-4084dd75f234/subduction_retrieval.png?format=1500w 1500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/cd9805f2-c2f4-432e-a428-4084dd75f234/subduction_retrieval.png?format=2500w 2500w" loading="lazy" decoding="async" data-loader="sqs"></p> <p> <figcaption class="image-caption-wrapper"> <p class=""><strong>via the comic artistry and dry wit of Randall Munroe, creator of XKCD</strong></p> </figcaption></p></figure><p><a href="https://www.infosecurity.us/blog/2026/4/20/randall-munroes-xkcd-subduction-retrieval">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/randall-munroes-xkcd-subduction-retrieval/" data-a2a-title="Randall Munroe’s XKCD ‘Subduction Retrieval’"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Frandall-munroes-xkcd-subduction-retrieval%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Subduction%20Retrieval%E2%80%99" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Frandall-munroes-xkcd-subduction-retrieval%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Subduction%20Retrieval%E2%80%99" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Frandall-munroes-xkcd-subduction-retrieval%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Subduction%20Retrieval%E2%80%99" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Frandall-munroes-xkcd-subduction-retrieval%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Subduction%20Retrieval%E2%80%99" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Frandall-munroes-xkcd-subduction-retrieval%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Subduction%20Retrieval%E2%80%99" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://xkcd.com/3218/">https://xkcd.com/3218/</a> </p>

<p>The post <a href="https://www.firetail.ai/blog/article-5-and-the-eu-ai-acts-absolute-red-lines">Article 5 and the EU AI Act's Absolute Red Lines – FireTail Blog</a> appeared first on <a href="https://www.firetail.ai">FireTail – AI and API Security Blog</a>.</p><p>Apr 20, 2026 – Alan Fagan – Most conversations about the EU AI Act focus on August 2026, when obligations for high-risk AI systems become fully enforceable. But Article 5 is already live. The Act’s eight prohibited practices became enforceable in February 2025. Fines of up to €35 million or 7% of global annual turnover apply now. And the infrastructure to act on violations is in place.<br> For AI providers operating in or serving the EU market, understanding Article 5 is critical.<br> The EU AI Act takes a risk-based approach to AI governance. The practices represent the EU’s judgement that certain applications of AI are incompatible with fundamental rights and democratic values, and the European Commission reinforced that position in the guidelines it published on 4 February 2025, two days after the prohibitions.<br> The guidelines break each prohibition into cumulative conditions and provide practical examples of what falls in scope and what does not. They are the clearest signal available of how regulators will interpret borderline cases.<br> The penalty structure reflects the seriousness with which the EU treats these provisions. At up to €35 million or 7% of global annual turnover, violations of Article 5 carry steeper fines than any other category of non-compliance in the Act.<br> The Eight Prohibitions<br> 1. Subliminal and Manipulative Techniques<br> AI systems that deploy techniques operating below conscious awareness, or that exploit psychological vulnerabilities, biases, or weaknesses in decision-making to distort behaviour and cause significant harm, are banned.<br> The prohibition is targeted at systems designed to circumvent rational agency. It does not cover normal personalisation, recommendation engines, or advertising that simply presents persuasive content. The key conditions are that the technique must be subliminal or manipulative, and that it must cause or be reasonably likely to cause significant harm.<br> In practice, the compliance question for providers is whether their optimisation objectives could drive the system toward manipulative behaviour as a side effect. A recommender system trained purely on engagement maximisation can, over time, evolve into something that exploits psychological patterns in ways that meet the prohibition’s conditions. 2. Exploiting Vulnerabilities<br> AI systems that exploit vulnerabilities arising from a person’s age, disability, or socioeconomic circumstances to distort behaviour in ways that cause harm are banned.<br> The practical example that clarifies this prohibition is an AI advertising tool that identifies users showing signs of financial hardship, through search behaviour, location data, or device signals, and targets them with offers specifically designed to exploit that vulnerability. The Commission’s guidelines explicitly name this kind of system as a violation.<br> This prohibition has direct implications for any AI system operating in consumer finance, healthcare, or social services, where users may be in vulnerable circumstances by definition. The question is not whether the system serves those users, but whether it is designed to exploit their circumstances rather than serve their interests.<br> 3. Social Scoring<br> General-purpose social scoring of individuals or groups based on social behaviour or personal characteristics, leading to detrimental treatment in contexts unrelated to where the data was collected, is banned when conducted by or on behalf of public authorities.<br> This is the provision most directly aimed at preventing the kind of surveillance infrastructure that has emerged in certain authoritarian contexts. It applies to public authorities, but it also catches systems that aggregate data across domains in ways that create de facto social profiles affecting access to services, employment, or civic participation.<br> 4. Predictive Policing Based on Profiling<br> AI systems that assess the likelihood of an individual committing a criminal offence solely on the basis of profiling or personality traits, absent objective and verifiable facts directly linked to criminal activity, are prohibited.<br> A retail security system that analyses CCTV footage to detect actual suspicious behaviour, such as someone concealing merchandise, is permitted because it reacts to observable actions. A system that flags customers as high risk based on demographic profiling, is not.<br> 5. Untargeted Facial Recognition Scraping<br> Building or expanding facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage is banned absolutely.<br> This provision addresses the data acquisition practices used by a number of controversial biometric surveillance providers in recent years. Several of these companies built large-scale facial recognition datasets by scraping billions of images from social media platforms and public web sources without consent. That practice is now illegal in the EU.<br> 6. Emotion Inference in Workplaces and Educational Settings<br> A range of specialist vendors such as IBM, Microsoft, and Amazon have offered emotion detection capabilities through their cloud platforms and APIs. The global emotion AI market was valued at approximately $7.5 billion in 2024. Many of these tools were being actively evaluated or deployed in employee monitoring, productivity assessment, and remote meeting analysis contexts.<br> Since February 2025, deploying AI systems that infer the emotional states of individuals in workplaces or educational environments is prohibited in the EU. However, context is determinative. The same AI capability can be permitted in one setting and prohibited in another. Affect recognition technology used for driver safety monitoring in an automotive context has a different regulatory status from the identical technology embedded in an employer’s video call analysis platform.<br> 7. Biometric Categorisation by Sensitive Characteristics<br> AI systems that use biometric data to categorise individuals based on race, political opinions, religious or philosophical beliefs, sex life, or sexual orientation are prohibited.<br> The narrow exceptions cover the labelling or filtering of biometric datasets that are lawfully acquired, and law enforcement categorisation under strictly controlled conditions.<br> This prohibition catches systems that providers may not have characterised as biometric categorisation in their original design. Any model that takes facial, voice, or physiological inputs and produces outputs that correlate needs to be assessed carefully against this provision, regardless of the stated purpose.<br> 8. Real-Time Remote Biometric Identification in Public Spaces<br> The real-time use of remote biometric identification systems in public spaces for law enforcement purposes is prohibited, with narrow exceptions.<br> Deployment requires a prior fundamental rights impact assessment under Article 27, judicial or independent administrative authorisation before use, and registration in the EU database. In genuine emergencies, use can begin before registration, but registration must follow immediately and the relevant authority must be notified.<br> This prohibition does not apply to private actors in non-law-enforcement contexts, but it sets a clear precedent for the EU’s approach to real-time biometric surveillance in public life.<br> The Compliance Challenge<br> Understanding the prohibitions is only the first step. The challenge for providers is ensuring that their systems do not violate prohibitions through optimisation, fine-tuning, or integration with other services.<br> The European Commission states that deployers bear responsibility for how they use systems, regardless of what the provider’s terms of service say. But the design, training, and integration choices that providers make set the boundaries within which deployers operate. Providers who build systems capable of prohibited practices, even if they prohibit those uses, are not fully insulated from regulatory attention if those capabilities are reasonably foreseeable.<br> Developers need to monitor how systems actually behave in deployment, not just design intent. The Enforcement Reality<br> Prohibited practices under Article 5 of the AI Act became enforceable on 2 August 2025. No formal enforcement actions have been publicly announced to date, but the architecture is in place and complaints from affected individuals or organisations can trigger investigations at any time.<br> The enforcement landscape varies by member state. Ireland’s proposed implementation assigns prohibited practice enforcement to the Central Bank for financial services, the Workplace Relations Commission for employment contexts, and the Data Protection Commission for others. This means a single organisation with AI systems operating across multiple domains could face scrutiny from more than one authority simultaneously.<br> What This Means for AI Providers<br> Article 5 compliance requires ongoing technical visibility into how your systems behave, what data they process, and what outputs they produce. FireTail gives AI providers continuous monitoring and visibility across their deployed systems, capturing the inputs and outputs that compliance evidence requires, detecting patterns that approach prohibited practice thresholds, and generating the audit trail. When the enforcement window closes, that evidence is what separates organisations that were prepared from those that were not.<br> The prohibited practices provisions are live. The enforcement infrastructure is in place. The guidelines from the Commission have clarified how regulators will interpret the boundaries. The time to build the technical controls that demonstrate compliance is now. </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/article-5-and-the-eu-ai-acts-absolute-red-lines-firetail-blog/" data-a2a-title="Article 5 and the EU AI Act’s Absolute Red Lines – FireTail Blog"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Farticle-5-and-the-eu-ai-acts-absolute-red-lines-firetail-blog%2F&amp;linkname=Article%205%20and%20the%20EU%20AI%20Act%E2%80%99s%20Absolute%20Red%20Lines%20%E2%80%93%20FireTail%20Blog" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Farticle-5-and-the-eu-ai-acts-absolute-red-lines-firetail-blog%2F&amp;linkname=Article%205%20and%20the%20EU%20AI%20Act%E2%80%99s%20Absolute%20Red%20Lines%20%E2%80%93%20FireTail%20Blog" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Farticle-5-and-the-eu-ai-acts-absolute-red-lines-firetail-blog%2F&amp;linkname=Article%205%20and%20the%20EU%20AI%20Act%E2%80%99s%20Absolute%20Red%20Lines%20%E2%80%93%20FireTail%20Blog" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Farticle-5-and-the-eu-ai-acts-absolute-red-lines-firetail-blog%2F&amp;linkname=Article%205%20and%20the%20EU%20AI%20Act%E2%80%99s%20Absolute%20Red%20Lines%20%E2%80%93%20FireTail%20Blog" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Farticle-5-and-the-eu-ai-acts-absolute-red-lines-firetail-blog%2F&amp;linkname=Article%205%20and%20the%20EU%20AI%20Act%E2%80%99s%20Absolute%20Red%20Lines%20%E2%80%93%20FireTail%20Blog" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.firetail.ai">FireTail - AI and API Security Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by FireTail - AI and API Security Blog">FireTail - AI and API Security Blog</a>. Read the original post at: <a href="https://www.firetail.ai/blog/article-5-and-the-eu-ai-acts-absolute-red-lines">https://www.firetail.ai/blog/article-5-and-the-eu-ai-acts-absolute-red-lines</a> </p>

<p>The post <a href="https://www.gopher.security/blog/ml-based-anomaly-detection-post-quantum-metadata-exfiltration">ML-Based Anomaly Detection for Post-Quantum Metadata Exfiltration</a> appeared first on <a href="https://www.gopher.security/blog">Read the Gopher Security's Quantum Safety Blog</a>.</p><h2>The shift from big data to embodied experience</h2><p>Ever wonder why a toddler learns what "red" is after seeing just one toy, while our massive ai models need billions of data points? It’s kind of wild when you think about it. Current models are basically super-powered autocomplete. They’re amazing at text, but they don't actually <em>know</em> what a hammer feels like or how heavy a brick is.</p><ul> <li>They lack "compositionality"—the human knack for breaking things into parts and reusing them in new spots.</li> <li>Transitioning from just processing words to actually understanding "the real world" is where things get messy for big data.</li> <li>Information pathways in these huge models are too opaque, making it hard to see why they mess up.</li> </ul><p>It’s the idea that smarts come from having a body and interacting with stuff, not just reading about it. Researchers at OIST found that linking language with vision and touch—what they call <strong>proprioception</strong>—helps ai generalize way better with less data. To do this, they used a framework called <strong>PV-RNN</strong> (Predictive-coding-based Variational Recurrent Neural Network). Basically, it's a "brain" that learns by trying to predict what its sensors will feel next, rather than just memorizing a bunch of pictures.</p><p><img decoding="async" src="https://cdn.pseo.one/6867c628b7f8c49dfe17648d/686ef5ab027b1d23f092b447/understanding-role-of-embodied-cognitive-science-in-ai/mermaid-diagram-1.svg" alt="Diagram 1"></p><blockquote> <p>"Our model achieves this… by combining language with vision, proprioception, working memory, and attention – just like toddlers do." – Dr. Prasanna Vijayaraghavan (2025).</p> </blockquote><p>This shift uses the <strong>Free Energy Principle</strong> to lower uncertainty. Think of the Free Energy Principle as a theory where the brain tries to minimize "surprise" by matching its internal map with what it actually sees and feels. It's much more efficient than throwing a whole datacenter at a problem. Next, let’s look at how this actually changes robot brains.</p><h2>Building better ai agents with cognitive frameworks</h2><p>Think about how you learned what a "chair" was. You didn't just look at ten thousand photos; you bumped into them, sat on them, and maybe even tipped one over. That's the secret sauce for better ai agents.</p><p>Most ai today struggles because it sees the world as one giant, flat pixel map. But humans use <strong>compositionality</strong>—we break things down into parts. If a robot knows what "red" is from a ball and what "lifting" is from a block, it should be able to "lift a red block" without needing a new manual.</p><ul> <li><strong>Learning by doing:</strong> as mentioned earlier, robots that use vision and touch (proprioception) learn way faster. For example, a warehouse sorter robot doesn't need to see every item in the world. If it understands the "weight" and "grip" of a box, it can handle new products it's never seen before because it has a physical sense of how things move.</li> <li><strong>Small data, big results:</strong> researchers found that grounding language in physical actions helps ai generalize better. This is called "situated AI"—where the agent is stuck in a specific context. Even a digital bot can be "situated" if it's interacting with a live, changing environment instead of just static text files.</li> <li><strong>Making mistakes like us:</strong> these models aren't perfect, but their errors make sense. They might mix up two similar shapes because they "felt" the same, which is way easier to debug than a black-box model hallucinating a random fact.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/6867c628b7f8c49dfe17648d/686ef5ab027b1d23f092b447/understanding-role-of-embodied-cognitive-science-in-ai/mermaid-diagram-2.svg" alt="Diagram 2"></p><p>Translating these laboratory breakthroughs into commercial reality requires specialized implementation, which is where the industry is heading now. Companies like <strong><a href="https://technokeen.com/">Technokeens</a></strong> specialize in taking these complex cognitive ideas and shoving them into actual business apps. They help modernize old software so it can actually "understand" what a user is trying to do, not just follow a rigid if-then tree.</p><p>By focusing on automation that scales, they bridge the gap between "cool research" and "this actually saves us twenty hours a week." It's about moving from bots that just talk to agents that actually <em>do</em> things within your existing api and database structures.</p><h2>Why Predictive Coding saves on the power bill</h2><p>We keep mentioning how these systems are more efficient, and it mostly comes down to <strong>Predictive Coding</strong>. In a normal ai, the computer is constantly processing every single pixel and bit of data over and over. It's exhausting for the hardware and uses a ton of juice.</p><p>Predictive coding works like your own brain. If you're sitting in a room, your brain isn't "re-rendering" the walls every second. It assumes the walls are still there and only sends a signal to your conscious mind if something changes—like if a cat jumps through the window. </p><p>In an embodied ai, the pv-rnn only processes the "error" between what it expected to happen and what actually happened. If the robot expects to touch a table and it does, the "energy cost" is almost zero. It only burns power when it needs to update its model because of a surprise. This is why these models can run on much smaller chips with way lower electricity bills than the giant LLMs that need a whole power plant just to say hello.</p><h2>Security and governance in embodied systems</h2><p>So, if these robots are actually moving around and "feeling" things, how do we make sure they don't go rogue or leak sensitive data? It's one thing when a chatbot hallucinates a fake movie review, but it's a whole other mess when an embodied ai in a hospital or warehouse makes a physical mistake.</p><p>We gotta treat these agents like employees, not just software. In a zero trust setup, every robot or automated agent needs its own digital identity.</p><ul> <li><strong>Lifecycle management:</strong> just like you offboard a staff member, you need a way to kill an agent's access tokens the second it's decommissioned.</li> <li><strong>Granular permissions:</strong> a retail bot should have the api keys to check inventory, but it definitely shouldn't be able to access the ceo's payroll data.</li> <li><strong>Secure auth:</strong> using certificates and rotating tokens keeps the communication between the "brain" in the cloud and the "body" on the floor from being hijacked.</li> </ul><p>The cool part about the pv-rnn framework is that it isn't a total black box. Because it's "shallower" than those massive llms, researchers can actually look at the latent states—basically the robot's inner thoughts—to see why it's doing what it's doing.</p><p><img decoding="async" src="https://cdn.pseo.one/6867c628b7f8c49dfe17648d/686ef5ab027b1d23f092b447/understanding-role-of-embodied-cognitive-science-in-ai/mermaid-diagram-3.svg" alt="Diagram 3"></p><p>This makes compliance way easier. If a bot makes a mistake, we can trace the "embodied" logic it used. As previously discussed, this brain-inspired architecture makes mistakes that actually make sense to humans, which is a huge win for safety.</p><h2>Scaling and deploying embodied intelligence</h2><p>So, we've talked about the "brain" and the "body," but how do you actually get this stuff to work in a messy, real-world warehouse? It’s one thing to have a robot move a block in a lab, and it’s a whole other beast to scale that across a global supply chain.</p><p>Managing ai agent performance gets tricky when you’re dealing with hybrid deployments. You can’t just run everything in the cloud because "feeling" and "acting" require zero latency—if a robot arm waits two seconds for a server to tell it to stop, it’s already broken something.</p><ul> <li><strong>Load balancing:</strong> you need to balance the heavy sensory processing (the "feeling" part) at the edge while letting the cloud handle the big-picture logic. </li> <li><strong>Failover and recovery:</strong> in edge computing, if a local node goes down, the agent needs a "reflex" mode. It should be able to safely pause or finish a task even if it loses its connection to the main brain.</li> </ul><p>Embodied intelligence is going to change how we think about operations even in non-robot fields. In marketing, better sentiment analysis will come from agents that can "sense" physical context through wearable tech or camera-based emotion AI. Imagine a retail display that adjusts its haptic feedback or lighting because it "senses" a customer is frustrated—that's grounded data in action.</p><p><img decoding="async" src="https://cdn.pseo.one/6867c628b7f8c49dfe17648d/686ef5ab027b1d23f092b447/understanding-role-of-embodied-cognitive-science-in-ai/mermaid-diagram-4.svg" alt="Diagram 4"></p><p>Ultimately, as previously discussed, this shift from big data to embodied experience makes for safer, more transparent tools. It’s moving us away from "black box" bots and toward agents that actually understand the world they're working in. Pretty exciting times, honestly.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/ml-based-anomaly-detection-for-post-quantum-metadata-exfiltration/" data-a2a-title="ML-Based Anomaly Detection for Post-Quantum Metadata Exfiltration"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fml-based-anomaly-detection-for-post-quantum-metadata-exfiltration%2F&amp;linkname=ML-Based%20Anomaly%20Detection%20for%20Post-Quantum%20Metadata%20Exfiltration" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fml-based-anomaly-detection-for-post-quantum-metadata-exfiltration%2F&amp;linkname=ML-Based%20Anomaly%20Detection%20for%20Post-Quantum%20Metadata%20Exfiltration" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fml-based-anomaly-detection-for-post-quantum-metadata-exfiltration%2F&amp;linkname=ML-Based%20Anomaly%20Detection%20for%20Post-Quantum%20Metadata%20Exfiltration" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fml-based-anomaly-detection-for-post-quantum-metadata-exfiltration%2F&amp;linkname=ML-Based%20Anomaly%20Detection%20for%20Post-Quantum%20Metadata%20Exfiltration" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fml-based-anomaly-detection-for-post-quantum-metadata-exfiltration%2F&amp;linkname=ML-Based%20Anomaly%20Detection%20for%20Post-Quantum%20Metadata%20Exfiltration" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.gopher.security/blog">Read the Gopher Security&amp;#039;s Quantum Safety Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Read the Gopher Security's Quantum Safety Blog">Read the Gopher Security's Quantum Safety Blog</a>. Read the original post at: <a href="https://www.gopher.security/blog/ml-based-anomaly-detection-post-quantum-metadata-exfiltration">https://www.gopher.security/blog/ml-based-anomaly-detection-post-quantum-metadata-exfiltration</a> </p>

<p>The post <a href="https://www.lastwatchdog.com/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/">Fireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest one</a> appeared first on <a href="https://www.lastwatchdog.com">The Last Watchdog</a>.</p><div class="entry" morss_own_score="5.32994923857868" morss_score="64.35630008209736"> <img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/uploads/Fireside-Chat_2025_brshed-960x609.jpg"> <h5>By Byron V. Acohido</h5> <p>Public key infrastructure — the authentication and encryption framework that has held digital commerce together through every chaotic leap forward in technology — is facing a double whammy.</p> <p><em><strong>Related:</strong> <a href="https://www.lastwatchdog.com/rsac-2026-no-easy-fixes-for-expanding-ai-attack-surface-but-a-coordinated-response-is-emerging/">Achieveing AI security won’t be easy</a></em></p> <p><a href="https://www.lastwatchdog.com/wp/wp-content/uploads/Digital-trust-erosion_B_SQUR.jpg"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/uploads/Digital-trust-erosion_B_SQUR-100x101.jpg"></a>Autonomous AI agents are flooding enterprise networks, most without verified identities or any meaningful governance. What’s more, quantum computers are just around the corner — and when they arrive, current encryption becomes obsolete overnight.</p> <p>I sat down with <a href="https://www.digicert.com/">DigiCert</a> CEO <a href="https://www.linkedin.com/in/amitsinha/">Amit Sinha</a> at RSAC 2026 to discuss this. The identity management and encryption communities are not sitting on their hands. Here is what I learned that you should know.</p> <p>PKI has been the quiet backbone of digital trust for 30 years. E-commerce needed it to authenticate strangers. The cloud and IoT needed it to manage machine identities at scale.</p> <p>Each time the technology shifted, PKI scaled to meet the load — under strain, imperfectly, but it held. The question now is whether it can be extended fast enough to handle two simultaneous disruptions: autonomous AI agents spreading like wildfire through enterprises and a quantum threat that will require replacing the underlying encryption math entirely.</p> <p>Sinha’s framing at RSAC was direct. “We are in a once-in-30-year upgrade cycle,” he told me.</p> <p>Encouragingly, the security community is already moving on two fronts. The first has to do with a problem that has been building since generative AI made synthetic media cheap and easy to produce. Fake videos, fabricated audio, and AI-generated images are flooding the internet and enabling fraud at scale.</p> <p>The industry’s answer is <a href="https://c2pa.org/about/">C2PA</a> — the Coalition for Content Provenance and Authenticity — an open standard that cryptographically signs content at the moment of creation, embedding a verifiable record of origin and any subsequent changes directly into the file.</p> <p>A trusted certificate authority vouches for authenticity, and anyone downstream can verify it. The standard is gaining real traction. Samsung built C2PA signing <a href="https://www.androidauthority.com/galaxy-s25-content-credentials-3523256/">into the native camera app of the Galaxy S25</a>, the first mass-market smartphone to carry it. Cloudflare has <a href="https://www.cloudflare.com/press/press-releases/2025/cloudflare-launches-one-click-content-credentials-to-track-image-authenticity/">implemented it across roughly 20 percent of the web</a>. DigiCert is a certified certificate authority under the standard.</p> <p>The second front has to do with companies racing to deploy autonomous AI agents — software that does not just answer questions but takes actions, executes transactions, manages systems, and interacts with other agents, all without waiting for a human to confirm each step.</p> <p><a href="https://www.lastwatchdog.com/wp/wp-content/uploads/260414_Humanoid_Passports-narr.png"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/uploads/260414_Humanoid_Passports-narr-520x236.png"></a>These AI agents have no verified identity. They operate on borrowed credentials or API tokens, with no reliable way to establish who — or what — is actually acting, on whose authority, and with access to what. Sinha explained how PKI can be extended to solve this the same way it solved machine identity in the cloud era.</p> <p>Every agent, he says, should carry a “digital passport” — a cryptographic credential, issued through the same certificate infrastructure that authenticates websites and software; this would establish the agent’s identity, define what it is authorized to access, and allow it to be revoked instantly if need be.</p> <p>Think of it the way Sinha does: when you arrive at an airport, your passport gets you into the secure area; your boarding pass governs exactly where you go from there. The standards to do this already exist — <a href="https://spiffe.io/docs/latest/spiffe-about/overview/">SPIFFE</a> and SPIRE, adapted from cloud workload security — and DigiCert is extending its platform to issue and manage these credentials for AI agents at enterprise scale.</p> <p>“As agents move from answering your questions to taking actions on your behalf, you need governance, you need auditability, you need the ability to revoke all those privileges — much like you would with any human,” he said.</p> <p>Adoption, however, is in the earliest innings. DigiCert CTO Jason Sabin told CSO Online late last year that <a href="https://www.csoonline.com/article/4109999/agentic-ai-already-hinting-at-cybersecuritys-pending-identity-crisis.html">fewer than 5 percent of enterprises</a> deploying autonomous agents have created verifiable identities for them. Sinha described what AI has done to the security industry’s clock as “time dilation” — what used to be a year’s worth of change now happens in weeks.</p> <p>PKI has carried the load through every prior shift. Whether it can be extended fast enough for this one is the defining near-term question. I’ll keep watch, and keep reporting.</p> <p>Listen to the <a href="https://soundcloud.com/byron-acohido/digital-passports-for-ai?si=eed65620734d43979f8785bbd411abfb&amp;utm_source=clipboard&amp;utm_medium=text&amp;utm_campaign=social_sharing">full podcast</a> for Sinha’s complete breakdown.</p> <p><a href="https://www.lastwatchdog.com/wp/wp-content/uploads/Byron-sepia-hedcut-1.png"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/uploads/Byron-sepia-hedcut-1-100x139.png"></a></p> <p>Acohido</p> <p><em><a href="https://www.lastwatchdog.com/pulitzer-centennial-highlights-role-journalism/">Pulitzer Prize-winning </a>business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.</em></p> <p><em>(<strong>Editor’s note</strong>: I used Claude and ChatGPT to assist with research compilation, source discovery, and early draft structuring. All interviews, analysis, fact-checking, and final writing are my own. I remain responsible for every claim and conclusion.)</em></p> <p> <a href="https://www.facebook.com/sharer.php?u=https://www.lastwatchdog.com/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png" title="Facebook"></a><a href="https://plus.google.com/share?url=https://www.lastwatchdog.com/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/google.png" title="Google+"></a><a href="/cdn-cgi/l/email-protection#c0ffb3b5a2aaa5a3b4fd86a9b2a5b3a9a4a5e5f2f083a8a1b4fae5f2f0908b89e5f2f0a8a1b3e5f2f0a3a1b2b2a9a5a4e5f2f0a4a9a7a9b4a1ace5f2f0b4b2b5b3b4e5f2f0b4a8b2afb5a7a8e5f2f0a5b6a5b2b9e5f2f0b4a5a3a8e5f2f0a1a4b6a1aea3a5e585f2e5f8f0e5f9f4aeafb7e5f2f0a3afada5b3e5f2f0b4a8a5e5f2f0a8a1b2a4a5b3b4e5f2f0afaea5e6a1adb0fba2afa4b9fde5f2f0a8b4b4b0b3faefefb7b7b7eeaca1b3b4b7a1b4a3a8a4afa7eea3afadefa6a9b2a5b3a9a4a5eda3a8a1b4edb0aba9eda8a1b3eda3a1b2b2a9a5a4eda4a9a7a9b4a1acedb4b2b5b3b4edb4a8b2afb5a7a8eda5b6a5b2b9edb4a5a3a8eda1a4b6a1aea3a5edaeafb7eda3afada5b3edb4a8a5eda8a1b2a4a5b3b4edafaea5ef"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/email.png" title="Email"></a></p> <p>April 20th, 2026 </p> <p> </p></div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/" data-a2a-title="Fireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest one"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ffireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one%2F&amp;linkname=Fireside%20Chat%3A%20PKI%20has%20carried%20digital%20trust%20through%20every%20tech%20advance%E2%80%94now%20comes%20the%20hardest%20one" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ffireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one%2F&amp;linkname=Fireside%20Chat%3A%20PKI%20has%20carried%20digital%20trust%20through%20every%20tech%20advance%E2%80%94now%20comes%20the%20hardest%20one" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ffireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one%2F&amp;linkname=Fireside%20Chat%3A%20PKI%20has%20carried%20digital%20trust%20through%20every%20tech%20advance%E2%80%94now%20comes%20the%20hardest%20one" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ffireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one%2F&amp;linkname=Fireside%20Chat%3A%20PKI%20has%20carried%20digital%20trust%20through%20every%20tech%20advance%E2%80%94now%20comes%20the%20hardest%20one" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ffireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one%2F&amp;linkname=Fireside%20Chat%3A%20PKI%20has%20carried%20digital%20trust%20through%20every%20tech%20advance%E2%80%94now%20comes%20the%20hardest%20one" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.lastwatchdog.com">The Last Watchdog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by bacohido">bacohido</a>. Read the original post at: <a href="https://www.lastwatchdog.com/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/">https://www.lastwatchdog.com/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/</a> </p>

<p>The post <a href="https://www.pkware.com/blog/understanding-cybersecurity-maturity-model-certification">Understanding Cybersecurity Maturity Model Certification: The New Standard for Doing Business with the Department of Defense</a> appeared first on <a href="https://www.pkware.com/blog">Welcome to the PKWARE Blog – PKWARE®</a>.</p><div class="fusion-fullwidth fullwidth-box fusion-builder-row-2 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling" style="--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;"> <div class="fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap" style="max-width:1300px;margin-left: calc(-4% / 2 );margin-right: calc(-4% / 2 );"> <div class="fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_1_1 1_1 fusion-flex-column" style="--awb-bg-size:cover;--awb-width-large:100%;--awb-margin-top-large:0px;--awb-spacing-right-large:1.92%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:1.92%;--awb-width-medium:100%;--awb-order-medium:0;--awb-spacing-right-medium:1.92%;--awb-spacing-left-medium:1.92%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;"> <div class="fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column"> <div class="fusion-text fusion-text-6"> <p>For anyone working with or hoping to work with the Department of Defense (DoD), cybersecurity compliance is no longer optional. It’s now a condition of doing business. The DoD created the Cybersecurity Maturity Model Certification (CMMC) to solve a growing problem within the defense supply chain: inconsistent protection of sensitive information and unreliable self-reporting of compliance.</p> <p>CMMC changes that equation. It replaces self-attestation with formal certification, holding every defense contractor to clearly defined technical and legal standards. For thousands of organizations across the Defense Industrial Base (DIB), those standards are both explicit and non-negotiable.</p> </div> <div class="fusion-title title fusion-title-5 fusion-title-text fusion-title-size-two" style="--awb-margin-top-small:0px;--awb-margin-bottom-small:20px;"> <div class="title-sep-container title-sep-container-left fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> <p><span class="awb-title-spacer fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"></span></p> <h2 class="fusion-title-heading title-heading-left" style="margin:0;text-transform:capitalize;">Why Cybersecurity Maturity Model Certification Exists</h2> <p><span class="awb-title-spacer"></span></p> <div class="title-sep-container title-sep-container-right"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> </div> <div class="fusion-text fusion-text-7"> <p>The DoD depends on a vast network of suppliers, subcontractors, and service providers. These organizations handle two main types of information:</p> <ul> <li>Federal Contract Information (FCI): Data generated under government contracts not meant for public release</li> <li>Controlled Unclassified Information (CUI): Sensitive but unclassified material such as technical drawings, specifications, or export-controlled data</li> </ul> <p>Before CMMC, the government relied on contractors to self-report compliance with the NIST SP 800-171 cybersecurity framework. However, assessments revealed large gaps—particularly around encryption and data protection.</p> <p>The result was predictable. The outcome was inconsistent safeguards across the supply chain. With this comes increased risk to national security.</p> <p>CMMC aims to correct that, ensuring accountability through verified audits and standardized certification.</p> </div> <div class="fusion-title title fusion-title-6 fusion-title-text fusion-title-size-two" style="--awb-margin-top-small:0px;--awb-margin-bottom-small:20px;"> <div class="title-sep-container title-sep-container-left fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> <p><span class="awb-title-spacer fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"></span></p> <h2 class="fusion-title-heading title-heading-left" style="margin:0;text-transform:capitalize;">The Three Levels of Compliance</h2> <p><span class="awb-title-spacer"></span></p> <div class="title-sep-container title-sep-container-right"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> </div> <div class="fusion-text fusion-text-8"> <p>CMMC 2.0 organizes requirements into three tiers:</p> <h3>Foundational: Level 1</h3> <ul> <li>Defines the basic safeguards for contractors handling FCI only.</li> <li>Directs organizations to self-assess their compliance with 17 core practices.</li> </ul> <h3>Advanced: Level 2</h3> <ul> <li>Applies to contractors handling CUI.</li> <li>Requires full implementation of 110 cybersecurity controls across 14 domains, covering everything from access control to system integrity.</li> <li>Involves a third-party assessment usually.</li> </ul> <h3>Expert: Level 3</h3> <ul> <li>Pertains to companies working on the DoD’s most sensitive programs.</li> <li>Includes additional enhanced protections and a government-led evaluation.</li> </ul> <p>CMMC requirements began appearing in contracts in late 2025. By the end of 2026, most Level 2 contractors will need third-party certification. The DoD expects to establish full enforcement by 2028.</p> </div> <div class="fusion-title title fusion-title-7 fusion-title-text fusion-title-size-two" style="--awb-margin-top-small:0px;--awb-margin-bottom-small:20px;"> <div class="title-sep-container title-sep-container-left fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> <p><span class="awb-title-spacer fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"></span></p> <h2 class="fusion-title-heading title-heading-left" style="margin:0;text-transform:capitalize;">The Technical Backbone: NIST SP 800-171</h2> <p><span class="awb-title-spacer"></span></p> <div class="title-sep-container title-sep-container-right"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> </div> <div class="fusion-text fusion-text-9"> <p>At the heart of CMMC Level 2 is <a href="https://csrc.nist.gov/pubs/sp/800/171/r3/final" rel="noopener">NIST SP 800-171</a>, a set of 110 detailed cybersecurity requirements grouped into 14 domains. These domains address how organizations manage access, secure data, respond to incidents, and ensure system integrity.</p> <p>Compliance requires technology, policy, and people working in tandem. It’s not enough to install software. You must document, implement, and prove that every control works as intended.</p> </div> <div class="fusion-title title fusion-title-8 fusion-title-text fusion-title-size-two" style="--awb-margin-top-small:0px;--awb-margin-bottom-small:20px;"> <div class="title-sep-container title-sep-container-left fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> <p><span class="awb-title-spacer fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"></span></p> <h2 class="fusion-title-heading title-heading-left" style="margin:0;text-transform:capitalize;">Encryption and the Law: FIPS Validation Matters</h2> <p><span class="awb-title-spacer"></span></p> <div class="title-sep-container title-sep-container-right"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> </div> <div class="fusion-text fusion-text-10"> <p>One of the most critical (and commonly misunderstood) requirements involves encryption. When protecting CUI, organizations must use FIPS-validated cryptography—not just “FIPS-compliant” tools.</p> <h3>FIPS-Validated Cryptography vs. FIPS-Compliant Tools</h3> <p>That distinction matters under federal rules. “Validated” means the specific encryption component has been through testing and certification by an approved lab under the <a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program" rel="noopener">Cryptographic Module Validation Program</a> (CMVP). Vendors must provide a valid certificate number; if they can’t, the encryption doesn’t meet the standard.</p> <p>In practice, this requirement covers data at rest and in transit. It applies to any environment: servers, VPN transmissions, emails, and the cloud.</p> <p>With the transition to <a href="https://csrc.nist.gov/pubs/fips/140-3/final" rel="noopener">FIPS 140-3</a> underway in 2026, organizations should prioritize solutions already validated to the newer standard to avoid <a href="https://www.pkware.com/solutions/compliance">compliance</a> gaps.</p> </div> <div class="fusion-title title fusion-title-9 fusion-title-text fusion-title-size-two" style="--awb-margin-top-small:0px;--awb-margin-bottom-small:20px;"> <div class="title-sep-container title-sep-container-left fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> <p><span class="awb-title-spacer fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"></span></p> <h2 class="fusion-title-heading title-heading-left" style="margin:0;text-transform:capitalize;">What Cybersecurity Maturity Model Certification Looks Like</h2> <p><span class="awb-title-spacer"></span></p> <div class="title-sep-container title-sep-container-right"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> </div> <div class="fusion-text fusion-text-11"> <p><span data-contrast="auto"><img fetchpriority="high" decoding="async" class="bc-inline-image wp-image-50004 alignright" src="https://www.pkware.com/wp-content/uploads/2026/04/Understanding-Cybersecurity-Maturity-Model-Certification-The-New-Standard-for-Doing-Business-with-the-Department-of-Defense-Image1.webp" alt="Data-Centric Security to Eliminate Exposure" width="347" height="293"></span></p> <p>Most contractors seeking Level 2 certification will work with a Certified Third-Party Assessor Organization (C3PAO), accredited by the Cyber AB. These assessors evaluate three things:</p> <ul> <li>The organization’s documentation (policies, procedures, security plans)</li> <li>Interviews with personnel responsible for implementation</li> <li>Testing of actual controls in the environment</li> </ul> <p>Assessors verify, not assume. Organizations must demonstrate compliance in practice. Organizations submit assessment results to the DoD’s Enterprise Mission Assurance Support Service (eMASS) system. Once approved, certification is valid for three years.</p> </div> <div class="fusion-title title fusion-title-10 fusion-title-text fusion-title-size-two" style="--awb-margin-top-small:0px;--awb-margin-bottom-small:20px;"> <div class="title-sep-container title-sep-container-left fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> <p><span class="awb-title-spacer fusion-no-large-visibility fusion-no-medium-visibility fusion-no-small-visibility"></span></p> <h2 class="fusion-title-heading title-heading-left" style="margin:0;text-transform:capitalize;">What It Means for the Defense Industry</h2> <p><span class="awb-title-spacer"></span></p> <div class="title-sep-container title-sep-container-right"> <div class="title-sep sep- sep-solid" style="border-color:var(--awb-color3);"></div> </div> </div> <div class="fusion-text fusion-text-12"> <p>For companies that have treated CMMC as a future issue, time is running short. With compliance language now embedded in contracts, preparation must begin immediately. Implementing all 110 NIST controls can take 12–18 months of focused work.</p> <p>But there’s good news: CMMC brings clarity. By defining exact requirements and requiring proof, contractors have a roadmap for secure operations and long-term eligibility to work with the DoD.</p> <p>CMMC isn’t just another cybersecurity checklist. It’s an enforceable standard that ties directly to the rule of law in federal contracting. Companies that understand and embrace that standard could be in a better position to protect national interests. They are also more likely to continue doing business in one of the most demanding, high-stakes environments in the world.</p> <p>Want to learn more about achieving CMMC compliance with PKWARE? Explore how we support it with data-centric encryption.</p> </div> </div> </div> </div> </div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/understanding-cybersecurity-maturity-model-certification-the-new-standard-for-doing-business-with-the-department-of-defense/" data-a2a-title="Understanding Cybersecurity Maturity Model Certification: The New Standard for Doing Business with the Department of Defense"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Funderstanding-cybersecurity-maturity-model-certification-the-new-standard-for-doing-business-with-the-department-of-defense%2F&amp;linkname=Understanding%20Cybersecurity%20Maturity%20Model%20Certification%3A%20The%20New%20Standard%20for%20Doing%20Business%20with%20the%20Department%20of%20Defense" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Funderstanding-cybersecurity-maturity-model-certification-the-new-standard-for-doing-business-with-the-department-of-defense%2F&amp;linkname=Understanding%20Cybersecurity%20Maturity%20Model%20Certification%3A%20The%20New%20Standard%20for%20Doing%20Business%20with%20the%20Department%20of%20Defense" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Funderstanding-cybersecurity-maturity-model-certification-the-new-standard-for-doing-business-with-the-department-of-defense%2F&amp;linkname=Understanding%20Cybersecurity%20Maturity%20Model%20Certification%3A%20The%20New%20Standard%20for%20Doing%20Business%20with%20the%20Department%20of%20Defense" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Funderstanding-cybersecurity-maturity-model-certification-the-new-standard-for-doing-business-with-the-department-of-defense%2F&amp;linkname=Understanding%20Cybersecurity%20Maturity%20Model%20Certification%3A%20The%20New%20Standard%20for%20Doing%20Business%20with%20the%20Department%20of%20Defense" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Funderstanding-cybersecurity-maturity-model-certification-the-new-standard-for-doing-business-with-the-department-of-defense%2F&amp;linkname=Understanding%20Cybersecurity%20Maturity%20Model%20Certification%3A%20The%20New%20Standard%20for%20Doing%20Business%20with%20the%20Department%20of%20Defense" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.pkware.com/blog">Welcome to the PKWARE Blog - PKWARE®</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by PKWARE">PKWARE</a>. Read the original post at: <a href="https://www.pkware.com/blog/understanding-cybersecurity-maturity-model-certification">https://www.pkware.com/blog/understanding-cybersecurity-maturity-model-certification</a> </p>

<p><span data-contrast="none">Cybersecurity professionals are on the move. Employers may be dismayed to learn that just 34% plan to stay put.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The high rate of turnover reflects the pressures cybersecurity experts face, particularly as their responsibilities grow while budgets, well, don’t, according to the 2026 Cybersecurity Talent Intelligence Report from IANS and Artico Search.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The survey of more than 500 security professionals showed a profession in turmoil that has pushed business leaders to pivot to a retention posture, with which can only be described as modest success. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Whether compensation is sufficient depends entirely on where the role sits. Security analysts pull a median income of $113,000, while security architects come in around $188,000 and functional leaders at $256,000. Of course, top earners can expect significantly higher compensation.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Not surprisingly, pay differences rest on company size and structure. Those organizations that record more than $5 billion in revenue pay between 18%-20% above average and compensation at publicly listed companies reflects a premium of as much as 24%. Government organizations come in below market averages. Organizations across the board serious about retention might want to give heavy thought to compensation since the study also found that even a modest pay increase can result in a significant uptick in satisfaction and willingness to stay. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">In the current landscape, the security professional has the educational chops and experience to command decent compensation—nearly half have bachelor’s degrees, with more than one-third holding a master’s degree or doctorate. And seven in 10 have spent more than eight years plying their trade.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">But right now their resolve—and perhaps patience—is being tested. </span><span data-contrast="none">“From a CISO perspective, our workload will continue to escalate, intensifying pressures that already pushed job satisfaction among cybersecurity professionals down to </span><a href="https://cybermagazine.com/news/burnout-is-becoming-endemic-across-the-cybersecurity-sector" target="_blank" rel="noopener"><span data-contrast="none">66% in 2024</span></a><span data-contrast="none">,” says Diana Kelley, CISO at Noma Security.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“CISOs are tasked with improving organizational resilience while managing more assets, platforms, and threats,” with some of the contributing factors to the workload increase being “responsibility increasing faster than authority, with some boards holding CISOs personally accountable for regulatory failures while budgets </span><a href="https://cribl.io/blog/what-cisos-are-prioritizing-in-2025-and-why-it-matters/" target="_blank" rel="noopener"><span data-contrast="none">remain flat for nearly half of security leaders</span></a><span data-contrast="none">,” Kelley says.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Dave Gerry, CEO at Bugcrowd, says that “offensive skills are becoming table stakes for defenders.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">He notes it might not be “a newly valuable skillset,” but “the emphasis on offense is becoming increasingly important as organizations look to preemptively anticipate attacks versus reacting when they see something happen.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The traditional model of defense, he says, “is also changing by encouraging red-teaming, AI-tooling, and threat hunting as standard practice.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The blurred line between offense and defense has been further reinforced by the recent strategy from the White House, so “for those looking to build a career in cyber, gaining both offensive and defensive skills is critical.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The effects of AI are being felt with more to come. “The rapid growth of AI in the business, and expected surge in AI-powered attacks, will create significant additional workload on security teams,” says Kelley. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">While “AI is going to continue to automate the bottom of the skill stack, not the top end,” Gerry says, “the ability to leverage AI to expand their skills, scale their output, and, enable them to perform at machine speed will become increasingly differentiated.  The need for human ingenuity alongside AI is only growing, not shrinking.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Qualys President and CEO Sumedh Thakar points out that “hiring always shifts when new technology shows up, this is simply the latest cycle,” noting that “centuries ago, it was someone’s job to chisel manuscripts on stone slabs” and “when ink and paper technology was invented, the world adapted, and we all survived.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The infusion of new technology naturally causes “dips in hiring certain roles in the short-term, but the productivity gains we’ll see from AI will lead businesses to expand and eventually lead to the hiring of new roles that did not exist in the past, such as AI prompt engineers.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">That adaptation by the workforce is crucial. “The future belongs to those who can deploy AI responsibly, minimize risk, and navigate the changing regulatory environment,” says Thakar.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“We’re seeing two overlapping forces. Overall tech hiring is still cooling after the pandemic spike, which hit generalist software and IT roles hardest,” says Daniel Koch, vice president of R&amp;D at Oasis Security. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“But at the same time, AI is rewiring what ‘tech work’ actually is,” he says. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“Companies don’t need more engineers to do the same jobs. They need fewer, more specialized people who can design, integrate, and govern AI systems,” Koch explains. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“Routine development and support work is being automated, while system-level skills are in short supply,” he explains. “That’s why broad tech postings are down even as demand for AI architects, evaluators, and platform engineers is skyrocketing. The mix of roles is changing much faster than the volume.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Koch says the scarcity is in people who can own AI systems end-to-end in a real organization. He says the bottlenecks include:</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><ul><li aria-setsize="-1" data-leveltext="o" data-font="Courier New" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}' data-aria-posinset="1" data-aria-level="2"><b><span data-contrast="none">Systems-level thinking:</span></b><span data-contrast="none"> Senior AI roles need to connect data pipelines, model choices, infra, product UX, and business constraints into one coherent architecture. It’s less “can you fine-tune a model?” and more “can you design a resilient, observable AI feature that will still work when the data, traffic, and regulations change?”</span><span data-ccp-props='{"201341983":0,"335559685":1665,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="o" data-font="Courier New" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}' data-aria-posinset="2" data-aria-level="2"><b><span data-contrast="none">Orchestration and tooling:</span></b><span data-contrast="none"> Modern AI systems are rarely “one model in a box”. They involve tool-using agents, retrieval, function calling, and workflow engines. People who understand how those pieces fit together across latency, cost, and reliability trade-offs are rare.</span><span data-ccp-props='{"201341983":0,"335559685":1665,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="o" data-font="Courier New" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}' data-aria-posinset="3" data-aria-level="2"><b><span data-contrast="none">Risk, security, and governance:</span></b><span data-contrast="none"> As soon as you move from a prototype to production, questions about </span><b><span data-contrast="none">data privacy, prompt injection, model abuse, and regulatory exposure</span></b><span data-contrast="none"> dominate the conversation. You need leaders who can collaborate across legal, security, compliance, and engineering to design safe defaults and incident playbooks, not just “make the model more accurate.”</span><span data-ccp-props='{"201341983":0,"335559685":1665,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="o" data-font="Courier New" data-listid="2" data-list-defn-props='{"335552541":1,"335559685":1440,"335559991":360,"469769226":"Courier New","469769242":[9675],"469777803":"left","469777804":"o","469777815":"multilevel"}' data-aria-posinset="4" data-aria-level="2"><b><span data-contrast="none">Human and organizational skills:</span></b><span data-contrast="none"> There’s emerging evidence that GenAI roles demand higher levels of cognitive and social skills, such as communication, coordination, and stakeholder management, way more than typical developer roles. Many candidates have the math, but fewer have the ability to </span><b><span data-contrast="none">bring operations, product, and security along with them</span></b><span data-contrast="none">.</span><span data-ccp-props='{"201341983":0,"335559685":1665,"335559739":0,"335559740":240}'> </span></li></ul><p><span data-contrast="none">To cope effectively with the pressures they face, Kelley says, “CISOs can carefully lean into automation, both traditional and AI-driven,” developing “storytelling skills to effectively communicate to boards and executive teams, reframing success within achievable parameters based on investment, business outcomes, and risk tolerance.”</span></p><p><span data-contrast="none">The dialog between the C-Suite and Board “will help CISOs secure the resources they need to succeed.” And “as the scope and weight of securing an organization expands in the future,” Kelley says, “CISOs must be strategic with delegation. Rather than carrying the burden of all security outcomes alone, they should delegate responsibility where it makes sense.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The skills gap, too, may be less of a challenge than trying to tease out talent. “We don’t lack people—we lack pathways to turn potential into capability,” says Heath Renfrow, cofounder and CISO at Fenix24. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Renfrow believes that CISOs need to move beyond “recruiting unicorn résumés and instead adopt a ‘talent factory’ mindset.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“The most successful programs, he says, “will hire for aptitude and resilience, then invest heavily in on-the-job training and structured mentorship for employee retention.” When that approach is paired with “selective outsourcing for niche or 24/7 functions,” CISOs can “build a sustainable talent engine instead of constantly fighting attrition.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">While Thakar agrees that hiring strategies “must align directly with business outcomes,” he says, at the same time, more SaaS vendors and service providers will offer built-in AI agents. Organizations should factor in the fact that SaaS vendors and service providers will offer built-in AI agents “into their workforce planning so they can leverage AI technology to achieve results, instead of buying more tools and hiring people to manage them.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">As those in security continue to feel pressure from a changing landscape, Renfrow says organizations must pay attention to mental health. “Mental health strain in cybersecurity is worsening, and CISOs are carrying the heaviest emotional load in the industry,” and “they are expected to prevent the unpreventable, respond flawlessly under global scrutiny, and never show fatigue.”</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">CISOs may need empathy and emotional intelligence to be strong leaders, but they can’t be full-time therapists. “Boards and CEOs must begin treating cyber burnout as a strategic risk, not a personal failing,” says Renfrow, who believes formal wellness support will eventually be built into security programs, including mandatory downtime post-incident, rotation-based on-call models, and executive mental-health resources. </span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“The CISO protects the organization—someone must be accountable for protecting the CISO,” he says.</span><span data-ccp-props='{"201341983":0,"335559739":0,"335559740":240}'> </span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/compensation-vs-burnout-the-new-retention-calculus-for-cybersecurity-leaders/" data-a2a-title="Compensation vs. Burnout: The New Retention Calculus for Cybersecurity Leaders"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcompensation-vs-burnout-the-new-retention-calculus-for-cybersecurity-leaders%2F&amp;linkname=Compensation%20vs.%20Burnout%3A%20The%20New%20Retention%20Calculus%20for%20Cybersecurity%20Leaders" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcompensation-vs-burnout-the-new-retention-calculus-for-cybersecurity-leaders%2F&amp;linkname=Compensation%20vs.%20Burnout%3A%20The%20New%20Retention%20Calculus%20for%20Cybersecurity%20Leaders" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcompensation-vs-burnout-the-new-retention-calculus-for-cybersecurity-leaders%2F&amp;linkname=Compensation%20vs.%20Burnout%3A%20The%20New%20Retention%20Calculus%20for%20Cybersecurity%20Leaders" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcompensation-vs-burnout-the-new-retention-calculus-for-cybersecurity-leaders%2F&amp;linkname=Compensation%20vs.%20Burnout%3A%20The%20New%20Retention%20Calculus%20for%20Cybersecurity%20Leaders" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fcompensation-vs-burnout-the-new-retention-calculus-for-cybersecurity-leaders%2F&amp;linkname=Compensation%20vs.%20Burnout%3A%20The%20New%20Retention%20Calculus%20for%20Cybersecurity%20Leaders" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>The post <a href="https://www.malwarebytes.com/blog/news/2026/04/mythos-an-ai-tool-too-powerful-for-public-release">Mythos: An AI tool too powerful for public release</a> appeared first on <a href="https://www.malwarebytes.com/">Malwarebytes</a>.</p><p>Anthropic’s most capable model to date, Claude Mythos Preview  (aka Mythos), has been <a href="https://fortune.com/2026/03/26/anthropic-says-testing-mythos-powerful-new-ai-model-after-data-leak-reveals-its-existence-step-change-in-capabilities/?ref=platformer.news" rel="noreferrer noopener nofollow">described</a> as a “step change” in AI performance, especially on cybersecurity tasks.</p><p>Anthropic tried to keep Mythos a secret until a few weeks ago, when a data leak revealed the existence of what the company said was its most powerful artificial intelligence to date. The models is seen as both a powerful defensive tool, and, potentially, a serious offensive cyberweapon.</p><p>For that reason, the company is sharply limiting access and signaling it does not plan to release it broadly to the market right now. Its reported ability to autonomously find and even chain software vulnerabilities at scale sit at the core of both the hype and the danger.</p><p>Imagine a tool that can independently find new vulnerabilities in software, systems, and platforms, then turn them into exploits, even if that requires chaining them with other vulnerabilities.</p><p>In the wrong hands, that could be a major threat to our cyber safety. So Anthropic has limited access to a small number of organizations worldwide, including major tech firms and a select group of government or security bodies. The NSA is <a href="https://www.axios.com/2026/04/19/nsa-anthropic-mythos-pentagon" rel="noreferrer noopener nofollow">reportedly</a> already using Mythos Preview, apparently to stress‑test and harden sensitive systems, despite <a href="https://www.malwarebytes.com/blog/news/2026/03/pentagon-ditches-anthropic-ai-over-security-risk-and-openai-takes-over">the Pentagon labelling Anthropic as a supply chain risk.</a></p><p>Mythos can discover vulnerabilities across large codebases more quickly and reliably than existing tools, and can look for multiple flaws in one system and combine them into multi‑step exploit chains to complete a compromise (for example, going from a simple web bug to a full domain takeover). It would take a bug bounty hunter months to find another vulnerability, let alone one chainable with the one(s) already discovered. Accomplishing that before the first one would be highly unlikely. </p><p>In practical terms, that could mean faster attacks, more complex breaches, and less time for companies to fix weaknesses before they’re exploited.</p><p>Anthropic itself has highlighted that Mythos can work with minimal supervision for extended periods, meaning it could run systematic attack campaigns at a scale no human team could accomplish.</p><p>Anthropic flagged these <a href="https://www.mindstudio.ai/blog/claude-mythos-cybersecurity-risks-leaked-blog-post" rel="noreferrer noopener nofollow">security risks in an internal document</a>:</p><ul class="wp-block-list"> <li>AI lowers the skill floor for offensive operations. Less-skilled actors could get access to very effective tools, significantly increasing the number of advanced attacks.</li> <li>Techniques like <a href="https://www.threatdown.com/blog/explained-fuzzing-for-security/" rel="noreferrer noopener">fuzzing</a>, dictionary attacks, and other brute force methods become much more effective when sped up by automation. AI-assisted iteration can provide an attacker with a lot more tries before an attack gets noticed.</li> </ul><p>But the most concerning conclusion was that the offensive side is iterating faster in the current phase of AI development, and security teams are generally later adopters of AI tooling than their adversaries.</p><p>As we know, AI in cybersecurity works both ways. It helps us defend against new threats, but it can also be used to create them. Which is why, in the wrong hands, Mythos can turn out to be a formidable adversary.</p><p>The goal stays the same, but the way to get there is paved by tools like Mythos. From the attacker’s seat, nothing about the destination is new. The novelty is that Mythos now automates the map, the vehicle, and most of the driving.</p><hr class="wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide"><p><strong>We don’t just report on threats—we remove them</strong></p><p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by <a href="https://www.malwarebytes.com/for-home">downloading Malwarebytes today</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/mythos-an-ai-tool-too-powerful-for-public-release/" data-a2a-title="Mythos: An AI tool too powerful for public release"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fmythos-an-ai-tool-too-powerful-for-public-release%2F&amp;linkname=Mythos%3A%20An%20AI%20tool%20too%20powerful%20for%20public%20release" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fmythos-an-ai-tool-too-powerful-for-public-release%2F&amp;linkname=Mythos%3A%20An%20AI%20tool%20too%20powerful%20for%20public%20release" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fmythos-an-ai-tool-too-powerful-for-public-release%2F&amp;linkname=Mythos%3A%20An%20AI%20tool%20too%20powerful%20for%20public%20release" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fmythos-an-ai-tool-too-powerful-for-public-release%2F&amp;linkname=Mythos%3A%20An%20AI%20tool%20too%20powerful%20for%20public%20release" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Fmythos-an-ai-tool-too-powerful-for-public-release%2F&amp;linkname=Mythos%3A%20An%20AI%20tool%20too%20powerful%20for%20public%20release" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.malwarebytes.com/">Malwarebytes</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Malwarebytes">Malwarebytes</a>. Read the original post at: <a href="https://www.malwarebytes.com/blog/news/2026/04/mythos-an-ai-tool-too-powerful-for-public-release">https://www.malwarebytes.com/blog/news/2026/04/mythos-an-ai-tool-too-powerful-for-public-release</a> </p>