Technology

Mel Schilling emerged as one of Australian television's most recognisable relationship experts. On Tuesday, she died of bowel cancer at the age of 54. As a judge on the hit reality show Married At … [+5692 chars]

Newcastle Australias newly launched Master of Cyber Security currently offered part-time is designed to build that breadth and depth. The programme prepares professionals for roles such as security a… [+1859 chars]

<div data-elementor-type="wp-post" data-elementor-id="10966" class="elementor elementor-10966" data-elementor-post-type="post"> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-93afc5a e-con-full e-flex e-con e-parent" data-id="93afc5a" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-86067b8 elementor-widget elementor-widget-text-editor" data-id="86067b8" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>The Azure APIM signup bypass is a critical vulnerability affecting 97.9% of internet-facing Developer Portals. Azure API Management (APIM) exposes APIs to external consumers through a Developer Portal, the interface where developers self-register, obtain API keys, and make API calls. The default APIM configuration ships with Basic Authentication enabled as the identity provider and the Starter product set to auto-approve subscriptions. When an administrator disables developer self-signup, they reasonably expect that endpoint to no longer be reachable.</p> <p>It doesn’t. An anonymous attacker can create an account, subscribe to API products, obtain valid API keys, and access backend services, all without authentication or relationship to the target organization. The “disable signup” toggle in Azure APIM’s Developer Portal is purely cosmetic. The backend REST API continues to accept registrations from anyone. This is an <strong>unauthenticated, internet-facing vulnerability</strong> in a service that is internet-facing by design.</p> <p>Praetorian noted that the original issue was detected by security researcher Mihalis Haatainen at <a href="https://www.bountyy.fi/">Bountyy Oy</a> in September 2025 (see <a href="https://github.com/bountyyfi/Azure-APIM-Cross-Tenant-Signup-Bypass/security/advisories/GHSA-vcwf-73jp-r7mv">GHSA-vcwf-73jp-r7mv</a>). Mihalis Haatainen reported the issue to Microsoft’s Security Response Center (MSRC). After two submissions and additional technical details, MSRC issued its final determination: <strong>“By design.”</strong></p> <p>Four months later, we assessed the real-world prevalence.</p> <p>We built a full reproduction environment, demonstrated the complete attack chain from anonymous internet access to sensitive API data exfiltration, and conducted a wide-scale analysis across the internet-facing APIM landscape. We found over 25,000 Azure APIM Developer Portals exposed to the internet. Based on our heuristic analysis, we estimated that 97.9% of them still accept signup requests. Only 51 instances out of 25,379 have actually removed the vulnerable Basic Authentication provider. The attack requires a web browser and a curl command; no credentials, no prior access, and no Azure subscription in the target tenant.</p> <p> </p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-8c71d64 e-con-full e-flex e-con e-parent" data-id="8c71d64" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-4d027db elementor-widget elementor-widget-heading" data-id="4d027db" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">The Vulnerability</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-9040393 e-con-full e-flex e-con e-parent" data-id="9040393" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-568bfd5 elementor-widget elementor-widget-text-editor" data-id="568bfd5" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <a id="the-three-part-flaw"></a> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-a4066f6 e-con-full e-flex e-con e-parent" data-id="a4066f6" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-ae49ae8 elementor-widget elementor-widget-heading" data-id="ae49ae8" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">The Three-Part Flaw</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-e6910fb e-con-full e-flex e-con e-parent" data-id="e6910fb" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-0a00cc7 elementor-widget elementor-widget-text-editor" data-id="0a00cc7" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>The fundamental issue is a disconnect between what administrators see in the Azure Portal and what actually happens on the backend. Three separate design decisions combine to create the vulnerability:</p> <p><strong>1. The UI toggle is cosmetic:</strong> When an administrator sets portalsettings/signup.properties.enabled to false, the developer portal reads this flag and hides the signup form. The underlying REST API endpoint at /signup remains active and continues to accept registration requests regardless of what the UI displays.</p> <p><strong>2. No tenant validation on the signup endpoint.</strong> Azure APIM Developer Portals are multi-tenant. The APIM infrastructure uses the Host header in incoming requests to route them to the correct instance. When an attacker sends a POST /signup request with Host: victim-portal.developer.azure-api.net, the infrastructure routes it to the victim’s instance. There is no validation that the request originated from that tenant’s portal, that the sender has any relationship to the target organization, or that the request was initiated from the target’s domain.</p> <p><strong>3. The CAPTCHA service is shared across all tenants.</strong> The signup flow includes a CAPTCHA challenge. However, the CAPTCHA validation service is global to Azure APIM. A challenge generated on Instance A is accepted as valid when submitted to Instance B.</p> <p><a id="X7b726d72045493ee04b98d787fee093aed871b0"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-30e11bf e-con-full e-flex e-con e-parent" data-id="30e11bf" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-a5691fb elementor-widget elementor-widget-heading" data-id="a5691fb" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">The Kill Chain: From Anonymous Access to API Keys</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-8130df1 e-con-full e-flex e-con e-parent" data-id="8130df1" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-15a59e6 elementor-widget elementor-widget-text-editor" data-id="15a59e6" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Account creation is the entry point. The actual severity depends on what APIs are exposed through the Developer Portal and whether the attacker can obtain subscription keys to call them. We reproduced the full attack chain on controlled infrastructure to map each step.</p> <p><a id="why-account-creation-alone-is-not-enough"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-aab12e7 e-con-full e-flex e-con e-parent" data-id="aab12e7" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-9bf00e2 elementor-widget elementor-widget-heading" data-id="9bf00e2" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Why Account Creation Alone Is Not Enough</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-4ebf48b e-con-full e-flex e-con e-parent" data-id="4ebf48b" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-6f62cfc elementor-widget elementor-widget-text-editor" data-id="6f62cfc" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>An APIM Developer Portal account gives the attacker a session. What they can do with that session depends on the <strong>product configuration</strong>, a second layer of APIM settings that determines post-authentication access.</p> <p>APIs in APIM are not exposed directly. They are grouped into <strong>Products</strong>, and users must subscribe to a product to obtain a subscription key. Two product-level settings, subscriptionRequired and approvalRequired, determine whether an attacker can self-serve to obtain API access. The critical combination is subscriptionRequired: true with approvalRequired: false (subscription needed, but auto-approved). This is the <strong>default configuration</strong> for the built-in Starter product that ships with every new APIM instance. An attacker who creates an account can immediately subscribe and receive a valid API key without administrator involvement.</p> <p><a id="attack-path-overview"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-6868fdd e-con-full e-flex e-con e-parent" data-id="6868fdd" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-63f1ca5 elementor-widget elementor-widget-heading" data-id="63f1ca5" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Attack Path Overview</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-7dcc48d e-con-full e-flex e-con e-parent" data-id="7dcc48d" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-d2a4dec elementor-widget elementor-widget-text-editor" data-id="d2a4dec" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-00bfab0 e-con-full e-flex e-con e-parent" data-id="00bfab0" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-3298fe1 elementor-widget elementor-widget-image" data-id="3298fe1" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img fetchpriority="high" decoding="async" width="544" height="1308" src="https://www.praetorian.com/wp-content/uploads/2026/03/flowchart-showing-attack-steps-from-anonymous-attacker-disco-1.webp" class="attachment-full size-full wp-image-10950" alt="Flowchart showing attack steps from anonymous attacker discovering target via Shodan to creating developer account and exfiltrating data" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/flowchart-showing-attack-steps-from-anonymous-attacker-disco-1.webp 544w, https://www.praetorian.com/wp-content/uploads/2026/03/flowchart-showing-attack-steps-from-anonymous-attacker-disco-1-125x300.webp 125w, https://www.praetorian.com/wp-content/uploads/2026/03/flowchart-showing-attack-steps-from-anonymous-attacker-disco-1-426x1024.webp 426w" sizes="(max-width: 544px) 100vw, 544px"><figcaption class="widget-image-caption wp-caption-text">Attack path from anonymous attacker to data exfiltration</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-9af606b e-con-full e-flex e-con e-parent" data-id="9af606b" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-4d2d10a elementor-widget elementor-widget-heading" data-id="4d2d10a" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Simulated Attack Chain</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-589ceef e-con-full e-flex e-con e-parent" data-id="589ceef" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-741602a elementor-widget elementor-widget-text-editor" data-id="741602a" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>We demonstrated this against a controlled APIM instance under our ownership, configured with a mock healthcare IoT API behind the default Starter product. The CAPTCHA was generated cross-tenant from a separate APIM instance we control to demonstrate the cross-tenant replay.</p> <p><a id="step-1-identify-the-target."></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-ae38fb7 e-con-full e-flex e-con e-parent" data-id="ae38fb7" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-9ae8846 elementor-widget elementor-widget-heading" data-id="9ae8846" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Step 1: Identify the target.</h4> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-79225a3 e-con-full e-flex e-con e-parent" data-id="79225a3" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-65104af elementor-widget elementor-widget-text-editor" data-id="65104af" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>The attacker discovers the target’s Developer Portal hostname. These are publicly indexed; our Shodan enumeration found 25,379 unique instances.</p> <p>Target: apim-research-target-t3.developer.azure-api.net</p> <p><a id="X6b2794b1dd9fa9a2772ac2a5ffcb82f2e4e1b0f"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-cacc5de e-con-full e-flex e-con e-parent" data-id="cacc5de" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-ee4847b elementor-widget elementor-widget-heading" data-id="ee4847b" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Step 2: Verify the target appears locked down, then bypass it.</h4> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-26e0b9e e-con-full e-flex e-con e-parent" data-id="26e0b9e" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-1c4f22c elementor-widget elementor-widget-text-editor" data-id="1c4f22c" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>The target organization’s portal shows no signup option, and the administrator has “disabled” signup. The only visible option is “Sign in”:</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-25c2f34 e-con-full e-flex e-con e-parent" data-id="25c2f34" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-88b03ef elementor-widget elementor-widget-image" data-id="88b03ef" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img decoding="async" width="1720" height="1328" src="https://www.praetorian.com/wp-content/uploads/2026/03/api-portal-webpage-with-header-navigation-showing-home-apis-1-1.webp" class="attachment-full size-full wp-image-10951" alt="API portal webpage with header navigation showing Home, APIs, Products links and Sign In button, main content area displays 'page content' text" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/api-portal-webpage-with-header-navigation-showing-home-apis-1-1.webp 1720w, https://www.praetorian.com/wp-content/uploads/2026/03/api-portal-webpage-with-header-navigation-showing-home-apis-1-1-300x232.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/api-portal-webpage-with-header-navigation-showing-home-apis-1-1-1024x791.webp 1024w, https://www.praetorian.com/wp-content/uploads/2026/03/api-portal-webpage-with-header-navigation-showing-home-apis-1-1-768x593.webp 768w, https://www.praetorian.com/wp-content/uploads/2026/03/api-portal-webpage-with-header-navigation-showing-home-apis-1-1-1536x1186.webp 1536w" sizes="(max-width: 1720px) 100vw, 1720px"><figcaption class="widget-image-caption wp-caption-text">The target’s Developer Portal. The administrator has disabled signup. No “Sign up” button is visible anywhere on the page.</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-2c45dd5 e-con-full e-flex e-con e-parent" data-id="2c45dd5" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-9500280 elementor-widget elementor-widget-text-editor" data-id="9500280" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Azure APIM Developer Portal with signup disabled showing only a Sign In option and no Sign Up button visible</p> <p><em>The target’s Developer Portal. The administrator has disabled signup. No “Sign up” button is visible anywhere on the page.</em></p> <p>However, a single request confirms whether the signup endpoint is still active behind the scenes:</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-0f2b990 e-con-full e-flex e-con e-parent" data-id="0f2b990" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-b2756da elementor-widget elementor-widget-image" data-id="b2756da" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img decoding="async" width="960" height="424" src="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-showing-curl-post-request-to-signup-api-returning-h-1.webp" class="attachment-full size-full wp-image-10952" alt="Terminal showing curl POST request to signup API returning HTTP 400 error with ValidationError for challenge and signupData fields" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-showing-curl-post-request-to-signup-api-returning-h-1.webp 960w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-showing-curl-post-request-to-signup-api-returning-h-1-300x133.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-showing-curl-post-request-to-signup-api-returning-h-1-768x339.webp 768w" sizes="(max-width: 960px) 100vw, 960px"><figcaption class="widget-image-caption wp-caption-text">POST /signup probe with empty JSON body returns ValidationError confirming active endpoint</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-deaa032 e-con-full e-flex e-con e-parent" data-id="deaa032" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-4ea5391 elementor-widget elementor-widget-text-editor" data-id="4ea5391" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>POST signup probe with empty JSON body returning HTTP 400 ValidationError confirming the signup endpoint is still active</p> <p><em>POST /signup probe with empty JSON body returns ValidationError confirming active endpoint</em></p> <p>The HTTP 400 ValidationError with challenge and signupData fields confirms the /signup endpoint is live and Basic Auth is enabled. The toggle only hid the button.</p> <p><a id="step-3-create-a-cross-tenant-account."></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-1ca1c56 e-con-full e-flex e-con e-parent" data-id="1ca1c56" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-9a6e194 elementor-widget elementor-widget-heading" data-id="9a6e194" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Step 3: Create a cross-tenant account.</h4> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-bc35f9d e-con-full e-flex e-con e-parent" data-id="bc35f9d" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-fa4a867 elementor-widget elementor-widget-text-editor" data-id="fa4a867" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>The attacker generates and solves a CAPTCHA on their own APIM instance, then replays the solution against the target:</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-b9bd2d3 e-con-full e-flex e-con e-parent" data-id="b9bd2d3" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-b3248f1 elementor-widget elementor-widget-image" data-id="b3248f1" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img loading="lazy" decoding="async" width="500" height="436" src="https://www.praetorian.com/wp-content/uploads/2026/03/http-post-request-to-signup-endpoint-with-json-payload-conta-1.webp" class="attachment-full size-full wp-image-10953" alt="HTTP POST request to signup endpoint with JSON payload containing CAPTCHA challenge data and user registration details" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/http-post-request-to-signup-endpoint-with-json-payload-conta-1.webp 500w, https://www.praetorian.com/wp-content/uploads/2026/03/http-post-request-to-signup-endpoint-with-json-payload-conta-1-300x262.webp 300w" sizes="auto, (max-width: 500px) 100vw, 500px"><figcaption class="widget-image-caption wp-caption-text">Cross-tenant signup POST request with attacker credentials and replayed CAPTCHA</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-b54db11 e-con-full e-flex e-con e-parent" data-id="b54db11" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-ae3b262 elementor-widget elementor-widget-image" data-id="ae3b262" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img loading="lazy" decoding="async" width="420" height="176" src="https://www.praetorian.com/wp-content/uploads/2026/03/http-response-showing-status-200-ok-content-type-application-1.webp" class="attachment-full size-full wp-image-10954" alt="HTTP response showing status 200 OK, Content-Type application/json header, and response body containing the string OK" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/http-response-showing-status-200-ok-content-type-application-1.webp 420w, https://www.praetorian.com/wp-content/uploads/2026/03/http-response-showing-status-200-ok-content-type-application-1-300x126.webp 300w" sizes="auto, (max-width: 420px) 100vw, 420px"><figcaption class="widget-image-caption wp-caption-text">HTTP 200 OK response confirming account creation</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-9184338 e-con-full e-flex e-con e-parent" data-id="9184338" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-c079ed7 elementor-widget elementor-widget-image" data-id="c079ed7" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img loading="lazy" decoding="async" width="1316" height="488" src="https://www.praetorian.com/wp-content/uploads/2026/03/email-from-researchpraetoriancom-asking-user-to-confirm-new-1-1.webp" class="attachment-full size-full wp-image-10955" alt="Email from [email protected] asking user to confirm new API account by clicking a suspicious link with long parameters" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/email-from-researchpraetoriancom-asking-user-to-confirm-new-1-1.webp 1316w, https://www.praetorian.com/wp-content/uploads/2026/03/email-from-researchpraetoriancom-asking-user-to-confirm-new-1-1-300x111.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/email-from-researchpraetoriancom-asking-user-to-confirm-new-1-1-1024x380.webp 1024w, https://www.praetorian.com/wp-content/uploads/2026/03/email-from-researchpraetoriancom-asking-user-to-confirm-new-1-1-768x285.webp 768w" sizes="auto, (max-width: 1316px) 100vw, 1316px"><figcaption class="widget-image-caption wp-caption-text">Email invitation after successful self-sign-up</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-0b8f379 e-con-full e-flex e-con e-parent" data-id="0b8f379" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-49ca69a elementor-widget elementor-widget-text-editor" data-id="49ca69a" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Email invitation received after successful anonymous self-signup to the target Azure APIM Developer Portal</p> <p><em>Email invitation after successful self-sign-up</em></p> <p>The backend processes the request without validating the tenant of origin. The account is created in the target’s APIM instance. The attacker receives a confirmation email and can now log in.</p> <p><a id="Xadf1d2eff9fa4ebf9c1108a4310cd6aad77b8f3"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-189e3a5 e-con-full e-flex e-con e-parent" data-id="189e3a5" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-2da9547 elementor-widget elementor-widget-heading" data-id="2da9547" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Step 4: Authenticate, subscribe to a product, and obtain an API key.</h4> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-5cdc911 e-con-full e-flex e-con e-parent" data-id="5cdc911" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-8c6fd2b elementor-widget elementor-widget-text-editor" data-id="8c6fd2b" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>The default Starter product ships with approvalRequired: false. The attacker self-subscribes using a PUT request to the management API. No administrator approval is needed:</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-a3ba61d e-con-full e-flex e-con e-parent" data-id="a3ba61d" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-001045d elementor-widget elementor-widget-image" data-id="001045d" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img loading="lazy" decoding="async" width="960" height="304" src="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-showing-curl-command-making-api-call-to-azure-manag-1.webp" class="attachment-full size-full wp-image-10956" alt="Terminal showing curl command making API call to Azure Management API with Basic authentication, returning HTTP 200 response with JSON ID" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-showing-curl-command-making-api-call-to-azure-manag-1.webp 960w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-showing-curl-command-making-api-call-to-azure-manag-1-300x95.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-showing-curl-command-making-api-call-to-azure-manag-1-768x243.webp 768w" sizes="auto, (max-width: 960px) 100vw, 960px"><figcaption class="widget-image-caption wp-caption-text">Attacker can authenticate as a Developer to the APIM developer portal</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-c7ad55d e-con-full e-flex e-con e-parent" data-id="c7ad55d" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-fdd9af9 elementor-widget elementor-widget-image" data-id="fdd9af9" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img loading="lazy" decoding="async" width="960" height="324" src="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-creating-azure-subscrip-1.webp" class="attachment-full size-full wp-image-10957" alt="Terminal window showing curl command creating Azure subscription with PUT request, displaying HTTP 201 response with JSON data" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-creating-azure-subscrip-1.webp 960w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-creating-azure-subscrip-1-300x101.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-creating-azure-subscrip-1-768x259.webp 768w" sizes="auto, (max-width: 960px) 100vw, 960px"><figcaption class="widget-image-caption wp-caption-text">Self-subscribe PUT request to Starter product returns 201 Created</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-e719eab e-con-full e-flex e-con e-parent" data-id="e719eab" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-37ec580 elementor-widget elementor-widget-image" data-id="37ec580" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img loading="lazy" decoding="async" width="960" height="344" src="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-to-azure-api-with-http-1-1.webp" class="attachment-full size-full wp-image-10958" alt="Terminal window showing curl command to Azure API with HTTP 200 response containing primaryKey and secondaryKey JSON values" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-to-azure-api-with-http-1-1.webp 960w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-to-azure-api-with-http-1-1-300x108.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-to-azure-api-with-http-1-1-768x275.webp 768w" sizes="auto, (max-width: 960px) 100vw, 960px"><figcaption class="widget-image-caption wp-caption-text">listSecrets response containing primary and secondary API keys</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-9f9154a e-con-full e-flex e-con e-parent" data-id="9f9154a" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-7e3c937 elementor-widget elementor-widget-image" data-id="7e3c937" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img loading="lazy" decoding="async" width="1332" height="621" src="https://www.praetorian.com/wp-content/uploads/2026/03/email-from-praetorian-research-welcoming-elgin-lee-to-starte-1.webp" class="attachment-full size-full wp-image-10959" alt="Email from Praetorian Research welcoming Elgin Lee to Starter subscription, showing start date 3/13/2026 and API usage details" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/email-from-praetorian-research-welcoming-elgin-lee-to-starte-1.webp 1332w, https://www.praetorian.com/wp-content/uploads/2026/03/email-from-praetorian-research-welcoming-elgin-lee-to-starte-1-300x140.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/email-from-praetorian-research-welcoming-elgin-lee-to-starte-1-1024x477.webp 1024w, https://www.praetorian.com/wp-content/uploads/2026/03/email-from-praetorian-research-welcoming-elgin-lee-to-starte-1-768x358.webp 768w" sizes="auto, (max-width: 1332px) 100vw, 1332px"><figcaption class="widget-image-caption wp-caption-text">Confirmation email of a successful subscription to Starter</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-158a6cb e-con-full e-flex e-con e-parent" data-id="158a6cb" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-4a1c780 elementor-widget elementor-widget-heading" data-id="4a1c780" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h4 class="elementor-heading-title elementor-size-default">Step 5: Call backend APIs.</h4> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-0df09b6 e-con-full e-flex e-con e-parent" data-id="0df09b6" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-0186939 elementor-widget elementor-widget-text-editor" data-id="0186939" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>With a valid subscription key, the attacker makes authenticated API calls through the APIM gateway:</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-eb3b039 e-con-full e-flex e-con e-parent" data-id="eb3b039" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-ae5d147 elementor-widget elementor-widget-image" data-id="ae5d147" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img loading="lazy" decoding="async" width="960" height="304" src="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-to-medical-device-api-r-1.webp" class="attachment-full size-full wp-image-10960" alt="Terminal window showing curl command to medical device API returning HTTP 200 response with JSON data showing total patient count of 12847" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-to-medical-device-api-r-1.webp 960w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-to-medical-device-api-r-1-300x95.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-curl-command-to-medical-device-api-r-1-768x243.webp 768w" sizes="auto, (max-width: 960px) 100vw, 960px"><figcaption class="widget-image-caption wp-caption-text">Patient count API returns 12,847 records accessible</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-5b0bd8c e-con-full e-flex e-con e-parent" data-id="5b0bd8c" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-efe2d1c elementor-widget elementor-widget-image" data-id="efe2d1c" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img loading="lazy" decoding="async" width="960" height="1224" src="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-json-response-from-medical-api-with-1-1.webp" class="attachment-full size-full wp-image-10961" alt="Terminal window showing JSON response from medical API with patient records including names, diagnoses, and physician details" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-json-response-from-medical-api-with-1-1.webp 960w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-json-response-from-medical-api-with-1-1-235x300.webp 235w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-json-response-from-medical-api-with-1-1-803x1024.webp 803w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-json-response-from-medical-api-with-1-1-768x979.webp 768w" sizes="auto, (max-width: 960px) 100vw, 960px"><figcaption class="widget-image-caption wp-caption-text">Patient search returns full records with MRNs, names, DOBs, diagnoses, and insurance IDs. All data shown above is entirely synthetic, generated by a mock API we built for research.</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-0881ea2 e-con-full e-flex e-con e-parent" data-id="0881ea2" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-52e168d elementor-widget elementor-widget-text-editor" data-id="52e168d" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Simulated patient health records returned via APIM API showing MRNs, names, dates of birth, diagnoses, and insurance IDs from synthetic test data</p> <p><em>Patient search returns full records with MRNs, names, DOBs, diagnoses, and insurance IDs. All data shown above is entirely synthetic, generated by a mock API we built for research.</em></p> <p>From anonymous internet access to patient health records and IoT device authentication tokens. Five steps, no credentials, no prior access to the target organization.</p> <p><a id="X3b0c89f01e5f0b95d7d85b6baf4140534fa4076"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-196f374 e-con-full e-flex e-con e-parent" data-id="196f374" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-28773d4 elementor-widget elementor-widget-heading" data-id="28773d4" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Impact Spectrum: From Noise to Critical Data Exposure</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-a0ecf3b e-con-full e-flex e-con e-parent" data-id="a0ecf3b" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-bd4c3aa elementor-widget elementor-widget-text-editor" data-id="bd4c3aa" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Not every exploitable instance carries the same risk. The Azure APIM signup bypass is the common entry point, but the severity depends on what the organization has placed behind its Developer Portal. We configured three tiers of APIM instances to illustrate the range.</p> <p><a id="the-exploitability-matrix"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-4e77759 e-con-full e-flex e-con e-parent" data-id="4e77759" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-5ec516e elementor-widget elementor-widget-heading" data-id="5ec516e" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">The Exploitability Matrix</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-0880218 e-con-full e-flex e-con e-parent" data-id="0880218" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-a550547 elementor-widget elementor-widget-text-editor" data-id="a550547" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-4c7cf49 e-con-full e-flex e-con e-parent" data-id="4c7cf49" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-8cdd448 elementor-widget elementor-widget-image" data-id="8cdd448" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <figure class="wp-caption"> <img loading="lazy" decoding="async" width="1768" height="1254" src="https://www.praetorian.com/wp-content/uploads/2026/03/flowchart-showing-security-risk-paths-from-cross-tenant-sign-1.webp" class="attachment-full size-full wp-image-10962" alt="Flowchart showing security risk paths from cross-tenant signup through subscription decisions to final risk outcomes" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/flowchart-showing-security-risk-paths-from-cross-tenant-sign-1.webp 1768w, https://www.praetorian.com/wp-content/uploads/2026/03/flowchart-showing-security-risk-paths-from-cross-tenant-sign-1-300x213.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/flowchart-showing-security-risk-paths-from-cross-tenant-sign-1-1024x726.webp 1024w, https://www.praetorian.com/wp-content/uploads/2026/03/flowchart-showing-security-risk-paths-from-cross-tenant-sign-1-768x545.webp 768w, https://www.praetorian.com/wp-content/uploads/2026/03/flowchart-showing-security-risk-paths-from-cross-tenant-sign-1-1536x1089.webp 1536w" sizes="auto, (max-width: 1768px) 100vw, 1768px"><figcaption class="widget-image-caption wp-caption-text">Exploitability decision tree showing impact tiers based on product configuration</figcaption></figure> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-b7518ed e-con-full e-flex e-con e-parent" data-id="b7518ed" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-271b93e elementor-widget elementor-widget-heading" data-id="271b93e" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">At Scale: 25,000+ Developer Portals Exposed</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-aadbc6f e-con-full e-flex e-con e-parent" data-id="aadbc6f" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-b31aeb1 elementor-widget elementor-widget-text-editor" data-id="b31aeb1" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>The original advisory demonstrated the vulnerability against individual instances. We assessed the scope: how many Azure APIM Developer Portals are internet-facing, and how many are likely vulnerable?</p> <p><a id="methodology"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-cee4eb4 e-con-full e-flex e-con e-parent" data-id="cee4eb4" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-5185086 elementor-widget elementor-widget-heading" data-id="5185086" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Methodology</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-30f55b3 e-con-full e-flex e-con e-parent" data-id="30f55b3" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-9575057 elementor-widget elementor-widget-text-editor" data-id="9575057" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>We queried Shodan for all hosts matching hostname:developer.azure-api.net, which returned <strong>69,248 matching banners</strong> for individual port/service observations across internet-facing APIM infrastructure. After deduplication, we identified <strong>25,379 unique APIM Developer Portal instances</strong>. We used this as our sample set for heuristic analysis.</p> <p><strong>Limitation:</strong> This search only identifies portals using the default *.developer.azure-api.net hostname. Organizations that configure custom domains (e.g., developers.contoso.com with a CNAME to Azure APIM) are not captured. Azure uses a single wildcard TLS certificate for all APIM portals, so Certificate Transparency logs do not reveal individual instance names.</p> <p><a id="X41aea7440729aec4e61385a47baf1e16fde56eb"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-9ac8b5e e-con-full e-flex e-con e-parent" data-id="9ac8b5e" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-4a7698e elementor-widget elementor-widget-heading" data-id="4a7698e" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">Heuristic Analysis: Estimating Vulnerability at Scale</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-f694220 e-con-full e-flex e-con e-parent" data-id="f694220" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-4ecae6c elementor-widget elementor-widget-text-editor" data-id="4ecae6c" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>We designed a non-invasive heuristic probe to classify instances without triggering any signup flow or creating any accounts on third-party infrastructure.</p> <p>Our approach: send a POST /signup request with an empty JSON body ({}), no email, password, CAPTCHA, or PII, to every instance. This request cannot create an account and does not complete any step of the signup flow. The probe classifies responses based on error message content: an HTTP 400 containing “ValidationError,” “captcha,” or “challenge” indicates the signup endpoint is active and consistent with an enabled Basic Auth provider; an HTTP 404 indicates the signup endpoint does not exist. These are heuristic-based estimates, not confirmed exploits.</p> <p>Even accounting for the margin of error, <strong>the vast majority of internet-facing APIM Developer Portals, on the order of 23,000 to 25,000 instances, show responses consistent with an active Basic Auth signup endpoint.</strong> Only 51 instances returned HTTP 404 on /signup, indicating the Basic Auth provider has been explicitly removed.</p> <p><a id="what-this-means"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-234047d e-con-full e-flex e-con e-parent" data-id="234047d" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-87f8e55 elementor-widget elementor-widget-heading" data-id="87f8e55" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">What This Means</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-6ba5a4e e-con-full e-flex e-con e-parent" data-id="6ba5a4e" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-1e94cea elementor-widget elementor-widget-text-editor" data-id="1e94cea" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Four months after Haatainen’s public disclosure, the data suggests that very few organizations have taken the remediation step of removing the Basic Auth provider. Because MSRC classified this as “by design,” there was no security advisory or automated patch to drive remediation. Organizations that use the “disable signup” toggle as their primary control may not realize that the Azure APIM signup bypass remains exploitable and that additional action is required.</p> <p><a id="remediation-closing-the-gap"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-52536c2 e-con-full e-flex e-con e-parent" data-id="52536c2" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-e870a2a elementor-widget elementor-widget-heading" data-id="e870a2a" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h2 class="elementor-heading-title elementor-size-default">Remediation: Closing the Gap</h2> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-64645fb e-con-full e-flex e-con e-parent" data-id="64645fb" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-fd6ecc4 elementor-widget elementor-widget-text-editor" data-id="fd6ecc4" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Because MSRC has classified this behavior as “by design,” no patch or automated fix is forthcoming. Organizations running APIM need to take explicit action to close the signup endpoint. The fix is straightforward, but the Azure Portal’s “disable signup” toggle alone is not sufficient.</p> <p><a id="X56a8c51815d2afc6c4c811ac051689e6daa59df"></a> </p></div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-b00aaf8 e-con-full e-flex e-con e-parent" data-id="b00aaf8" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-737a970 elementor-widget elementor-widget-heading" data-id="737a970" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">1. Delete the Basic Authentication identity provider entirely.</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-073b3c5 e-con-full e-flex e-con e-parent" data-id="073b3c5" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-638726d elementor-widget elementor-widget-text-editor" data-id="638726d" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>This is the only remediation that fully eliminates the attack surface. Removing the Basic Auth provider deactivates the /signup endpoint; there is no registration mechanism left for the attacker to target.</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-d8ef701 e-con-full e-flex e-con e-parent" data-id="d8ef701" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-3be925b elementor-widget elementor-widget-image" data-id="3be925b" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <img loading="lazy" decoding="async" width="960" height="164" src="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-delete-basic-au-1.webp" class="attachment-full size-full wp-image-10963" alt="Terminal window showing Azure CLI command to delete Basic Auth Provider from API Management service with subscription and resource group parameters" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-delete-basic-au-1.webp 960w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-delete-basic-au-1-300x51.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-delete-basic-au-1-768x131.webp 768w" sizes="auto, (max-width: 960px) 100vw, 960px"> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-79a7fbe e-con-full e-flex e-con e-parent" data-id="79a7fbe" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-2e121e6 elementor-widget elementor-widget-heading" data-id="2e121e6" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">2. Switch to Azure AD (Entra ID) as the sole identity provider.</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-d41523e e-con-full e-flex e-con e-parent" data-id="d41523e" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-1a389e9 elementor-widget elementor-widget-text-editor" data-id="1a389e9" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Azure AD authentication ties account creation to your organization’s directory. Cross-tenant signups are not possible because users must authenticate through your tenant’s identity system. This is the long-term architectural fix. Learn more about <a href="https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad">configuring Azure AD as an identity provider for APIM</a>.</p> <p> </p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-0e1caac e-con-full e-flex e-con e-parent" data-id="0e1caac" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-1537899 elementor-widget elementor-widget-heading" data-id="1537899" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">3. Require admin approval for all product subscriptions.</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-dca0e3a e-con-full e-flex e-con e-parent" data-id="dca0e3a" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-f497d51 elementor-widget elementor-widget-text-editor" data-id="f497d51" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Even if you cannot immediately remove Basic Auth, setting approvalRequired: true on every product prevents attackers from self-subscribing and obtaining API keys. The attacker can create an account, but cannot obtain API keys without administrator approval.</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-f100636 e-con-full e-flex e-con e-parent" data-id="f100636" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-b272011 elementor-widget elementor-widget-image" data-id="b272011" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <img loading="lazy" decoding="async" width="960" height="204" src="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-set-approval-re-1.webp" class="attachment-full size-full wp-image-10964" alt="Terminal window showing Azure CLI command to set approval required on Starter product using PATCH method with JSON body" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-set-approval-re-1.webp 960w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-set-approval-re-1-300x64.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-set-approval-re-1-768x163.webp 768w" sizes="auto, (max-width: 960px) 100vw, 960px"> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-150642a e-con-full e-flex e-con e-parent" data-id="150642a" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-0342996 elementor-widget elementor-widget-heading" data-id="0342996" data-element_type="widget" data-e-type="widget" data-widget_type="heading.default"> <h3 class="elementor-heading-title elementor-size-default">4. Audit existing developer portal accounts.</h3> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-bfec1db e-con-full e-flex e-con e-parent" data-id="bfec1db" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-ba1b348 elementor-widget elementor-widget-text-editor" data-id="ba1b348" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <p>Look for accounts that were created after you “disabled” signup. Check for accounts using external email domains or accounts created via the Basic identity provider. Remove any unauthorized accounts and revoke their subscription keys.</p> </div> </div> <div data-particle_enable="false" data-particle-mobile-disabled="false" class="elementor-element elementor-element-8513f4e e-con-full e-flex e-con e-parent" data-id="8513f4e" data-element_type="container" data-e-type="container"> <div class="elementor-element elementor-element-7a90143 elementor-widget elementor-widget-image" data-id="7a90143" data-element_type="widget" data-e-type="widget" data-widget_type="image.default"> <img loading="lazy" decoding="async" width="960" height="244" src="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-list-developer-1-1.webp" class="attachment-full size-full wp-image-10965" alt="Terminal window showing Azure CLI command to list developer portal users with Basic authentication, displaying API endpoint URL" srcset="https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-list-developer-1-1.webp 960w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-list-developer-1-1-300x76.webp 300w, https://www.praetorian.com/wp-content/uploads/2026/03/terminal-window-showing-azure-cli-command-to-list-developer-1-1-768x195.webp 768w" sizes="auto, (max-width: 960px) 100vw, 960px"> </div> </div> </div><p>The post <a href="https://www.praetorian.com/blog/azure-apim-signup-bypass/">Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and from the Internet</a> appeared first on <a href="https://www.praetorian.com/">Praetorian</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/azure-apim-signup-bypass-97-9-of-developer-portals-still-exploitable-anonymously-and-from-the-internet/" data-a2a-title="Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and from the Internet"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fazure-apim-signup-bypass-97-9-of-developer-portals-still-exploitable-anonymously-and-from-the-internet%2F&amp;linkname=Azure%20APIM%20Signup%20Bypass%3A%2097.9%25%20of%20Developer%20Portals%20Still%20Exploitable%20Anonymously%20and%20from%20the%20Internet" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fazure-apim-signup-bypass-97-9-of-developer-portals-still-exploitable-anonymously-and-from-the-internet%2F&amp;linkname=Azure%20APIM%20Signup%20Bypass%3A%2097.9%25%20of%20Developer%20Portals%20Still%20Exploitable%20Anonymously%20and%20from%20the%20Internet" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fazure-apim-signup-bypass-97-9-of-developer-portals-still-exploitable-anonymously-and-from-the-internet%2F&amp;linkname=Azure%20APIM%20Signup%20Bypass%3A%2097.9%25%20of%20Developer%20Portals%20Still%20Exploitable%20Anonymously%20and%20from%20the%20Internet" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fazure-apim-signup-bypass-97-9-of-developer-portals-still-exploitable-anonymously-and-from-the-internet%2F&amp;linkname=Azure%20APIM%20Signup%20Bypass%3A%2097.9%25%20of%20Developer%20Portals%20Still%20Exploitable%20Anonymously%20and%20from%20the%20Internet" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fazure-apim-signup-bypass-97-9-of-developer-portals-still-exploitable-anonymously-and-from-the-internet%2F&amp;linkname=Azure%20APIM%20Signup%20Bypass%3A%2097.9%25%20of%20Developer%20Portals%20Still%20Exploitable%20Anonymously%20and%20from%20the%20Internet" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.praetorian.com/blog/">Offensive Security Blog: Latest Trends in Hacking | Praetorian</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by n8n-publisher">n8n-publisher</a>. Read the original post at: <a href="https://www.praetorian.com/blog/azure-apim-signup-bypass/">https://www.praetorian.com/blog/azure-apim-signup-bypass/</a> </p>

<h2>Are You Overlooking the Crucial Role of Non-Human Identities in Access Management?</h2><p>Managing Non-Human Identities (NHIs) is no longer a luxury but a necessity for robust cybersecurity. These NHIs represent machine identities, pivotal in maintaining the security protocols inherent in automated systems. The growing reliance on technology across industries necessitates an understanding of their importance. But how exactly do NHIs manage access, and why should your organization care?</p><h3>Understanding the Essence of Non-Human Identities</h3><p>The concept of Non-Human Identities revolves around machine identities created by fusing a “Secret”—an encrypted password, token, or key—and the permissions granted by destination servers. Think of it as combining a tourist and their passport; the identity is the tourist, while the secret serves as the passport enabling access to different systems.</p><p>NHIs become crucial in environments relying heavily on automation, particularly in sectors like financial services, healthcare, travel, and DevOps. Where we increasingly transition to cloud-centric operations, the demand for effective NHI management escalates. The absence of such oversight can forge significant security gaps.</p><h3>Bridging the Gap: Security and R&amp;D Teams</h3><p>One of the perennial challenges faced by organizations is the disconnect between security and Research &amp; Development (R&amp;D) teams. This gap often leads to vulnerabilities that are easily exploitable by malicious entities. The comprehensive management of NHIs offers a cohesive strategy, facilitating a seamless and secure cloud environment. By ensuring end-to-end protection, NHIs help bridge these gaps effectively.</p><h3>Lifecycle Management in NHI</h3><p>Effective NHI management involves paying meticulous attention to every stage of their lifecycle, from discovery and classification to threat detection and remediation. Such an approach contrasts significantly with point solutions like secret scanners, which offer a narrow field of protection.</p><ul> <li><strong>Discovery and Classification:</strong> Identifying and categorizing NHIs is the foundational step in establishing secure systems.</li> <li><strong>Threat Detection:</strong> Monitoring the NHIs’ behaviors within systems is crucial for detecting any anomalies or potential threats to security.</li> <li><strong>Remediation:</strong> Prompt actions based on identified threats help mitigate risks efficiently.</li> </ul><p>Understanding the entire lifecycle facilitates a context-aware security practice, offering insights into ownership, permissions, usage patterns, and potential vulnerabilities.</p><h3>Benefits of Implementing NHI Management</h3><p>Organizations committed to NHI management experience several significant advantages:</p><ul> <li><strong>Reduced Risk:</strong> Proactively mitigating security threats decreases the likelihood of breaches and data leaks.</li> <li><strong>Improved Compliance:</strong> By meeting regulatory requirements through policy enforcement and audit trails, businesses adhere to necessary compliance standards.</li> <li><strong>Increased Efficiency:</strong> Automating NHIs and secrets management allows security teams to concentrate on strategic initiatives.</li> <li><strong>Enhanced Visibility and Control:</strong> A centralized view for access management and governance empowers organizations with better security oversight.</li> <li><strong>Cost Savings:</strong> Automating secrets rotation and decommissioning NHIs significantly reduces operational costs.</li> </ul><h3>Insights into Industry Relevance</h3><p>Given the diverse range of industries relying on cloud technology, from healthcare to travel, the relevance of NHI management cannot be overstated. For DevOps and Security Operations Center (SOC) teams, efficient NHI management optimizes operations and safeguards against potential threats. Such practices translate into not just compliance and security but also a dependable operational framework that withstands the test of time.</p><p>For more on how <a href="https://entro.security/blog/harnessing-ai-in-ima-and-am/">harnessing AI in Identity and Access Management (IAM) and Access Management (AM)</a> can complement NHI management, explore strategies that lead to a more secure cyber.</p><h3>Building a Secure Cloud Environment</h3><p>The cloud has become the backbone of modern operations, transforming how businesses innovate and serve their clients. However, this transition demands a renewed focus on security. NHIs play a pivotal role, addressing prevalent security gaps and facilitating a secure cloud environment. This aligns with <a href="https://entro.security/blog/just-in-time-access-role-in-non-human-identities-access-management/">Just-in-Time access in Non-Human Identities access management </a> to ensure timely and secured permissions.</p><p>The strategic significance of NHIs becomes evident when they help manage machine identities crucial to better cybersecurity measures. Interested in a deeper dive on how this strategic approach aligns with zero trust principles? See the discussion on <a href="https://entro.security/blog/the-role-of-secrets-management-in-zero-trust-architecture/">the role of secrets management in Zero Trust Architecture</a>.</p><p>By taking a holistic view of NHI management, organizations not only protect their systems but also create an agile infrastructure capable of adapting to evolving threats. This approach represents a forward-thinking paradigm, empowering businesses to navigate the complexities of cybersecurity with confidence.</p><h3>Why Are Non-Human Identities Essential for Cloud Security?</h3><p>Have you ever considered how cloud security would function without proper oversight of Non-Human Identities (NHIs)? When organizations shift more of their operations to the cloud, they encounter an equally significant shift in focus towards safeguarding these machine identities. NHIs include encrypted passwords, tokens, and keys that effectively act as digital signatures, allowing machines to communicate securely and efficiently. When managed correctly, they provide a robust line of defense against unauthorized access and potential breaches.</p><p>Mismanagement or neglect of NHIs can severely compromise security, expose sensitive data, and even bring operations to a standstill. Ineffective NHI management has consequences that ripple through every level of an enterprise’s architecture, highlighting the essential role these identities play in digital. These challenges elevate the importance of adopting a comprehensive approach to NHI management where organizations fortify their cloud-based operations.</p><h3>Real-world Implications and Industry Challenges</h3><p>In industries like financial services and healthcare, where sensitive data is abundant, the proper management of NHIs is crucial. These sectors routinely handle large volumes of sensitive information, from financial transactions to personal health records, making them prime targets for cyberattacks. In these fields, an improperly managed machine identity can open the door to devastating breaches.</p><p>Across various industries—such as travel, DevOps, and SOC teams—the common thread of concern points to automating processes while maintaining security. Cloud technology brings unprecedented scalability and operational efficiency, but it also creates unique challenges. Companies need to integrate NHI management as a cornerstone of their cybersecurity strategy, balancing this advancement with stringent security measures.</p><h3>Understanding Technical</h3><p>Is your organization keeping pace with the latest advancements in NHI management? Behavioral analytics and machine learning, for instance, play a vital role in enhancing NHI oversight. These technologies help create advanced systems that predict and alert to abnormal behavior based on historic data patterns. Such sophistication supports a proactive security posture, catching potential threats before they manifest into full-fledged attacks.</p><p>Moreover, implementing multi-factor authentication (MFA) for machines, much like humans, adds an extra layer of security. MFA ensures that even if a machine’s “passport” or identity gets compromised, unauthorized entities cannot easily exploit system access. For insights on implementing these protocols, explore the detailed guidelines outlined in <a href="https://entro.security/blog/implementing-nhi-security-protocols/">Implementing NHI Security Protocols</a>.</p><h3>Automation: The Double-Edged Sword</h3><p>While automation contributes to efficiency and scalability, it inherently carries risks if not meticulously managed. Automating the lifecycle of NHIs—ensuring timely updates, permissions adjustments, and decommissioning—reduces the chances of security lapses. Yet, the failure to update and rotate secrets promptly could lead to vulnerabilities. This emphasizes the importance of comprehensive automation strategies to mitigate risk, as highlighted in <a href="https://entro.security/blog/how-cisos-should-prepare-for-2025/">how CISOs should prepare for 2025</a>.</p><p>Meanwhile, those involved in DevOps face parallel challenges. The speed and agility provided by DevOps necessitate machine identities to seamlessly interconnect various components within cloud infrastructure. NHI management must therefore align with DevOps methodologies, ensuring that systems are both agile and secure.</p><h3>Segmentation and Access Control</h3><p>A robust NHI management strategy necessitates precise segmentation and access control. Segmenting machine identities helps compartmentalize access and limits the scope of potential breaches. With NHIs communicate between applications, databases, and scripts, defining access parameters based on roles ensures that machines execute only what they are permitted to, preventing overreach and misuse.</p><p>In developing these frameworks, organizations gain enhanced oversight into machine communications and workflows. Such insights aid in identifying and sealing security loopholes, creating fortified, yet flexible, security postures.</p><h3>New with Artificial Intelligence</h3><p>Are you leveraging AI to optimize NHI management in your organization? Artificial intelligence introduces new managing NHIs by automating the detection of threat anomalies and proposing remediation actions. AI’s predictive modeling capabilities offer insights into access behaviors and patterns, helping refine security procedures. For more information on integrating AI into Identity Access Management, explore <a href="https://entro.security/blog/non-human-identity-security-in-saas/">Non-Human Identity Security in SaaS</a>.</p><p>Integrating AI into managing machine identities ensures a dynamic response to emerging threats, enhancing the ability to neutralize them swiftly. This merging of AI with NHI systems represents a pivotal evolution in cybersecurity dynamics.</p><p>In summary, with digital become progressively complex, Non-Human Identites and secrets management remains a pivotal component. Building and maintaining a secure cloud environment requires a concerted focus on managing these machine identities at each stage of their lifecycle. By aligning various departmental security policies and leveraging technological advancements like AI, progressive organizations will ensure robust and enduring protection across their cloud environments. With these strategies in place, businesses can boost their resilience against escalating cybersecurity threats and drive innovation, knowing their core operations remain secure.</p><p>The post <a href="https://entro.security/how-do-non-human-identities-manage-access/">How do Non-Human Identities manage access?</a> appeared first on <a href="https://entro.security/">Entro</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/how-do-non-human-identities-manage-access/" data-a2a-title="How do Non-Human Identities manage access?"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fhow-do-non-human-identities-manage-access%2F&amp;linkname=How%20do%20Non-Human%20Identities%20manage%20access%3F" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fhow-do-non-human-identities-manage-access%2F&amp;linkname=How%20do%20Non-Human%20Identities%20manage%20access%3F" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fhow-do-non-human-identities-manage-access%2F&amp;linkname=How%20do%20Non-Human%20Identities%20manage%20access%3F" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fhow-do-non-human-identities-manage-access%2F&amp;linkname=How%20do%20Non-Human%20Identities%20manage%20access%3F" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fhow-do-non-human-identities-manage-access%2F&amp;linkname=How%20do%20Non-Human%20Identities%20manage%20access%3F" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://entro.security/">Entro</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Alison Mack">Alison Mack</a>. Read the original post at: <a href="https://entro.security/how-do-non-human-identities-manage-access/">https://entro.security/how-do-non-human-identities-manage-access/</a> </p>

Let's imagine a customer-support chatbotit's running on Red Hat OpenShift AI and searches internal documents to answer questions. A user asks it a common question, but the chatbot inadvertently retri… [+13664 chars]

<p>Companies know they have a problem with generative AI and quantum security. They just haven’t done much about it yet.</p><p>That’s the upshot of Utimaco’s 2026 Digital Trust Report, a commissioned study of 250 large U.S. companies released at RSAC 2026. The research, conducted by 451 Research from S&amp;P Global, exposes a stark gap between awareness and action across both AI and quantum security.</p><p>On the AI side, 78% of respondents said data breaches are the greatest risk associated with generative AI that must be addressed in the next 12 months. Close behind: 77% flagged intellectual property theft as a top concern. Yet more than half (57%) have not yet implemented any countermeasures. Over 90% say AI is used in daily production operations, and nearly two-thirds report running hybrid IT infrastructure with strategic public cloud workloads. So the exposure is real and widespread; the response is not.</p><p>The quantum findings are even more striking. Seventy-two percent of respondents identified attacks on legacy data as the biggest quantum security risk, pointing specifically to “harvest now, decrypt later” (HNDL) attacks, where adversaries collect encrypted data today with the intent to decrypt it once quantum computing matures. Despite that recognition, 75% have not implemented a corresponding solution. Only 23% have deployed anything to address HNDL.</p><p>Data sovereignty rounded out the findings. Eighty percent of respondents rated protecting customer data as “very” or “critically” important, even as the U.S. lacks a national privacy law equivalent to GDPR. The report notes that sovereignty has become a genuinely global concern regardless of local regulatory requirements.</p><p>“Given the new risks posed by technologies such as AI and quantum computing, data protection and data security require strategic measures,” said Tina Stewart, CMO at Utimaco. “Developing a long-term encryption strategy provides the necessary flexibility to address current data protection threats to AI and future risks posed by quantum computing.”</p><p>451 Research analyst Justin Lam put it plainly: “The tension between enterprise risk and readiness is real.”</p><p>Utimaco makes hardware security modules and key management solutions for on-premises and cloud environments. The full 2026 Digital Trust Report is available for download from Utimaco’s website.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/utimaco-survey-78-of-us-companies-say-data-breaches-are-the-top-genai-risk-but-most-havent-acted/" data-a2a-title="Utimaco Survey: 78% of US Companies Say Data Breaches Are the Top GenAI Risk, But Most Haven’t Acted"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Futimaco-survey-78-of-us-companies-say-data-breaches-are-the-top-genai-risk-but-most-havent-acted%2F&amp;linkname=Utimaco%20Survey%3A%2078%25%20of%20US%20Companies%20Say%20Data%20Breaches%20Are%20the%20Top%20GenAI%20Risk%2C%20But%20Most%20Haven%E2%80%99t%20Acted" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Futimaco-survey-78-of-us-companies-say-data-breaches-are-the-top-genai-risk-but-most-havent-acted%2F&amp;linkname=Utimaco%20Survey%3A%2078%25%20of%20US%20Companies%20Say%20Data%20Breaches%20Are%20the%20Top%20GenAI%20Risk%2C%20But%20Most%20Haven%E2%80%99t%20Acted" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Futimaco-survey-78-of-us-companies-say-data-breaches-are-the-top-genai-risk-but-most-havent-acted%2F&amp;linkname=Utimaco%20Survey%3A%2078%25%20of%20US%20Companies%20Say%20Data%20Breaches%20Are%20the%20Top%20GenAI%20Risk%2C%20But%20Most%20Haven%E2%80%99t%20Acted" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Futimaco-survey-78-of-us-companies-say-data-breaches-are-the-top-genai-risk-but-most-havent-acted%2F&amp;linkname=Utimaco%20Survey%3A%2078%25%20of%20US%20Companies%20Say%20Data%20Breaches%20Are%20the%20Top%20GenAI%20Risk%2C%20But%20Most%20Haven%E2%80%99t%20Acted" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Futimaco-survey-78-of-us-companies-say-data-breaches-are-the-top-genai-risk-but-most-havent-acted%2F&amp;linkname=Utimaco%20Survey%3A%2078%25%20of%20US%20Companies%20Say%20Data%20Breaches%20Are%20the%20Top%20GenAI%20Risk%2C%20But%20Most%20Haven%E2%80%99t%20Acted" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>AI agents are already deployed broadly across enterprise environments. The problem is that organizations can’t tell what they’re doing.</p><p>That’s the core finding of a new survey report released at RSAC 2026 by the Cloud Security Alliance, commissioned by Aembit. The “Identity and Access Gaps in the Age of Autonomous AI” report surveyed 228 IT and security professionals in January 2026 and found that identity governance for AI agents is, in most organizations, essentially improvised.</p><p>The headline number: 68% of organizations cannot clearly distinguish between human and AI agent activity, even as 73% expect AI agents to become vital to their operations within the next year. Eighty-five percent say AI agents are already running in production environments, across task automation (67%), research (52%), developer assistance (50%), and security monitoring (50%). In other words, these agents are doing real work inside real systems with real access, and most organizations lack the controls to attribute their actions.</p><p>The identity situation is particularly fragmented. Fifty-two percent of organizations use workload identities for agents, 43% rely on shared service accounts, and 31% allow agents to operate under human user identities. Nearly three-quarters (74%) say agents often receive more access than necessary. Seventy-nine percent believe agents create new access pathways that are difficult to monitor. Only 22% report that access frameworks are applied “very consistently” to AI agents.</p><p>Ownership is scattered too: 28% say security leads responsibility, followed by development and engineering (21%) and IT (19%). Only 9% point to IAM teams.</p><p>“AI agents are inheriting human permissions, operating under shared accounts, and expanding the attack surface in ways that existing IAM tools weren’t designed to handle,” said David Goldschlag, co-founder and CEO of Aembit. “Agentic autonomy without identity-level access controls is a risk organizations can’t afford to ignore.”</p><p>Hillary Baron, AVP of Research at CSA, added that existing IAM approaches “were not designed for autonomous agents and are showing strain as deployments scale.”</p><p>The full report is available from the Cloud Security Alliance. Aembit is a non-human identity and access management platform backed by $45 million in total funding.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/csa-and-aembit-survey-68-of-organizations-cant-distinguish-ai-agent-actions-from-human-activity/" data-a2a-title="CSA and Aembit Survey: 68% of Organizations Can’t Distinguish AI Agent Actions from Human Activity"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcsa-and-aembit-survey-68-of-organizations-cant-distinguish-ai-agent-actions-from-human-activity%2F&amp;linkname=CSA%20and%20Aembit%20Survey%3A%2068%25%20of%20Organizations%20Can%E2%80%99t%20Distinguish%20AI%20Agent%20Actions%20from%20Human%20Activity" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcsa-and-aembit-survey-68-of-organizations-cant-distinguish-ai-agent-actions-from-human-activity%2F&amp;linkname=CSA%20and%20Aembit%20Survey%3A%2068%25%20of%20Organizations%20Can%E2%80%99t%20Distinguish%20AI%20Agent%20Actions%20from%20Human%20Activity" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcsa-and-aembit-survey-68-of-organizations-cant-distinguish-ai-agent-actions-from-human-activity%2F&amp;linkname=CSA%20and%20Aembit%20Survey%3A%2068%25%20of%20Organizations%20Can%E2%80%99t%20Distinguish%20AI%20Agent%20Actions%20from%20Human%20Activity" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcsa-and-aembit-survey-68-of-organizations-cant-distinguish-ai-agent-actions-from-human-activity%2F&amp;linkname=CSA%20and%20Aembit%20Survey%3A%2068%25%20of%20Organizations%20Can%E2%80%99t%20Distinguish%20AI%20Agent%20Actions%20from%20Human%20Activity" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcsa-and-aembit-survey-68-of-organizations-cant-distinguish-ai-agent-actions-from-human-activity%2F&amp;linkname=CSA%20and%20Aembit%20Survey%3A%2068%25%20of%20Organizations%20Can%E2%80%99t%20Distinguish%20AI%20Agent%20Actions%20from%20Human%20Activity" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

In a previous post on language modeling, I implemented a GPT-style transformer. Lately Ive been learning mechanistic interpretability to go deeper and understand why the transformer works on a mathem… [+20487 chars]

<h2><b>What happened</b></h2><p class="p3">The <span class="s2">FBI</span> issued a warning that Iran-linked hackers tied to the country’s <span class="s2">Ministry of Intelligence and Security (MOIS)</span> are using <span class="s2">Telegram</span> as command-and-control infrastructure in malware campaigns. The activity has been attributed to the <span class="s2">Handala</span> hacktivist group and related state-linked actors, who are targeting journalists, dissidents, and opposition groups worldwide. According to the alert, attackers rely on social engineering to infect victims with <span class="s2">Windows-based malware</span>, which is then used to exfiltrate files and screenshots from compromised systems. The FBI said the campaigns are part of broader “hack-and-leak” operations aimed at intelligence collection and reputational damage amid heightened geopolitical tensions.<span class="Apple-converted-space">  </span></p><h2><b>Who is affected</b></h2><p class="p3">Journalists, political dissidents, and individuals critical of the Iranian government are primarily affected, along with organizations and individuals globally who may be targeted through similar malware delivery tactics.<span class="Apple-converted-space">  </span></p><h2><b>Why CISOs should care</b></h2><p class="p3">The campaign shows how attackers are increasingly leveraging widely used messaging platforms like Telegram as covert infrastructure for malware operations, blending social engineering with command-and-control activity.<span class="Apple-converted-space">  </span></p><h2><b>3 practical actions</b></h2><ol> <li class="p3"><span class="s2"><b>Monitor messaging platforms for abuse.</b></span> Watch for suspicious links, files, or communications originating from Telegram-based channels.<span class="Apple-converted-space">  </span></li> <li class="p3"><span class="s2"><b>Harden defenses against social engineering.</b></span> The attacks rely on tricking users into executing malware rather than exploiting software flaws.<span class="Apple-converted-space">  </span></li> <li class="p3"><span class="s2"><b>Detect data exfiltration behavior.</b></span> Monitor for unusual file transfers or screenshot capture activity on endpoints.<span class="Apple-converted-space">  </span></li> </ol><p class="p3"><i>For more coverage of large-scale incidents and threat activity, explore our reporting on </i><a href="https://cisowhisperer.com/tag/cyberattack/"><span class="s2"><b><i>Cyberattacks</i></b></span></a><i>.</i></p><p>The post <a rel="nofollow" href="https://cisowhisperer.com/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/">FBI Warns of Handala Hackers Using Telegram in Malware Attacks</a> appeared first on <a rel="nofollow" href="https://cisowhisperer.com/">CISO Whisperer</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/" data-a2a-title="FBI Warns of Handala Hackers Using Telegram in Malware Attacks"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-warns-of-handala-hackers-using-telegram-in-malware-attacks%2F&amp;linkname=FBI%20Warns%20of%20Handala%20Hackers%20Using%20Telegram%20in%20Malware%20Attacks" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-warns-of-handala-hackers-using-telegram-in-malware-attacks%2F&amp;linkname=FBI%20Warns%20of%20Handala%20Hackers%20Using%20Telegram%20in%20Malware%20Attacks" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-warns-of-handala-hackers-using-telegram-in-malware-attacks%2F&amp;linkname=FBI%20Warns%20of%20Handala%20Hackers%20Using%20Telegram%20in%20Malware%20Attacks" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-warns-of-handala-hackers-using-telegram-in-malware-attacks%2F&amp;linkname=FBI%20Warns%20of%20Handala%20Hackers%20Using%20Telegram%20in%20Malware%20Attacks" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-warns-of-handala-hackers-using-telegram-in-malware-attacks%2F&amp;linkname=FBI%20Warns%20of%20Handala%20Hackers%20Using%20Telegram%20in%20Malware%20Attacks" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://cisowhisperer.com">CISO Whisperer</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Evan Rowe">Evan Rowe</a>. Read the original post at: <a href="https://cisowhisperer.com/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks">https://cisowhisperer.com/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks</a> </p>

<p>SAN FRANCISCO – Datadog Inc. on Monday <a href="https://www.globenewswire.com/news-release/2026/03/23/3260461/0/en/Bits-AI-Security-Analyst-Reduces-Threat-Investigation-Time-by-up-to-98.html">announced</a> general availability of its Bits AI Security Analyst, a move designed to transform how security teams handle the overwhelming surge of digital threats.</p><p>Integrated directly into Datadog’s Cloud SIEM (Security Information and Event Management), the new AI agent aims to solve a critical bottleneck in the Security Operations Center (SOC). By autonomously investigating alerts, Bits AI can reportedly condense complex investigations that traditionally take human analysts hours into as little as 30 seconds.</p><p>Modern security teams are currently caught in a pincer movement: a global talent shortage on one side, and the rise of agentic-powered AI attacks on the other. According to Datadog, the sheer volume of data makes it nearly impossible for human teams to triage every threat manually.</p><p>“Traditional SIEMs are leaving enterprises increasingly exposed because queues keep growing and investigations take longer to correlate,” said Tim Knudsen, vice president of security products at Datadog. He noted that Bits AI leverages observability signals to provide “fully explained verdicts,” allowing human teams to focus on high-impact defense rather than manual data sorting.</p><p>Datadog claims that Bits AI functions as an “always-on senior SOC analyst,” offering several operational advantages: rapid resolution, which reduces the mean-time-to-resolution (MTTR) by more than 90%; unified visibility, which aggregates data across clouds, identities, and endpoint detection and Response (EDR) systems; and enterprise scaling, built-in security controls like Role-Based Access Control (RBAC) ensure the AI operates within corporate governance frameworks.</p><p>The launch at RSAC 2026 here signals a shift toward autonomous security operations. As GenAI attacks intensify, Datadog Chief Product Officer Yanbing Li emphasized that “intelligent, autonomous systems” are no longer optional for Fortune 500 companies.</p><p>Bits AI Security Analyst is available to all Datadog customers.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/datadog-launches-ai-security-agent-to-combat-machine-speed-cyberattacks/" data-a2a-title="Datadog Launches AI Security Agent to Combat Machine-Speed Cyberattacks"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdatadog-launches-ai-security-agent-to-combat-machine-speed-cyberattacks%2F&amp;linkname=Datadog%20Launches%20AI%20Security%20Agent%20to%20Combat%20Machine-Speed%20Cyberattacks" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdatadog-launches-ai-security-agent-to-combat-machine-speed-cyberattacks%2F&amp;linkname=Datadog%20Launches%20AI%20Security%20Agent%20to%20Combat%20Machine-Speed%20Cyberattacks" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdatadog-launches-ai-security-agent-to-combat-machine-speed-cyberattacks%2F&amp;linkname=Datadog%20Launches%20AI%20Security%20Agent%20to%20Combat%20Machine-Speed%20Cyberattacks" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdatadog-launches-ai-security-agent-to-combat-machine-speed-cyberattacks%2F&amp;linkname=Datadog%20Launches%20AI%20Security%20Agent%20to%20Combat%20Machine-Speed%20Cyberattacks" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdatadog-launches-ai-security-agent-to-combat-machine-speed-cyberattacks%2F&amp;linkname=Datadog%20Launches%20AI%20Security%20Agent%20to%20Combat%20Machine-Speed%20Cyberattacks" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<h2>The Evolution of the 4 C's in the AI Era</h2><p>Honestly, the old "4 C's" of cloud security—Cloud, Cluster, Container, and Code—feel like they're from a different century now that we're all obsessed with ai. It's funny because we spent years perfecting those layers, and then large language models showed up and basically broke the mental model.</p><p>The problem is that traditional security treats data like a static object sitting in a database, but in an ai-driven setup, data is constantly flowing through "context windows." It's not just about protecting the container anymore; it's about what the model is actually doing with the information it grabs. Standard cloud security doesn't really care about "model context," which is a huge blind spot. </p><p>When you have an ai agent in a healthcare setting pulling patient records to summarize a chart, the security risk isn't just a leaked api key—it's the agent getting "hallucinations" or being manipulated by a prompt injection. </p><ul> <li><strong>Static vs. Dynamic:</strong> Old workloads stayed put. New ai agents are basically digital employees that can browse the web, read your emails, and execute code on the fly.</li> <li><strong>The Context Gap:</strong> If a retail bot has access to your inventory but gets tricked into giving a 99% discount, your firewall isn't going to save you.</li> <li><strong>Enter MCP:</strong> We're seeing a shift toward the <strong>Model Context Protocol (mcp)</strong>. To put it simply, mcp is an open standard that lets developers build secure, two-way connections between data sources and ai models. It's a way to standardize how these models talk to data securely, so we aren't just winging it with custom integrations.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/685d00d4cb08ab5f5934b924/68e48f8dc1f49fce36589012/what-are-the-4-cs-of-cloud-security/mermaid-diagram-1.svg" alt="Diagram 1"></p><p>According to a <a href="https://www.ibm.com/reports/data-breach">2024 report by IBM</a>, the average cost of a breach is hitting record highs, and as ai becomes the backbone of infrastructure, these costs are only going up if we don't adapt. </p><p>Next, we'll look at how the first "C"—Cloud—is getting a massive makeover for the ai age.</p><h2>Cloud: GPU Availability and Specialized VPCs</h2><p>When we talk about the first "C"—Cloud—it’s not just about where your data sits anymore. In the ai era, the cloud layer is being redefined by the massive demand for compute. We're seeing a shift toward specialized VPCs (Virtual Private Clouds) designed specifically for model training and inference. </p><p>If you're running heavy workloads, your cloud security now involves managing GPU availability and ensuring that the specialized hardware isn't creating new holes in your perimeter. You have to worry about how your ai models are partitioned off from the rest of your corporate network.</p><ul> <li><strong>Specialized AI Infrastructure:</strong> We're moving toward dedicated clusters for llms where the networking is tuned for high-speed data transfer between nodes.</li> <li><strong>GPU-Aware Security:</strong> Your cloud provider handles the physical hardware, but you're now responsible for the security of the actual data flowing into those GPUs.</li> <li><strong>Future-Proofing with Quantum:</strong> As a side note, we also need to think about "quantum-hardened" connectivity. While it's a bit of a future problem, "harvest now, decrypt later" attacks mean we should start looking at post-quantum cryptography (PQC) for our cloud tunnels sooner than later.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/685d00d4cb08ab5f5934b924/68e48f8dc1f49fce36589012/what-are-the-4-cs-of-cloud-security/mermaid-diagram-2.svg" alt="Diagram 2"></p><p>A 2024 study by Deloitte found that most organizations aren't prepared for these new infrastructure demands, which is wild considering how much data we're pumping into ai right now. </p><p>Next, we're diving into the "Cluster" layer to see how we manage these ai workloads without losing our minds.</p><h2>Cluster: Orchestration and Control Planes</h2><p>Managing a cluster used to just be about keeping the lights on, but now that we're cramming ai models into every corner of our infrastructure, things have gotten… messy. The "Cluster" layer is all about orchestration—usually kubernetes—and how the control plane manages these complex ai agents.</p><p>If your kubernetes nodes are chatting with sensitive data via mcp, you can't just slap a basic network policy on it and call it a day. You need to focus on how the control plane is authenticated. I've seen so many teams struggle to get their mcp servers running because they try to hand-code every single connection. </p><p>Honestly, it's a nightmare. That's why tools like <strong>Gopher Security</strong> are such a lifesaver. Gopher is a platform used to automate the security layer for mcp servers—it basically acts as the glue that ensures your cluster orchestration stays secure without you having to write a thousand lines of yaml.</p><ul> <li><strong>Zero-Trust Clusters:</strong> Your ai agent shouldn't just have a "golden ticket" to every database in the cluster.</li> <li><strong>Control Plane Integrity:</strong> Protecting the kubernetes api is more important than ever when it's managing models that have access to your entire data lake.</li> </ul><h2>Container: Image Security and Model Weights</h2><p>Now, let's talk about the "Container" layer specifically. This is where the actual ai runtimes live—things like Ollama or vLLM. Container security for ai is a different beast because these images are huge. You aren't just scanning a tiny linux distro; you're dealing with massive layers containing model weights and specialized libraries.</p><ul> <li><strong>Scanning Base Images:</strong> You need to be scanning those model-serving runtimes for vulnerabilities. If your base image for vLLM has a critical bug, your whole ai stack is at risk.</li> <li><strong>Managing Model Weights:</strong> Storing large model weights inside container layers can be a security nightmare. You need to ensure those weights haven't been tampered with (model poisoning) before they're loaded into memory.</li> <li><strong>Runtime Protection:</strong> Use tools that monitor what's happening inside the container. If a retail bot in a container starts trying to execute shell commands, your runtime protection should kill it instantly.</li> </ul><p>According to a 2024 report by Palo Alto Networks, nearly 80% of organizations have found high-risk roles in their cloud infrastructure, which is a terrifying thought when you realize how much power a containerized ai agent has.</p><pre><code class="language-python"># Example of using a tool to secure the connection from mcp_server import SecureServer # Gopher is the platform that automates this security layer app = SecureServer(name="Inventory-Bot") @app.tool(schema_path="./inventory_api.json") def get_stock(item_id: str): # Gopher handles the auth handshake and validation here return database.query(item_id) </code></pre><p>Next up, we're looking at the "Code" layer—because even the best cluster can't save you from buggy, insecure logic.</p><h2>Code: Protecting the Logic and Data Flow</h2><p>Writing code used to be about logic and loops, but now that we’re plugging ai into everything, your code is basically a giant open door if you aren't careful. It's one thing to have a bug in a checkout script, but it's a whole different disaster when your code lets a model hallucinate its way into your admin panel.</p><p>The "Code" layer in the 4 C's is where the rubber meets the road for mcp. If you don't have tight controls on how your apps talk to these models, you're just asking for trouble. </p><ul> <li><strong>Deep Packet Inspection for AI:</strong> You can't just trust the traffic. You need to look inside the mcp requests to see if the model is trying to do something weird.</li> <li><strong>Granular Policy Engines:</strong> I’m talking about parameter-level restrictions. If a tool is supposed to fetch a "user_id," your code should reject any request that tries to inject a system prompt like "ignore previous instructions" into that field.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/685d00d4cb08ab5f5934b924/68e48f8dc1f49fce36589012/what-are-the-4-cs-of-cloud-security/mermaid-diagram-3.svg" alt="Diagram 3"></p><p>In a recent study, <strong>Snyk</strong> (2024) pointed out that insecure ai-generated code is already showing up in production environments. Whether you're in fintech or building a simple retail bot, the logic layer is your last line of defense. </p><p>Moving from these technical implementations to a broader strategy requires a "Context-First" approach. This means shifting our focus from just fixing bugs to meeting the regulatory and compliance frameworks that govern how ai handles data.</p><h2>Future-Proofing Your 4 C's Strategy</h2><p>So, you've got the 4 C's down, but how do you keep this whole ai-powered house of cards from falling over when the next big threat hits? It's really about making security part of the plumbing, not just a shiny badge you slap on at the end.</p><p>Mapping your stack to standards like SOC 2 or ISO 27001 is a massive pain, especially with mcp servers popping up everywhere. You need continuous monitoring that actually understands what an "anomaly" looks like in an ai context window.</p><ul> <li><strong>Living Audit Logs:</strong> Don't just log that a connection happened; log the <em>intent</em>. If a finance bot suddenly asks for pii it doesn't need, your system should flag that as a policy violation immediately.</li> <li><strong>Ethics by Design:</strong> Ensure your code layer filters for bias. According to <a href="https://snyk.io/reports/ai-code-security/">Snyk</a> (2024), ai-generated code often misses basic safety checks, so manual reviews are still a must for high-risk healthcare or banking apps.</li> </ul><p><img decoding="async" src="https://cdn.pseo.one/685d00d4cb08ab5f5934b924/68e48f8dc1f49fce36589012/what-are-the-4-cs-of-cloud-security/mermaid-diagram-4.svg" alt="Diagram 4"></p><p>Honestly, the goal is to reach a spot where your infrastructure defends itself. If you're building for the long haul, focus on that "context-first" mindset and you'll be fine. Stay safe out there.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/automated-cryptographic-agility-frameworks-for-ai-resource-orchestration/" data-a2a-title="Automated Cryptographic Agility Frameworks for AI Resource Orchestration"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fautomated-cryptographic-agility-frameworks-for-ai-resource-orchestration%2F&amp;linkname=Automated%20Cryptographic%20Agility%20Frameworks%20for%20AI%20Resource%20Orchestration" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fautomated-cryptographic-agility-frameworks-for-ai-resource-orchestration%2F&amp;linkname=Automated%20Cryptographic%20Agility%20Frameworks%20for%20AI%20Resource%20Orchestration" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fautomated-cryptographic-agility-frameworks-for-ai-resource-orchestration%2F&amp;linkname=Automated%20Cryptographic%20Agility%20Frameworks%20for%20AI%20Resource%20Orchestration" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fautomated-cryptographic-agility-frameworks-for-ai-resource-orchestration%2F&amp;linkname=Automated%20Cryptographic%20Agility%20Frameworks%20for%20AI%20Resource%20Orchestration" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fautomated-cryptographic-agility-frameworks-for-ai-resource-orchestration%2F&amp;linkname=Automated%20Cryptographic%20Agility%20Frameworks%20for%20AI%20Resource%20Orchestration" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.gopher.security/blog">Read the Gopher Security&amp;#039;s Quantum Safety Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Read the Gopher Security's Quantum Safety Blog">Read the Gopher Security's Quantum Safety Blog</a>. Read the original post at: <a href="https://www.gopher.security/blog/automated-cryptographic-agility-frameworks-ai-resource-orchestration">https://www.gopher.security/blog/automated-cryptographic-agility-frameworks-ai-resource-orchestration</a> </p>

<p>Here at RSA, the hype is on “high”, including dune buggies driving the streets wrapped in high-tech banners claiming to have solved all things AI. Even before you get downtown you are greeted at the airport with big budget AI splashed all over the walls with outsized claims.</p><p>But what is real? </p><p>We here at SecureIQLab are trying to bring some of those claims back down to earth, in the form of neutral third party tools and reports to give normal businesses and organizations a way to sort through the fluff and get to what real information you can use.</p><p>Here are a few ways to cut the clutter and get to what you can trust about AI.</p><ol class="wp-block-list"> <li><strong>Show me the failure cases, not the demo</strong> – Right now everyone’s talking about fantastic capabilities, but what happens in the first contact with adversarial attack traffic? What happened under heavy load, not just a few test prompts? How does a vendor tune their systems against false positives and false negatives? If they don’t know – that’s not a good sign.</li> <li><strong>Map claims to specific attack classes</strong> – A vendor claiming to “stop AI threats” is vague, at best. Best to ask “Which of the OWASP LLM Top 10 do you actually stop—and how do you prove it?” For example: <ol class="wp-block-list"> <li>Prompt Injection – How did you test it?</li> <li>Data exfiltration – Did you monitor, or block it?</li> <li>Model extraction – How did you measure it? </li> </ol> </li> <li><strong>Separate detection from prevention</strong> – Right now, many AI “security” tools are little more than telemetry engines. Better ask “is your tool blocking, or just monitoring”, and “how many attacks are automatically blocked”. </li> <li><strong>Ask for an independent assessment</strong> – Right now, many vendors are basically grading their own papers – and producing “surprisingly” good results. But self-testing is an awful lot like not testing, and just as likely to survive when faced with real adversarial traffic. If there’s no third-party validation, assume you’re still looking at a demo.</li> </ol><p>At RSA, AI is everywhere, but clarity is not. It’s a good time to gather information, with a healthy dose of skepticism, and ask some specific, pointed questions. Solid, tested vendors won’t just show you their successes, but also failures, where they’re learning, and how they’re evolving their products to face real-world threats.</p><p>If you’re at RSAC 2026, book a meeting with me to see our SOCx + AI validation demo or to learn more about our AI Security CyberRisk Validation Methodology v1.0–releasing this week.</p><style> .custom-btn { display:inline-block; background:#f4b400; color:#000 !important; font-weight:600; font-size:16px; padding:12px 20px; text-decoration:none; border-radius:2px; font-family:Arial, sans-serif; transition:0.3s; } .custom-btn:hover { background:#e0a800; } </style><p><a href="https://secureiqlab.com/go/rsa-live?utm_content=livedays_blog1" class="custom-btn"><br> Meet Me at RSAC 2026 »<br> </a></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/rsa-2026-ai-oozing-out-of-every-pore/" data-a2a-title="RSA 2026 – AI Oozing Out of Every Pore"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frsa-2026-ai-oozing-out-of-every-pore%2F&amp;linkname=RSA%202026%20%E2%80%93%20AI%20Oozing%20Out%20of%20Every%20Pore" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frsa-2026-ai-oozing-out-of-every-pore%2F&amp;linkname=RSA%202026%20%E2%80%93%20AI%20Oozing%20Out%20of%20Every%20Pore" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frsa-2026-ai-oozing-out-of-every-pore%2F&amp;linkname=RSA%202026%20%E2%80%93%20AI%20Oozing%20Out%20of%20Every%20Pore" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frsa-2026-ai-oozing-out-of-every-pore%2F&amp;linkname=RSA%202026%20%E2%80%93%20AI%20Oozing%20Out%20of%20Every%20Pore" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frsa-2026-ai-oozing-out-of-every-pore%2F&amp;linkname=RSA%202026%20%E2%80%93%20AI%20Oozing%20Out%20of%20Every%20Pore" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://secureiqlab.com">SecureIQ Lab</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Cameron Camp">Cameron Camp</a>. Read the original post at: <a href="https://secureiqlab.com/rsa-2026-ai-oozing-out-of-every-pore/">https://secureiqlab.com/rsa-2026-ai-oozing-out-of-every-pore/</a> </p>

<div class="col-xs-12 col-sm-9 two2575Right"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <p>AI has fundamentally changed how software is built. AI agents are now designing architectures, writing functions, and deploying features autonomously. Developers are shipping code at velocities that would have been unimaginable just a year ago. This isn’t incremental progress—it’s a complete reimagining of software development.</p> <p>This transformation comes with a critical challenge that every organization must meet: How to secure software that’s created faster than any human—or traditional security tool—can keep pace with.</p> <p>I’m proud to announce the general availability of <a href="https://www.blackduck.com/signal-ai-appsec.html">Black Duck Signal</a>^™, our answer to this challenge. It provides something the market desperately needs: A new model for application security that combines the power of AI with two decades of battle-tested security intelligence.</p> </div> </section></div> </div> <div class="text aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-top-sm vert-pad-bottom-sm "> <div class="container "> <section class="component-textcomp text-align-left "> <div class="component-text"> </div> <hr class="separator"> </section> </div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="1" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-xs "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2><span class="text-color-synopsys-purple">The security gap in AI-driven development</span></h2> <p>As agentic AI takes the driver’s seat in software creation, developers face application risk at unprecedented speed and scale. Traditional application security testing (AST) tools weren’t designed for this reality. They were designed for code that was written sequentially, intentionally, and only by humans. They scan periodically, alert cautiously, and operate out-of-band. In an agentic world, that model collapses. Agentic AI is capable of producing hundreds of changes per hour, across multiple components, APIs, and configurations. Code reviews can’t scale that mountain of code, so changes are going into repos unseen.</p> <p>Generic AI-powered security tools have emerged to address this gap, but they lack the one ingredient that enterprise security absolutely depends on: context. By context, I mean the deep understanding of an application’s components, relationships, data flows, frameworks, and runtime behavior that gives AI the grounding it needs to make accurate security decisions. Without it, AI tools face three critical limitations: hallucinations, noise, and remediation errors. They generate plausible-sounding but inaccurate findings, and they overwhelm teams with false positives and suggested theoretical fixes that fail in production environments. When you’re securing enterprise-grade software at AI scale, this is simply unacceptable.</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="2" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-xs "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2><span class="text-color-synopsys-purple">ContextAI: Where AI meets two decades of security expertise</span></h2> <p>This is where Signal fundamentally differs from every other solution in the market. At its core, Signal is powered by ContextAI™, our purpose-built application security model containing petabytes of human-vetted security intelligence. ContextAI has something no generic AI can replicate: 20+ years of security ground truth from thousands of real-world proprietary and open source codebases.</p> <p>Think about what that means. When Signal analyzes your code, it’s not applying LLM reasoning in a vacuum. It’s augmenting AI with petabytes of context from Black Duck’s living knowledge base, meticulously curated from hundreds of thousands of commercial and open source codebases. It’s applying context from coding rule sets exercised over billions of lines of code to deterministically identify quality and security issues across more than 40 programming languages. It’s drawing on tens of thousands of BSIMM assessments, Black Duck Audits, and dynamic scans of production web applications—millions of tests across trillions of lines of real-world code.</p> <p>This isn’t theoretical knowledge generated by a language model. This is real-world intelligence gleaned from securing mission-critical software across every industry, every language, and every framework you can imagine. This context is what transforms AI from a promising technology into a production-ready security solution that enterprises can trust.</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="3" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-xs "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2><span class="text-color-synopsys-purple">Agentic AI that reasons, validates, and acts</span></h2> <p>Signal operates differently than traditional AST tools or single-model AI solutions. Built on an agentic AI architecture, Signal deploys multiple specialized AI security agents that work together to analyze vulnerabilities, validate exploitability, prioritize risk, and recommend or apply fixes using human-like reasoning. Where other solutions stop at identifying potential issues, Signal reasons about them with the depth and nuance of experienced security professionals.</p> <p>The practical impact is transformative. Signal actively addresses severe and complex vulnerabilities, including those based on business logic errors or in languages not supported by traditional AST tools. It goes beyond simple pattern-matching by using multiple analysis techniques to accurately match artifacts with security context in real time. By combining LLM reasoning with ContextAI’s security intelligence, Signal delivers high-fidelity analysis and automated remediation that solutions built on general AI models alone can’t deliver.</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="4" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-xs "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2><span class="text-color-synopsys-purple">Built for modern development workflows</span></h2> <p>Signal integrates directly into the agentic software development life cycle through model context protocol and APIs that support AI coding assistants, IDEs, and automated AI pipelines. It works seamlessly with GitHub Copilot, Google Gemini, Claude Code, Cursor, and other popular development tools. Signal scans code in real time as it’s written, continuously analyzing across languages, frameworks, and architectures.</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="5" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-xs "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2><span class="text-color-synopsys-purple">Unlocking AI’s true potential through governance</span></h2> <p>AI-driven development forces organizations to confront an uncomfortable truth: The very speed that makes AI transformative can become its greatest liability without proper governance. At machine speed, even minor security defects can multiply into major risks, threatening to erode the gains that AI promises.</p> <p>Signal unlocks AI’s true potential by enabling enterprises to govern AI-generated software responsibly and at scale. It helps organizations move faster with AI while maintaining the security, compliance, and trust that enterprises and governments demand across the entire application life cycle.</p> </div> </section></div> </div> </div> <div class="anchor aem-GridColumn aem-GridColumn--default--12"> <div id="6" class="component-anchor"> <div class="aem-Grid aem-Grid--12 aem-Grid--default--12 "> </div> </div> </div> <div class="richTextEditor aem-GridColumn aem-GridColumn--default--12"> <div class="background-component vert-pad-bottom-sm "> <div class="container "> <section class="component-rtecomp"> <div class="component-rte"> <h2><span class="text-color-synopsys-purple">The future is now</span></h2> <p>AI is no longer just accelerating development. It’s actively authoring software. The organizations that will lead in this new era are those that harness this unprecedented power with intelligence and strong governance, transforming autonomous coding into a strategic advantage while minimizing risk.</p> <p>Black Duck Signal is available now. I invite you to see how Signal combines AI with two decades of security context to eliminate noise, reduce risk, and secure your AI-powered development at the speed of innovation.<br>  </p> <p style="text-align: center;"><span class="component-button primary"><a href="https://www.blackduck.com/signal-ai-appsec/demo.html">Learn more about Signal AI</a></span><a href="https://www.blackduck.com/signal-ai-appsec/demo.html"></a></p> </div> </section></div> </div> </div> <div class="blogsDev aem-GridColumn aem-GridColumn--default--12"> <div class="container "> <section class="cmp-blogsdev"> <ul class="cmp-blogsdev__pagetags-container"> <li data-page-tag="black-duck:content-type/blog/artificial-intelligence"><a href="https://www.blackduck.com/blog/category.artificial-intelligence.html" title="Artificial Intelligence">Artificial Intelligence</a></li> <li data-page-tag="black-duck:content-type/blog/security-news-research"><a href="https://www.blackduck.com/blog/category.security-news-research.html" title="Security News &amp; Trends">Security News &amp; Trends</a></li> </ul> </section></div> </div> </div> </div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/black-duck-signal-security-that-moves-at-the-speed-of-ai/" data-a2a-title="Black Duck Signal: Security that moves at the speed of AI"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fblack-duck-signal-security-that-moves-at-the-speed-of-ai%2F&amp;linkname=Black%20Duck%20Signal%3A%20Security%20that%20moves%20at%20the%20speed%20of%20AI" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fblack-duck-signal-security-that-moves-at-the-speed-of-ai%2F&amp;linkname=Black%20Duck%20Signal%3A%20Security%20that%20moves%20at%20the%20speed%20of%20AI" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fblack-duck-signal-security-that-moves-at-the-speed-of-ai%2F&amp;linkname=Black%20Duck%20Signal%3A%20Security%20that%20moves%20at%20the%20speed%20of%20AI" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fblack-duck-signal-security-that-moves-at-the-speed-of-ai%2F&amp;linkname=Black%20Duck%20Signal%3A%20Security%20that%20moves%20at%20the%20speed%20of%20AI" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fblack-duck-signal-security-that-moves-at-the-speed-of-ai%2F&amp;linkname=Black%20Duck%20Signal%3A%20Security%20that%20moves%20at%20the%20speed%20of%20AI" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.blackduck.com/blog.html">Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Jason Schmitt">Jason Schmitt</a>. Read the original post at: <a href="https://www.blackduck.com/blog/black-duck-signal-security-that-moves-at-the-speed-of-ai.html">https://www.blackduck.com/blog/black-duck-signal-security-that-moves-at-the-speed-of-ai.html</a> </p>

<div data-elementor-type="wp-post" data-elementor-id="56445" class="elementor elementor-56445" data-elementor-post-type="post"> <div class="elementor-element elementor-element-6f26a2cf e-flex e-con-boxed e-con e-parent" data-id="6f26a2cf" data-element_type="container" data-e-type="container"> <div class="e-con-inner"> <div class="elementor-element elementor-element-3637114d elementor-widget elementor-widget-text-editor" data-id="3637114d" data-element_type="widget" data-e-type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">JWT and OAuth show up together in nearly every authentication system, which is why engineers often treat them as interchangeable. They are not. OAuth is an authorization framework that defines how to grant access. JWT is a token format that defines how to package and transmit claims. They solve different problems, and most production systems use both.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The confusion between them leads to real security gaps, especially in machine-to-machine communication, where workloads cannot use browser logins or MFA prompts. Understanding where JWT ends and OAuth begins is the first step toward implementing <a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/blog/7-ways-to-authenticate-workloads-to-each-other/">workload authentication</a> correctly.</p> <h2 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">JWT vs. OAuth: What’s the Difference?</h2> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">OAuth 2.0 governs how applications <a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/blog/mcp-oauth-2-1-pkce-and-the-future-of-ai-authorization/">obtain limited access</a> to resources without exposing credentials. It specifies multiple authorization flows for different scenarios and manages the lifecycle of access tokens: issuance, scoping, refresh and revocation. OAuth determines what a requester can access, not who they are.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The authorization code flow is designed for web applications where server-side code can securely store secrets and handle user consent. The client credentials flow is built for machine-to-machine communication where no user interaction occurs: services authenticate directly to the authorization server using their client ID and secret to receive access tokens. Token exchange (RFC 8693) enables workloads to swap one token type for another across trust boundaries, such as exchanging an AWS IAM token for an Azure access token.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">JSON Web Token (JWT) is a compact, URL-safe token format for transmitting information between parties as a signed JSON object. Every JWT contains a header declaring the signing algorithm, a payload carrying claims (issuer, subject, audience, expiration, permissions) and a cryptographic signature that proves the token has not been tampered with. Because all necessary information is embedded in the token itself, receiving services can validate JWTs locally without calling back to a central server.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The core distinction is that OAuth is a protocol defining a process, while JWT is a format defining a data structure. In practice, OAuth often issues JWTs as its access tokens, which is why the two appear together so frequently.</p> <div class="overflow-x-auto w-full px-2 mb-6"> <table class="min-w-full border-collapse text-sm leading-[1.7] whitespace-normal"> <thead class="text-left"> <tr> <th class="text-text-100 border-b-0.5 border-border-300/60 py-2 pr-4 align-top font-bold" scope="col"> </th> <th class="text-text-100 border-b-0.5 border-border-300/60 py-2 pr-4 align-top font-bold" scope="col">JWT</th> <th class="text-text-100 border-b-0.5 border-border-300/60 py-2 pr-4 align-top font-bold" scope="col">OAuth</th> </tr> </thead> <tbody> <tr> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top"><strong>What it is</strong></td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">A token format (RFC 7519)</td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">An authorization framework (RFC 6749)</td> </tr> <tr> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top"><strong>Primary role</strong></td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Package and transmit signed claims between parties</td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Delegate and control access to protected resources</td> </tr> <tr> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top"><strong>Statefulness</strong></td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Stateless: validated locally using the signature and claims</td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Stateful: requires an authorization server to issue and manage tokens</td> </tr> <tr> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top"><strong>Revocation</strong></td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Cannot be revoked before expiration without additional infrastructure</td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Tokens can be revoked at the authorization server</td> </tr> <tr> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top"><strong>Scope</strong></td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Carries claims; does not define how tokens are issued or refreshed</td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Defines issuance, refresh, scoping and revocation workflows</td> </tr> <tr> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top"><strong>Use alone?</strong></td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Yes, for simple signed assertions between trusted parties</td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Yes, but needs a token format (often JWT) to carry access information</td> </tr> <tr> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top"><strong>Common pairing</strong></td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Used as the token format inside OAuth flows</td> <td class="border-b-0.5 border-border-300/30 py-2 pr-4 align-top">Issues JWTs as access tokens and uses OIDC for identity</td> </tr> </tbody> </table> </div> <h2 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">How JWT and OAuth Work Together</h2> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">In most production systems, OAuth and JWT complement each other rather than competing. OAuth 2.0 defines the authorization flow and token lifecycle. <a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/blog/oauth-vs-oidc-difference-when-to-use/">OpenID Connect</a> (OIDC), an identity layer built on top of OAuth 2.0, adds authentication by issuing ID tokens as JWTs that contain verified claims about the authenticated entity.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">A typical workload authentication flow using both protocols:</p> <ol class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-decimal flex flex-col gap-1 pl-8 mb-3"> <li class="whitespace-normal break-words pl-2">A service needs access to a protected resource and authenticates to the OAuth authorization server using the client credentials flow.</li> <li class="whitespace-normal break-words pl-2">The authorization server validates the credentials, evaluates access policies and issues a JWT access token containing the authorized scopes and claims.</li> <li class="whitespace-normal break-words pl-2">The service presents this JWT to the resource server, which validates the signature and claims before granting access.</li> </ol> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">This pairing works because OAuth handles the complexity of token issuance and lifecycle management while JWT enables the resource server to validate tokens locally without calling back to the authorization server on every request. In distributed systems with hundreds of microservices, that local validation eliminates a network round trip on every API call.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The confusion between JWT and OAuth often stems from their overlapping presence in this flow. When engineers refer to “OAuth authentication,” they are usually describing OAuth authorization combined with token-based identity verification using JWTs issued through OIDC. Recognizing that distinction prevents architectural mistakes like using raw JWTs for authorization decisions without an OAuth framework to manage their lifecycle.</p> <h2 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">OAuth 2.1 and Workload Authentication</h2> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">OAuth 2.1 consolidates years of security lessons into a single specification (currently in late-stage IETF draft, not yet published as a final RFC, but widely adopted by major authorization servers). It deprecates the implicit flow and resource owner password credentials flow, requires PKCE for all authorization code flows, requires refresh tokens for public clients to be either sender-constrained or one-time use (making rotation the standard implementation in practice) and recommends sender-constrained tokens through mutual TLS. For workload and machine-to-machine use cases, OAuth 2.1 standardizes how client credentials are exchanged, how access tokens are scoped and how token exchange (RFC 8693) works across environments. Emerging frameworks for AI agent interoperability, including the Model Context Protocol (MCP), depend on these principles. OAuth 2.1 enables standardized authorization between agents, services and APIs using short-lived, verifiable JWTs without persistent secrets.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Applying OAuth and JWT to workloads introduces challenges that do not exist in human authentication. Humans can use MFA, push notifications and browser logins. Workloads cannot. They rely on certificates, attestation or tokens, which means the traditional OAuth client credentials approach of storing a client secret in a container image or environment variable creates a persistent attack vector.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Attestation-based authentication addresses this by eliminating long-lived secrets entirely. Instead of managing stored credentials, workloads authenticate using cryptographically verifiable identity claims about their runtime environment: the cloud instance they run on, the Kubernetes namespace they belong to, the security posture of their host. The authorization server validates these claims and issues short-lived JWTs scoped to the specific resources the workload needs. The workload never handles a persistent secret, and the JWT expires after a brief window, limiting exposure if intercepted. For multicloud and hybrid environments, <a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/blog/what-identity-federation-means-for-workloads-in-cloud-native-environments/">workload identity federation</a> extends this model across cloud boundaries. A workload in one cloud presents its cryptographically signed identity token, which the target authorization server validates and exchanges for a new JWT scoped to local resources. This eliminates the need to provision duplicate service accounts across clouds while maintaining the same <a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/blog/secrets-management-vs-access-management-what-you-need-to-know/">secretless security model</a>.</p> <h2 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">Choosing the Right Approach for Your Architecture</h2> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The right implementation depends on how many clouds you operate in, whether you can modify application code and how much credential management overhead you can absorb. Each pattern below applies OAuth and JWT differently based on those constraints.</p> <h3 class="text-text-100 mt-2 -mb-1 text-base font-bold">Single Cloud, Single Identity Provider</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Use cloud-native managed identities. AWS IAM roles, Azure Managed Identities and GCP Service Accounts implement OAuth and JWT internally while eliminating credential storage. Your application authenticates through the cloud’s metadata service and receives JWT access tokens without managing secrets. Kubernetes ServiceAccounts provide pod-level identity within a cluster and can be projected as OIDC tokens for federation with cloud IAM. This approach works well within a single cloud but requires federation for cross-cloud access.</p> <h3 class="text-text-100 mt-2 -mb-1 text-base font-bold">Multicloud or Hybrid Environments</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Implement workload identity federation with centralized policy. Use OAuth 2.0 token exchange (RFC 8693) to enable workloads in one cloud to access resources in another. A workload presents its home-cloud JWT, which the target authorization server validates and exchanges for a new JWT scoped to local resources. This requires a federation platform that can validate tokens from multiple issuers and enforce consistent policy across clouds. The benefit is that you avoid provisioning duplicate service accounts and managing separate credential stores in each cloud. A single identity assertion, verified cryptographically, grants access across trust boundaries.</p> <h3 class="text-text-100 mt-2 -mb-1 text-base font-bold">Legacy Applications Without Code Changes</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Use a broker or proxy pattern. A proxy intercepts outgoing requests from a microservice, handles OAuth flows, JWT validation, token refresh and credential injection transparently. The application makes standard HTTP requests without any awareness that the proxy is managing authentication. This pattern is particularly useful for AI agent and <a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/blog/mcp-authentication-and-authorization-patterns/">MCP integrations</a> where modifying the application code is not practical.</p> <h2 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">Where to Start</h2> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">If you are evaluating JWT vs. OAuth for a new project, start by clarifying what problem you are solving. If you need to package signed claims for stateless validation, JWT is the format. If you need to delegate and control access across services, OAuth is the framework. Most production systems need both: OAuth to manage the authorization lifecycle and JWT to carry the resulting access information.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">For workload authentication, the priority is eliminating static credentials. Every client secret stored in an environment variable or config file is a credential that can be leaked, stolen or reused. Moving to attestation-based authentication with short-lived JWTs issued through OAuth flows removes that attack vector entirely. Start by auditing which workloads still rely on long-lived client secrets and identify which can be migrated to identity federation or managed identities.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/product-overview/">Aembit</a> implements this model at scale. The platform uses environment attestation to prove workload identity through the OAuth 2.0 client credentials flow with cryptographic verification rather than traditional client secrets, then issues short-lived JWT access tokens with automatic refresh. The platform handles cross-cloud federation, conditional access policies and transparent credential injection so that developers never write authentication code.</p> <h2 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">Related Reading</h2> <ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/blog/dynamic-authorization-vs-static-secrets-rethinking-cloud-access-controls/">Dynamic Authorization vs. Static Secrets</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/blog/frictionless-devops-identity-management/">Frictionless Security: What DevOps Teams Really Need</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/blog/the-what-where-and-why-of-workload-identity-and-access-management/">The What, Where, and Why of Workload IAM</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://aembit.io/blog/aembit-adds-aws-workload-identity-federation-wif-support/">Aembit Adds AWS Workload Identity Federation Support</a></li> </ul></div> </div> </div> </div> </div><p>The post <a href="https://aembit.io/blog/the-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity/">The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity</a> appeared first on <a href="https://aembit.io/">Aembit</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/the-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity/" data-a2a-title="The Trivy Compromise: The Fallacy of Secrets Management and the Case for Workload Identity"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthe-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity%2F&amp;linkname=The%20Trivy%20Compromise%3A%20The%20Fallacy%20of%20Secrets%20Management%20and%20the%20Case%20for%20Workload%20Identity" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthe-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity%2F&amp;linkname=The%20Trivy%20Compromise%3A%20The%20Fallacy%20of%20Secrets%20Management%20and%20the%20Case%20for%20Workload%20Identity" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthe-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity%2F&amp;linkname=The%20Trivy%20Compromise%3A%20The%20Fallacy%20of%20Secrets%20Management%20and%20the%20Case%20for%20Workload%20Identity" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthe-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity%2F&amp;linkname=The%20Trivy%20Compromise%3A%20The%20Fallacy%20of%20Secrets%20Management%20and%20the%20Case%20for%20Workload%20Identity" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fthe-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity%2F&amp;linkname=The%20Trivy%20Compromise%3A%20The%20Fallacy%20of%20Secrets%20Management%20and%20the%20Case%20for%20Workload%20Identity" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://aembit.io/">Aembit</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Apurva Dave">Apurva Dave</a>. Read the original post at: <a href="https://aembit.io/blog/the-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity/">https://aembit.io/blog/the-trivy-compromise-the-fallacy-of-secrets-management-and-the-case-for-workload-identity/</a> </p>

<p>SAN FRANCISCO – As autonomous artificial intelligence (AI) agents begin to operate with system-level privileges across global enterprises, CrowdStrike Inc. has massively expanded its Falcon platform, positioning the endpoint as the critical frontline for AI governance.</p><p>The announcement at RSAC here signals a strategic shift in how organizations defend against agentic workflows that can independently execute commands, access sensitive data, and modify files. Unlike static applications, autonomous agents often perform actions that are indistinguishable from legitimate human activity, rendering traditional network controls obsolete.</p><p>CrowdStrike’s new capabilities address the Shadow AI crisis. The company revealed its sensors have detected over 1,800 distinct AI applications — totaling nearly 160 million instances — running across its customer base.</p><p>To manage this sprawl, the updated Falcon platform introduces AI Runtime Protection, real-time visibility into the scripts and commands executed by AI agents, allowing security teams to isolate compromised endpoints instantly; AI Data Detection and Response (AIDR), protection extended to the prompt layer of popular tools like ChatGPT, Claude, and Microsoft Copilot to prevent data leaks and injection attacks; and Cross-Surface Governance, which tracks AI behavior across browsers, SaaS platforms like Salesforce Inc.’s Agentforce, and cloud-native container environments.</p><p>“Security built for static applications can’t keep up with autonomous systems,” CrowdStrike President Michael Sentonas said. “Organizations need real-time visibility and control over AI behavior wherever it runs.”</p><p>In a move to accelerate the phase-out of legacy Security Information and Event Management (SIEM) systems, CrowdStrike also announced that its Falcon Next-Gen SIEM can now ingest and correlate telemetry from Microsoft Defender for Endpoint.</p><p>Integration allows organizations using Microsoft’s security tools to modernize their operations within the CrowdStrike ecosystem without the operational burden of deploying new sensors. The collaboration highlights a maturing industry focusing on interoperability.</p><p>“It is great to see Microsoft Defender telemetry being leveraged within Falcon Next-Gen SIEM,” said Rob Lefferts, corporate vice president for threat protection at Microsoft. “Integrations like this reinforce the importance of an open ecosystem.”</p><p>By unifying AI discovery, data flow monitoring, and third-party telemetry, CrowdStrike is attempting to close the widening gap between rapid AI adoption and security enforcement. As AI moves from a chat box to an autonomous worker, the endpoint is no longer just a device but the epicenter of the new digital perimeter.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/crowdstrike-redefines-cybersecurity-architecture-for-autonomous-ai/" data-a2a-title="CrowdStrike Redefines Cybersecurity Architecture for Autonomous AI"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcrowdstrike-redefines-cybersecurity-architecture-for-autonomous-ai%2F&amp;linkname=CrowdStrike%20Redefines%20Cybersecurity%20Architecture%20for%20Autonomous%20AI" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcrowdstrike-redefines-cybersecurity-architecture-for-autonomous-ai%2F&amp;linkname=CrowdStrike%20Redefines%20Cybersecurity%20Architecture%20for%20Autonomous%20AI" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcrowdstrike-redefines-cybersecurity-architecture-for-autonomous-ai%2F&amp;linkname=CrowdStrike%20Redefines%20Cybersecurity%20Architecture%20for%20Autonomous%20AI" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcrowdstrike-redefines-cybersecurity-architecture-for-autonomous-ai%2F&amp;linkname=CrowdStrike%20Redefines%20Cybersecurity%20Architecture%20for%20Autonomous%20AI" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcrowdstrike-redefines-cybersecurity-architecture-for-autonomous-ai%2F&amp;linkname=CrowdStrike%20Redefines%20Cybersecurity%20Architecture%20for%20Autonomous%20AI" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>Netenrich launched Cyber Risk Operations at RSAC 2026 Monday, a new operating model powered by its Resolution Intelligence Cloud platform that aims to move enterprise security from reactive alert management toward continuous validation of control effectiveness.</p><p>The offering targets CIOs, CTOs, and CISOs who are jointly accountable for enterprise security posture. Netenrich’s central argument is that the dominant alert-centric approach, whether MDR, XDR, or AI-enhanced SOC, optimizes for speed of alert processing without actually reducing an organization’s exposure.</p><p>“The industry has spent the last decade building ‘Alert Factories’ that optimize for speed and automation but fail to reduce actual exposure,” said Raju Chekuri, CEO of Netenrich. “Innovative CISOs know that green dashboards often mask ghost assets and silent failures. With Cyber Risk Operations, we are moving the market from reactive firefighting to predictive resistance.”</p><p>The platform is built on Google SecOps and uses Netenrich’s ACT Framework, covering attack surface, controls, and threats. Key capabilities include situational awareness that goes beyond generic threat intel to provide specific risk context, adaptive defense that automatically tracks ephemeral assets like containers that can go unmonitored for their entire lifecycle, and measurable efficacy outcomes using a Likelihood, Impact, Confidence scoring model. Netenrich cites data suggesting up to 18% of critical infrastructure goes unmonitored due to the “ghost asset” problem.</p><p>The service shifts reporting metrics from activity, such as tickets closed, to outcomes, measured as actual risk reduction. Resolution Intelligence Cloud also leverages agentic AI to bridge risk assessment and security operations.</p><p>Leading enterprises are already using the platform. Nuvama Group’s CTO, Harsh Jha, said the company deployed Resolution Intelligence Cloud as its analytics platform on top of Google SecOps to strengthen its security posture with data-driven execution.</p><p>Netenrich is partnering with GuidePoint Security for go-to-market distribution. Cyber Risk Operations is available immediately.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/netenrich-launches-cyber-risk-operations-to-replace-alert-centric-security-models/" data-a2a-title="Netenrich Launches Cyber Risk Operations to Replace Alert-Centric Security Models"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fnetenrich-launches-cyber-risk-operations-to-replace-alert-centric-security-models%2F&amp;linkname=Netenrich%20Launches%20Cyber%20Risk%20Operations%20to%20Replace%20Alert-Centric%20Security%20Models" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fnetenrich-launches-cyber-risk-operations-to-replace-alert-centric-security-models%2F&amp;linkname=Netenrich%20Launches%20Cyber%20Risk%20Operations%20to%20Replace%20Alert-Centric%20Security%20Models" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fnetenrich-launches-cyber-risk-operations-to-replace-alert-centric-security-models%2F&amp;linkname=Netenrich%20Launches%20Cyber%20Risk%20Operations%20to%20Replace%20Alert-Centric%20Security%20Models" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fnetenrich-launches-cyber-risk-operations-to-replace-alert-centric-security-models%2F&amp;linkname=Netenrich%20Launches%20Cyber%20Risk%20Operations%20to%20Replace%20Alert-Centric%20Security%20Models" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fnetenrich-launches-cyber-risk-operations-to-replace-alert-centric-security-models%2F&amp;linkname=Netenrich%20Launches%20Cyber%20Risk%20Operations%20to%20Replace%20Alert-Centric%20Security%20Models" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>SAN FRANCISCO – Security specialist Wiz (now part of Google Cloud) on Monday announced the AI Application Protection Platform (AI-APP), a solution designed to secure the increasingly complex web of models, AI agents, and data that define artificial intelligence (AI)-native development.</p><p>The move, announced at RSAC 2026, marks a significant evolution in the Cloud-Native Application Protection Platform (CNAPP) market. While traditional security tools often analyze infrastructure, identities, and applications in silos, Wiz’s new platform treats AI as a dynamic, interconnected system.</p><p>According to Wiz, the “blind spots” created by rapid AI adoption are a primary concern for CISOs. Organizations are currently juggling managed services like AWS Bedrock, SaaS ecosystems like Microsoft Copilot, and custom self-hosted frameworks.</p><p>The AI-APP addresses this by building a comprehensive inventory across all environments. A central feature, the Wiz Workload Explainer, leverages AI to scan and translate custom implementations into clear components—identifying agents and data flows that traditional deterministic scanning often misses.</p><p>The core philosophy of the new platform is that AI risk is rarely the result of a single vulnerability. Instead, risk emerges when benign conditions across different layers overlap.</p><p>“AI risk is not defined by a single issue, but by how multiple conditions come together,” the company said in a <a href="https://www.wiz.io/blog/introducing-wiz-ai-app">blog post</a>. By correlating signals across the application stack, Wiz can map real, exploitable attack paths. For example, the platform can identify if an AI agent has the permissions to execute code or modify infrastructure—actions that, if manipulated, could lead to catastrophic breaches.</p><p>To help teams prioritize these threats, Wiz maps identified risks against the OWASP Top 10 for LLM Applications, ensuring security teams focus on vulnerabilities like prompt injection and data leakage within a recognized compliance framework.</p><p>The platform introduces a triple-layer threat detection strategy: Model Activity, for monitoring inputs/outputs and prompt behavior; Workload Execution, to track agent activity and tool usage; and Cloud Layer, which observes API calls and identity changes.</p><p>To bolster this defense, Wiz has integrated with key partners in the Wiz Integration Network (WIN). Collaborations with Cloudflare, TrojAI, and Pillar Security allow the platform to ingest external red-teaming findings and endpoint security data, providing a “single pane of glass” for AI security.</p><p>Separately, Wiz unveiled Red Agent, an AI-powered attacker<strong> </strong>that acts as a sophisticated security researcher, but with AI speed and scale.</p><p>The Red Agent joins Wiz’s Green and Blue Agents to power agentic workflows that allow teams to operate how AI operates within their environment.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/wiz-launches-ai-app-to-tackle-new-anatomy-of-cyber-risk/" data-a2a-title="Wiz Launches AI-APP to Tackle ‘New Anatomy’ of Cyber Risk"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fwiz-launches-ai-app-to-tackle-new-anatomy-of-cyber-risk%2F&amp;linkname=Wiz%20Launches%20AI-APP%20to%20Tackle%20%E2%80%98New%20Anatomy%E2%80%99%20of%20Cyber%20Risk" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fwiz-launches-ai-app-to-tackle-new-anatomy-of-cyber-risk%2F&amp;linkname=Wiz%20Launches%20AI-APP%20to%20Tackle%20%E2%80%98New%20Anatomy%E2%80%99%20of%20Cyber%20Risk" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fwiz-launches-ai-app-to-tackle-new-anatomy-of-cyber-risk%2F&amp;linkname=Wiz%20Launches%20AI-APP%20to%20Tackle%20%E2%80%98New%20Anatomy%E2%80%99%20of%20Cyber%20Risk" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fwiz-launches-ai-app-to-tackle-new-anatomy-of-cyber-risk%2F&amp;linkname=Wiz%20Launches%20AI-APP%20to%20Tackle%20%E2%80%98New%20Anatomy%E2%80%99%20of%20Cyber%20Risk" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fwiz-launches-ai-app-to-tackle-new-anatomy-of-cyber-risk%2F&amp;linkname=Wiz%20Launches%20AI-APP%20to%20Tackle%20%E2%80%98New%20Anatomy%E2%80%99%20of%20Cyber%20Risk" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/golden-pull-requests-automating-trusted-remediation-without-breaking-builds" title="" class="hs-featured-image-link"> <img decoding="async" src="https://www.sonatype.com/hubfs/blog_golden_pull_requests.jpg" alt="Image of hexagon icon alongside text spelling out Sonatype Lifecycle" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div><p>Modern software developme<span style="text-decoration: none;">nt </span><a href="https://www.sonatype.com/state-of-the-software-supply-chain/2026/software-infrastructure-growth" style="text-decoration: none;"><span style="color: #1155cc;">runs on open source</span></a>. Nearly every application is built from a combination of third-party components, transitive <a href="https://www.sonatype.com/blog/software-dependencies-a-beginners-guide" style="text-decoration: none;"><span style="color: #1155cc;">dependencies</span></a>, and rapidly evolving package ecosystems.</p><p><img decoding="async" src="https://track.hubspot.com/__ptq.gif?a=1958393&amp;k=14&amp;r=https%3A%2F%2Fwww.sonatype.com%2Fblog%2Fgolden-pull-requests-automating-trusted-remediation-without-breaking-builds&amp;bu=https%253A%252F%252Fwww.sonatype.com%252Fblog&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/golden-pull-requests-automating-trusted-remediation-without-breaking-builds/" data-a2a-title="Golden Pull Requests: Automating Trusted Remediation Without Breaking Builds"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fgolden-pull-requests-automating-trusted-remediation-without-breaking-builds%2F&amp;linkname=Golden%20Pull%20Requests%3A%20Automating%20Trusted%20Remediation%20Without%20Breaking%20Builds" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fgolden-pull-requests-automating-trusted-remediation-without-breaking-builds%2F&amp;linkname=Golden%20Pull%20Requests%3A%20Automating%20Trusted%20Remediation%20Without%20Breaking%20Builds" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fgolden-pull-requests-automating-trusted-remediation-without-breaking-builds%2F&amp;linkname=Golden%20Pull%20Requests%3A%20Automating%20Trusted%20Remediation%20Without%20Breaking%20Builds" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fgolden-pull-requests-automating-trusted-remediation-without-breaking-builds%2F&amp;linkname=Golden%20Pull%20Requests%3A%20Automating%20Trusted%20Remediation%20Without%20Breaking%20Builds" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fgolden-pull-requests-automating-trusted-remediation-without-breaking-builds%2F&amp;linkname=Golden%20Pull%20Requests%3A%20Automating%20Trusted%20Remediation%20Without%20Breaking%20Builds" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.sonatype.com/blog">2024 Sonatype Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Aaron Linskens">Aaron Linskens</a>. Read the original post at: <a href="https://www.sonatype.com/blog/golden-pull-requests-automating-trusted-remediation-without-breaking-builds">https://www.sonatype.com/blog/golden-pull-requests-automating-trusted-remediation-without-breaking-builds</a> </p>

<figure class=" sqs-block-image-figure intrinsic "> <p> <a class=" sqs-block-image-link " href="https://xkcd.com/3210/"></a></p> <p> <img data-stretch="false" data-image="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/b265741e-026f-4feb-86cc-bbbf6c1d465e/eliminating_the_impossible.png" data-image-dimensions="675x349" data-image-focal-point="0.5,0.5" alt="" data-load="false" elementtiming="system-image-block" src="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/b265741e-026f-4feb-86cc-bbbf6c1d465e/eliminating_the_impossible.png?format=1000w" width="675" height="349" sizes="auto, (max-width: 640px) 100vw, (max-width: 767px) 100vw, 100vw" onload='this.classList.add("loaded")' srcset="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/b265741e-026f-4feb-86cc-bbbf6c1d465e/eliminating_the_impossible.png?format=100w 100w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/b265741e-026f-4feb-86cc-bbbf6c1d465e/eliminating_the_impossible.png?format=300w 300w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/b265741e-026f-4feb-86cc-bbbf6c1d465e/eliminating_the_impossible.png?format=500w 500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/b265741e-026f-4feb-86cc-bbbf6c1d465e/eliminating_the_impossible.png?format=750w 750w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/b265741e-026f-4feb-86cc-bbbf6c1d465e/eliminating_the_impossible.png?format=1000w 1000w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/b265741e-026f-4feb-86cc-bbbf6c1d465e/eliminating_the_impossible.png?format=1500w 1500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/b265741e-026f-4feb-86cc-bbbf6c1d465e/eliminating_the_impossible.png?format=2500w 2500w" loading="lazy" decoding="async" data-loader="sqs"></p> <p> <figcaption class="image-caption-wrapper"> <p class=""><strong>via the comic artistry and dry wit of Randall Munroe, creator of XKCD</strong></p> </figcaption></p></figure><p><a href="https://www.infosecurity.us/blog/2026/3/23/randall-munroes-xkcd-eliminating-the-impossible">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/randall-munroes-xkcd-eliminating-the-impossible/" data-a2a-title="Randall Munroe’s XKCD ‘Eliminating the Impossible’"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frandall-munroes-xkcd-eliminating-the-impossible%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Eliminating%20the%20Impossible%E2%80%99" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frandall-munroes-xkcd-eliminating-the-impossible%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Eliminating%20the%20Impossible%E2%80%99" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frandall-munroes-xkcd-eliminating-the-impossible%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Eliminating%20the%20Impossible%E2%80%99" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frandall-munroes-xkcd-eliminating-the-impossible%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Eliminating%20the%20Impossible%E2%80%99" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Frandall-munroes-xkcd-eliminating-the-impossible%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Eliminating%20the%20Impossible%E2%80%99" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://xkcd.com/3210/">https://xkcd.com/3210/</a> </p>

<h1></h1><p>Application development has changed dramatically. Enterprises now release software faster, operate more digital services, and deploy applications across a mix of public cloud, private cloud, APIs, containers, and on-premises infrastructure.</p><p>As application delivery has accelerated and architectures have become more distributed, a disconnect has emerged between the teams building applications and those responsible for protecting them.</p><p>This tension is often described as the <a href="https://www.imperva.com/resources/resource-library/white-papers/devops-vs-security-breaking-down-the-wall-of-confusion-in-modern-application-delivery/">Wall of Confusion between DevOps and IT Security</a>.</p><p>But the challenge does not stop there.</p><p>Over time, organizations have also introduced multiple security tools to protect different parts of the application stack. Each tool is managed separately, often by different teams, through different platforms, policies, and workflows.</p><p>The result is an additional layer of complexity. Security teams must navigate multiple vendors and fragmented controls, while DevOps teams experience delays as security becomes harder to integrate into fast-moving development cycles.</p><p>Understanding how to break down both the organizational and operational layers of this confusion is essential for organizations that want to maintain innovation while ensuring consistent, scalable security.</p><h2>Applications Now Run Across Hybrid Environments</h2><p>Today, around <strong>forty percent of enterprise applications run in the public cloud</strong>, and that number is expected to rise significantly to 62% over the next two years.</p><p><img class="lazyload aligncenter size-full wp-image-20766 lazyload" alt="modern applicatoin delivery key finding 1" width="957" height="381" data-src="https://www.imperva.com/blog/wp-content/uploads/sites/9/2026/03/modern_applicatoin_delivery_key_finding_1.png" srcset="https://www.imperva.com/blog/wp-content/uploads/sites/9/2026/03/modern_applicatoin_delivery_key_finding_1.png 957w, https://www.imperva.com/blog/wp-content/uploads/sites/9/2026/03/modern_applicatoin_delivery_key_finding_1-300x119.png 300w, https://www.imperva.com/blog/wp-content/uploads/sites/9/2026/03/modern_applicatoin_delivery_key_finding_1-768x306.png 768w" sizes="(max-width: 957px) 100vw, 957px"><br> <span style="font-size: 12px;">Source: Vanson Bourne Survey, “DevOps vs Security: Breaking Down the Wall of Confusion in Modern Application Delivery”</span></p><p>Yet the shift to cloud does not mean applications live in one place. Most organizations now operate across hybrid and multi-cloud environments where applications run across public cloud platforms, private cloud infrastructure, on-premises systems, Kubernetes clusters, and an expanding network of APIs.</p><p>Cloud-agnostic strategies are also becoming more common as organizations seek flexibility and avoid dependence on a single provider. At the same time, many enterprises continue to operate legacy systems alongside modern cloud-native services.</p><p>The result is a highly distributed application landscape. Applications now run across multiple environments simultaneously, and security must be able to protect them wherever they operate.</p><p><img class="lazyload aligncenter size-full wp-image-20768 lazyload" alt="modern applicatoin delivery key finding 2" width="1144" height="346" data-src="https://www.imperva.com/blog/wp-content/uploads/sites/9/2026/03/modern_applicatoin_delivery_key_finding_2.png" srcset="https://www.imperva.com/blog/wp-content/uploads/sites/9/2026/03/modern_applicatoin_delivery_key_finding_2.png 1144w, https://www.imperva.com/blog/wp-content/uploads/sites/9/2026/03/modern_applicatoin_delivery_key_finding_2-300x91.png 300w, https://www.imperva.com/blog/wp-content/uploads/sites/9/2026/03/modern_applicatoin_delivery_key_finding_2-1024x310.png 1024w, https://www.imperva.com/blog/wp-content/uploads/sites/9/2026/03/modern_applicatoin_delivery_key_finding_2-768x232.png 768w" sizes="(max-width: 1144px) 100vw, 1144px"><br> <span style="font-size: 12px;">Source: Vanson Bourne Survey, “DevOps vs Security: Breaking Down the Wall of Confusion in Modern Application Delivery”</span></p><h2>DevOps and Security Want the Same Outcome</h2><p>Despite the perception of conflict, DevOps and IT Security teams are largely aligned on the goals of modern application security. Both groups ultimately want the same outcome: applications that are secure, reliable, and able to scale with business demand.</p><p>Research <a href="https://www.imperva.com/resources/resource-library/white-papers/devops-vs-security-breaking-down-the-wall-of-confusion-in-modern-application-delivery/">conducted with Vanson Bourne</a> reinforces this alignment. <strong>96% of DevOps and 95% of IT Security professionals agree that modern environments require security that is flexible across any architecture.</strong></p><p>This global study of 1,500 professionals across the US, Europe, and APAC highlights an important point. Modern <a href="https://www.imperva.com/products/application-security/?_gl=1*1lpu15p*_gcl_aw*R0NMLjE3NzM2NTI1MzMuQ2p3S0NBancxTjdOQmhBb0Vpd0FjUGNocDMxZWNOSUloRkF5cjlKMXhCREQ3R0Q3WFp6LS14eWdfTENWYVNmRUJwczU3d0NfVDU2ZkV4b0NtaGNRQXZEX0J3RQ..*_gcl_dc*R0NMLjE3NzM2NTI1MzMuQ2p3S0NBancxTjdOQmhBb0Vpd0FjUGNocDMxZWNOSUloRkF5cjlKMXhCREQ3R0Q3WFp6LS14eWdfTENWYVNmRUJwczU3d0NfVDU2ZkV4b0NtaGNRQXZEX0J3RQ..*_gcl_au*MTYyNzI4MTcxMC4xNzY3Mjc0MTQ3LjU0NTY0MDk4OS4xNzcyMDI1Nzk1LjE3NzIwMjU3OTQ.">application security</a> is not just a technology problem. It is a workflow and collaboration challenge.</p><p>Security and DevOps want the same outcome, but they experience different frustrations. These gaps can create delays, bottlenecks, false positives, and friction that undermine the cloud-native innovation organizations are working to achieve.</p><div id="upcoming-banner-marker"></div><div class="modal fade video-modal" id="upcoming-banner-modal" tabindex="-1" role="dialog" aria-modal="true"> <div class="modal-dialog modal-dialog-centered" role="document"> <div class="modal-content"> <div class="modal-body"> <button type="button" class="close" data-dismiss="modal" data-gaq-value="Close lightbox" aria-hidden="true">×</button> <div class="video-banner"> <div class="visual"> <div class="inner"> <img data-src="https://www.imperva.com/blog/wp-content/uploads/sites/6/2024/02/api-security-webinar.png" class="lazyload lazyload" alt="api security webinar"> <a class="btn-play" event-action="Click" event-category="LC Webinar Popup" event-label="Stronger Together: Advanced Bot Protection + API Security = Superior Protection Against Automated API Abuse - Video Thumbnail" gtm-track target="_self" href="https://www.imperva.com/blog/securing-applications-anywhere-breaking-down-the-wall-of-confusion/#" data-toggle="modal" data-data-dismiss-modal="upcoming-banner-modal"> </a> </div> </div> <div class="description"> <span class="date"><time>Apr 9</time> Upcoming Webinar</span> <h3> <a class="" target="_self" href="https://www.imperva.com/blog/securing-applications-anywhere-breaking-down-the-wall-of-confusion/#" data-toggle="modal" data-data-dismiss-modal="upcoming-banner-modal">Stronger Together: Advanced Bot Protection + API Security = Superior Protection Against Automated API Abuse</a> </h3> <p> <a class="link-arrow" event-action="Click" event-category="LC Webinar Popup" event-label="Stronger Together: Advanced Bot Protection + API Security = Superior Protection Against Automated API Abuse - Register Now" gtm-track target="_self" href="https://www.imperva.com/blog/securing-applications-anywhere-breaking-down-the-wall-of-confusion/#" data-toggle="modal" data-data-dismiss-modal="upcoming-banner-modal">Register Now</a> </p></div> </div> </div> </div> </div> </div><div class="modal fade video-modal" id="video-modal-8138" tabindex="-1" role="dialog" aria-labelledby="modalid3124title" aria-modal="true"> <div class="modal-dialog modal-dialog-centered" role="document"> <div class="modal-content"> <div class="modal-body"> <button type="button" class="close" data-dismiss="modal" data-gaq-value="Close lightbox" aria-hidden="true">×</button> <div class="iframe-holder"> <div class="jsBrightTALKEmbedWrapper " style="width:100%; height:100%; position:relative;background: #ffffff; text-align: center;"> <script class="jsBrightTALKEmbedConfig" type="application/json"> { "channelId" : 2037 , "language": "en-US", "commId" : 663182, "displayMode" : "standalone", "height" : "auto" } </script><br> <script src="https://www.brighttalk.com/clients/js/player-embed/player-embed.js" class="jsBrightTALKEmbed"></script> </div> </div> </div> </div> </div> </div><h2>The Wall of Confusion: Conflicting Priorities, Fragmented Security and Tool Sprawl</h2><p>The Wall of Confusion is not just about DevOps and Security working in silos. It is also about how security is delivered. Over time, organizations have added more and more security tools. One for web applications, another for APIs, another for cloud, another for containers. Each tool solves a specific problem, but together they create complexity instead of clarity.</p><p>Security teams are left navigating multiple vendors, switching between management platforms, and maintaining different policies across environments. This makes it difficult to keep controls aligned and increases operational overhead.</p><p>At the same time, gaps begin to appear. As applications move across environments, it is not always clear if they are fully protected. Policies become inconsistent because what is set in one environment does not automatically apply to another.</p><p>In fact, based on a 2026 survey of Imperva Application Security customers, <strong>77% of security professionals say operational complexity is their biggest challenge</strong>.</p><p>For DevOps teams, this complexity shows up as delay. Security becomes a bottleneck not because it is unnecessary, but because it is too difficult to operationalize.</p><p>That is the wall and it is what needs to come down.</p><h2>Why Traditional Security Models Fall Short</h2><p>When applications operate across multiple environments, security approaches designed for fixed infrastructure quickly become difficult to manage.</p><p>Many organizations rely on a mixture of embedded protections, centralized security services, and environment-specific tools to protect different parts of their application landscape. While each solution may address a particular need, together they can create fragmented security architectures. This fragmentation leads to inconsistent policies, duplicated alerts, limited visibility, and increased manual effort. </p><p>Security teams must manage multiple tools and workflows, while development teams experience delays when security is applied inconsistently or too late in the process. Both teams are constrained by the same underlying issue: security models that were not designed for modern, distributed application environments.</p><h2>Security Must Move with the Application</h2><p>Modern applications are no longer tied to a single infrastructure model. They are composed of microservices and APIs, deployed through automated pipelines, and distributed across multiple environments.</p><p>Security therefore cannot remain a centralized checkpoint that appears late in the development process. Instead, protection needs to move with the application and operate consistently wherever that application runs.</p><p>This means security controls must function across public cloud environments, private infrastructure, hybrid deployments, Kubernetes clusters, APIs, and the traditional systems that many organizations still rely on.</p><p>DevOps and IT Security teams increasingly recognize this shift. They are not asking for less security. They are asking for security that works the way modern applications work.</p><h2>Securing Applications Anywhere with Thales</h2><p>As application architectures continue to evolve, organizations are no longer dealing with a single security challenge, but with the need to protect applications consistently across every environment they operate in.</p><p>The issue is not just distribution. It is how to secure that distribution without adding more tools, more complexity, or more operational overhead.</p><p>Security strategies built around isolated environments or disconnected tools are no longer sufficient. What is needed is a unified approach that delivers consistent protection, visibility, and control across the entire application landscape.</p><p>Now, the question becomes how to deliver that in practice.</p><p>Many vendors talk about flexibility but still require organizations to choose a single deployment model or manage multiple disconnected solutions. Imperva takes a fundamentally different approach. It meets organizations where they are, supporting multiple deployment models while maintaining a single, unified security experience.</p><p>This includes protection for internet-facing applications and APIs through Imperva Cloud, native integration for public cloud environments (<a href="https://www.imperva.com/products/imperva-for-google-cloud/">Imperva for Google Cloud</a>), container-based deployment for Kubernetes and microservices, and gateway deployment for on-premises, hybrid, and air-gapped environments.</p><p>The key is that all of these deployment options are powered by the same Imperva Security Engine.</p><p>This means one management console, consistent policies across every environment, and unified visibility across the entire application portfolio, regardless of where applications are deployed. Security teams do not need to manage multiple tools or vendors, and DevOps teams do not need to change how they build and deploy applications.</p><p>That is what securing applications anywhere really means.</p><p><strong>Download the whitepaper:</strong> <a href="https://www.imperva.com/resources/resource-library/white-papers/devops-vs-security-breaking-down-the-wall-of-confusion-in-modern-application-delivery/">DevOps vs Security: Breaking Down the Wall of Confusion in Modern Application Delivery</a></p><p>The post <a href="https://www.imperva.com/blog/securing-applications-anywhere-breaking-down-the-wall-of-confusion/">Securing Applications Anywhere: Breaking Down the Wall of Confusion</a> appeared first on <a href="https://www.imperva.com/blog">Blog</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/securing-applications-anywhere-breaking-down-the-wall-of-confusion-2/" data-a2a-title="Securing Applications Anywhere: Breaking Down the Wall of Confusion"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fsecuring-applications-anywhere-breaking-down-the-wall-of-confusion-2%2F&amp;linkname=Securing%20Applications%20Anywhere%3A%20Breaking%20Down%20the%20Wall%20of%20Confusion" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fsecuring-applications-anywhere-breaking-down-the-wall-of-confusion-2%2F&amp;linkname=Securing%20Applications%20Anywhere%3A%20Breaking%20Down%20the%20Wall%20of%20Confusion" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fsecuring-applications-anywhere-breaking-down-the-wall-of-confusion-2%2F&amp;linkname=Securing%20Applications%20Anywhere%3A%20Breaking%20Down%20the%20Wall%20of%20Confusion" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fsecuring-applications-anywhere-breaking-down-the-wall-of-confusion-2%2F&amp;linkname=Securing%20Applications%20Anywhere%3A%20Breaking%20Down%20the%20Wall%20of%20Confusion" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fsecuring-applications-anywhere-breaking-down-the-wall-of-confusion-2%2F&amp;linkname=Securing%20Applications%20Anywhere%3A%20Breaking%20Down%20the%20Wall%20of%20Confusion" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.imperva.com/blog/">Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Grainne McKeever">Grainne McKeever</a>. Read the original post at: <a href="https://www.imperva.com/blog/securing-applications-anywhere-breaking-down-the-wall-of-confusion/">https://www.imperva.com/blog/securing-applications-anywhere-breaking-down-the-wall-of-confusion/</a> </p>

<p><strong>Capital One Software</strong> is expanding its Databolt data security platform with new capabilities aimed at making unstructured data safer to use in analytics and AI initiatives. The company announced the updates at RSAC 2026 in San Francisco.</p><p>The headline feature is a set of upcoming Databolt workflows designed to inspect unstructured formats, including PDFs, emails, transcripts and office documents, then identify and protect personally identifiable information. Capital One Software said the goal is to apply protections such as tokenization in a way that preserves semantic structure, so data remains useful to large language models while reducing exposure.</p><p>“Our goal is to unlock the value of sensitive data by making security seamless across the data lifecycle,” Prashant Prahlad, SVP and head of product at Capital One Software, said in a prepared statement. “With these new innovations, Databolt will help organizations move past the security bottlenecks that act as a barrier to innovation.”</p><p>Alongside the unstructured-data work, Capital One Software outlined additional platform updates. Those include a fully self-hosted deployment option for regulated organizations, enhanced protection policies with granular access controls, and a token analytics dashboard intended to give both technical and non-technical users visibility into system health and throughput.</p><p>The company also described “domains,” a way to logically segment configurations inside a single tenant, and said future releases will expand connectivity for collecting contextual metadata across complex data stacks.</p><p>Cync Software, a Capital One Software customer, positioned Databolt as a way to embed data-centric controls into the data layer. “With Databolt, we are reinforcing a data-centric security approach by embedding security directly into our data layer, reducing risk exposure across our lending and financial platforms,” said Prasad Alapati, CEO and president of Cync Software.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/capital-one-software-expands-databolt-to-protect-unstructured-data-for-ai-use/" data-a2a-title="Capital One Software Expands Databolt to Protect Unstructured Data for AI Use"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcapital-one-software-expands-databolt-to-protect-unstructured-data-for-ai-use%2F&amp;linkname=Capital%20One%20Software%20Expands%20Databolt%20to%20Protect%20Unstructured%20Data%20for%20AI%20Use" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcapital-one-software-expands-databolt-to-protect-unstructured-data-for-ai-use%2F&amp;linkname=Capital%20One%20Software%20Expands%20Databolt%20to%20Protect%20Unstructured%20Data%20for%20AI%20Use" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcapital-one-software-expands-databolt-to-protect-unstructured-data-for-ai-use%2F&amp;linkname=Capital%20One%20Software%20Expands%20Databolt%20to%20Protect%20Unstructured%20Data%20for%20AI%20Use" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcapital-one-software-expands-databolt-to-protect-unstructured-data-for-ai-use%2F&amp;linkname=Capital%20One%20Software%20Expands%20Databolt%20to%20Protect%20Unstructured%20Data%20for%20AI%20Use" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcapital-one-software-expands-databolt-to-protect-unstructured-data-for-ai-use%2F&amp;linkname=Capital%20One%20Software%20Expands%20Databolt%20to%20Protect%20Unstructured%20Data%20for%20AI%20Use" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>Cisco today at the <a href="https://www.rsaconference.com/usa">RSA Conference</a> (RSAC) extended its cybersecurity portfolio to <a href="https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m03/cisco-reimagines-security-for-the-agentic-workforce.html">secure artificial intelligence (AI) agents</a> while at the same time employing AI to automate security operations.</p><p>At the core of that effort are extensions to the Cisco Duo identity and access management (IAM) platform that make it possible to discover them and apply security policies via a Model Context Protocol (MCP) gateway and the Cisco Secure Access, a security service edge (SSE) platform. That capability will enable cybersecurity teams to assign specific fine-grained permissions that only allow AI agents to access specific resources for a limited amount of time.</p><p>At the same time, Cisco unveiled DefenseClaw, an open source secure agent framework that leverages the OpenShell runtime created by NVIDIA to securely automate the deployment of AI agents. The framework includes tools for scanning code created using AI skills tools and MCP integrations along with an AI bill of materials (AI BOM) and CodeGuard, a set of rules for embedding best security practices into an AI agent. DefenseClaw makes it possible for cybersecurity teams to both verify MCP servers and inventory every AI asset.</p><p>Additionally, Cisco is making available an Explorer Edition of Cisco AI Defense, a lower cost version of an existing platform that enables cybersecurity teams to test AI models and applications in a way that can be integrated with multiple continuous integration/continuous delivery (CI/CD) platforms and application development platforms. Cisco also launched an Agent Runtime Software Development Kit (SDK) that can be used to embed security policies into software builds.</p><p>Finally, Cisco is expanding its Splunk Enterprise Security for managing security operations by adding an ability to continually analyze risk scores and relationships between IT assets. There are now a set of specialized AI agents to automate a range of tasks, including incident response and the building of automations that can be used to remediate an issue. There is also now a federated search tool that makes it simpler for cybersecurity teams to correlate data across multiple IT environments.</p><p>Jeff Shultz, senior vice president for portfolio strategy at Cisco, said in general Cisco is trying to fill three AI gaps that are emerging around infrastructure, trust and telemetry data. While interest in AI agents is high, many organizations are hesitant to deploy AI agents in a production environment.</p><p>In fact, a <a href="https://www.cisco.com/c/dam/m/digital/usc/Security-Advisory-Board/Agentic_AI_Infographic.pdf">recent Cisco survey</a> finds that while 85% work for organizations that are experimenting with AI agents, only 5% have thus far deployed them in a production environment.</p><p>Nevertheless, AI agent adoption is expected to rapidly accelerate and there is little time to replicate the security that has been provided to protect humans to AI agents, noted Shultz.</p><p>Just about every cybersecurity team will eventually need to find a way to secure AI agents, but for now adoption is exceeding the pace at which they are able to respond to yet another emerging technology. Unfortunately, that also makes it probable there will soon be multiple cybersecurity incidents involving AI agents that, for example, are subject to prompt injection attacks that are relatively trivial to create and launch. While cybersecurity teams will need time and funding to put the proper controls in place, it’s also certain that their incident response capabilities are also about to be put to the ultimate test.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/cisco-extends-security-reach-to-ai-agents/" data-a2a-title="Cisco Extends Security Reach to AI Agents"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcisco-extends-security-reach-to-ai-agents%2F&amp;linkname=Cisco%20Extends%20Security%20Reach%20to%20AI%20Agents" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcisco-extends-security-reach-to-ai-agents%2F&amp;linkname=Cisco%20Extends%20Security%20Reach%20to%20AI%20Agents" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcisco-extends-security-reach-to-ai-agents%2F&amp;linkname=Cisco%20Extends%20Security%20Reach%20to%20AI%20Agents" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcisco-extends-security-reach-to-ai-agents%2F&amp;linkname=Cisco%20Extends%20Security%20Reach%20to%20AI%20Agents" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcisco-extends-security-reach-to-ai-agents%2F&amp;linkname=Cisco%20Extends%20Security%20Reach%20to%20AI%20Agents" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>SandboxAQ used the opening day of RSAC 2026 to broaden what it calls AI security posture management for enterprises, announcing new AQtive Guard capabilities aimed at finding and controlling AI systems that security teams often do not know are running.</p><p>In a March 23 press release, the company said the release expands AQtive Guard discovery and monitoring across AI models, AI agents, Model Context Protocol (MCP) servers and third-party AI services used in applications and by employees. It framed the update around two common scenarios: product teams embedding AI into applications and organizations rolling out AI tools for workforce productivity.</p><p>The release centers on new guardrails intended to enforce policies on both inbound prompts and outbound responses at runtime. SandboxAQ said the goal is to reduce prompt-injection exposure and prevent unauthorized data leakage through AI-enabled apps.</p><p>The company also added MCP risk analysis, which it described as using an autonomous security agent to evaluate the risk of MCP servers, and posture reporting features designed to support governance and regulatory requirements, including alignment with frameworks such as the EU AI Act.</p><p>AQtive Guard is also adding cloud scanning intended to detect AI models and agents deployed across cloud environments to help surface what the company called shadow AI usage.</p><p>"AI is becoming embedded in critical enterprise workflows and infrastructure," said Marc Manzano, general manager at SandboxAQ. "Without proper oversight, organizations risk data leakage, prompt injection attacks, or autonomous agents taking actions across enterprise systems without security teams realizing it."</p><p>SandboxAQ said the new capabilities are available to select customers now, with broader availability planned for later in 2026. The company plans to demonstrate the update at RSAC 2026 in San Francisco.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/sandboxaq-adds-runtime-guardrails-mcp-risk-analysis-to-aqtive-guard-ahead-of-rsac-2026/" data-a2a-title="SandboxAQ Adds Runtime Guardrails, MCP Risk Analysis to AQtive Guard Ahead of RSAC 2026"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fsandboxaq-adds-runtime-guardrails-mcp-risk-analysis-to-aqtive-guard-ahead-of-rsac-2026%2F&amp;linkname=SandboxAQ%20Adds%20Runtime%20Guardrails%2C%20MCP%20Risk%20Analysis%20to%20AQtive%20Guard%20Ahead%20of%20RSAC%202026" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fsandboxaq-adds-runtime-guardrails-mcp-risk-analysis-to-aqtive-guard-ahead-of-rsac-2026%2F&amp;linkname=SandboxAQ%20Adds%20Runtime%20Guardrails%2C%20MCP%20Risk%20Analysis%20to%20AQtive%20Guard%20Ahead%20of%20RSAC%202026" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fsandboxaq-adds-runtime-guardrails-mcp-risk-analysis-to-aqtive-guard-ahead-of-rsac-2026%2F&amp;linkname=SandboxAQ%20Adds%20Runtime%20Guardrails%2C%20MCP%20Risk%20Analysis%20to%20AQtive%20Guard%20Ahead%20of%20RSAC%202026" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fsandboxaq-adds-runtime-guardrails-mcp-risk-analysis-to-aqtive-guard-ahead-of-rsac-2026%2F&amp;linkname=SandboxAQ%20Adds%20Runtime%20Guardrails%2C%20MCP%20Risk%20Analysis%20to%20AQtive%20Guard%20Ahead%20of%20RSAC%202026" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fsandboxaq-adds-runtime-guardrails-mcp-risk-analysis-to-aqtive-guard-ahead-of-rsac-2026%2F&amp;linkname=SandboxAQ%20Adds%20Runtime%20Guardrails%2C%20MCP%20Risk%20Analysis%20to%20AQtive%20Guard%20Ahead%20of%20RSAC%202026" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>Straiker arrived at RSAC 2026 with two products aimed squarely at the growing security gap in enterprise AI deployments: Discover AI, a new agent inventory and risk detection tool, and an expanded version of Defend AI built to handle the specific behaviors of coding agents, productivity agents, and custom-built agent platforms.</p><p>The premise behind both products is direct: “Agents are operating across enterprise systems with broad access, growing autonomy, and zero security oversight.” Straiker is building for that reality.</p><p>Discover AI focuses on finding what most organizations cannot currently see: the AI agents already running across their environments. The product does agent discovery and inventory across coding tools and agent frameworks, runs MCP vulnerability detection against a database of 12,000-plus MCP vulnerabilities, identifies security misconfigurations and hygiene issues, and classifies prompts to flag risky agent behavior before it escalates.</p><p>Defend AI, which launched earlier, has been expanded with new capabilities and is now trained on millions of real-world agent traces. Straiker reports sub-300ms latency and 98%-plus detection accuracy. New integrations allow deployment in monitoring mode via API with Amazon Bedrock AgentCore, Azure AI Foundry, and Microsoft Copilot Studio, and an inline gateway mode supports active blocking when monitoring is not enough.</p><p>The MCP and tool-chain risk detection built into Defend AI addresses one of the faster-moving attack surfaces in enterprise security right now. As organizations wire up AI agents to production systems through tool integrations and MCP servers, the risk profile of those connections has outpaced most security team awareness.</p><p>Straiker’s approach, combining discovery coverage with a high-accuracy enforcement layer, positions it as an early infrastructure play in what is becoming a crowded but still largely unsolved market.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/straiker-launches-discover-ai-and-expands-defend-ai-to-secure-enterprise-agent-deployments/" data-a2a-title="Straiker Launches Discover AI and Expands Defend AI to Secure Enterprise Agent Deployments"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fstraiker-launches-discover-ai-and-expands-defend-ai-to-secure-enterprise-agent-deployments%2F&amp;linkname=Straiker%20Launches%20Discover%20AI%20and%20Expands%20Defend%20AI%20to%20Secure%20Enterprise%20Agent%20Deployments" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fstraiker-launches-discover-ai-and-expands-defend-ai-to-secure-enterprise-agent-deployments%2F&amp;linkname=Straiker%20Launches%20Discover%20AI%20and%20Expands%20Defend%20AI%20to%20Secure%20Enterprise%20Agent%20Deployments" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fstraiker-launches-discover-ai-and-expands-defend-ai-to-secure-enterprise-agent-deployments%2F&amp;linkname=Straiker%20Launches%20Discover%20AI%20and%20Expands%20Defend%20AI%20to%20Secure%20Enterprise%20Agent%20Deployments" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fstraiker-launches-discover-ai-and-expands-defend-ai-to-secure-enterprise-agent-deployments%2F&amp;linkname=Straiker%20Launches%20Discover%20AI%20and%20Expands%20Defend%20AI%20to%20Secure%20Enterprise%20Agent%20Deployments" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fstraiker-launches-discover-ai-and-expands-defend-ai-to-secure-enterprise-agent-deployments%2F&amp;linkname=Straiker%20Launches%20Discover%20AI%20and%20Expands%20Defend%20AI%20to%20Secure%20Enterprise%20Agent%20Deployments" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>The U.S. Justice Department’s (DOJ) dismantling of the infrastructure behind four botnets used by range of bad actors should put a dent into the rising numbers of distributed denial-of-service (DDoS) attacks, but security experts are warning that the threat isn’t dissipating.</p><p>The DOJ announced late last week that the command-and-control (C2) infrastructure that was taken down was used for Internet of Things (IoT) botnets – <a href="https://securityboulevard.com/2025/11/microsoft-fends-off-massive-ddos-attack-by-aisuru-botnet-operators/" target="_blank" rel="noopener">Aisuru</a>, KimWolf, JackSkid, and Mossad – that comprised more than 3 million devices and were used in hundreds of thousands of <a href="https://securityboulevard.com/2025/08/digicert-discloses-details-of-two-massive-ddos-attacks/" target="_blank" rel="noopener">DDoS attacks</a>, including some massive attacks that measured more than 30 terabits-per-second.</p><p>The IoT devices that comprise the botnets – hundreds of thousands of which were located in the United States – included digital recorders, web cameras, and WiFi routers, all of which were controlled by the botnet operators that then sold access to the devices to other threat actors via a cybercrime-as-a-service model.</p><p>The U.S. operation was run in parallel with law enforcement efforts in Canada and Germany, which the DOJ said targeted the operators of the botnets. At the same time, a range of private companies and nonprofit organizations – including Amazon Web Services (AWS), Cloudflare, DigitalOcean, Nokia, Okta, and The Shadowserver Foundation – helped with the investigation.</p><p>Rebecca Day, special agent in charge of the FBI’s Anchorage, Alaska, field office, <a href="https://www.justice.gov/usao-ak/pr/authorities-disrupt-worlds-largest-iot-ddos-botnets-responsible-record-breaking-attacks" target="_blank" rel="noopener">said in a statement</a> that “this operation reflects the strength of that collaboration and our shared commitment to combatting cybercrime and protecting victims worldwide.”</p><h3>Significant Disruption, but Not Victory</h3><p>Security pros applauded the FBI’s operation, with Cequence Security CISO Randolph Barr calling it a “meaningful disruption.”</p><p>That said, Barr added that perspective is important, noting that the botnets are offered through commercial DDoS-as-a-service platforms, which means that the more than 3 million compromised IoT devices that enabled more than 30 Tbps attacks were broadly available and commoditized the high level of disruption they wrought.</p><p>“The key takeaway here is that while infrastructure was disrupted, the devices and business model remain, so reconstitution is likely,” he said.</p><p>That sentiment was echoed by Crystal Morin, senior cybersecurity strategist at Sysdig.</p><p>“While this botnet takedown is significant, we must not confuse disruption with victory,” Morin said. “These botnets show just how easy it is to weaponize poorly maintained IoT devices on a massive scale. This takedown operation removes infrastructure and buys defenders time, but it doesn’t fix the underlying problem.”</p><p>That includes the fact that “botnet operators will also likely rebuild and return under new pseudonyms, starting again exactly where they left off,” she said. “The victimized IoT devices have not been magically secured, and therefore, threat actors can just retarget them. Rescaling has been simplified by and large with AI. The reset button was pushed, certainly, but the ecosystem still heavily favors the attackers.”</p><h3>DDoS a Continuing and Growing Problem</h3><p>DDoS attacks continue to be a problem. In a report late last year focusing on the third quarter, Cloudflare researchers wrote that the company’s autonomous defenses blocked a total of 8.3 million such attacks – an average of almost 3,700 an hour – and that the number of DDoS attacks <a href="https://blog.cloudflare.com/ddos-threat-report-2025-q3/#:~:text=Attack%20characteristics,the%20duration%20of%20the%20attack." target="_blank" rel="noopener">grew 40% year-over-year</a>.</p><p>A key issue is that “IoT devices are generally treated as ‘set-it-and-forget-it’ technology when they should be cared for more like smartphones and laptops, regularly updated and monitored,” Morin said.</p><p>She added that organizations need to shift to an “assume breach” strategy that includes unmanaged and risky endpoints that operation outside of traditional office boundaries, sahing that “a real-time approach to security has to be non-negotiable. That means strictly segmenting corporate access from consumer-grade hardware and prioritizing real-time behavioral detection to catch anomalous signals, such as proxying or identity misuse at the network level.”</p><p>Cequence’s Barr said mitigation efforts should focus on cloud-scale protection against DDoS attacks, with API and application-layer defenses as well as reducing the exposure to IoT and residential proxy abuse.</p><p>“This is less about one botnet and more about DDoS becoming an on-demand attacker utility,’ he said.</p><h3>Defense Operations Targeted</h3><p>As part of the DOJ operation, the U.S. Department of Defense Office of Inspector General’s (DoDIG) Defense Criminal Investigative Service (DCIS) executed seizure warrants of multiple U.S.-registered internet domains, virtual servers, and other infrastructure that the agency suspects were used in DDoS attacks against the Department of Defense Information Network (DoDIN).</p><p>Barr said no evidence linked the DDoS activity to Iran or linked to the rise in DDoS activity during the U.S. and Israeli war against the country, and that the botnets were being investigated as part of a cybercrime ecosystem. That said, he added that any bad actor – including those linked to nation-states – could rent it.</p><p>Sysdig’s Morin called any attribution to the Middle East fighting as “speculative at best.” The Mossad botnet was able to launch about 1,000 commands before becoming part of the law enforcement takedown, so it’s likely a new operation, and that naming a botnet after an enemy like Israel’s intelligence agency is a way that Middle Eastern threat actors jab back at their foes.</p><p>“But naming alone is a weak justification for attribution,” she said.</p><p>Morin pointed out that the Aisuru botnet was identified long before the war in Iran started February 28 and that Aisuru, KimWolf, and JackSkid each are variants of the well-known Mirai botnet.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/doj-disrupts-botnets-but-ddos-threats-remain-security-pros-warn/" data-a2a-title="DOJ Disrupts Botnets, But DDoS Threats Remain, Security Pros Warn"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdoj-disrupts-botnets-but-ddos-threats-remain-security-pros-warn%2F&amp;linkname=DOJ%20Disrupts%20Botnets%2C%20But%20DDoS%20Threats%20Remain%2C%20Security%20Pros%20Warn" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdoj-disrupts-botnets-but-ddos-threats-remain-security-pros-warn%2F&amp;linkname=DOJ%20Disrupts%20Botnets%2C%20But%20DDoS%20Threats%20Remain%2C%20Security%20Pros%20Warn" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdoj-disrupts-botnets-but-ddos-threats-remain-security-pros-warn%2F&amp;linkname=DOJ%20Disrupts%20Botnets%2C%20But%20DDoS%20Threats%20Remain%2C%20Security%20Pros%20Warn" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdoj-disrupts-botnets-but-ddos-threats-remain-security-pros-warn%2F&amp;linkname=DOJ%20Disrupts%20Botnets%2C%20But%20DDoS%20Threats%20Remain%2C%20Security%20Pros%20Warn" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fdoj-disrupts-botnets-but-ddos-threats-remain-security-pros-warn%2F&amp;linkname=DOJ%20Disrupts%20Botnets%2C%20But%20DDoS%20Threats%20Remain%2C%20Security%20Pros%20Warn" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>