Technology

Cudi Zerey writes in his IWC Perspectivesarticle, “The Kurds of Iran as a Strategic Factor in Western Approaches to a Changing Islamic Republic,” that Iranian Kurds represent an underutilized strateg… [+3956 chars]

Facephi Ends 2025 with Solid Performance Across All Key Metrics: Double-Digit Revenue and Tripple-Digit EBITDA Growth. It Returns to Profitability <ul><li>2025: a catalyst year, marking the transfor… [+6208 chars]

<p>The cybersecurity industry has never suffered a shortage of <a href="https://securityboulevard.com/2026/03/ai-governance-guide-principles-frameworks/" target="_blank" rel="noopener">frameworks</a>. What it has historically lacked is frameworks with enough institutional weight to function as genuine market signals — documents that procurement teams, auditors, and regulators treat as meaningful rather than decorative. The Cloud Security Alliance’s STAR program has been one of the rare exceptions, and understanding why matters enormously as CSA now extends that machinery into artificial intelligence.</p><p>STAR (Security, Trust, Assurance, and Risk) has operated for years as the cloud security industry’s most recognized assurance benchmark. At its core, the program gives cloud service providers a structured mechanism to document their security postures through two distinct tiers. At Level 1, organizations complete a self-assessment using the Consensus Assessments Initiative Questionnaire mapped against CSA’s Cloud Controls Matrix — a public declaration of what controls they have implemented and how. At Level 2, organizations earn third-party certification or attestation, layering independent validation on top of self-reported posture. The STAR Registry, which now hosts more than 3,400 assessments globally, functions as a public reference database that enterprise procurement teams actively use to evaluate vendors.</p><p>The program’s value proposition is deceptively simple: It replaces the exhausting one-to-one assessment dynamic — where every enterprise individually interrogates every vendor — with a standardized, publicly accessible disclosure mechanism. For vendors, a STAR listing signals security maturity without requiring them to answer the same questionnaire a thousand times. For buyers, the registry creates a consistent comparison surface across a fragmented vendor landscape. That dynamic, once established for cloud security, proved durable enough to survive regulatory evolution across GDPR, NIS2, DORA, and PCI DSS v4. STAR didn’t become irrelevant as regulation intensified; it became more relevant because regulators recognized it as evidence of systematic governance rather than ad hoc compliance.</p><p>CSA launched STAR for AI in October 2025, extending this same architecture into artificial intelligence through the AI Controls Matrix — a framework of 243 control objectives spanning 18 security domains, purpose-built for the unique risk profile of generative AI and large language model systems. The AICM maps to ISO 42001, NIST AI RMF, the EU AI Act, and ISO 27001, giving organizations a single framework with multi-jurisdictional compliance reach. The same two-tier model applies: Level 1 through the AI-CAIQ self-assessment, and Level 2 through a combination of ISO 42001 third-party certification and CSA’s Valid-AI-ted automated scoring engine. The CSO Awards recognized the AICM as a 2026 winner — meaningful validation from an audience of enterprise security decision-makers. Anthropic, Microsoft, Sierra, and Zendesk have already submitted to the registry, with Microsoft and Zendesk achieving full Level 2 certification within weeks of the program’s launch.</p><p>Now, CSA is preparing to go further. The CSAI Foundation — a new 501(c)(3) nonprofit spun out of CSA’s AI safety work — announced the STAR for AI Catastrophic Risk Annex in late April, targeting the failure modes that the existing AICM doesn’t yet fully address: autonomous system behavior, uncontrolled escalation, loss of human oversight, and systemic failures at cloud scale. These aren’t theoretical concerns in a boardroom slide deck anymore. They’re the operational realities that agentic AI deployments are producing right now, and the current control vocabulary isn’t calibrated to assess them in real environments.</p><p>The Annex rolls out across four phases through the end of 2027. Phase 1, launching this June, translates catastrophic risk scenarios into auditable control language covering autonomy limits, tool governance, and containment mechanisms. Phase 2 develops the validation protocols and testing criteria that determine whether those controls hold under adversarial pressure — jailbreaks, escalation attempts, rollback failures. Phase 3 runs pilot assessments with AI labs, enterprises, and cloud providers to validate the controls in production environments. Phase 4 publishes STAR Registry entries and a State of Catastrophic AI Risk Controls Report, creating the benchmarking infrastructure the market currently lacks. The timeline is deliberate: The goal is to deliver auditable controls for the highest-impact AI risk scenarios before agentic deployments at enterprise scale make those controls significantly harder to retrofit.</p><p>Here’s where the story gets complicated. The organizations currently in the STAR for AI registry are exactly the organizations you’d expect to move first — hyperscalers, AI platform companies, and enterprise SaaS vendors with compliance infrastructure already in place. What’s conspicuously absent is the growing ecosystem of purpose-built agentic AI security vendors: The companies building MCP gateways, AI behavior monitoring platforms, NHI governance tools, and API threat detection capabilities specifically designed to address the control gaps that STAR for AI and the Catastrophic Risk Annex are now trying to codify.</p><p>That absence creates a legitimacy problem the industry needs to resolve quickly. If the vendors selling agentic AI security controls aren’t themselves submitting to the frameworks that define and validate those controls, then the assurance ecosystem fragments before it ever coheres. Enterprise buyers deserve to evaluate their agentic AI security vendors against the same standards those vendors claim to enforce. The Catastrophic Risk Annex provides the framework. Will the security industry treat it as a credentialing opportunity or watch it become another compliance artifact that applies to everyone except the people selling compliance?</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/frameworks-dont-build-trust-adoption-does/" data-a2a-title="Frameworks Don’t Build Trust. Adoption Does"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fframeworks-dont-build-trust-adoption-does%2F&amp;linkname=Frameworks%20Don%E2%80%99t%20Build%20Trust.%20Adoption%20Does" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fframeworks-dont-build-trust-adoption-does%2F&amp;linkname=Frameworks%20Don%E2%80%99t%20Build%20Trust.%20Adoption%20Does" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fframeworks-dont-build-trust-adoption-does%2F&amp;linkname=Frameworks%20Don%E2%80%99t%20Build%20Trust.%20Adoption%20Does" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fframeworks-dont-build-trust-adoption-does%2F&amp;linkname=Frameworks%20Don%E2%80%99t%20Build%20Trust.%20Adoption%20Does" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fframeworks-dont-build-trust-adoption-does%2F&amp;linkname=Frameworks%20Don%E2%80%99t%20Build%20Trust.%20Adoption%20Does" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>The post <a href="https://blog.gitguardian.com/local-guardrails-for-secrets-security/">Local Guardrails for Secrets Security in the Age of AI Coding Assistants</a> appeared first on <a href="https://blog.gitguardian.com/">GitGuardian Blog – Take Control of Your Secrets Security</a>.</p><p><img decoding="async" src="https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/2026/05/local-scan.png" alt="Local Guardrails for Secrets Security in the Age of AI Coding Assistants"></p><p>Software supply chain security used to feel like a problem that lived somewhere else.</p><p>The repository and build system were top of mind. Package registries, continuous integration and continuous delivery pipelines, release automation, cloud platforms, and artifact stores also became the focus of concern. These still matter and need protection, but the attack surface has shifted closer to where developers work every day.</p><p>The developer laptop is no longer just the place where code gets written. It is part of the supply chain.</p><p>The security implications are easy to underestimate. A modern workstation touches source code, package managers, cloud accounts, registry tokens, secure shell keys, service accounts, build scripts, artificial intelligence coding assistants, terminals, local caches, and environment files. It is where credentials are created, copied, tested, logged, and too often forgotten.</p><p>Attackers understand this. They are not only looking for a vulnerable production service or a poisoned build step. They are looking for the access material that lets one system trust another.</p><p>We have to update our defense models. Security cannot wait until code reaches a remote repository or a pipeline. By then, a credential may already be in Git history, a model prompt, a local log, a build artifact, or a package install script’s reach.</p><p>The control point has to move earlier in the software creation process.</p><h2 id="the-common-thread-is-credential-theft"><strong>The Common Thread Is Credential Theft</strong></h2><p><a href="https://blog.gitguardian.com/tag/breach-explained/"><u>GitGuardian's recent breach research</u></a> points to a clear pattern across software supply chain attacks: attackers increasingly target the credentials embedded in developer workflows.</p><p>In April 2026, we analyzed three supply chain campaigns that affected <a href="https://blog.gitguardian.com/three-supply-chain-campaigns-hit-npm-pypi-and-docker-hub-in-48-hours/"><u>npm, PyPI, and Docker Hub over a 48-hour period</u></a>. The ecosystems and techniques varied, but the goal was consistent. Each campaign focused on stealing useful credentials from developer environments or continuous integration and delivery pipelines.</p><p>One compromised npm package used a postinstall hook to steal npm publish tokens, then used that access to publish infected versions of packages the victim could reach. A PyPI campaign harvested secure shell keys, cloud credentials, environment variables, and crypto wallets. Across those campaigns, the attacker’s objective was clearly to collect valid access and use it to reach the next system.</p><p>This is what makes the problem so damaging.</p><h3 id="developers-are-attractive-targets">Developers Are Attractive Targets</h3><p>A developer may have access to source control, cloud accounts, package registries, artifact stores, staging environments, incident tools, and internal application programming interfaces. A build runner may hold deployment credentials, package publishing tokens, and access to production-adjacent infrastructure. One exposed token can become a bridge across several layers of the delivery process.</p><p>That is why credential exposure is different from many other bugs. An attacker does not always need to exploit a software flaw, maintain persistence, or modify production code. Sometimes, authenticated access is enough. Sometimes, a short-lived foothold on a developer machine can uncover a credential with broader reach.</p><p><a href="https://www.gitguardian.com/state-of-secrets-sprawl-report-2026?ref=blog.gitguardian.com"><u>The GitGuardian 2026 State of Secrets Sprawl report</u></a> makes the scale of the situation clear. We found over 28.6 million new secrets detected in public GitHub commits in 2025, a 34 percent year-over-year increase. Internal repositories are roughly six times more likely than public repositories to contain hardcoded credentials. About 28% of incidents originate entirely outside repositories, in collaboration systems such as Slack, Jira, and Confluence. </p><p>The repository is no longer the boundary. If a secret can be found on the machine in plaintext, it is likely to spread elsewhere in plaintext and be usable by anyone who finds it. </p><h2 id="the-workstation-now-holds-too-much-context-to-ignore"><strong>The Workstation Now Holds Too Much Context To Ignore</strong></h2><p>Developer laptops are attractive because they contain context.</p><p>They hold source trees, dotfiles, shell history, local environment files, integrated development environment settings, package manager configuration, build artifacts, terminal output, AI agent logs, and temporary debugging notes. Many of these files are invisible during normal review. Many never leave the machine. Some sit in directories that developers rarely inspect.</p><p>That makes local exposure difficult to manage with repository-only controls.</p><p>A credential can appear in a <code>.env</code> file, get printed into terminal history, land inside a test config, show up in build output, or be copied into an AI prompt during troubleshooting. None of that requires a malicious commit. None of it necessarily triggers a centralized scanner. Yet each moment can create real access risk.</p><p>We need, as an industry, to scan the places where credentials are collected outside Git. Project workspaces, dotfiles, build output, and agent folders can all store copied tokens, configuration blocks, troubleshooting output, and cached context. Attackers harvest this local data because it can lead directly to valid access.</p><p>The Shai-Hulud data gives that concern weight. Across <a href="https://blog.gitguardian.com/honeytokens-on-the-developer-workstation/#:~:text=In%20the%202026%20State%20of%20Secrets%20Sprawl%20report%2C%20we%20showed%20that%20across%206%2C943"><u>6,943 compromised machines, it found 33,185 unique credentials</u></a>, with at least 3,760 still valid when first checked. That is not a theoretical workstation problem. It is a practical attacker workflow.</p><p>Compromise the machine. Search the context. Extract the access. Move on.</p><p>The workstation has become a security boundary because so many tools assume the local environment is trusted. Package managers run install scripts. Extensions read project files. Terminals expose environment variables. Local automation touches real systems. AI agents can read files, run commands, and summarize outputs.</p><p>Each of those actions may be useful, but each can also become a path for accidental exposure or malicious instruction.</p><p>AI-assisted development adds a newer layer to the same problem. AI coding tools now work closer to the developer’s files, terminal, editor, and environment variables. A prompt can contain a credential. A tool can call and read a sensitive file. A generated command can print access material into logs or model context. An agent can combine harmless-looking steps into a risky action.</p><p>The exposure surface is no longer just human typing plus code review. It now includes the interaction between humans, local tools, automated agents, and external services. And as we found in our report, more people are using coding assistants, and many of them that do let the agent <a href="https://www.gitguardian.com/state-of-secrets-sprawl-report-2026?ref=blog.gitguardian.com#:~:text=Claude%20Code%20co-authored"><u>co-author their commits are leaking twice as many secrets per commit</u></a>. </p><p>Security controls have to meet the workflow where it actually happens.</p><h2 id="earlier-checkpoints-reduce-damage"><strong>Earlier Checkpoints Reduce Damage</strong></h2><p>Traditional supply chain controls still matter. Teams still need source control protections, dependency scanning, secure continuous integration and delivery, artifact integrity, release controls, and production deployment guardrails.</p><p>But those controls often fire after the risky moment has already happened.</p><p>A developer may have created a local file with a credential. An AI assistant may have received sensitive context. A package install script may have read environment variables. A token may have entered local Git history before it ever reaches a remote repository.</p><p>Rotating a credential after it reaches a shared repository can become a full incident response exercise. Someone has to identify ownership, revoke the credential, issue a replacement, check usage, test dependent applications, review access, clean history where possible, and document the event. That work is necessary, but it is expensive.</p><p>Catching the same issue while the developer is still editing a file is simpler. Remove it. Replace it with a safe reference. Keep moving.</p><p>The strongest model treats credential detection as a continuous developer-side control, not an occasional cleanup task. The tool has to sit where developers already work: in the editor, in Git hooks, in the terminal, and inside AI coding workflows.</p><h2 id="protecting-your-developers-secrets">Protecting Your Developers' Secrets</h2><p><a href="https://github.com/gitguardian/ggshield?ref=blog.gitguardian.com"><u>ggshield is the GitGuardian</u></a> command-line interface for scanning developer workflows. You can run ggshield locally or in continuous integration environments, where it provides guardrails across the software development lifecycle and detects hundreds of types of hardcoded credentials.</p><p>A local scan catches problems before code moves into shared infrastructure. A continuous integration scan catches problems after code leaves the laptop. A pre-receive hook can prevent a secret from being pushed to a shared repo or system. Using the same tooling across these points gives teams consistency without forcing developers into a separate security process.</p><h3 id="git-hooks-add-another-layer-of-protection">Git Hooks Add Another Layer Of Protection</h3><p><a href="https://docs.gitguardian.com/ggshield-docs/integrations/git-hooks/pre-commit?ref=blog.gitguardian.com"><u>Using gghsield pre-commit hooks</u></a> means a scan runs before Git creates a commit. Teams can configure it through the pre-commit framework, install it locally for specific repositories, or install it globally across current and future repositories on a developer workstation.</p><p>The global option is important. Not every leak happens in the main codebase. Temporary repositories, test folders, side projects, cloned examples, and one-off experiments all create exposure. A repository-by-repository rollout leaves gaps. A global hook gives the developer machine a broader default.</p><p><a href="https://docs.gitguardian.com/ggshield-docs/integrations/git-hooks/pre-push?ref=blog.gitguardian.com"><u>A pre-push hook</u></a> catches a later moment. It runs before code leaves the machine for a remote repository. GitGuardian documents local, framework-based, and global installation modes for this control as well. Together, pre-commit and pre-push hooks create two useful gates: one before local history becomes durable, and one before code reaches shared infrastructure.</p><h3 id="finding-secrets-on-save">Finding Secrets On Save</h3><p><a href="https://blog.gitguardian.com/visual-studio-code-extension/"><u>GitGuardian’s VS Code extension</u></a> uses the bundled ggshield command-line interface to scan code as developers write or modify it. A scan is run automatically on saving a file. Findings are shown instantly and directly inside the editor through code annotations, status bar warnings, and the Problems panel. This extension also works with Cursor, Antigravity, and Windsurf. </p><figure class="kg-card kg-image-card kg-card-hascaption"><img decoding="async" src="https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/2026/05/data-src-image-cf255d5b-a1b1-4afa-b9c9-b33710daf583.png" class="kg-image" alt="Local Guardrails for Secrets Security in the Age of AI Coding Assistants" loading="lazy" width="2000" height="1305" srcset="https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/size/w600/2026/05/data-src-image-cf255d5b-a1b1-4afa-b9c9-b33710daf583.png 600w, https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/size/w1000/2026/05/data-src-image-cf255d5b-a1b1-4afa-b9c9-b33710daf583.png 1000w, https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/size/w1600/2026/05/data-src-image-cf255d5b-a1b1-4afa-b9c9-b33710daf583.png 1600w, https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/2026/05/data-src-image-cf255d5b-a1b1-4afa-b9c9-b33710daf583.png 2048w" sizes="auto, (min-width: 720px) 720px"><figcaption><span style="white-space: pre-wrap;">GitGuardian VS Code Extension in action</span></figcaption></figure><p>Security controls fail when they are too late, too noisy, or too far away from the mistake. A good local control gives feedback in context. It explains what happened. It helps the developer fix the issue before it becomes a ticket, a broken build, or an incident.</p><h2 id="ai-tools-need-guardrails-at-the-handoff-points"><strong>Ai Tools Need Guardrails At The Handoff Points</strong></h2><p>AI coding tools deserve special attention because they change where leakage can occur.</p><p>An AI workflow may expose sensitive material before code exists as a file. A developer might paste a credential into a prompt while debugging. An agent might read a local configuration file. A tool call might execute a command that prints environment variables. Output from that command might then move into the model context or local logs.</p><p>That is a different path than traditional source code leakage.</p><p>GitGuardian’s AI coding tools integration addresses this by placing controls inside the hook systems of tools such as Cursor, Claude Code, and VS Code with GitHub Copilot. The integration scans three stages: prompt submission, pre-tool use, and post-tool use.</p><figure class="kg-card kg-image-card"><img decoding="async" src="https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/2026/05/data-src-image-bedb237e-9322-4e14-8ed5-17a4fcea673d.png" class="kg-image" alt="Local Guardrails for Secrets Security in the Age of AI Coding Assistants" loading="lazy" width="2000" height="1171" srcset="https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/size/w600/2026/05/data-src-image-bedb237e-9322-4e14-8ed5-17a4fcea673d.png 600w, https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/size/w1000/2026/05/data-src-image-bedb237e-9322-4e14-8ed5-17a4fcea673d.png 1000w, https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/size/w1600/2026/05/data-src-image-bedb237e-9322-4e14-8ed5-17a4fcea673d.png 1600w, https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/2026/05/data-src-image-bedb237e-9322-4e14-8ed5-17a4fcea673d.png 2048w" sizes="auto, (min-width: 720px) 720px"></figure><p>Prompt submission scanning checks content before it reaches the model and blocks the prompt when credentials are found. Pre-tool use scanning checks commands, file reads, and Model Context Protocol calls before execution, blocking risky actions before they run. Post-tool use scanning checks outputs after execution and sends a desktop notification when credentials appear.</p><p>That structure fits how agentic tools operate.</p><p>The risky moment may be a prompt. It may be a file read. It may be a shell command. It may be the output of a tool the developer did not manually inspect. A repository-only control sees too little of this flow. A hook inside the AI workflow can stop exposure at the handoff point.</p><p>The editor catches the issue while the developer writes. AI hooks catch sensitive material before prompts, tool calls, or outputs move it somewhere risky. Git hooks catch credentials before they enter commit history or leave the laptop. Continuous integration and server-side controls provide backup once code reaches shared systems.</p><h2 id="layered-prevention-without-forcing-a-separate-workflow">Layered Prevention Without Forcing A Separate Workflow</h2><p>Developer environments are now connected, automated, and increasingly assisted by tools that can act on local context. Security has to account for that reality. Waiting for a remote scan is too late for credential exposure.</p><p>The better model is straightforward: find credentials earlier, block them closer to where they appear, and reduce the chance that a developer's laptop becomes the easiest path into the software supply chain.</p><p>GitGuardian’s ggshield, IDE extensions, AI hooks, and Git hooks all point toward that model. They bring detection into the places developers already use, rather than asking developers to leave their workflow for security. They reduce the time between mistakes and feedback. They give teams a consistent detection engine across local development, AI-assisted coding, Git workflows, and automation.</p><p>The supply chain now includes the workstation.</p><p>Treat it that way.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/local-guardrails-for-secrets-security-in-the-age-of-ai-coding-assistants/" data-a2a-title="Local Guardrails for Secrets Security in the Age of AI Coding Assistants"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Flocal-guardrails-for-secrets-security-in-the-age-of-ai-coding-assistants%2F&amp;linkname=Local%20Guardrails%20for%20Secrets%20Security%20in%20the%20Age%20of%20AI%20Coding%20Assistants" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Flocal-guardrails-for-secrets-security-in-the-age-of-ai-coding-assistants%2F&amp;linkname=Local%20Guardrails%20for%20Secrets%20Security%20in%20the%20Age%20of%20AI%20Coding%20Assistants" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Flocal-guardrails-for-secrets-security-in-the-age-of-ai-coding-assistants%2F&amp;linkname=Local%20Guardrails%20for%20Secrets%20Security%20in%20the%20Age%20of%20AI%20Coding%20Assistants" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Flocal-guardrails-for-secrets-security-in-the-age-of-ai-coding-assistants%2F&amp;linkname=Local%20Guardrails%20for%20Secrets%20Security%20in%20the%20Age%20of%20AI%20Coding%20Assistants" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Flocal-guardrails-for-secrets-security-in-the-age-of-ai-coding-assistants%2F&amp;linkname=Local%20Guardrails%20for%20Secrets%20Security%20in%20the%20Age%20of%20AI%20Coding%20Assistants" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://blog.gitguardian.com/">GitGuardian Blog - Take Control of Your Secrets Security</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Dwayne McDaniel">Dwayne McDaniel</a>. Read the original post at: <a href="https://blog.gitguardian.com/local-guardrails-for-secrets-security/">https://blog.gitguardian.com/local-guardrails-for-secrets-security/</a> </p>

<p>When security teams confront <a href="https://securityboulevard.com/2025/10/the-new-insider-threat-protect-databases-from-ai-agent-risks/" target="_blank" rel="noopener">AI agent risk</a>, they reach for familiar instruments: scan the MCP servers, audit the supply chain, flag known vulnerabilities. That work matters, but it addresses only the observable half of the attack surface. The other half lives not in the code agents execute, but in the reasoning they perform — producing no structured logs, triggering no alerts, and leaving almost no forensic trail. Noma Security’s Spring 2026 research report, <em><a href="https://go.noma.security/lethal-by-design" target="_blank" rel="noopener">Lethal by Design</a></em>, establishes the scope of this asymmetry with uncomfortable precision and proposes a governance framework built around what organizations can actually control.</p><h3><strong>The Fundamental Asymmetry: MCP Servers vs. Skills</strong></h3><p>MCP servers behave deterministically. Each tool exposes structured code functions with defined parameters, predictable outputs, and logged invocations that security tooling can observe, map to known actions, and investigate forensically after the fact.</p><p>Skills operate on entirely different principles. These textual instruction sets load into an agent’s reasoning context, where the language model interprets them based on model state, conversational history, and surrounding context. A security team can observe a Skill loading. What it cannot do is trace a subsequent harmful action — a file deletion, an unauthorized external write — back to the specific Skill instruction that caused it. That causal chain lives entirely inside the model’s reasoning, where no observability framework currently reaches. Organizations governing only their MCP connections have secured the more auditable half of their agent attack surface. The opaque half remains almost entirely ungoverned.</p><h3><strong>The Dominant Risk Framework Has Already Failed in Production</strong></h3><p>Most enterprise security teams rely on Meta’s “<a href="https://ai.meta.com/blog/practical-ai-agent-security/" target="_blank" rel="noopener">Agents Rule of Two</a>,” which holds that an agent becomes dangerous when it simultaneously processes untrusted inputs, accesses sensitive data, and either changes state or communicates externally. Constrain the agent to any two of the three, and you’ve bound the worst consequences of prompt injection.</p><p>Real-world incidents have broken this model. In July 2025, a hacker injected a destructive prompt into the Amazon Q extension for VS Code through a GitHub pull request, directing the agent to wipe the local filesystem and delete AWS cloud resources — with no exfiltration and no external communication involved. Two out of three conditions, and the result was a potential system wipe. That same month, Replit’s AI coding agent destroyed a production database containing over 1,200 executive records during a code freeze with no attacker present at all. The agent hallucinated and executed destructive commands it should never have held permission to run.</p><p>What these incidents expose is that the Rule of Two measures the wrong variable. It inventories the risk properties an agent possesses, when the governing question is <em>blast radius</em> — how much damage that agent can land when something goes wrong. The Rule of Two cannot make this distinction, and attackers already know it.</p><h3><strong>The Scale of the Problem Noma Found in the Wild</strong></h3><p>Noma analyzed hundreds of popular MCP servers and Skills across organizational deployments, categorizing each against a taxonomy of eight risky capability categories. Seventy-six percent of MCP servers in organizational environments carry high-risk capabilities. Sixty-two percent of popular Skills carry at least one risky characteristic. One in four popular MCP servers exposes arbitrary code execution. The single most prevalent category across both mechanisms — present in 60% of MCPs and 57% of Skills — is change of state or data, meaning the majority of enterprise agents deployed today possess the capability to cause irreversible damage through either adversarial manipulation or hallucination alone.</p><p>The most dangerous dynamics emerge not from individual capabilities but from their combinations. Noma identifies five toxic patterns: sensitive data leakage chains untrusted input through RAG retrieval into external exfiltration; trusted data as attack vector embeds malicious payloads inside the authoritative data the agent was designed to trust, collapsing the Rule of Two’s core assumption; supply chain to mass compromise weaponizes the agent’s legitimate workflows as the delivery mechanism for arbitrary code execution; autonomous destruction without an attacker requires no adversarial input whatsoever — hallucination alone is sufficient when capabilities, autonomy, and permissions are all misconfigured; and discrete financial fraud exploits persistent memory modification to establish behavioral patterns that look entirely routine until the damage accumulates.</p><h3><strong>Why This Matters</strong></h3><p>Noma’s No Excessive CAP framework shifts governance from variables organizations cannot fully control toward amplifiers they can. <strong>Capabilities</strong> govern what an agent can do — whitelist only required tools, prefer atomic bounded functions over arbitrary code execution, pin MCP server versions rather than running @latest. <strong>Autonomy</strong> defines the gap between a compromised instruction and a harmful outcome — gate every high-blast-radius action behind human approval, calibrating the threshold inversely to the agent’s capability breadth. <strong>Permissions</strong> govern the identity the agent runs under — delegated, user-scoped, minimum-privilege credentials that expire, with no shared service accounts.</p><p>The three dimensions interact multiplicatively. Broad capabilities with constrained autonomy remain manageable because human review interrupts the attack before it completes. The dangerous configuration is all three dials simultaneously elevated: an agent that can do anything, decides everything without supervision, and runs with administrative credentials. Organizations cannot monitor what an agent’s reasoning produces or guarantee that every Skill it loads is benign. What they can control is what the agent does with whatever manipulation it receives. In an environment where most deployed agents already carry the technical capability to cause irreversible damage, those three dials represent the highest-leverage points of enterprise defense available today.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/the-half-of-agent-security-youre-not-governing/" data-a2a-title="The Half of Agent Security You’re Not Governing"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-half-of-agent-security-youre-not-governing%2F&amp;linkname=The%20Half%20of%20Agent%20Security%20You%E2%80%99re%20Not%20Governing" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-half-of-agent-security-youre-not-governing%2F&amp;linkname=The%20Half%20of%20Agent%20Security%20You%E2%80%99re%20Not%20Governing" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-half-of-agent-security-youre-not-governing%2F&amp;linkname=The%20Half%20of%20Agent%20Security%20You%E2%80%99re%20Not%20Governing" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-half-of-agent-security-youre-not-governing%2F&amp;linkname=The%20Half%20of%20Agent%20Security%20You%E2%80%99re%20Not%20Governing" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-half-of-agent-security-youre-not-governing%2F&amp;linkname=The%20Half%20of%20Agent%20Security%20You%E2%80%99re%20Not%20Governing" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

Science fiction has always been a genre sold on the imagination, and the best sci-fi movies have taken that to the next level. Instead of imagining what the future could look like, many of the greate… [+10456 chars]

<p>The post <a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity/a-tale-of-two-states-the-2026-cybersecurity-paradox">A Tale of Two States: The 2026 Cybersecurity Paradox</a> appeared first on Lohrmann on Cybersecurity.</p><p> </p><p><a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity">Lohrmann on Cybersecurity</a></p><h1>A Tale of Two States: The 2026 Cybersecurity Paradox</h1><h2>The cyber threat outlooks from CIOs and CISOs at the NASCIO Midyear Conference in Philadelphia ranged from the good to the bad to the ugly — with AI front and center.</h2><div>May 03, 2026 •</div><p><a href="https://www.govtech.com/authors/dan-lohrmann.html">Dan Lohrmann</a></p><figure><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/dcd4c09/2147483647/strip/true/crop/5620x2930+0+816/resize/840x438!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Ff9%2F87%2Fabb1d87e4d94a80a63a14ea7fe2b%2F2604-nascio-philadelphia-051.jpg"><figcaption>From left to right, NASCIO Deputy Executive Director Meredith Ward; Kansas CISO John Godfrey; Massachusetts CISO and Chief Risk Officer Anthony O’Neill; and Mike Wyatt, partner/principal at Deloitte.</figcaption><div>Government Technology/David Kidd</div> </figure><div class="Page-articleBody RichTextBody"> <p>“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness.”</p> </div><div>This famous quote, from the opening of <a href="https://www.goodreads.com/work/quotes/2956372"><i>A Tale of Two Cities</i></a> by Charles Dickens and written in 1859, could well describe the state of government technology and cybersecurity in mid-2026. As I attended sessions and networked with state CIOs and CISOs over the past week, I saw that there is a wide gap in the level of hope between different state leaders.</div><div> <p>From the opening Corporate Member Exchange Meeting to the State Meet and Greets session to coverage of the NASCIO-Deloitte Cybersecurity Study, everyone was talking about how <a href="https://www.govtech.com/security/state-cisos-are-losing-confidence-biennial-report-finds">state CISOs (and CIOs) are losing confidence</a> in their ability to stop and recover from cyber attacks against their governments.</p> </div><div> <p>Here are some of my notes from meetings and conversations with CIOs and CISOs:</p> <ul> <li>Their governor’s support is high. But how do we measure cyber success? Lowered incident response from six days to 10 minutes. Fear of “double-bubble” — how can we eliminate the old tools? We don’t want to pay for tools twice.</li> <li>Some states, like Texas, have a well-funded new <a href="https://www.govtech.com/security/retired-navy-admiral-is-first-to-lead-texas-cyber-command">Cyber Command</a> organization.</li> <li>Other states are seeing major budget cuts across the board.</li> <li>Leaders are hoping <a href="https://www.fema.gov/grants/preparedness/state-local-cybersecurity-grant-program">SLCGP Cyber Grants</a> are renewed. Also discussions on <a href="https://www.govtech.com/security/vermont-becomes-13th-state-to-purchase-ms-isac-membership">next steps for the MS-ISAC</a>, which I will cover in a late June blog.</li> <li>One state dealt with three ransomware attacks with locals in the past few months.</li> <li>All states are working on AI projects. Most are using an outcome-focused approach, looking for real downstream impact and asking how their AI projects work with improving or replacing existing systems. AI governance is top of mind for CIOs and CISOs.</li> <li>A lot of discussions about the recent <a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity/why-anthropics-mythos-is-a-systemic-shift-for-global-cybersecurity">developments with Anthropic’s Project Glasswing and Claude Mythos</a>, along with other new AI developments and the impact on government cybersecurity.</li> </ul> <p> </p> <h3>NASCIO-DELOITTE CYBERSECURITY STUDY</h3> </div><div>The full 2026 NASCIO-Deloitte Cybersecurity Study can be <a href="https://www.nascio.org/resource-center/resources/2026-nascio-deloitte-cybersecurity-study/">downloaded here for free</a>, and this year’s study includes insights from the CISOs of all 50 states, the District of Columbia and the U.S. Virgin Islands.</div><div> <p>Here are the five major themes outlined by Meredith Ward of NASCIO and Mike Wyatt from Deloitte:</p> <ul> <li>“Facing an evolving threat landscape: Rapid advances in attack sophistication are challenging state CISOs, with AI viewed as both an emerging threat vector and a powerful tool for cyber defense.</li> <li>Getting future-ready: CISOs are adopting new tools and regulatory frameworks to meet the evolving technology landscape.</li> <li>Looking at whole-of-state cybersecurity: The survey points to a growing interest in centralized state support for the cybersecurity efforts of local governments, public education and critical infrastructure.</li> <li>The expanding CISO role: The proliferation of AI and generative AI (GenAI), as well as a growing appreciation of the need to safeguard public data, is bringing new responsibilities to the CISO role.</li> <li>Dealing with a resource crunch: Compared with recent survey cycles, CISOs tell us that their funding shortfalls are growing more dire, while continuing to face challenges around maintaining a cyber workforce with the needed skills.”</li> </ul> <p>In my view, this is another great report that is a must-read for anyone who is serious about improving cyber defenses in state and local governments nationwide.</p> </div><div> <p>The “bad and ugly” parts, unfortunately, come in the next section of the joint biennial report, highlighting the “key takeaways”:</p> <ul> <li>“As threats become more sophisticated, far fewer CISOs expressed confidence in their ability to secure public data. The percentage of CISOs who characterized themselves as ‘extremely’ or ‘very confident’ has dropped dramatically, from 48 percent in 2022 to 22 percent in 2026 (figure 1).</li> <li>CISOs are significantly less confident in the ability of local government and public higher education to secure public data. The percentage of CISOs who described themselves as ‘not very confident’ in these entities rose significantly, from 35 percent in 2022 to 63 percent in 2026 (figure 2). This lack of confidence may explain why roughly one-fifth of CISOs indicated that their states were moving forward with a whole-of-state approach to cybersecurity.</li> <li>Generative AI also represents an area of increased responsibility, with 94 percent of CISOs indicating that they are actively involved with the development of GenAI security policies (figure 8).</li> <li>CISOs overall reported a rapidly deteriorating budget picture. In the 2026 survey, only 22 percent of CISOs reported a budget increase of 6 percent or more, down from 40 percent in 2024. Perhaps more concerning, 16 percent of CISOs reported reductions to their budgets in this survey, compared with none in 2024 (figure 21).</li> <li>Looking into the future, CISOs indicated their top three barriers to meeting cybersecurity challenges were: legacy infrastructure, increasing sophistication of threats and insufficient funding for cybersecurity (figure 7).”</li> </ul> <p> </p> <h3>OTHER HOT NASCIO MIDYEAR TOPICS</h3> </div><div> <p>There were many other topics of discussion (cyber and otherwise) at the NASCIO Midyear Conference, and here are some of the <i>GovTech</i> articles that flowed from the event:</p> <ul> <li><a href="https://www.govtech.com/security/how-trust-guided-nevada-through-its-cyber-incident">How Trust Guided Nevada Through Its Cyber Incident</a>:</li> <li><a href="https://www.govtech.com/workforce/pennsylvania-ciso-prioritizes-proactive-risk-management">Pennsylvania CISO Prioritizes Proactive Risk Management</a>: Andy Ritter took the reins as Pennsylvania’s new CISO earlier this year after nearly a decade supporting cybersecurity and risk management. As CISO, he is focused on constituent outcomes.</li> <li><a href="https://www.govtech.com/artificial-intelligence/indiana-rolls-out-genai-for-all-state-staff-and-leadership">Indiana Rolls Out GenAI for All State Staff — and Leadership</a>: CIO Warren Lenard describes how Indiana has made Microsoft Copilot available for any state employee who wants it, and a key part of the program is training. That training also extends to cabinet-level secretaries.</li> <li><a href="https://www.govtech.com/artificial-intelligence/an-ai-magic-moment-accelerates-it-development-in-utah">An AI ‘Magic Moment’ Accelerates IT Development in Utah</a>: Utah’s Director of AI Christian Napier on how piloting Claude Code at state agencies boosted developer productivity, saving 40 hours of work over a four-week period.</li> <li><a href="https://www.govtech.com/gov-experience/tremendous-change-for-colorados-it-department">‘Tremendous Change’ for Colorado’s IT Department</a>: CIO David Edinger describes a major restructuring of IT in Colorado aimed at flattening the organization and getting closer to the agencies it serves.</li> </ul> <p> </p> <h3>FINAL THOUGHTS</h3> </div><div>I realize that this piece is pretty depressing to read and comes across as a negative outlook for <i>Government Technology</i> readers and wider cyber initiatives in states.</div><div>Nevertheless, the networking camaraderie, relationships and coming together for a common set of government causes was also very evident throughout the conference.</div><div>There are now a record number of corporate members within NASCIO at over 280 companies (and some say too many members, which is a problem to be considered). But these numbers also show the interest and focus on governments solutions and reshaping the people, processes and technology for the public sector — again.</div><div> <p>I’ll end this blog with a more optimistic quote commonly attributed to C.S. Lewis: “You can’t go back and change the beginning, but you can start where you are and change the ending.”</p> </div><p><a href="https://www.govtech.com/tag/cybersecurity">Cybersecurity</a><a href="https://www.govtech.com/tag/nascio">NASCIO</a></p><p> </p><p><img decoding="async" src="https://erepublic.brightspotcdn.com/dims4/default/7be6234/2147483647/strip/true/crop/343x343+77+0/resize/100x100!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Faa%2Fbe%2F66bbbc539526800857dd96f3c9d5%2Flohrman.jpg"></p><p> </p><p><a href="https://www.govtech.com/authors/dan-lohrmann.html">Dan Lohrmann</a></p><div>Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.</div><p><a href="https://www.govtech.com/authors/dan-lohrmann.html">See More Stories by Dan Lohrmann</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/a-tale-of-two-states-the-2026-cybersecurity-paradox/" data-a2a-title="A Tale of Two States: The 2026 Cybersecurity Paradox"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-tale-of-two-states-the-2026-cybersecurity-paradox%2F&amp;linkname=A%20Tale%20of%20Two%20States%3A%20The%202026%20Cybersecurity%20Paradox" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-tale-of-two-states-the-2026-cybersecurity-paradox%2F&amp;linkname=A%20Tale%20of%20Two%20States%3A%20The%202026%20Cybersecurity%20Paradox" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-tale-of-two-states-the-2026-cybersecurity-paradox%2F&amp;linkname=A%20Tale%20of%20Two%20States%3A%20The%202026%20Cybersecurity%20Paradox" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-tale-of-two-states-the-2026-cybersecurity-paradox%2F&amp;linkname=A%20Tale%20of%20Two%20States%3A%20The%202026%20Cybersecurity%20Paradox" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-tale-of-two-states-the-2026-cybersecurity-paradox%2F&amp;linkname=A%20Tale%20of%20Two%20States%3A%20The%202026%20Cybersecurity%20Paradox" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="">Lohrmann on Cybersecurity</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Lohrmann on Cybersecurity">Lohrmann on Cybersecurity</a>. Read the original post at: <a href="https://www.govtech.com/blogs/lohrmann-on-cybersecurity/a-tale-of-two-states-the-2026-cybersecurity-paradox">https://www.govtech.com/blogs/lohrmann-on-cybersecurity/a-tale-of-two-states-the-2026-cybersecurity-paradox</a> </p>

<p><span style="font-weight: 400;">Security leadership is often associated with emerging threats and advanced technologies, but much of the role comes down to disciplined execution, thoughtful decision-making, and balancing protection with business continuity. In </span><a href="https://cisowhisperer.com/tag/ciso-diaries/"><span style="font-weight: 400;">CISO Diaries</span></a><span style="font-weight: 400;">, we speak with leading CISOs around the world to understand what the role actually looks like beyond frameworks and incident headlines, how security leaders structure their days, where they focus their attention, and the habits that shape their approach to risk.</span></p><p><span style="font-weight: 400;">This series explores the human side of cybersecurity leadership, where judgment, patience, and operational clarity are often as important as technical controls. By spotlighting routines, leadership philosophies, and long-term perspectives, CISO Diaries offers a closer look at how modern CISOs navigate evolving threats while building programs that are resilient, pragmatic, and aligned with business priorities.</span></p><h3><span style="font-weight: 400;">About Victor-Andrei Nicolae</span></h3><p><a href="https://www.linkedin.com/in/victor-andrei-nicolae-027514220/" rel="noopener"><span style="font-weight: 400;">Victor-Andrei Nicolae</span></a><span style="font-weight: 400;"> is Chief Information Security Officer at </span><a href="https://www.rightclicksol.com/" rel="noopener"><span style="font-weight: 400;">RightClick Solutions</span></a><span style="font-weight: 400;">, where he leads enterprise information security and IT risk management strategy, working across business units to strengthen security governance, improve risk management processes, and enhance the organization’s information security framework. His experience spans a broad range of IT and security environments, from infrastructure design and cloud administration to enterprise security controls, compliance, and operational resilience.</span></p><p><span style="font-weight: 400;">With expertise across AWS, Microsoft environments, Trellix security solutions, and ISO 27001-aligned security management, Victor brings a practical, systems-oriented perspective to the CISO role. Known for his emphasis on disciplined execution and sustainable risk management, he focuses on building effective controls that support business operations while preparing organizations for emerging challenges, including the rise of AI-driven threats and the shift toward more adaptive, intelligent defense strategies.</span></p><h3><span style="font-weight: 400;">How do you usually explain what you do to someone outside of cybersecurity?</span></h3><p><span style="font-weight: 400;">I’m responsible for protecting the organization’s systems, data, and infrastructure by identifying risks, implementing security controls, and ensuring everything runs securely and reliably. This includes securing networks and systems, managing access, monitoring for threats, and responding to incidents to keep the business operating safely.</span></p><h3><span style="font-weight: 400;">What does a “routine” workday look like for you, if such a thing exists?</span></h3><p><span style="font-weight: 400;">A typical day involves monitoring systems and security alerts, reviewing logs and vulnerabilities, managing access and security configurations, and addressing any incidents or risks. It also includes coordinating with teams, improving security controls, and ensuring compliance with policies and standards.</span></p><h3><span style="font-weight: 400;">What part of your role takes the most mental energy right now?</span></h3><p><span style="font-weight: 400;">Balancing security requirements with business needs—prioritizing risks, making decisions on limited resources, and ensuring controls are effective without impacting operations—takes the most mental energy.</span></p><h3><span style="font-weight: 400;">What’s one security habit or routine you personally never skip? (Work or personal.)</span></h3><p><span style="font-weight: 400;">Ensuring all systems and applications—both work and personal—are consistently updated with the latest security patches is a habit I never skip.</span></p><h3><span style="font-weight: 400;">What does your own personal security setup look like? (Password manager, MFA, backups, devices, at a high level.)</span></h3><p><span style="font-weight: 400;">I use a password manager for all credentials, enforce MFA on all accounts, keep devices encrypted and regularly updated, and maintain secure, periodic backups to ensure data can be recovered if needed.</span></p><h3><span style="font-weight: 400;">What book, podcast, or resource has influenced how you think about leadership or security? (Doesn’t have to be technical.)</span></h3><p><span style="font-weight: 400;">Leadership and security cannot function without a strong sense of responsibility. Rather than being shaped by a specific book or resource, my approach has been influenced by observing my father and how he handles situations and responsibilities in his daily life, which has had a lasting impact on how I think and act.</span></p><h3><span style="font-weight: 400;">What’s a lesson you learned the hard way in your career?</span></h3><p><span style="font-weight: 400;">One key lesson I learned the hard way is the importance of patience. Rushing decisions or expecting immediate results—especially in security and infrastructure—can lead to mistakes or overlooked risks. Taking the time to properly assess situations and act thoughtfully leads to better, more sustainable outcomes.</span></p><h3><span style="font-weight: 400;">What keeps you up at night right now, from a security perspective?</span></h3><p><span style="font-weight: 400;">The rapid growth and accessibility of AI, particularly how it can be leveraged for more sophisticated attacks such as advanced phishing, social engineering, and automated exploitation, is a key concern. It significantly lowers the barrier for threat actors while increasing the complexity of detecting and mitigating risks.</span></p><h3><span style="font-weight: 400;">How do you measure whether your security program is actually working?</span></h3><p><span style="font-weight: 400;">I measure effectiveness through maintaining ISO 27001 certification, which requires regular audits, continuous risk assessments, and ongoing improvement of security controls. Successful audit outcomes and adherence to defined policies and KPIs indicate that the security program is functioning as intended.</span></p><h3><span style="font-weight: 400;">What advice would you give to someone stepping into their first CISO role today?</span></h3><p><span style="font-weight: 400;">Focus on understanding the business first, not just the technology. Build strong relationships across the organization, prioritize risks realistically, and communicate security in a way that supports business goals. Most importantly, stay pragmatic—perfect security doesn’t exist, but effective risk management does.</span></p><h3><span style="font-weight: 400;">What do you think will matter less in security five to ten years from now?</span></h3><p><span style="font-weight: 400;">Over time, purely perimeter-based security will matter less. With cloud adoption, remote work, and increasingly distributed systems, the focus is shifting away from defending a fixed network boundary toward identity, access control, and continuous verification (Zero Trust).</span></p><h3><span style="font-weight: 400;">Looking ahead 10 years, what do you believe security teams will spend most of their time on that they don’t today?</span></h3><p><span style="font-weight: 400;">Security teams will spend significantly more time leveraging AI to defend against AI-driven threats. As attackers increasingly use automation and intelligent systems, defenders will need to adopt similar technologies to detect, respond, and adapt in real time, making AI-driven defense a core part of security operations.</span></p><p>The post <a rel="nofollow" href="https://cisowhisperer.com/ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense/">CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense</a> appeared first on <a rel="nofollow" href="https://cisowhisperer.com/">CISO Whisperer</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense/" data-a2a-title="CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense%2F&amp;linkname=CISO%20Diaries%3A%20Victor-Andrei%20Nicolae%20on%20Practical%20Security%2C%20Patience%2C%20and%20AI-Driven%20Defense" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense%2F&amp;linkname=CISO%20Diaries%3A%20Victor-Andrei%20Nicolae%20on%20Practical%20Security%2C%20Patience%2C%20and%20AI-Driven%20Defense" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense%2F&amp;linkname=CISO%20Diaries%3A%20Victor-Andrei%20Nicolae%20on%20Practical%20Security%2C%20Patience%2C%20and%20AI-Driven%20Defense" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense%2F&amp;linkname=CISO%20Diaries%3A%20Victor-Andrei%20Nicolae%20on%20Practical%20Security%2C%20Patience%2C%20and%20AI-Driven%20Defense" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense%2F&amp;linkname=CISO%20Diaries%3A%20Victor-Andrei%20Nicolae%20on%20Practical%20Security%2C%20Patience%2C%20and%20AI-Driven%20Defense" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://cisowhisperer.com">CISO Whisperer</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by JJ Javier">JJ Javier</a>. Read the original post at: <a href="https://cisowhisperer.com/ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense">https://cisowhisperer.com/ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=ciso-diaries-victor-andrei-nicolae-on-practical-security-patience-and-ai-driven-defense</a> </p>

<div data-test-render-count="1"> <div class="group"> <div class="contents"> <div class="group relative relative pb-3" data-is-streaming="false"> <div class="font-claude-response relative leading-[1.65rem] [&amp;_pre&gt;div]:bg-bg-000/50 [&amp;_pre&gt;div]:border-0.5 [&amp;_pre&gt;div]:border-border-400 [&amp;_.ignore-pre-bg&gt;div]:bg-transparent [&amp;_.standard-markdown_:is(p,blockquote,h1,h2,h3,h4,h5,h6)]:pl-2 [&amp;_.standard-markdown_:is(p,blockquote,ul,ol,h1,h2,h3,h4,h5,h6)]:pr-8 [&amp;_.progressive-markdown_:is(p,blockquote,h1,h2,h3,h4,h5,h6)]:pl-2 [&amp;_.progressive-markdown_:is(p,blockquote,ul,ol,h1,h2,h3,h4,h5,h6)]:pr-8"> <div class="standard-markdown grid-cols-1 grid [&amp;_&gt;_*]:min-w-0 gap-3 standard-markdown"> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">What happened</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The FBI issued a public service announcement on April 30, 2026, warning the US transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. That represents a 60% increase over the prior year. Confirmed cargo theft incidents rose 18% in 2025, while the average value per theft grew 36% to $273,990, reflecting more selective targeting of high-value loads.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The FBI describes a multi-stage attack chain that has been active since at least 2024. Attackers first compromise freight broker or carrier accounts through phishing sites that install remote monitoring software, gaining persistent, undetected access. They then post fraudulent freight listings on load boards, tricking legitimate carriers into downloading malicious files, and accept real shipments under stolen carrier identities. Loads are rerouted to complicit drivers and stolen for resale. In some cases, criminals also demand ransoms for the location of diverted shipments.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">The attack extends beyond the immediate theft. Threat actors alter the compromised carrier’s registration details with the Federal Motor Carrier Safety Administration and update insurance records, meaning legitimate companies often do not discover they have been compromised until brokers report missing shipments booked in their name. The Diesel Vortex threat group was identified in February as running a related campaign targeting freight and logistics operators in the US and Europe through phishing attacks using 52 domains, active since September 2025.</p> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">Who is affected</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Shippers, freight brokers, carriers, and logistics companies across the US and Canadian transportation sector are directly targeted. Insurers covering cargo and carriers whose identities are stolen and used to accept fraudulent shipments face secondary exposure. The FBI noted that companies involved in shipping, receiving, delivering, and insuring cargo are all within the threat actors’ targeting scope.</p> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">Why CISOs should care</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Cyber-enabled cargo theft has crossed into organized crime territory, with groups running multi-stage operations that combine credential theft, account compromise, identity fraud against federal carrier registries, and physical logistics manipulation. The modification of FMCSA registration records is a particularly significant escalation, as it weaponizes a government database to legitimize fraudulent operations and delay discovery.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">For security leaders in logistics, manufacturing, or any sector with significant freight dependencies, this FBI warning is a signal that supply chain risk now extends to the physical movement of goods through digitally compromised intermediaries.</p> <h3 class="text-text-100 mt-3 -mb-1 text-[1.125rem] font-bold">3 practical actions</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Implement MFA on all freight broker and carrier platform accounts and load board access:</strong> The attack chain begins with credential compromise through phishing. MFA on accounts with access to load boards, shipment systems, and carrier registration platforms directly interrupts the initial access phase of the documented attack pattern.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Establish out-of-band verification for all unexpected shipment requests and carrier communications:</strong> The FBI specifically recommends verifying shipment requests through secondary channels. Implement a policy requiring phone or in-person verification for any load booking, carrier identity confirmation, or routing change that arrives through email or digital platforms, particularly from unfamiliar contacts.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]"><strong>Monitor FMCSA registration records for unauthorized changes to your carrier profile:</strong> Attackers modify carrier registration details to legitimize fraudulent operations under stolen identities. Establish a routine check of your FMCSA carrier profile for unauthorized changes to contact information, insurance records, or operating authority, and set up alerts where the registry allows it.</p> </div> </div> </div> </div> <div class="flex justify-start" role="group" aria-label="Message actions"> <div class="text-text-300"> <div class="text-text-300 flex items-stretch justify-between"> <div class="w-fit" data-state="closed"> <div class="relative text-text-500 group-hover/btn:text-text-100"> <div class="absolute top-0 left-0 transition-all opacity-0 scale-50"> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Also in the news today:</p> <ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/dayton-mayor-demands-accountability-after-license-plate-reader-data-breach/">Dayton Mayor Demands Accountability After License Plate Reader Data Breach</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/ameriprise-financial-data-breach-exposes-personal-information-of-48000-customers/">Ameriprise Financial Data Breach Exposes Personal Information of 48,000 Customers</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/congress-punts-fisa-section-702-renewal-to-june/">Congress Punts FISA Section 702 Renewal to June</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/edtech-firm-instructure-discloses-cyber-incident-probes-impact/">Edtech Firm Instructure Discloses Cyber Incident, Probes Impact</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/consentfix-v3-automates-oauth-abuse-to-bypass-mfa-and-hijack-azure-accounts/">ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts</a></li> <li class="whitespace-normal break-words pl-2"><a class="underline underline underline-offset-2 decoration-1 decoration-current/40 hover:decoration-current focus:decoration-current" href="https://cisowhisperer.com/1800-developers-hit-in-mini-shai-hulud-supply-chain-attack-across-pypi-npm-and-php/">1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </div><p>The post <a rel="nofollow" href="https://cisowhisperer.com/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks/">FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks</a> appeared first on <a rel="nofollow" href="https://cisowhisperer.com/">CISO Whisperer</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks/" data-a2a-title="FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks%2F&amp;linkname=FBI%20Links%20Cybercriminals%20to%20Sharp%20Surge%20in%20Cargo%20Theft%20Attacks" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks%2F&amp;linkname=FBI%20Links%20Cybercriminals%20to%20Sharp%20Surge%20in%20Cargo%20Theft%20Attacks" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks%2F&amp;linkname=FBI%20Links%20Cybercriminals%20to%20Sharp%20Surge%20in%20Cargo%20Theft%20Attacks" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks%2F&amp;linkname=FBI%20Links%20Cybercriminals%20to%20Sharp%20Surge%20in%20Cargo%20Theft%20Attacks" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Ffbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks%2F&amp;linkname=FBI%20Links%20Cybercriminals%20to%20Sharp%20Surge%20in%20Cargo%20Theft%20Attacks" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://cisowhisperer.com">CISO Whisperer</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Evan Rowe">Evan Rowe</a>. Read the original post at: <a href="https://cisowhisperer.com/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks">https://cisowhisperer.com/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks</a> </p>

<p>The financial services ecosystem in India is undergoing rapid digital transformation, and fintech organizations sit at the center of this evolution. With increasing cyber threats targeting digital payments, lending platforms, and financial data, regulatory oversight has intensified. The Reserve Bank of India mandates a strong RBI cybersecurity framework that fintechs must follow to ensure resilience, trust, and compliance.</p><p>NBFCs and Indian banks are navigating an increasingly hostile threat landscape in 2025. Cyberattacks on the BFSI sector are rising by nearly 25% year over year, with potential losses reaching ₹50,000 crore annually.</p><p>In this environment, the <strong>RBI Cybersecurity Compliance Checklist</strong> serves as a critical safeguard, strengthening operations, VAPT processes, and Zero Trust frameworks to defend against threats like ransomware and deepfake-driven attacks. This blog provides a data-backed roadmap aligned with the latest RBI regulations, helping organizations implement compliance effectively and turn it into a strategic advantage rather than just a mandate.</p><h2 class="wp-block-heading"><strong>RBI Cybersecurity Compliance Checklist</strong> </h2><p>The RBI cybersecurity framework checklist provides a structured framework for organizations to strengthen their security posture and ensure regulatory compliance. It outlines essential controls across governance, risk management, and technical security. Adhering to these guidelines helps organizations mitigate cyber risks and maintain operational resilience.</p><div class="wp-block-image"> <figure class="aligncenter size-large"><img fetchpriority="high" decoding="async" width="1024" height="532" src="https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-1024x532.jpg" alt="RBI cybersecurity compliance checklist" class="wp-image-15154" srcset="https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-1024x532.jpg 1024w, https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-300x156.jpg 300w, https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-150x78.jpg 150w, https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-768x399.jpg 768w, https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-1536x798.jpg 1536w, https://kratikal.com/blog/wp-content/uploads/2026/05/Infographic-10-2048x1065.jpg 2048w" sizes="(max-width: 1024px) 100vw, 1024px"></figure> </div><h3 class="wp-block-heading"><strong>Security Controls &amp; Infrastructure Strengthening</strong></h3><p>Infrastructure Hardening Testing assesses the security posture of critical systems, networks, and applications to ensure alignment with established security baselines. This includes evaluating the effectiveness of network segmentation, endpoint protection mechanisms, server hardening practices, and application-level security configurations. Access Control Testing focuses on validating identity and access management mechanisms, including authentication processes, user permissions, and privilege governance. </p><p>Vulnerability Management Testing evaluates an organization’s capability to detect, prioritize, and remediate security vulnerabilities across systems and applications. This involves evaluating vulnerability scanning, patching, and how insights inform risk-based decisions.</p><h3 class="wp-block-heading"><strong>Governance, Risk, and Compliance (GRC)</strong></h3><p>Organizations must demonstrate that their cybersecurity policies are formally approved by the board and regularly updated to align with evolving business strategies and risk appetite. Assess cybersecurity governance, including the CISO’s authority and how cyber risk integrates into enterprise risk management.</p><p>Organizations must comply with RBI guidelines, industry standards, and applicable legal requirements. This involves validating internal audit mechanisms, external assessments, and continuous monitoring practices to maintain a consistent state of compliance.</p><p>Risk management testing ensures organizations can identify, assess, and respond to cyber risks effectively using a structured approach. This includes evaluating <a href="https://kratikal.com/blog/what-is-threat-modeling-a-detailed-overview/"><mark class="has-inline-color has-luminous-vivid-orange-color">threat modeling</mark></a> approaches, vulnerability management processes, and risk quantification frameworks that support informed and strategic decision-making.</p><h3 class="wp-block-heading"><strong>Information Security &amp; Data Privacy</strong></h3><p>Data Protection ensures that teams keep sensitive data secure at all times, whether they store, share, or process it. Within the RBI cybersecurity framework, it evaluates encryption strength, key management reliability, and secure data-handling practices to protect critical information. Data Classification and Handling Validation examines how effectively an organization understands and manages its data landscape. </p><p>Privacy Compliance Testing ensures that security efforts align with regulatory expectations under RBI cybersecurity framework, including mandates. It assesses consent management, data rights protection, and cross-border transfers to ensure compliance and build trust.</p><h3 class="wp-block-heading"><strong>Risk Identification &amp; Assessment</strong></h3><p>Financial institutions must conduct comprehensive cyber risk assessments that go beyond surface-level evaluations. This includes identifying and classifying critical assets based on sensitivity, mapping potential threat vectors, and performing detailed vulnerability assessments. Teams then translate these insights into structured mitigation strategies supported by well-defined policies and controls. At the governance level, CISOs play a pivotal role, operating independently of the IT function and reporting directly to risk leadership, ensuring that cybersecurity remains a strategic priority aligned with enterprise risk management.</p><h3 class="wp-block-heading"><strong>Vulnerability Assessment and Penetration Testing (VAPT)</strong></h3><p>Mandatory VAPT must be conducted annually, covering applications, APIs, and infrastructure, and must address vulnerabilities aligned with the <strong>OWASP Top 10</strong> and ensure proper remediation validation. Additionally, testing should be performed more frequently after any major system changes. Organizations should adopt continuous vulnerability management through automated scanning, structured patching, and risk-based prioritization to continuously identify and mitigate security risks.</p><p><strong>Is your organization ready to strengthen its defenses? Connect with us to confidently navigate the <a href="https://kratikal.com/rbi-compliance-audit"><mark class="has-inline-color has-luminous-vivid-orange-color">RBI cybersecurity framework</mark></a>.</strong></p><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><p> <!-- IMPORTANT: SEO control --><br> <meta name="robots" content="noindex, nofollow"></p><p> </p><title>Blog Form</title><br><div class="containers"> <!-- Left Section --> <div class="left-section"> <p class="heading-wrap">Book Your Free Cybersecurity Consultation Today!</p> <p> <img decoding="async" src="https://awareness.threatcop.ai/marketing/new_asset_blog_form.svg" alt="People working on cybersecurity" class="consultation-image"> </p></div> <p> <!-- Right Section --></p> <div class="right-section"> <div class="form-containers"> <form action="https://kratikal.com/thanks/thankyou-blog" method="get" onsubmit="return validateForm(this)"> <div class="form-group"> <label for="fullName">Full Name</label><br> <input type="text" required name="FullName" placeholder="Enter full name"> </div> <div class="form-group"> <label for="email">Email ID</label><br> <input type="email" required name="email" placeholder="your name @ example.com"> </div> <div class="form-group"> <label for="company">Company Name</label><br> <input type="text" required name="CompanyName" placeholder="Enter company name"> </div> <div class="form-group"> <label for="phone">Phone Number</label><br> <input type="number" required name="Phone" placeholder="Enter phone number"> </div> <p> <input type="hidden" name="BlogForm" value="BlogForm"><br> <button type="submit" class="submit-btnns" name="submit" value="I am interested!">I am interested!</button><br> </p></form> </div> </div> </div><p><!-- CSS Styles --></p><style> .containers{ display: flex; width: 100%; max-width: 800px; height: 500px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); border-radius: 4px; overflow: hidden; margin: 25px auto; } .left-section { width: 50%; background-color: #000; color: white; padding: 30px; display: flex; flex-direction: column; position: relative; overflow: hidden; } .left-section .heading-wrap { font-size: 24px; line-height: 40px; margin-bottom: 30px; z-index: 2; position: relative; color: white; } .consultation-image { position: absolute; bottom: 0; left: 0; width: 100%; height: 70%; object-fit: cover; object-position: center; } .right-section { width: 50%; background-color: white; padding: 30px; display: flex; flex-direction: column; justify-content: center; } .form-containers { width: 100%; } .form-group { margin-bottom: 20px; } label { display: block; color: #666; margin-bottom: 5px; font-size: 14px; } .right-section input { width: 88%; padding: 12px 15px; border: 1px solid #e0e0e0; border-radius: 8px; font-size: 16px; } .submit-btnns { width: 100%; padding: 15px; background: linear-gradient(to right, #e67e22, #d35400); border: none; border-radius: 8px; color: white; font-size: 18px; font-weight: bold; cursor: pointer; margin-top: 10px; } /* Responsive */ @media (max-width: 768px) { .containers { flex-direction: column; height: auto; } .left-section, .right-section { width: 100%; } .left-section { height: 400px; } .consultation-image { height: 60%; } } @media (max-width: 480px) { .left-section { padding: 20px; height: 350px; } .left-section .heading-wrap { font-size: 17px; line-height: 28px;width: 80%; } .right-section { padding: 20px; } .right-section input, .submit-btnns { padding: 10px; } } </style><p><!-- JS Validation --><br> <script> function validateForm(form) { const inputs = form.querySelectorAll("input[type=text], input[type=email], input[type=number]"); for (let i = 0; i < inputs.length; i++) { if (/[<>]/.test(inputs[i].value)) { alert("Tags and attributes are not allowed in form fields!"); return false; // prevent submission } } return true; // allow submission } </script><br> <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516" integrity="sha512-8DS7rgIrAmghBFwoOTujcf6D9rXvH8xm8JQ1Ja01h9QX8EzXldiszufYa4IFfKdLUKTTrnSFXLDkUEOTrZQ8Qg==" data-cf-beacon='{"version":"2024.11.0","token":"33edbdb5f462496f85e52978979b687b","server_timing":{"name":{"cfCacheStatus":true,"cfEdge":true,"cfExtPri":true,"cfL4":true,"cfOrigin":true,"cfSpeedBrain":true},"location_startswith":null}}' crossorigin="anonymous"></script> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9f5c0406bd1036c3',t:'MTc3Nzc3NzIyOQ=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></p><h3 class="wp-block-heading"><strong>Why is RBI Cybersecurity Framework Important for Fintech Organizations?</strong></h3><ul class="wp-block-list"> <li><strong>Regulatory Penalties and License Suspension</strong>: Non-compliance with guidelines issued by the Reserve Bank of India can lead to heavy financial penalties, operational restrictions, or even suspension of licenses. This can directly halt business operations and impact long-term sustainability.</li> </ul><ul class="wp-block-list"> <li><strong>Loss of Partnerships with Banks/NBFCs</strong>: Fintechs rely heavily on partnerships with regulated entities. Failure to comply with the RBI cybersecurity framework can result in termination of partnerships, limiting access to critical banking infrastructure and financial networks.</li> </ul><ul class="wp-block-list"> <li><strong>Reputational Damage and Customer Distrust</strong>: Security lapses or regulatory actions can severely damage brand credibility. In the fintech space, where trust is a key differentiator, even a single incident can lead to customer churn and reduced market confidence.</li> </ul><ul class="wp-block-list"> <li><strong>Increased Risk of Cyberattacks</strong>: Non-compliance often indicates weak security controls, making organizations easy targets for hackers. This increases exposure to data breaches, ransomware, and financial fraud.</li> </ul><ul class="wp-block-list"> <li><strong>Impact on Financial Stability and Data Protection</strong>: Fintech platforms handle sensitive financial data. Any compromise can disrupt financial transactions and expose customer information, leading to legal liabilities and regulatory scrutiny.</li> </ul><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><br><title>Cyber Security Squad – Newsletter Signup</title><link rel="stylesheet" href="https://kratikal.com/blog/rbi-cybersecurity-compliance-checklist-for-fintech-organizations/styles.css"><link rel="preconnect" href="https://fonts.googleapis.com/"><link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin><link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&amp;display=swap" rel="stylesheet"><style type="text/css"> /* Reset and base styles */</p> <p>.newsletterwrap .containerWrap { width: 100%; max-width: 800px; margin: 25px auto; }</p> <p>/* Card styles */ .newsletterwrap .signup-card { background-color: white; border-radius: 10px; overflow: hidden; box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1); border: 8px solid #e85d0f; }</p> <p>.newsletterwrap .content { padding: 30px; display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; }</p> <p>/* Text content */ .newsletterwrap .text-content { flex: 1; min-width: 250px; margin-right: 20px; }</p> <p>.newsletterwrap .main-heading { font-size: 26px; color: #333; font-weight: 900; margin-bottom: 0px; }</p> <p>.newsletterwrap .highlight { color: #e85d0f; font-weight: 500; margin-bottom: 15px; }</p> <p>.newsletterwrap .para { color: #666; line-height: 1.5; margin-bottom: 10px; }</p> <p>.newsletterwrap .bold { font-weight: 700; }</p> <p>/* Logo */ .newsletterwrap .rightlogo { display: flex; flex-direction: column; align-items: center; margin-top: 10px; }</p> <p>.newsletterwrap .logo-icon { position: relative; width: 80px; height: 80px; margin-bottom: 10px; }</p> <p>.newsletterwrap .c-outer, .c-middle, .c-inner { position: absolute; border-radius: 50%; border: 6px solid #e85d0f; border-right-color: transparent; }</p> <p>.newsletterwrap .c-outer { width: 80px; height: 80px; top: 0; left: 0; }</p> <p>.newsletterwrap .c-middle { width: 60px; height: 60px; top: 10px; left: 10px; }</p> <p>.newsletterwrap .c-inner { width: 40px; height: 40px; top: 20px; left: 20px; }</p> <p>.newsletterwrap .logo-text { color: #e85d0f; font-weight: 700; font-size: 0.9rem; text-align: center; }</p> <p>/* Form */ .newsletterwrap .signup-form { display: flex; padding: 0 30px 30px; }</p> <p>.newsletterwrap input[type="email"] { flex: 1; padding: 12px 15px; border: 1px solid #ddd; border-radius: 4px 0 0 4px; font-size: 1rem; outline: none; }</p> <p>.newsletterwrap input[type="email"]:focus { border-color: #e85d0f; }</p> <p>.newsletterwrap .submitBtn { background-color: #e85d0f; color: white; border: none; padding: 12px 20px; border-radius: 0 4px 4px 0; font-size: 1rem; cursor: pointer; transition: background-color 0.3s; white-space: nowrap; }</p> <p>.newsletterwrap button:hover { background-color: #d45000; }</p> <p>/* Responsive styles */ @media (max-width: 768px) { .newsletterwrap .content { flex-direction: column; text-align: center; }</p> <p> .newsletterwrap .text-content { margin-right: 0; margin-bottom: 20px; }</p> <p> .newsletterwrap .rightlogo { margin-top: 20px; } }</p> <p>@media (max-width: 480px) { .newsletterwrap .signup-form { flex-direction: column; }</p> <p> .newsletterwrap input[type="email"] { border-radius: 4px; margin-bottom: 10px; }</p> <p> .newsletterwrap .submitBtn { border-radius: 4px; width: 100%; } } </style><p><br> </p><div class="containerWrap"> <div class="signup-card"> <div class="content"> <div class="text-content"> <h1 class="main-heading">Get in!</h1> <p class="para">Join our weekly <span style="color: #e75d10;">newsletter</span> and stay updated</p> </div> <div class="rightlogo"> <div class="logo-icon"> <div class="c-outer"></div> <div class="c-middle"></div> <div class="c-inner"></div> </div> <div class="logo-text">CYBER SECURITY SQUAD</div> </div> </div> <form class="signup-form" action="https://kratikal.com/thanks/thankyou-newsletter" method="get"> <input type="email" name="email" value="" placeholder="Email" required><br> <input type="submit" name="submit" value="I am interested!" class="submitBtn"><br> </form> </div> </div><p><br> </p><h3 class="wp-block-heading"><strong>Common Compliance Gaps Observed</strong></h3><p>Organizations often fall short in the following areas under the <strong>RBI cybersecurity framework</strong>, which can weaken their overall security posture and audit readiness:</p><ul class="wp-block-list"> <li><strong>Delayed Incident Reporting</strong>: Many fintechs fail to report cybersecurity incidents within the stipulated timelines defined by the Reserve Bank of India. Delays not only violate regulatory requirements but also hinder timely response and containment, increasing the impact of breaches.</li> </ul><ul class="wp-block-list"> <li><strong>Weak Access Control Mechanisms</strong>: Inadequate implementation of Identity and Access Management (IAM), lack of multi-factor authentication (MFA), and excessive privileged access often lead to unauthorized system access and insider threats.</li> </ul><ul class="wp-block-list"> <li><strong>Lack of Network Segmentation</strong>: Flat network architectures without proper segmentation make it easier for attackers to move laterally across systems. This significantly increases the blast radius of a cyberattack.</li> </ul><ul class="wp-block-list"> <li><strong>Insufficient Logging and Monitoring</strong>: Lack of centralized logging and weak monitoring reduces visibility, delaying threat detection and response.</li> </ul><ul class="wp-block-list"> <li><strong>Irregular VAPT and Patch Management</strong>: Organizations often conduct <a href="https://kratikal.com/blog/vapt-testing-vulnerability-assessment-and-penetration-testing/"><mark class="has-inline-color has-luminous-vivid-orange-color">Vulnerability Assessment and Penetration Testing</mark> </a>(VAPT) as a one-time activity rather than an ongoing process. Delayed patching leaves known vulnerabilities exploitable.</li> </ul><h3 class="wp-block-heading">Conclusion</h3><p>Compliance with guidelines issued by the Reserve Bank of India is fundamental for fintech organizations operating in today’s high-risk digital environment. The <strong>RBI cybersecurity framework</strong> not only ensures regulatory alignment but also strengthens overall cyber resilience, safeguarding sensitive financial data and critical business operations. Organizations should treat compliance as an ongoing discipline, proactively strengthening resilience against evolving threats and regulations through strong security and audit readiness.</p><p>Ultimately, fintechs that embed cybersecurity into their core strategy gain more than compliance; they build trust, enhance operational stability, and secure a sustainable competitive advantage in India’s rapidly expanding digital financial ecosystem.</p><h3 class="wp-block-heading">FAQs</h3><div class="schema-how-to wp-block-yoast-how-to-block"> <p class="schema-how-to-description"> </p><ol class="schema-how-to-steps"> <li class="schema-how-to-step" id="how-to-step-1777637254095"><strong class="schema-how-to-step-name"><strong>What is the role of IS (RBI) Audit in compliance?</strong></strong> <p class="schema-how-to-step-text"><strong>IS (RBI) Audit</strong> is a structured assessment that evaluates an organization’s IT governance, cybersecurity controls, and regulatory compliance. It helps identify gaps in security practices and ensures alignment with RBI guidelines.</p> </li> <li class="schema-how-to-step" id="how-to-step-1777637267191"><strong class="schema-how-to-step-name"><strong>How often should VAPT be conducted under RBI guidelines?</strong></strong> <p class="schema-how-to-step-text">Vulnerability Assessment and Penetration Testing (VAPT) should be conducted at least annually and after any major system changes. It ensures that vulnerabilities are identified and remediated before they can be exploited.</p> </li> <li class="schema-how-to-step" id="how-to-step-1777637283758"><strong class="schema-how-to-step-name"><strong>What happens if a fintech company fails RBI compliance?</strong></strong> <p class="schema-how-to-step-text">Non-compliance can result in regulatory penalties, suspension of operations, reputational damage, loss of partnerships with banks/NBFCs, and increased regulatory scrutiny.</p> </li> </ol> </div><p>The post <a href="https://kratikal.com/blog/rbi-cybersecurity-compliance-checklist-for-fintech-organizations/">RBI Cybersecurity Compliance Checklist for Fintech Organizations</a> appeared first on <a href="https://kratikal.com/blog">Kratikal Blogs</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/rbi-cybersecurity-compliance-checklist-for-fintech-organizations/" data-a2a-title="RBI Cybersecurity Compliance Checklist for Fintech Organizations"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frbi-cybersecurity-compliance-checklist-for-fintech-organizations%2F&amp;linkname=RBI%20Cybersecurity%20Compliance%20Checklist%20for%20Fintech%20Organizations" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frbi-cybersecurity-compliance-checklist-for-fintech-organizations%2F&amp;linkname=RBI%20Cybersecurity%20Compliance%20Checklist%20for%20Fintech%20Organizations" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frbi-cybersecurity-compliance-checklist-for-fintech-organizations%2F&amp;linkname=RBI%20Cybersecurity%20Compliance%20Checklist%20for%20Fintech%20Organizations" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frbi-cybersecurity-compliance-checklist-for-fintech-organizations%2F&amp;linkname=RBI%20Cybersecurity%20Compliance%20Checklist%20for%20Fintech%20Organizations" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frbi-cybersecurity-compliance-checklist-for-fintech-organizations%2F&amp;linkname=RBI%20Cybersecurity%20Compliance%20Checklist%20for%20Fintech%20Organizations" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://kratikal.com/blog/">Kratikal Blogs</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Shikha Dhingra">Shikha Dhingra</a>. Read the original post at: <a href="https://kratikal.com/blog/rbi-cybersecurity-compliance-checklist-for-fintech-organizations/">https://kratikal.com/blog/rbi-cybersecurity-compliance-checklist-for-fintech-organizations/</a> </p>

<p>The post <a href="https://www.gopher.security/blog/are-your-ai-deployments-quantum-resistant?-how-to-protect-against-future-cyberattacks">Are Your AI Deployments Quantum-Resistant? How to Protect Against Future Cyberattacks</a> appeared first on <a href="https://www.gopher.security/blog">Read the Gopher Security's Quantum Safety Blog</a>.</p><p>Your AI deployments are sitting on a cryptographic foundation that is, quite frankly, a ticking time bomb. If you’re still betting the farm on standard RSA or ECC encryption to protect your proprietary model weights, training data, or agent-to-agent chatter, you’re already losing. </p><p>Forget the "quantum apocalypse" predicted for the 2030s. That’s a convenient fairy tale for people who want to sleep at night. The real threat—the Store Now, Decrypt Later (SNDL) threat—is happening right under your nose. Adversaries are harvesting your encrypted data this very second. They’re hoarding it in massive server farms, waiting for the day they can flip the switch on a quantum computer and unlock your most guarded intelligence. If your infrastructure isn’t quantum-resistant, your competitive advantage is being exfiltrated in plain sight.</p><h2>Why Traditional Encryption is Failing Your AI Strategy</h2><p>Modern cybersecurity is built on a specific, fragile assumption: that certain math problems—like integer factorization—are impossible to solve. RSA and Elliptic Curve Cryptography (ECC) depend entirely on this premise. It worked for decades. But then came Shor’s algorithm, and suddenly, the math doesn't look so impossible anymore. A cryptographically relevant quantum computer (CRQC) can tear through these problems in polynomial time.</p><p>When you look at how AI stacks are actually built—massive, centralized data lakes and high-speed pipelines—the vulnerability becomes terrifying. The SNDL threat turns today’s encrypted traffic into tomorrow’s open book. If your AI strategy involves keeping data for more than a few years, or if you’re moving intellectual property across distributed nodes, you’re essentially handing a "time-locked" gift to future adversaries. Relying on current standards isn't a "risk-management choice." It’s just negligence.</p><h2>The MCP Vulnerability: How AI Interoperability Creates New Risk</h2><p>The <a href="https://modelcontextprotocol.io/">Model Context Protocol (MCP)</a> has quickly become the industry standard for wiring AI agents to data sources and tools. Think of it as the "USB-C" of the AI era—a unified, standardized interface that makes everything talk to everything else. It’s a massive win for productivity, but from a security perspective? It’s a nightmare.</p><p>By standardizing the transport layer, MCP creates a "golden path" for hackers. If someone taps into your MCP bus, they aren't just seeing raw data; they’re seeing the context, the function calls, and the sensitive logic passing between your agents. In a standard setup, this traffic is protected by TLS 1.3. Which, as we’ve established, is just as vulnerable to quantum threats as everything else.</p><pre><code class="language-mermaid">graph LR subgraph "Vulnerable Standard Path" A[AI Agent] -- TLS 1.3/RSA --&gt; B[MCP Server] B -- "Interceptable Data" --&gt; C[Attacker] end subgraph "Quantum-Resistant Path" D[AI Agent] -- "PQC-Wrapped Tunnel" --&gt; E[MCP Server] end style C fill:#f9f,stroke:#333,stroke-width:2px style D fill:#bbf,stroke:#333 style E fill:#bbf,stroke:#333 </code></pre><p>When your agents chat via MCP, they’re basically broadcasting their internal state to anyone listening. Without a quantum-resistant tunnel, that state is perpetually at risk.</p><h2>How Can You Achieve Cryptographic Agility in 2026?</h2><p>Cryptographic agility sounds like a buzzword, but it’s actually a survival skill. It’s the ability to swap out your encryption algorithms without tearing your entire tech stack down to the studs. In 2026, it’s the only way to stay ahead. You can’t afford to hard-code security protocols anymore. You need a modular approach that lets you pivot as NIST standards evolve.</p><p>The smartest path forward? <strong>Hybrid Encryption</strong>. This involves wrapping your classical encryption (RSA/ECC) with Post-Quantum Cryptography (PQC). Even if one layer fails—whether because of a classical flaw or a quantum breakthrough—the other keeps your data locked tight. If you’re trying to implement this at the transport level, <a href="https://www.gopher.security/blog/post-quantum-cryptographic-agility-mcp-transport">Post-Quantum Cryptographic Agility in MCP Transport</a> is the framework you need to keep performance high without leaving the front door wide open.</p><h2>What are the NIST Standards for Quantum-Resistant Defense?</h2><p>The National Institute of Standards and Technology (NIST) has finally laid out the map for <a href="https://csrc.nist.gov/projects/post-quantum-cryptography">NIST Post-Quantum Cryptography Standards</a>. They’re focusing heavily on Module-Lattice-Based Key-Encapsulation (ML-KEM) and digital signatures (ML-DSA). These algorithms are tough cookies because they rely on the Shortest Vector Problem in lattices—a puzzle that remains computationally miserable even for quantum computers.</p><p>But don't stop at key encapsulation. You have to consider the <em>execution</em> itself. How do you verify an AI agent is using your data correctly without exposing the data? Check out <a href="https://www.gopher.security/blog/zero-knowledge-proofs-privacy-preserving-ai-tool-execution">Zero-Knowledge Proofs for Privacy-Preserving AI</a>. ZKPs let your agents prove they have the right clearance or that a computation was run correctly—all without ever showing the underlying sensitive context to the network.</p><h2>Your 3-Phase Transition Plan to Quantum Readiness</h2><p>Transitioning to a quantum-resistant architecture isn't an overnight "rip and replace" job. You’ll kill your productivity if you try. It needs to be a systematic, three-stage evolution.</p><pre><code class="language-mermaid">gantt title 3-Phase Transition Plan to Quantum Readiness dateFormat YYYY section Phase 1: Audit Inventory AI Endpoints :active, a1, 2026-01-01, 2026-04-01 section Phase 2: Pilot Hybrid Encryption Testing :crit, p1, 2026-04-01, 2026-08-01 section Phase 3: Deploy PQC IAM Implementation :d1, 2026-08-01, 2026-12-31 </code></pre><ol> <li><strong>Audit:</strong> Map every single AI endpoint currently using the <a href="https://modelcontextprotocol.io/">Model Context Protocol</a>. You can’t protect what you don’t know you have.</li> <li><strong>Pilot:</strong> Run hybrid encryption in your testing environments. Keep a close eye on latency—measure how much ML-KEM impacts your AI agents to ensure they stay snappy.</li> <li><strong>Deploy:</strong> Move to a quantum-resistant Identity and Access Management (IAM) model. Ensure every autonomous agent is authenticated with post-quantum signatures so you don't get hit by impersonation or "man-in-the-middle" attacks.</li> </ol><h2>Conclusion: The Cost of Inaction</h2><p>The cost of doing nothing isn't just a "potential breach." It’s the immediate, quiet loss of control over your most valuable assets. If your models are being scraped today, the value of that IP is already being drained. Quantum readiness isn't some fancy "future-proofing" exercise; it’s a compliance mandate for anyone in finance, healthcare, or defense.</p><p>Building a <a href="https://www.gopher.security/faq/how-to-build-quantum-resistant-infrastructure-for-model-context-protocol-deployments">quantum-resistant infrastructure</a> is hard work, but it’s manageable if you’re disciplined. Don't wait for the headline announcing a quantum breakthrough. By the time that hits the news, your secrets will already be in the hands of people who have been waiting for the clock to strike zero.</p><h2>Frequently Asked Questions</h2><h3>Is my AI infrastructure really at risk if quantum computers aren't fully here yet?</h3><p>Yes. The primary threat is the "Store Now, Decrypt Later" (SNDL) strategy. Adversaries are actively intercepting and storing encrypted traffic today, betting that they will be able to decrypt it once fault-tolerant quantum hardware becomes available. If your data has a shelf life of more than a few years, it is vulnerable today.</p><h3>What is the Model Context Protocol (MCP), and why does it need quantum-resistant security?</h3><p>MCP is an open standard that enables AI agents to connect to various data sources and tools seamlessly. Because it acts as the primary conduit for AI-to-AI and AI-to-data communication, it is a high-value target. If the protocol's transport security is compromised, an attacker gains a "golden path" into your entire agent ecosystem.</p><h3>Do I have to rebuild my entire AI stack to be quantum-resistant?</h3><p>No. You do not need to rewrite your models or replace your infrastructure. By focusing on "cryptographic agility," you can implement hybrid encryption—a "wrapper" approach that uses PQC alongside your current standards. This allows you to achieve quantum resistance without a total system overhaul.</p><h3>What are the NIST-approved standards for post-quantum security in 2026?</h3><p>The current primary standards are ML-KEM (Module-Lattice-Based Key-Encapsulation) for secure key exchange and ML-DSA for digital signatures. These <a href="https://csrc.nist.gov/projects/post-quantum-cryptography">NIST-approved algorithms</a> are specifically designed to withstand the computational power of future quantum computers.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/are-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks/" data-a2a-title="Are Your AI Deployments Quantum-Resistant? How to Protect Against Future Cyberattacks"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fare-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks%2F&amp;linkname=Are%20Your%20AI%20Deployments%20Quantum-Resistant%3F%20How%20to%20Protect%20Against%20Future%20Cyberattacks" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fare-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks%2F&amp;linkname=Are%20Your%20AI%20Deployments%20Quantum-Resistant%3F%20How%20to%20Protect%20Against%20Future%20Cyberattacks" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fare-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks%2F&amp;linkname=Are%20Your%20AI%20Deployments%20Quantum-Resistant%3F%20How%20to%20Protect%20Against%20Future%20Cyberattacks" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fare-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks%2F&amp;linkname=Are%20Your%20AI%20Deployments%20Quantum-Resistant%3F%20How%20to%20Protect%20Against%20Future%20Cyberattacks" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fare-your-ai-deployments-quantum-resistant-how-to-protect-against-future-cyberattacks%2F&amp;linkname=Are%20Your%20AI%20Deployments%20Quantum-Resistant%3F%20How%20to%20Protect%20Against%20Future%20Cyberattacks" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.gopher.security/blog">Read the Gopher Security&amp;#039;s Quantum Safety Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Read the Gopher Security's Quantum Safety Blog">Read the Gopher Security's Quantum Safety Blog</a>. Read the original post at: <a href="https://www.gopher.security/blog/are-your-ai-deployments-quantum-resistant?-how-to-protect-against-future-cyberattacks">https://www.gopher.security/blog/are-your-ai-deployments-quantum-resistant?-how-to-protect-against-future-cyberattacks</a> </p>

<p><!-- content style : start --></p><style type="text/css" data-name="kubio-style"></style><p><!-- content style : end --></p><h1>Web application testing with Burp Suite: a practical guide for UK SMEs</h1><p>For many UK SMEs, web applications are now part of day-to-day business. They handle customer logins, staff portals, booking systems, supplier access, and internal admin tasks. That makes them valuable, but it also means they deserve regular security attention.</p><p>Burp Suite is a widely used tool for testing web applications in a controlled way. It helps security teams and developers see how an application behaves when requests are sent to it, how it handles sessions, and whether it exposes weaknesses that should be fixed. Used properly, it supports defensive testing. It is not a shortcut to security, and it is not a substitute for good development practices, but it can be a very useful part of a sensible review process.</p><p>This guide is written for UK SMEs that want practical self-help guidance. It focuses on authorised testing of your own systems, with clear boundaries and business-focused interpretation of findings.</p><h2>What Burp Suite is and where it fits in web application testing</h2><p>Burp Suite is a web application testing platform. In plain English, it lets you observe, inspect, and modify traffic between a browser and a web application so you can understand how the application responds. That makes it useful for checking whether the application behaves as expected, whether controls are working properly, and whether there are gaps that need attention.</p><h3>Core features in plain English</h3><p>The most useful parts for a small business are usually the proxy, site map, and history views. The proxy lets you place Burp between your browser and the application so you can see requests and responses. The site map helps you understand the structure of the application, including pages, parameters, and endpoints. The history view shows what has been sent and received, which is helpful when you are tracing a user journey or reproducing a problem.</p><p>Other features can support deeper testing, but SMEs do not need to use every function to gain value. In practice, the tool is most helpful when you want to understand how the application handles login, session management, forms, file uploads, and access to different areas of the system.</p><h3>When SMEs might use it as part of a wider security review</h3><p>Burp Suite is most useful when you already have a legitimate reason to test an application. That might be before a release, after a significant change, during a supplier review, or as part of a periodic security check. It can also help when a developer wants to confirm that a fix has worked.</p><p>For SMEs, the key point is that Burp Suite works best as part of a wider process. It is one input into risk management, not the whole answer. Findings should be considered alongside business impact, data sensitivity, user exposure, and how quickly the issue could be exploited in your environment.</p><h2>Before you start: scope, permission and safe testing boundaries</h2><p>Before any testing begins, define exactly what is in scope. This is important for safety, for clarity, and for avoiding disruption. Testing without clear permission can create avoidable problems, even when the intention is defensive.</p><h3>Why written authorisation matters</h3><p>Written authorisation gives everyone a shared understanding of what is allowed. It should cover the application or applications being tested, the time period, the accounts to be used, and any systems that must not be touched. It should also make clear who to contact if something unexpected happens.</p><p>For an SME, this does not need to be a long document. A short approval note can be enough if it is clear and specific. The important thing is that the business owner, system owner, or another appropriate decision-maker has agreed to the activity in advance.</p><h3>How to define systems, accounts and test windows</h3><p>Start by listing the exact URLs, environments, and user roles that are in scope. Separate production, staging, and development systems, because they may behave differently and may carry different risks. If you are testing production, be especially careful about timing and impact.</p><p>Use dedicated test accounts where possible. Avoid using real customer or staff accounts unless there is a strong reason and the account owner has agreed. Make sure you know what data those accounts can access, because that affects both the risk and the interpretation of any findings.</p><p>Agree a test window that suits the business. For example, you may want to avoid peak trading hours, payroll processing, or busy customer service periods. The aim is to test safely without creating unnecessary operational noise.</p><h2>Setting up a basic testing workflow</h2><p>A simple workflow is usually enough for an SME starting out. The goal is to observe normal behaviour first, then look for anything that seems inconsistent, overly permissive, or poorly controlled.</p><h3>Intercepting traffic and reviewing requests and responses</h3><p>When you browse the application through Burp Suite, the tool can capture the requests your browser sends and the responses the server returns. A request is the message sent to the application. A response is the reply. Reviewing both helps you understand what information is being exchanged.</p><p>Look at the structure of requests, the parameters being passed, and the cookies or tokens used to maintain a session. Check whether the application sends more data than it needs to, whether sensitive information appears in responses, and whether the application behaves consistently when inputs change.</p><p>This is often where small but useful observations appear. For example, a page may reveal more information than expected, or a form may accept data in a way that suggests validation is weak. On their own, these observations do not prove a serious issue, but they can point to areas that deserve closer review.</p><h3>Using the site map and proxy history to understand application behaviour</h3><p>The site map helps you build a picture of the application’s structure. It can show hidden pages, repeated patterns, and areas that are not obvious from the user interface alone. The proxy history helps you trace what happened during a session, which is useful when you are trying to understand a workflow or compare one user role with another.</p><p>For SMEs, this is especially helpful when applications have grown over time. Older systems often contain pages, parameters, or admin functions that are still reachable even if they are no longer prominent in the interface. Mapping the application carefully can reveal where controls are missing or where access paths are more complex than expected.</p><h2>Common issues Burp Suite can help identify</h2><p>Burp Suite is useful because it helps you see how the application behaves, not just how it looks. That makes it easier to spot issues that may not be visible through normal use.</p><h3>Authentication and session handling weaknesses</h3><p>Authentication is the process of proving who you are. Session handling is how the application keeps track of you after login. Weaknesses in either area can create unnecessary risk.</p><p>Examples include sessions that do not expire properly, login flows that behave inconsistently, or cookies that appear to be handled in a way that is not robust. You may also notice that the application does not react well to repeated failed logins, password resets, or changes in user state. These are not always critical problems, but they are worth understanding because they affect how trustworthy the application is.</p><h3>Input validation and access control concerns</h3><p>Input validation is the process of checking that data entered into the application is acceptable. Access control is the set of rules that decides what a user can see or do. Both are common areas for weaknesses in web applications.</p><p>Burp Suite can help you observe whether the application accepts unexpected input, whether it returns different results when values change, and whether one user role can reach data or functions intended for another. For an SME, the business question is simple: can the right people access the right information, and are the controls consistent?</p><p>It is also worth checking whether the application reveals too much detail in error messages or responses. Even when this does not create an immediate security incident, it can make later exploitation easier and can expose internal implementation details that the business would rather keep private.</p><h2>How to interpret findings without overreacting</h2><p>It is easy to overstate the importance of a technical finding, especially when it sounds alarming. A better approach is to assess each issue in context. Consider how easy it is to reach, what data or functions are affected, whether the issue is exposed to all users or only a small group, and what the business impact would be if it were misused.</p><h3>Separating low-risk issues from business-critical ones</h3><p>Some findings are useful but low risk. For example, a minor information disclosure may be worth fixing, but it may not justify urgent action. Other issues, such as broken access control or weak session handling on a customer-facing portal, may deserve much higher priority because they affect trust, confidentiality, or service continuity.</p><p>A practical way to think about it is to ask three questions. Could this issue expose data? Could it let someone do something they should not be able to do? Could it disrupt a key business process? If the answer to any of these is yes, the issue deserves proper attention.</p><h3>When to involve developers or a specialist tester</h3><p>Internal teams can often identify obvious issues and confirm whether a control is behaving as expected. However, if a finding is difficult to reproduce, affects multiple systems, or appears to involve deeper design weaknesses, it is sensible to involve a developer or a specialist tester.</p><p>That is not a sign of failure. It is a normal part of mature security practice. Some issues are straightforward to fix, while others need a broader review of architecture, authentication design, or business logic. The earlier the right people are involved, the easier it is to resolve the issue in a controlled way.</p><h2>Making testing useful for the business</h2><p>Security testing only creates value when the results are turned into action. For SMEs, that means translating technical observations into a prioritised plan that the business can actually follow.</p><h3>Turning findings into a prioritised remediation plan</h3><p>Start by grouping findings by business impact rather than by technical detail alone. A simple plan might separate urgent fixes, medium-priority improvements, and items that can be scheduled into normal development work. Include the affected system, the owner, the expected fix, and a realistic target date.</p><p>It also helps to note any compensating controls. For example, if a weakness exists but the application is only available to a small internal group, that changes the risk picture. The aim is not to minimise the issue, but to make sure the response is proportionate.</p><h3>Linking web testing to wider risk management and secure development</h3><p>Web application testing should not sit in isolation. Findings often point to broader themes such as weak change control, inconsistent input handling, or gaps in development review. If the same type of issue appears more than once, it may indicate a process problem rather than a one-off defect.</p><p>That is where a wider risk management approach helps. Treat recurring findings as evidence that a control needs strengthening. Feed lessons back into secure development practices, code review, release checks, and supplier oversight where relevant. Over time, this reduces repeat work and makes the business more resilient.</p><h2>Practical limits and when to seek external support</h2><p>Burp Suite is a useful tool, but it has limits. It can help you observe behaviour and spot weaknesses, but it does not replace experience, judgement, or a structured testing approach.</p><h3>What internal teams can reasonably do</h3><p>Internal teams can usually handle basic observation, simple workflow mapping, and confirmation that known fixes behave as expected. They can also use Burp Suite to support developer testing before a release, provided the scope is clear and the activity is authorised.</p><p>What they should avoid is treating the tool as a way to improvise deeper security testing without the right experience. If the team is not confident about interpreting the results, or if the application is business-critical, it is better to slow down and get support than to draw the wrong conclusion.</p><h3>When a broader penetration test is more appropriate</h3><p>If the application is customer-facing, handles sensitive data, or supports important business processes, a broader penetration test may be more appropriate than ad hoc testing. That is especially true where there are multiple applications, complex integrations, or a history of repeated issues.</p><p>A broader test can combine web application review with other relevant checks, giving the business a more complete picture of risk. For many SMEs, that is a better use of time and budget than trying to test everything internally.</p><p>Used well, Burp Suite can help an SME understand its web application risk in a practical way. The main discipline is to keep testing authorised, focused, and proportionate. If you want help turning findings into a sensible remediation plan, or you need support designing a risk-based testing approach, speak to a consultant.</p><p>Speak to a consultant: <a href="https://clearpathsecurity.co.uk/contact-page/">https://clearpathsecurity.co.uk/contact-page/</a></p><p>The post <a href="https://clearpathsecurity.co.uk/web-application-testing-with-burp-suite-a-practical-guide-for-uk-smes/">Web application testing with Burp Suite: a practical guide for UK SMEs</a> appeared first on <a href="https://clearpathsecurity.co.uk/">Clear Path Security Ltd</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/web-application-testing-with-burp-suite-a-practical-guide-for-uk-smes/" data-a2a-title="Web application testing with Burp Suite: a practical guide for UK SMEs"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fweb-application-testing-with-burp-suite-a-practical-guide-for-uk-smes%2F&amp;linkname=Web%20application%20testing%20with%20Burp%20Suite%3A%20a%20practical%20guide%20for%20UK%20SMEs" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fweb-application-testing-with-burp-suite-a-practical-guide-for-uk-smes%2F&amp;linkname=Web%20application%20testing%20with%20Burp%20Suite%3A%20a%20practical%20guide%20for%20UK%20SMEs" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fweb-application-testing-with-burp-suite-a-practical-guide-for-uk-smes%2F&amp;linkname=Web%20application%20testing%20with%20Burp%20Suite%3A%20a%20practical%20guide%20for%20UK%20SMEs" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fweb-application-testing-with-burp-suite-a-practical-guide-for-uk-smes%2F&amp;linkname=Web%20application%20testing%20with%20Burp%20Suite%3A%20a%20practical%20guide%20for%20UK%20SMEs" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fweb-application-testing-with-burp-suite-a-practical-guide-for-uk-smes%2F&amp;linkname=Web%20application%20testing%20with%20Burp%20Suite%3A%20a%20practical%20guide%20for%20UK%20SMEs" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://clearpathsecurity.co.uk/">Clear Path Security Ltd</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Clear Path Security Ltd">Clear Path Security Ltd</a>. Read the original post at: <a href="https://clearpathsecurity.co.uk/web-application-testing-with-burp-suite-a-practical-guide-for-uk-smes/">https://clearpathsecurity.co.uk/web-application-testing-with-burp-suite-a-practical-guide-for-uk-smes/</a> </p>

<p>The post <a href="https://xkcd.com/3223/">Randall Munroe’s XKCD 'Inflation Timeline'</a> appeared first on <a href="https://www.infosecurity.us/">Infosecurity.US</a>.</p><figure class=" sqs-block-image-figure intrinsic "> <p> <a class=" sqs-block-image-link " href="https://xkcd.com/3223/"></a></p> <p> <img data-stretch="false" data-image="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png" data-image-dimensions="304x333" data-image-focal-point="0.5,0.5" alt="" data-load="false" elementtiming="system-image-block" src="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=1000w" width="304" height="333" sizes="auto, (max-width: 640px) 100vw, (max-width: 767px) 100vw, 100vw" onload='this.classList.add("loaded")' srcset="https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=100w 100w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=300w 300w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=500w 500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=750w 750w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=1000w 1000w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=1500w 1500w, https://images.squarespace-cdn.com/content/v1/5355d604e4b03c3e9896e131/bcf9e041-6382-44b1-8a58-db45cbc28669/solar_warning.png?format=2500w 2500w" loading="lazy" decoding="async" data-loader="sqs"></p> <p> <figcaption class="image-caption-wrapper"> <p class=""><strong>via the comic artistry and dry wit of Randall Munroe, creator of XKCD</strong></p> </figcaption></p></figure><p><a href="https://www.infosecurity.us/blog/2026/5/1/randall-munroes-xkcd-inflation-timeline">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/randall-munroes-xkcd-inflation-timeline/" data-a2a-title="Randall Munroe’s XKCD ‘Inflation Timeline’"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frandall-munroes-xkcd-inflation-timeline%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Inflation%20Timeline%E2%80%99" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frandall-munroes-xkcd-inflation-timeline%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Inflation%20Timeline%E2%80%99" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frandall-munroes-xkcd-inflation-timeline%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Inflation%20Timeline%E2%80%99" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frandall-munroes-xkcd-inflation-timeline%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Inflation%20Timeline%E2%80%99" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Frandall-munroes-xkcd-inflation-timeline%2F&amp;linkname=Randall%20Munroe%E2%80%99s%20XKCD%20%E2%80%98Inflation%20Timeline%E2%80%99" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://xkcd.com/3223/">https://xkcd.com/3223/</a> </p>

<p><span data-contrast="none">China may be trying to stem the tide of scams coming out of Southeast Asia, but it seems the country is doing so selectively, focusing primarily on those that affect their citizens but not the ones that target Americans.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">That’s a failing that has “led </span><span data-contrast="none">to a wave of scam center ‘alumni’ setting up shop in China,” according to a </span><a href="https://www.uscc.gov/research/protecting-americans-china-linked-scam-centers-update-emerging-trends" target="_blank" rel="noopener"><span data-contrast="none">report from the U.S.-China Economic and Security Review Commission</span></a><span data-contrast="none">.   </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">The commission notes that “in 2024, Chinese authorities prosecuted approximately 78,000 people for online fraud—a 54% increase over the previous year.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">It’s difficult not to see China’s selective approach as anything but political, and there is some truth to that. The report says as much. </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">But it is also true that the flood of scams is too great for the country—or any country—to dam. And despite publishing a list of 100 high-level criminals wanted for scams that targeted Chinese citizens and offering a reward for information, the country is failing to stem the tide. Though the efforts did help China snare notorious scam “kingpin” Chen Zhi, who was indicted by the U.S., after the “most wanted” list and reward were posted, Chinese officials were able to get him extradited from Cambodia. “</span><span data-contrast="none">However, Beijing continues to turn a blind eye to criminal activity targeting foreigners,” the report said.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">That troubles American authorities, who saw American losses from Chinese criminal group-operated industrial-scale scam centers top $10 billion in 2024. So the U.S. government has taken matters into its own hands, sanctioning criminal leaders and creating an Interagency Scam Center Strike Force. But even that can’t pull authorities ahead of the scammers who “are embracing advanced technologies and exploiting cryptocurrency to launder stolen assets across national borders with virtual impunity,” the report said.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">And of course, AI is making it easier for the cybercriminals, who are using it to scale operations, boost the sophistication of scams, and evade tried and true detection methods. </span><span data-contrast="none">These AI-powered scams, the report found, make it difficult for even the most discerning potential victims to distinguish fact from fraud.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Noting that “Chinese-nexus cyber activity has evolved in four phases over the past two decades,” </span><a href="https://www.darktrace.com/es/blog/how-chinese-nexus-cyber-operations-have-evolved-and-what-it-means-for-cyber-risk-and-resilience" target="_blank" rel="noopener"><span data-contrast="none">research from Darktrace</span></a><span data-contrast="none"> shows today it is “defined by scale, operational restraint, and persistence.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">While “attackers are establishing access, evaluating its strategic value, and maintaining it over time,” the research finds “a broader shift: cyber operations are increasingly integrated into long-term economic and geopolitical strategies. Access to digital environments, specifically those tied to critical national infrastructure, supply chains, and advanced technology, has become a form of strategic leverage for the long-term.”  </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Trey Ford, chief strategy and trust officer at Bugcrowd, says China “has built a proof of concept for adversarial industrialization: Scripted social engineering at scale, multilingual workforce expansion, and money laundering infrastructure embedded in legitimate financial systems.” </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">And that can’t be stopped by a configuration change. “What stops it is continuous human intelligence, behavioral detection at the transaction layer, and law enforcement cooperation that doesn’t depend on one actor’s domestic political incentives,” he says.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Nathaniel Jones, vice president, security and AI strategy and field CISO at Darktrace, says the company’s </span><a href="https://www.darktrace.com/es/blog/how-chinese-nexus-cyber-operations-have-evolved-and-what-it-means-for-cyber-risk-and-resilience" target="_blank" rel="noopener"><span data-contrast="none">recent research</span></a><span data-contrast="none"> shows that Chinese-nexus activity follows two operational models–“smash and grab” and low and slow. The former “are short-horizon intrusions optimized for speed. Attackers move quickly – often exfiltrating data within 48 hours – and prioritize scale over stealth. The median duration of these compromises is around 10 days. It’s clear they are willing to risk detection for short-term gain,” he says.  </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">The latter operations were less prevalent in Darktrace’s dataset, “but potentially more consequential,” with attackers prioritizing “persistence, establishing durable access through identity systems and legitimate administrative tools, so they can maintain access undetected for months or even years.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">The scams most dangerous to U.S. citizens are “pig-butchering (investment fraud layered on manufactured romantic trust) and crypto investment fraud, says Ford.</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">But “China isn’t targeting those because the incentive structure doesn’t require it,” he explains. </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">“As one U.S.-China Economic and Security Review Commission member put it at a Senate hearing, Beijing has ‘selectively’ cracked down, “largely turning a blind eye to scam centers victimizing foreigners,” with the result that Chinese criminal syndicates have been incentivized to shift toward targeting Americans,” says Ford. “Framed differently: this is not ambivalence, it is a rational enforcement strategy calibrated to domestic political risk.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">While the U.S. government has taken some action, “what hasn’t happened is sustained diplomatic pressure that changes Beijing’s incentive calculation,” he says, explaining that “targeted sanctions and individual indictments do not alter the underlying governance structure that makes these operations viable.” </span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none">Because the U.S. leverage on China in this domain “is constrained by the same geopolitical dynamics shaping every other bilateral conversation,” Ford says, “organizations should not plan around a near-term diplomatic fix.”</span><span data-ccp-props='{"335557856":16777215}'> </span></p><p><span data-contrast="none"> Instead, he says, they should:</span><span data-ccp-props='{"335557856":16777215}'> </span></p><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="1" data-aria-level="1"><span data-contrast="none">Treat social engineering as an infrastructure problem, not a training problem. Pig-butchering attacks operate over weeks or months, building trust before any financial ask appears. Annual phishing awareness sessions don’t address that threat model.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="2" data-aria-level="1"><span data-contrast="none">Harden the financial transaction layer specifically. The terminal event in almost every investment fraud scheme is a wire transfer or crypto send that could have been interrupted with verification controls.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="3" data-aria-level="1"><span data-contrast="none">Brief employees on the specific mechanics: manufactured relationship, engineered urgency and off-platform movement to private apps. The playbook is consistent. Recognizing the pattern is the control. Most corporate trainings don’t go far enough in training how to detect these patterns.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="4" data-aria-level="1"><span data-contrast="none">For executive and high-net-worth individuals, the personal and professional attack surfaces are no longer separate. These scams increasingly target people in their personal lives to create leverage or access in their professional ones.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="5" data-aria-level="1"><span data-contrast="none">Consider continuous third-party validation of your organization’s social engineering exposure, not self-assessed controls – there is scale economy in terms of diversity of perspective, keeping content fresh, and making all of this more effective.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559685":945,"335559739":0,"335559740":240}'> </span></li></ul><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/china-has-its-sights-set-on-scammers-just-not-those-targeting-americans/" data-a2a-title="China Has its Sights Set on Scammers, Just Not Those Targeting Americans "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&amp;linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&amp;linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&amp;linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&amp;linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fchina-has-its-sights-set-on-scammers-just-not-those-targeting-americans%2F&amp;linkname=China%20Has%20its%20Sights%20Set%20on%20Scammers%2C%20Just%20Not%20Those%20Targeting%20Americans%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>The post <a href="https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover">Actively exploited cPanel bug exposes millions of websites to takeover</a> appeared first on <a href="https://www.malwarebytes.com/">Malwarebytes</a>.</p><p>Security researchers are <a href="https://techcrunch.com/2026/04/30/hackers-are-actively-exploiting-a-bug-in-cpanel-used-by-millions-of-websites/" rel="noreferrer noopener nofollow">warning</a> about a newly discovered vulnerability in the widely used web server management software cPanel and WebHost Manager (WHM). </p><p>This is a critical, actively exploited authentication-bypass bug in cPanel/WHM that lets attackers gain administrative access to the interface without credentials, potentially take over servers and all hosted sites.</p><p>The vulnerability, tracked as <a href="https://www.cve.org/CVERecord?id=CVE-2026-41940" rel="noreferrer noopener nofollow">CVE-2026-41940</a>, has been added to the <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" rel="noreferrer noopener nofollow">Known Exploited Vulnerabilities catalog</a> by the Cybersecurity and Infrastructure Security Agency (CISA), meaning there is evidence it is being used in real-world attacks.</p><p>Because cPanel/WHM is used by over <a href="https://trends.builtwith.com/websitelist/CPanel">a million si</a><a href="https://trends.builtwith.com/websitelist/CPanel" rel="noreferrer noopener nofollow">t</a><a href="https://trends.builtwith.com/websitelist/CPanel">es</a> worldwide, including banks and health organizations, the potential impact is huge. In simple terms, the bug can act like a front‑door key to a big chunk of the web’s hosting infrastructure.</p><p><a href="https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026" rel="noreferrer noopener nofollow">cPanel released patches</a> on April 28, 2026, and urged all customers and hosts to update. It said all supported versions after 11.40 are affected, including DNSOnly and WP Squared.</p><p>Hosting providers including <a href="https://www.namecheap.com/status-updates/ongoing-critical-security-vulnerability-in-cpanel-april-28-2026/" rel="noreferrer noopener nofollow">Namecheap</a>, HostGator, and KnownHost temporarily blocked access to cPanel interfaces while patching, treating this as a critical authentication bypass and reporting exploit attempts going back to late February 2026.</p><h2 class="wp-block-heading" id="h-how-to-stay-safe">How to stay safe</h2><p>While it’s up to the hosting companies and website owners to patch as quickly as possible, there are ways to reduce your risk if a site you use is compromised.</p><p>As always, limit the data you share with websites to what’s absolutely necessary. Data they don’t have can’t be stolen.</p><p>When ordering from an online retailer, don’t tick the box to save your card details for future purchases as they will be stored on the server.</p><p>If there’s an option to check out as a guest, use it. It reduces the amount of personal data tied to an account.</p><p>Don’t reuse passwords. When one site is compromised, having the same credentials in several places turns it into a multi‑account takeover problem. A password manager can help you create complex unique passphrases, and remember them for you.</p><p>Where possible, pay by credit card. In many regions, this gives you stronger fraud protection.</p><hr class="wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex"> <div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:15%"> <figure class="wp-block-image aligncenter size-large is-resized"><img decoding="async" src="https://www.malwarebytes.com/wp-content/uploads/sites/2/2024/08/PersonalDataRemover-noinfo-icon-blue.svg?w=1024" alt="Personal Data Remover" class="wp-image-115567" style="width:70px"></figure> </div> <div class="wp-block-column is-vertically-aligned-center is-layout-flow wp-container-core-column-is-layout-10073889 wp-block-column-is-layout-flow" style="padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30);flex-basis:60%"> <h3 class="wp-block-heading has-dark-blue-color has-text-color has-link-color wp-elements-2afe8cc7c9b6e1e46c9a35aecba313a2" id="h-your-details-are-probably-already-for-sale">Your details are probably already for sale. </h3> </div> <div class="wp-block-column is-vertically-aligned-center has-global-padding is-content-justification-right is-layout-constrained wp-container-core-column-is-layout-f1f2ed93 wp-block-column-is-layout-constrained" style="flex-basis:30%"> <div class="wp-block-malware-bytes-button mb-button" id="mb-button-a2b2e60f-b6c4-45fc-8aac-20ae3cf27e09"> <div class="mb-button__row u-justify-content-center"> <div class="mb-button__item mb-button-item-0"> <p class="btn-main"><a href="https://www.malwarebytes.com/personal-data-remover" data-type="link" data-id="https://www.malwarebytes.com/scamguard" rel="noreferrer noopener">FIND OUT HERE</a></p> </div> </div> </div> </div> </div><hr class="wp-block-separator aligncenter has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><h2 class="wp-block-heading" id="h-when-a-site-you-trust-gets-hacked">When a site you trust gets hacked</h2><p>If you think you’ve been <a href="https://www.malwarebytes.com/blog/personal/2023/09/involved-in-a-data-breach-heres-what-you-need-to-know" rel="noreferrer noopener">affected by a data breach</a>, take the following steps: </p><ul class="wp-block-list"> <li><strong>Check the company’s advice.</strong> Every breach is different, so check with the company to find out what’s happened and follow any specific advice it offers.</li> <li><strong>Change your password.</strong> You can make a stolen password useless to thieves by changing it. Choose a <a href="https://www.malwarebytes.com/computer/how-to-create-a-strong-password" rel="noreferrer noopener">strong password</a> that you don’t use for anything else. Better yet, let a <a href="https://www.malwarebytes.com/what-is-password-manager" rel="noreferrer noopener">password manager</a> choose one for you.</li> <li><strong>Enable <a href="https://www.malwarebytes.com/blog/news/2023/10/multi-factor-authentication-has-proven-it-works-so-what-are-we-waiting-for" rel="noreferrer noopener">two-factor authentication (</a><a href="https://www.malwarebytes.com/cybersecurity/basics/2fa" rel="noreferrer noopener">2FA</a></strong><strong>).</strong> If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can’t be phished.</li> <li><strong>Watch out for impersonators.</strong> The thieves may contact you posing as the breached platform. Check the official website to see if it’s contacting victims and verify the identity of anyone who contacts you using a different communication channel.</li> <li><strong>Take your time.</strong> Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.</li> <li><strong>Consider not storing your card details</strong>. It’s definitely more convenient to let sites remember your card details, but it increases risk if a retailer suffers a breach.</li> <li><strong>Set up <a href="https://www.malwarebytes.com/cybersecurity/basics/dark-web-monitoring" rel="noreferrer noopener">identity monitoring</a></strong>, which alerts you if your <a href="https://www.malwarebytes.com/cybersecurity/basics/pii" rel="noreferrer noopener">personal information</a> is found being traded illegally online and helps you recover after.</li> </ul><hr class="wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide" style="margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)"><div class="wp-block-columns is-layout-flex wp-container-core-columns-is-layout-0884d4d2 wp-block-columns-is-layout-flex" style="margin-top:var(--wp--preset--spacing--50);margin-bottom:var(--wp--preset--spacing--50)"> <div class="wp-block-column is-layout-flow wp-block-column-is-layout-flow" style="flex-basis:85%"> <p><strong>What do cybercriminals know about you?</strong></p> <p> Use Malwarebytes’ free <strong>Digital Footprint scan </strong>to see whether your personal information has been exposed online.</p> <div class="wp-block-malware-bytes-button mb-button" id="mb-button-9fb76ce6-e9be-4800-a515-474eb985c2be"> <div class="mb-button__row u-justify-content-flex-start"> <div class="mb-button__item mb-button-item-0"> <p class="btn-main"><a href="https://www.malwarebytes.com/digital-footprint" rel="noreferrer noopener">SCAN NOW</a></p> </div> </div> </div> </div> </div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover/" data-a2a-title="Actively exploited cPanel bug exposes millions of websites to takeover"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&amp;linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&amp;linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&amp;linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&amp;linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Factively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover%2F&amp;linkname=Actively%20exploited%20cPanel%20bug%20exposes%20millions%20of%20websites%20to%20takeover" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.malwarebytes.com/">Malwarebytes</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Malwarebytes">Malwarebytes</a>. Read the original post at: <a href="https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover">https://www.malwarebytes.com/blog/news/2026/05/actively-exploited-cpanel-bug-exposes-millions-of-websites-to-takeover</a> </p>

<p>The paradox of edge security describes how technologies designed to strengthen network defenses can also create new vulnerabilities. Edge devices improve performance and support localized threat detection by processing data closer to its source, yet modern enterprise environments often operate thousands of distributed endpoints.</p><p>This rapid expansion of edge infrastructure increases the number of systems that security teams must monitor and protect. As a result, the same devices that improve operational efficiency can also widen the attack surface when security controls fail to keep pace with deployment.</p><h3><strong>Why Edge Devices Have Become Attractive Targets</strong></h3><p>Default credentials and weak authentication controls remain common weaknesses in many edge environments. Security teams must also manage increasingly complex technology stacks, with organizations now juggling an <a href="https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/unified-cybersecurity-platform">average of 83 different security solutions</a> from 29 vendors, which complicates consistent policy enforcement.</p><p>Unpatched firmware and outdated operating systems further increase exposure because many edge devices receive updates less frequently than traditional endpoints. Misconfigured firewalls and poorly secured remote management interfaces add additional risk, giving attackers potential entry points into distributed networks.</p><h3><strong>The Operational Challenges Behind Edge Security</strong></h3><p>Information technology (IT) teams manage distributed devices across offices and remote facilities. Many organizations struggle to maintain full visibility into every edge asset connected to their networks. Data exposure often <a href="https://www.synaptics.com/company/blog/security-at-the-edge-why-it-starts-with-the-silicon">represents the most serious vulnerability</a>, as personal or sensitive information can leak during collection, processing or storage.</p><p>Strong security programs protect confidentiality throughout the entire data life cycle. The challenge becomes greater when patch management involves devices running different firmware versions or relying on multiple vendor platforms. These operational constraints slow vulnerability remediation across large environments.</p><h3><strong>Strategies to Reduce Risk in Edge Environments</strong></h3><p>The paradox of edge security requires organizations to rethink how they protect distributed infrastructure. Security teams must combine strong governance and consistent controls to reduce risk in edge environments.</p><h3><strong>1.   Maintain Comprehensive Edge Asset Visibility</strong></h3><p>Continuous discovery tools allow organizations to identify all devices in edge environments. Security teams gain clearer visibility into gateways and sensors operating outside traditional network boundaries. These platforms also track firmware versions, device configurations and known vulnerabilities.</p><p>Improved asset awareness helps teams maintain stronger oversight of complex edge infrastructure. Consistent visibility supports faster detection of security gaps and more informed risk management decisions.</p><h3><strong>2.   Implement Zero Trust Network Principles</strong></h3><p>Zero-trust principles treat every edge device as untrusted until its identity and behavior are verified. This approach requires strict authentication controls and least-privilege access policies before any system can interact with the network.</p><p>Zero-trust architecture also <a href="https://rehack.com/cybersecurity/zero-trust-architecture/">provides improved visibility and control</a> over network activity, which allows organizations to monitor traffic and respond to suspicious behavior in real time. Continuous verification helps reduce the risk of compromised devices gaining persistent access to critical systems.</p><h3><strong>3.   Automate Firmware and Patch Management</strong></h3><p>Centralized patch deployment helps organizations reduce the window of vulnerability across distributed edge environments. Automated update systems enable security teams to apply firmware and software patches consistently across large device fleets.</p><p>This approach improves protection by ensuring critical security fixes reach edge devices quickly. Consistent patching also reduces the risk of attackers exploiting outdated firmware or unsupported operating systems. Centralized update platforms also simplify patch tracking across multiple vendors and device types.</p><h3><strong>4.   Segment Edge Networks</strong></h3><p>Network segmentation helps limit lateral movement if an edge device becomes compromised. Critical systems remain isolated from less secure Internet of Things (IoT) endpoints and operational technology devices, thereby reducing the likelihood that attackers can reach sensitive assets.</p><p>Despite these benefits, adoption remains limited. Research shows that only <a href="https://zeronetworks.com/resource-center/white-papers/network-segmentation-zero-trust-architectures-survey-of-it-security-professionals">5% of IT and security professionals</a> report that their organizations currently microsegment their networks. Broader implementation of segmentation strategies can therefore strengthen protection across distributed environments.</p><h3><strong>5.   Strengthen Monitoring and Telemetry</strong></h3><p>Edge devices should send logs and telemetry to centralized security platforms for continuous monitoring. Centralized visibility allows security teams to analyze activity across distributed infrastructure more effectively. Behavioral analytics tools can detect unusual traffic patterns or abnormal device behavior that may indicate a potential breach.</p><p>These systems also <a href="https://www.researchgate.net/publication/392267675_AI_and_Behavioral_Analytics_in_Enhancing_Insider_Threat_Detection_and_Mitigation">automatically respond to newly discovered threats</a>, often without the need for immediate human intervention. Faster detection and response help organizations reduce the impact of emerging edge security threats.</p><h3><strong>Strengthening Security in Edge Environments</strong></h3><p>Edge infrastructure improves performance and operational flexibility while introducing new security challenges in distributed environments. The paradox of edge security shows how technologies designed to protect networks can become vulnerable entry points when governance and monitoring fall behind deployment. Cybersecurity teams that prioritize visibility and automated security controls strengthen protection in edge networks.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/addressing-the-edge-security-paradox/" data-a2a-title="Addressing the Edge Security Paradox"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Faddressing-the-edge-security-paradox%2F&amp;linkname=Addressing%20the%20Edge%20Security%20Paradox" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Faddressing-the-edge-security-paradox%2F&amp;linkname=Addressing%20the%20Edge%20Security%20Paradox" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Faddressing-the-edge-security-paradox%2F&amp;linkname=Addressing%20the%20Edge%20Security%20Paradox" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Faddressing-the-edge-security-paradox%2F&amp;linkname=Addressing%20the%20Edge%20Security%20Paradox" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Faddressing-the-edge-security-paradox%2F&amp;linkname=Addressing%20the%20Edge%20Security%20Paradox" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p style="font-weight: 400;">A pair of tightly executed cyberattacks have become milestones in cryptocurrency theft in 2026 due to their sheer size. These two incidents, targeting Drift Protocol and KelpDAO, account for roughly three quarters of all recorded crypto losses through April, revealing a shift toward fewer, higher-dollar operations.</p><p style="font-weight: 400;">Based on a report from TRM Labs, security researchers attribute both attacks to North Korean state-backed actors, continuing a multi-year pattern. Since 2017, these groups have extracted more than $6 billion from the crypto ecosystem, with their totals climbing sharply from marginal levels earlier in the decade to a dominant position today.</p><h3 style="font-weight: 400;"><strong>Hundreds of Millions in Losses </strong></h3><p style="font-weight: 400;">The Drift Protocol breach, which resulted in approximately $285 million in losses, reflects a remarkable level of preparation. Investigators describe a prolonged campaign involving direct engagement with personnel, including in-person interactions over several months. This approach, combined with manipulation of transaction authorization mechanisms, allowed attackers to pre-stage withdrawals that were executed rapidly once conditions were prepared. The asset drain was completed in minutes.</p><p style="font-weight: 400;">In contrast, the $292 million exploit targeting KelpDAO relied on a structural weakness in cross-chain verification. By compromising internal infrastructure and manipulating data inputs, attackers were able to convince the system that assets had been legitimately transferred, enabling unauthorized withdrawals at a vast scale. The incident highlights the risks in designs that depend on a single validation source.</p><p style="font-weight: 400;">While the technical methods differed, both attacks highlight a strategic emphasis on identifying systemic vulnerabilities, whether in governance or bridge architectures, where a single point of failure can yield disproportionate returns.</p><p style="font-weight: 400;">Post-breach behavior further distinguishes the operations. Funds taken from Drift Protocol were quickly converted and redistributed but have since remained inactive, suggesting a delayed liquidation strategy. This measured approach has become a pattern, with stolen assets often held for extended periods before being gradually monetized.</p><p style="font-weight: 400;">The KelpDAO proceeds took a more immediate path. After an initial disruption that froze a portion of the funds, the remaining assets were rapidly moved across chains and converted into Bitcoin, primarily through decentralized liquidity protocols. This is a more reactive laundering model, one designed to adapt quickly when obstacles arise.</p><h3 style="font-weight: 400;"><strong>Lack of Centralized Oversight</strong></h3><p style="font-weight: 400;">A consistent element across both cases is the use of cross-chain infrastructure that operates without centralized oversight. These platforms have become critical conduits for moving large volumes of illicit funds, particularly when other channels impose restrictions or compliance checks. This becomes a structural challenge for law enforcement, as decentralized systems limit the ability to intervene once transactions are initiated.</p><p style="font-weight: 400;">The concentration of losses in a small number of events also reveals a shift in attack strategy. Rather than increasing activity, threat actors appear to be refining target selection and execution. This change may be supported by more advanced reconnaissance techniques that use automated tools to map vulnerabilities and discover the best timing.</p><p style="font-weight: 400;">This year’s high-dollar losses in the crypto sector demonstrate that security models that rely on assumptions of distributed trust or limited exposure are being tested by hackers willing to invest time and resources into breaching them. The Drift and KelpDAO incidents suggest that defenses must account not only for technical exploits but also for coordinated, multi-phase campaigns that blend social engineering with protocol-level manipulation.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/north-koreas-enormous-crypto-hacks-redefine-scale-and-strategy/" data-a2a-title="North Korea’s Enormous Crypto Hacks Redefine Scale and Strategy"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnorth-koreas-enormous-crypto-hacks-redefine-scale-and-strategy%2F&amp;linkname=North%20Korea%E2%80%99s%20Enormous%20Crypto%20Hacks%20Redefine%20Scale%20and%20Strategy" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnorth-koreas-enormous-crypto-hacks-redefine-scale-and-strategy%2F&amp;linkname=North%20Korea%E2%80%99s%20Enormous%20Crypto%20Hacks%20Redefine%20Scale%20and%20Strategy" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnorth-koreas-enormous-crypto-hacks-redefine-scale-and-strategy%2F&amp;linkname=North%20Korea%E2%80%99s%20Enormous%20Crypto%20Hacks%20Redefine%20Scale%20and%20Strategy" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnorth-koreas-enormous-crypto-hacks-redefine-scale-and-strategy%2F&amp;linkname=North%20Korea%E2%80%99s%20Enormous%20Crypto%20Hacks%20Redefine%20Scale%20and%20Strategy" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnorth-koreas-enormous-crypto-hacks-redefine-scale-and-strategy%2F&amp;linkname=North%20Korea%E2%80%99s%20Enormous%20Crypto%20Hacks%20Redefine%20Scale%20and%20Strategy" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p>The post <a href="https://www.sonatype.com/blog/the-mythos-ai-vulnerability-storm-what-to-do-next">The Mythos AI Vulnerability Storm: What to Do Next</a> appeared first on <a href="https://www.sonatype.com/blog">2024 Sonatype Blog</a>.</p><div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/the-mythos-ai-vulnerability-storm-what-to-do-next" title="" class="hs-featured-image-link"> <img decoding="async" src="https://www.sonatype.com/hubfs/blog_mythos_webinar.png" alt="Image containing three different hexagon shapes, one with a lock icon, one with a mini screen and a caret for code writing, and one with a map icon." class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div><p>AI is transforming bo<span style="text-decoration: none;">th </span><a href="https://www.sonatype.com/blog/autonomous-development-and-ai-speed-vs.-security" style="text-decoration: none;"><span style="color: #1155cc;">software development and software risk</span></a>.</p><p><img decoding="async" src="https://track.hubspot.com/__ptq.gif?a=1958393&amp;k=14&amp;r=https%3A%2F%2Fwww.sonatype.com%2Fblog%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next&amp;bu=https%253A%252F%252Fwww.sonatype.com%252Fblog&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/the-mythos-ai-vulnerability-storm-what-to-do-next/" data-a2a-title="The Mythos AI Vulnerability Storm: What to Do Next"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next%2F&amp;linkname=The%20Mythos%20AI%20Vulnerability%20Storm%3A%20What%20to%20Do%20Next" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next%2F&amp;linkname=The%20Mythos%20AI%20Vulnerability%20Storm%3A%20What%20to%20Do%20Next" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next%2F&amp;linkname=The%20Mythos%20AI%20Vulnerability%20Storm%3A%20What%20to%20Do%20Next" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next%2F&amp;linkname=The%20Mythos%20AI%20Vulnerability%20Storm%3A%20What%20to%20Do%20Next" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fthe-mythos-ai-vulnerability-storm-what-to-do-next%2F&amp;linkname=The%20Mythos%20AI%20Vulnerability%20Storm%3A%20What%20to%20Do%20Next" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.sonatype.com/blog">2024 Sonatype Blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Aaron Linskens">Aaron Linskens</a>. Read the original post at: <a href="https://www.sonatype.com/blog/the-mythos-ai-vulnerability-storm-what-to-do-next">https://www.sonatype.com/blog/the-mythos-ai-vulnerability-storm-what-to-do-next</a> </p>

<p>Scams that start on social media are gaining steam, with Americans last year <a href="https://www.ftc.gov/news-events/news/press-releases/2026/04/new-ftc-data-show-people-have-lost-billions-social-media-scams" target="_blank" rel="noopener">losing $2.1 billion</a> to such schemes, more than the amounts lost through scams that used other methods to reach consumers, according to the Federal Trade Commission.</p><p>The money lost in 2025 is eight times more than what was stolen through social media in 2020. About 30% of those who reported losing money in a scam said the trouble began on social media. Most of the money Americans lost to scammers – about $794 million – began on Facebook, followed by WhatsApp ($425 million) and Instagram ($234 million). All three social media sites are owned by tech giant Meta.</p><p>Scams starting on other social media sites accounted for about $599 million.</p><p>Other methods scammers used resulted in fewer losses, with phone calls and website or apps resulting in $1.1 billion each. Others included text ($639 million) and email ($569 million).</p><p>“Social media can be a great way to connect, but can also make a scammer’s job easier,” the agency wrote in its <a href="https://www.ftc.gov/news-events/data-visualizations/data-spotlight/2026/04/reported-losses-scams-social-media-eight-times-higher-2020" target="_blank" rel="noopener">Data Spotlight report</a>. “They might hack into your account to scam your friends or even create entirely fake profiles. Or they might use what you post to figure out how to target you. And by buying ads, they get the same tools real businesses use to target you by age, interests, or shopping habits. At very little cost, scammers can reach billions of people from anywhere in the world.”</p><h3>Shopping Scams are Common</h3><p>The cybersecurity industry and other sectors have been warning consumers for years about the amount and kinds of scams that originate on social media. Data protection specialist Forta last year listed <a href="https://www.terranovasecurity.com/blog/examples-social-media-scams" target="_blank" rel="noopener">eight examples of scams</a> that are common on social media, ranging from phishing through direct messages and quizzes or personality tests to fake giveaways and contests and get-rich-quick investment schemes.</p><p>According to the FTC, shopping scams were the most reported on social media, with more than 40% of people who lost money to a social media-based scam saying it started when they ordered something they’d seen in an ad, such as clothes, makeup, car parts, and puppies.</p><p>“Many ads led to unfamiliar websites, while others sent people to sites impersonating well-known brands offering big discounts,” the agency wrote. “Most people said they paid for things that simply never arrived. When orders did show up, people often reported that the items were counterfeits or very different from what was advertised. Reports show that these products were often shipped from China, with high return shipping costs making returns unworkable.”</p><h3>Most Money Lost in Investment Scams</h3><p>While shopping scams were the most reported, it was investment scams that caused the largest losses. In all, $1.1 billion – more than half the total amount lost by U.S. consumers in 2025 – was stolen through investment scams.</p><p>Investment scams come in forms, with some starting with an ad or social media post offering a program to teach people how to invest, while other scammers pose as financial advisors or create WhatsApp groups of “successful investors” giving positive but fake testimonials.</p><p>“They directed people to fake – but real-looking – investment platforms,” the FTC wrote. “There, people create an account, see fake profits, and maybe even withdraw a small amount – this builds trust, so people invest more. But there never was any real investment and, worse still, some people who lost money this way reported secondary losses to scammers who said they could trace and recover lost money … for a fee.”</p><h3>Romance Scams a Threat</h3><p>Romance scams often are another avenue for bad actors to steal money. Almost 60% of those who lost money to a romance scam said it started on a social media platform. The scammers approach people through social media, develop a relationship of sorts, and eventually – and it can take weeks or months – offer investment advice and help or invent a crisis that requires money.</p><p>Romance and other investments are becoming a larger threat as crime syndicates run <a href="https://securityboulevard.com/2026/04/fbi-and-international-agencies-shut-down-scam-centers-arrest-276-people/" target="_blank" rel="noopener">industrial-sized scam compounds</a> in remote parts of Southeast Asia, filled with hundreds of people forced to run these scams.</p><p>“While social media has become central to our routines, its vast reach and anonymity provide certain risks – they’ve become a breeding ground for scammers,” Forta wrote in its report. “Awareness is key to protecting yourself against social media scams.”</p><h3>A Matter of Trust</h3><p>A <a href="https://www.sciencedirect.com/science/article/pii/S2949791425000016" target="_blank" rel="noopener">study</a> published last year by the Journal of Economic Criminology found that phishing scams are particularly effective because they target people through psychological manipulation, rather than trying to exploit software protections. The authors outlined how scammers will create fake profiles or hack legitimate accounts, then use social engineering to play on people’s emotions, like stress or empathy.</p><p>“This trust is leveraged by scammers to request help from victims, often in the form of money or personal information such as passwords,” they wrote. “Phishing is particularly effective due to the human tendency to act on trust, which is easily forged online.”</p><p>The report said social media users educated through training sessions about the dangers of phishing found the information helpful for protecting themselves online, but that people often don’t embrace such training because of time constraints or the belief it is boring or irrelevant.</p><p>The FTC said people should limit who can see their social media posts and contacts, never let someone they met on social media direct their investments, and check out a company to ensure they’re legitimate before buying anything from them. Users should search online for the company name, adding the words “scam” or “complaint” to the search.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/u-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says/" data-a2a-title="U.S. Consumers Lost $2.1 Billion in Social Media Scams in 2025, FTC Says"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fu-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says%2F&amp;linkname=U.S.%20Consumers%20Lost%20%242.1%20Billion%20in%20Social%20Media%20Scams%20in%202025%2C%20FTC%20Says" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fu-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says%2F&amp;linkname=U.S.%20Consumers%20Lost%20%242.1%20Billion%20in%20Social%20Media%20Scams%20in%202025%2C%20FTC%20Says" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fu-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says%2F&amp;linkname=U.S.%20Consumers%20Lost%20%242.1%20Billion%20in%20Social%20Media%20Scams%20in%202025%2C%20FTC%20Says" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fu-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says%2F&amp;linkname=U.S.%20Consumers%20Lost%20%242.1%20Billion%20in%20Social%20Media%20Scams%20in%202025%2C%20FTC%20Says" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fu-s-consumers-lost-2-1-billion-in-social-media-scams-in-2025-ftc-says%2F&amp;linkname=U.S.%20Consumers%20Lost%20%242.1%20Billion%20in%20Social%20Media%20Scams%20in%202025%2C%20FTC%20Says" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<p><span data-contrast="none">Browser extensions are collecting and reselling user data—perfectly legally—and opening up a slew of privacy and security issues.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">They’re not malicious extensions, and they’re upfront about what they’re doing, but their proliferation is a big problem for defenders. </span><a href="https://layerxsecurity.com/blog/your-extensions-sell-your-data-and-its-perfectly-legal/" target="_blank" rel="noopener"><span data-contrast="none">LayerX recently found</span></a><span data-contrast="none"> multiple networks of these extensions — more than 80, including 24 media extensions — installed on 800,000 browsers, collecting viewing data and demographic information</span><span data-contrast="none"> from Netflix, Hulu, Disney+, Amazon Prime Video, HBO, Apple TV, and other streaming platforms.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The company also discovered 12 ad blockers openly selling user data—combined, they had a base of 5.5 million users. And nearly 50 other extensions were found to be collecting and reselling the browser data of more than 100,000 users.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">For consumers, these extensions, which operate unregulated, represent potential exposure of private information, including viewing history, content preferences, platform subscriptions, downloaded content and streaming behavior. That’s in addition to the typical data collected around age and gender. Alarmingly, they do it without users ponying up any of that data—to fill any gaps in information, the extension developers simply match email addresses against third-party demographic databases.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“At a certain point in time, not too long ago, these types of extensions were properly being flagged for what they were – spyware,” says Mark Odom, senior solutions engineer at Black Duck. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“The problem is that the frequency and depth of this spyware has rebranded as ‘analytics’ in most cases,” and “as new generations grow up, many are being exposed to this level of tracking for nearly their entire lives and just grow used to it; however, that doesn’t decrease the threat level that this brings to the table,” he says. </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Odom contends that collecting user data “has been getting out of hand for a long time,” with the larger problem that the bigger “databases already have tons of different data points on individual users.” </span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">And the more data collected, Odom says, “the easier it is to identify a person at any given time.”</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">If businesses think they’re off the hook, they need to consider that of the 82 sellers LayerX discovered, 29 are B2B sales intelligence tools that reside on corporate machines. So, employees within organizations may be unwittingly giving up URLs, SaaS dashboards, and research activity that provide entrée into workflows that can then be sold to competitors. That kind of corporate data leakage is unlikely to have eyes on it internally.</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“</span><span data-contrast="none">The risk isn’t about users being deceived. It’s about corporate data leaving through a channel nobody is watching,” LayerX wrote.</span><span data-ccp-props='{"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">The researchers noted that “most extension security evaluations focus on permissions or known malicious indicators – flagging extensions that request excessive access or match threat intelligence,” which might catch malware but “doesn’t catch an extension that openly reserves the right to sell your browsing data,” they said.</span><span data-ccp-props='{"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">And AI is only amplifying the issues. “As organizations rapidly adopt agentic AI, Model Context Protocol (MCP), and autonomous browsing capabilities, we’re seeing a pattern develop: AI-native browsers are introducing system-level behaviors that traditional browsers have intentionally restricted for decades,” says Randolph Barr, CISO at Cequence Security. “That shift breaks long-standing assumptions about how secure a browser environment is supposed to be.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">But, he notes, “the real exposure emerges when individuals install AI browsers on their personal devices,” with curiosity driving rapid experimentation. “Once users become comfortable with these tools at home, those behaviors inevitably bleed into the workplace through BYOD access, browser sync features, or personal devices used for remote work,” he says.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Barr is particularly concerned about AI browsers’ ability to detect and “how quickly adversaries can scale that detection,” explaining that “AI browsers introduce unique fingerprints in their APIs, extensions, DOM behavior, network patterns, and agentic actions. Attackers can identify them with a few lines of JavaScript or by probing for AI-specific behaviors that differ from traditional browsers.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">With AI-driven classification models in play, bad actors can now “fingerprint AI browsers across millions of sessions automatically. At scale, that enables targeted attacks against users running these higher-risk, agent-enabled environments,” says Barr, who stresses enterprises must remain cautious.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“AI browsers are evolving faster than the guardrails that traditionally protect end users and corporate environments,” making transparency around system-level capabilities, independent audits, and the ability to fully control or disable embedded extensions “table stakes if these browsers want to be considered for regulated or sensitive workflows,” he says.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">To better protect their organizations’ browser extensions, security teams should ask three questions, LayerX says:</span><span data-ccp-props='{"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></p><ol><li><span data-contrast="none">What extensions are installed across employee browsers? </span><span data-ccp-props='{"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></li><li><span data-contrast="none">What data do those publishers claim the right to collect or sell? </span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></li><li><span data-contrast="none">Could corporate browsing activity be flowing into commercial datasets?</span><span data-ccp-props='{"134233117":true,"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></li></ol><p><span data-contrast="none">“If you don’t have an extension governance policy, that’s the first step. If you do, add privacy policy review to the evaluation criteria. Permissions alone don’t tell you enough,” the researchers advise.</span><span data-ccp-props='{"134233118":true,"201341983":0,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">A good rule of thumb, Odom says, “is to always assume the worst-case scenario: that the data will not be properly secured” and a bad actor gets their hands on this data, “they have information about an employee, internal URLs, activity, and probably more; all of which can be used to target an individual employee and gain access to an important business system.”</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">Remember that bad actors also can search email addresses in databases of breached passwords, says Odom, who recommends the use of MFA “first and foremost” and perhaps DNS filtering to block domains from receiving data.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><p><span data-contrast="none">“Defense</span><span data-contrast="none"> in depth is the key to protecting both your employees and organizations against this new age of spyware,” he says.</span><span data-ccp-props='{"201341983":0,"335557856":16777215,"335559739":0,"335559740":240}'> </span></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/networks-of-browser-extensions-are-spyware-in-disguise/" data-a2a-title="Networks of Browser Extensions Are Spyware in Disguise "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnetworks-of-browser-extensions-are-spyware-in-disguise%2F&amp;linkname=Networks%20of%20Browser%20Extensions%20Are%20Spyware%20in%20Disguise%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnetworks-of-browser-extensions-are-spyware-in-disguise%2F&amp;linkname=Networks%20of%20Browser%20Extensions%20Are%20Spyware%20in%20Disguise%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnetworks-of-browser-extensions-are-spyware-in-disguise%2F&amp;linkname=Networks%20of%20Browser%20Extensions%20Are%20Spyware%20in%20Disguise%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnetworks-of-browser-extensions-are-spyware-in-disguise%2F&amp;linkname=Networks%20of%20Browser%20Extensions%20Are%20Spyware%20in%20Disguise%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fnetworks-of-browser-extensions-are-spyware-in-disguise%2F&amp;linkname=Networks%20of%20Browser%20Extensions%20Are%20Spyware%20in%20Disguise%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

<h2>Key Takeaways</h2><ul> <li aria-level="1"><b>Agent user identities now outnumber human identities at an astounding rate</b>. Each new autonomous agent introduces a new identity, a new credential path, and a new surface area for attackers to exploit.</li> <li aria-level="1"><b>Agent sprawl compounds classic identity security failures: over-provisioned OAuth scopes, reused service accounts, and long-lived tokens. </b>Traditional IAM tooling was never designed to contain all of these at the rate they’re occurring.</li> <li aria-level="1"><b>Privilege drift in agentic systems does not happen gradually </b>the way it does with human roles. It accelerates, and without runtime enforcement of ephemeral, task-scoped permissions, containment becomes structurally impossible.</li> <li aria-level="1"><b>AI Identity Gateways ,</b> enabling a purpose-built control plane for agentic identities, is the only approach that enforces policy at the speed and scale agents operate.</li> </ul><h2>The Scope of the Problem Nobody Planned For</h2><p>Enterprises did not plan for agent sprawl. They planned for AI use cases, and the sprawl arrived as a side effect of shipping those use cases quickly. Development teams provisioned service accounts because proper identity setup felt like friction. OAuth scopes got over-provisioned because the demo needed to work before the sprint ended. Nobody wrote a revocation policy because the first priority was getting the agent to function at all.</p><p>The result is a class of identity risk that has no precedent in enterprise security. <a href="https://www.gartner.com/en/newsroom/press-releases/2024-10-21-gartner-identifies-the-top-10-strategic-technology-trends-for-2025">Gartner named agentic AI the top technology trend of 2025</a> and projects that 33% of enterprise applications will include agentic AI by 2028, up from less than 1% in 2024. Organizations are expected to have 50x to 80x more agents than human users in their environments within that same window.</p><p>Each one of those agents carries credentials, scopes, and access paths into databases, APIs, and internal services. These agentic tokens are already exposed in the wild, surfacing across Jira tickets, Teams messages, Confluence pages, and code commits. This is an active exposure, not a future risk, that most security teams lack the tooling to even quantify.</p><h2>What Agent Sprawl Actually Means in Practice</h2><p>Agentic sprawl, or agent sprawl, describes the uncontrolled proliferation of AI agents, their associated credentials, and their accumulated access rights across an enterprise environment. The term borrows from “tool sprawl” and “secret sprawl,” both of which are familiar problems for platform and security teams. But agent sprawl compounds both simultaneously.</p><p>When a development team builds an AI agent to automate a procurement workflow, that agent receives API keys, OAuth tokens, and service account credentials to interact with the systems it touches. When a second team builds an agent for HR automation, the same pattern repeats, often without coordination with the identity or security team. When a third team reuses an existing service account because creating a new one takes too long, the blast radius of that account expands silently.</p><p><a href="https://www.strata.io/blog/zero-standing-privileges-the-only-way-to-stop-agent-privilege-drift/">Privilege drift</a> sets in at this stage. In Human IAM, privilege drift occurs slowly as roles expand through job changes and organizational restructuring. With agents, it happens at development speed. No single overprovision looks alarming, but the aggregate exposure is what creates catastrophic risk. Consider that many agents are shared across more than one application, and are not rotated within recommended time frames. Also, a significant number of former employee tokens remain active long after the access should have been terminated. Any one of these conditions is a governance failure. All three occurring simultaneously, across hundreds of agents, represents a structural breakdown.</p><h2>Why Traditional IAM Tools Cannot Keep Up</h2><p>Static IAM tooling was designed around a specific assumption: that identities are persistent, that roles change slowly, and that access policies can be reviewed and updated on a human schedule. Agents invalidate every part of that assumption.</p><p>Agents do not follow fixed workflows. They reason, adapt, and make decisions at runtime. What any given agent will need to access during a specific task is not always knowable in advance. Designing least-privilege access up front for a system that reasons and plans at execution time requires a level of prediction that is not realistic in practice. That design gap leads to overpermissioning, which becomes drift, which becomes standing privileges that apply across all contexts regardless of task, time, or risk level.</p><p>Standing privileges in agentic systems create a containment problem with no manual solution. Long-lived tokens issued to agents remain valid for hours or days, giving attackers a substantial exploitation window when those tokens are compromised or leaked. When agents bypass sanctioned access paths, as happens when a developer builds a shortcut connector to avoid governance overhead, audit trails disappear entirely. <a href="https://www.strata.io/blog/agentic-identity/prevent-mcp-bypass/">MCP bypass</a> means losing intent, losing policy enforcement, and losing the ability to detect when an agent is operating outside its authorized scope.</p><h2>The Technical Requirements for Governing Agent Sprawl</h2><p>Governing an agentic environment requires enforcing policy at the layer where agents actually operate: at runtime, against ephemeral credentials, with scope clearly defined to the specific task being executed. This is the core principle behind <a href="https://www.strata.io/blog/zero-standing-privileges-the-only-way-to-stop-agent-privilege-drift/">Zero Standing Privileges</a>, and it applies to agents more forcefully than to any other identity class.</p><p>Agents should never hold standing access. Every access grant should be token-bound to a specific task, a specific tool invocation, and the authority of whoever initiated the request. When the task completes, the token expires automatically. No revocation workflow is needed because there is nothing persistent to revoke. Privilege drift becomes structurally impossible when there is nothing to drift.</p><p>Cryptographically verifiable agent identity is the prerequisite for this model. <a href="https://oauth.net/2/dynamic-client-registration/">OAuth Dynamic Client Registration (DCR)</a>, <a href="https://oauth.net/2/pkce/">PKCE flows</a>, and SPIFFE/SVID certificates ensure that only known, registered agents can authenticate, and only through sanctioned access paths. Identity-aware proxies positioned in front of every API reject any request that does not carry the right attestation, closing the bypass routes that shadow connectors and headless browser automation exploit. Continuous Access Evaluation adds a runtime layer that can pull an agent’s token mid-session if behavior deviates from <a href="https://www.strata.io/blog/agentic-identity/over-scoped-agents/">authorized scope</a>, without waiting for a token expiry.</p><p><a href="https://www.strata.io/blog/agentic-identity/why-identity-simulation-matters-more-than-unit-tests/">Identity simulation testing</a> adds another enforcement layer by validating how agents behave across identity boundaries before they reach production, catching privilege misconfigurations that would otherwise surface as incidents.</p><h2>How Strata’s Maverics Platform Addresses Agent Sprawl</h2><p>The <a href="https://www.maverics.ai/">Maverics Identity Orchestration Platform</a> was built on the premise that identity must be decoupled from applications and managed through a distributed orchestration layer that spans every environment where identities operate. That architecture maps directly onto the requirements of agentic governance.</p><p>Maverics treats every AI agent as a first-class identity, governed with the same rigor applied to human users, and enforces zero-trust policy without requiring changes to existing applications or microservices. The platform’s identity fabric architecture provides the abstraction layer that eliminates the custom identity integrations that typically drive agent credential sprawl. Rather than each development team provisioning its own credentials through its own paths, every agent identity flows through a consistent control plane that enforces policy and produces auditable records.</p><p>The <a href="https://www.strata.io/maverics-platform/identity-orchestration-for-ai-agents/">AI Identity Gateway</a> component of the Maverics architecture sits between agents and the tools they access, downscoping tokens before agents touch resources and preventing drift by design. Because Maverics issues no standing access, the conditions that allow credential sprawl to compound are removed at the architectural level rather than managed through periodic review cycles that always run behind the rate of agent deployment.</p><p>Agent sprawl is an identity governance problem, and identity orchestration is how it gets solved. If your organization is scaling agentic workloads without a purpose-built control plane for agent identities, the access inventory you think you have is already incomplete. <a href="https://www.strata.io/resources/">Explore Strata’s resources</a> to understand how identity orchestration closes the governance gap before your agent program outgrows your ability to manage it.</p><p> </p><p>The post <a href="https://www.strata.io/blog/agentic-identity/a-guide-to-agentic-sprawl-how-to-govern-your-program/">A Guide to Agentic Sprawl: How to Govern Your Program</a> appeared first on <a href="https://www.strata.io/">Strata.io</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/a-guide-to-agentic-sprawl-how-to-govern-your-program/" data-a2a-title="A Guide to Agentic Sprawl: How to Govern Your Program"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-guide-to-agentic-sprawl-how-to-govern-your-program%2F&amp;linkname=A%20Guide%20to%20Agentic%20Sprawl%3A%20How%20to%20Govern%20Your%20Program" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-guide-to-agentic-sprawl-how-to-govern-your-program%2F&amp;linkname=A%20Guide%20to%20Agentic%20Sprawl%3A%20How%20to%20Govern%20Your%20Program" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-guide-to-agentic-sprawl-how-to-govern-your-program%2F&amp;linkname=A%20Guide%20to%20Agentic%20Sprawl%3A%20How%20to%20Govern%20Your%20Program" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-guide-to-agentic-sprawl-how-to-govern-your-program%2F&amp;linkname=A%20Guide%20to%20Agentic%20Sprawl%3A%20How%20to%20Govern%20Your%20Program" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fa-guide-to-agentic-sprawl-how-to-govern-your-program%2F&amp;linkname=A%20Guide%20to%20Agentic%20Sprawl%3A%20How%20to%20Govern%20Your%20Program" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.strata.io/">Strata.io</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Mark Callahan">Mark Callahan</a>. Read the original post at: <a href="https://www.strata.io/blog/agentic-identity/a-guide-to-agentic-sprawl-how-to-govern-your-program/">https://www.strata.io/blog/agentic-identity/a-guide-to-agentic-sprawl-how-to-govern-your-program/</a> </p>

<p>We always think we are more vulnerable than our fellow contemporaries! In general sense, this shows lack of confidence, but when you are dealing with security, this is one of the best traits you can have! Sounds strange, right! Let’s be honest, most security teams aren’t short on vulnerability data. They’re drowning in it. Scan a mid-size enterprise environment on any given Tuesday and you’ll likely surface hundreds, sometimes thousands, of flagged issues. Critical. High. Medium. Low. The alerts keep piling up, the spreadsheets keep growing, and somewhere buried in all that noise is the one flaw that an attacker is already looking at. Your insecurity questions the most important factor of security – <strong>which vulnerabilities actually matter right now, in your specific environment, given your specific risk profile?</strong> That’s the problem AutoSecT AI pentesting tool was built to solve.</p><h2 class="wp-block-heading">AutoSecT – AI Pentesting Tool Was Born Because The Old Way Wasn’t Working!</h2><p>Conventional vulnerability management methods were built on a simple premise: scan everything, report everything, patch everything. It sounds thorough and right decades back. Today, it’s paralyzing!</p><p>Let’s take a practical scenario!</p><p>Static CVSS scores tell you a vulnerability has a severity rating of 9.8, but they don’t tell you – </p><ul class="wp-block-list"> <li>whether that CVE can be exploited in your environment.</li> <li>whether hackers are actively weaponizing it in the wild.</li> <li>whether it’s behind a compensating control.</li> </ul><p>Without that context, your security team ends up playing whack-a-mole.How? Patching low-hanging fruit while genuinely dangerous exposures quietly sit unaddressed.</p><p>Take away is that, manual security simply can’t keep up with the volume and velocity of today’s threat landscape. And organizations that rely on periodic, point-in-time assessments are essentially driving with their eyes closed between audits.</p><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><p> <!-- IMPORTANT: SEO control --><br> <meta name="robots" content="noindex, nofollow"></p><p> </p><title>Blog Form</title><br><div class="containers"> <!-- Left Section --> <div class="left-section"> <p class="heading-wrap">Book Your Free Cybersecurity Consultation Today!</p> <p> <img decoding="async" src="https://awareness.threatcop.ai/marketing/new_asset_blog_form.svg" alt="People working on cybersecurity" class="consultation-image"> </p></div> <p> <!-- Right Section --></p> <div class="right-section"> <div class="form-containers"> <form action="https://kratikal.com/thanks/thankyou-blog" method="get" onsubmit="return validateForm(this)"> <div class="form-group"> <label for="fullName">Full Name</label><br> <input type="text" required name="FullName" placeholder="Enter full name"> </div> <div class="form-group"> <label for="email">Email ID</label><br> <input type="email" required name="email" placeholder="your name @ example.com"> </div> <div class="form-group"> <label for="company">Company Name</label><br> <input type="text" required name="CompanyName" placeholder="Enter company name"> </div> <div class="form-group"> <label for="phone">Phone Number</label><br> <input type="number" required name="Phone" placeholder="Enter phone number"> </div> <p> <input type="hidden" name="BlogForm" value="BlogForm"><br> <button type="submit" class="submit-btnns" name="submit" value="I am interested!">I am interested!</button><br> </p></form> </div> </div> </div><p><!-- CSS Styles --></p><style> .containers{ display: flex; width: 100%; max-width: 800px; height: 500px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); border-radius: 4px; overflow: hidden; margin: 25px auto; } .left-section { width: 50%; background-color: #000; color: white; padding: 30px; display: flex; flex-direction: column; position: relative; overflow: hidden; } .left-section .heading-wrap { font-size: 24px; line-height: 40px; margin-bottom: 30px; z-index: 2; position: relative; color: white; } .consultation-image { position: absolute; bottom: 0; left: 0; width: 100%; height: 70%; object-fit: cover; object-position: center; } .right-section { width: 50%; background-color: white; padding: 30px; display: flex; flex-direction: column; justify-content: center; } .form-containers { width: 100%; } .form-group { margin-bottom: 20px; } label { display: block; color: #666; margin-bottom: 5px; font-size: 14px; } .right-section input { width: 88%; padding: 12px 15px; border: 1px solid #e0e0e0; border-radius: 8px; font-size: 16px; } .submit-btnns { width: 100%; padding: 15px; background: linear-gradient(to right, #e67e22, #d35400); border: none; border-radius: 8px; color: white; font-size: 18px; font-weight: bold; cursor: pointer; margin-top: 10px; } /* Responsive */ @media (max-width: 768px) { .containers { flex-direction: column; height: auto; } .left-section, .right-section { width: 100%; } .left-section { height: 400px; } .consultation-image { height: 60%; } } @media (max-width: 480px) { .left-section { padding: 20px; height: 350px; } .left-section .heading-wrap { font-size: 17px; line-height: 28px;width: 80%; } .right-section { padding: 20px; } .right-section input, .submit-btnns { padding: 10px; } } </style><p><!-- JS Validation --><br> <script> function validateForm(form) { const inputs = form.querySelectorAll("input[type=text], input[type=email], input[type=number]"); for (let i = 0; i < inputs.length; i++) { if (/[<>]/.test(inputs[i].value)) { alert("Tags and attributes are not allowed in form fields!"); return false; // prevent submission } } return true; // allow submission } </script><br> <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516" integrity="sha512-8DS7rgIrAmghBFwoOTujcf6D9rXvH8xm8JQ1Ja01h9QX8EzXldiszufYa4IFfKdLUKTTrnSFXLDkUEOTrZQ8Qg==" data-cf-beacon='{"version":"2024.11.0","token":"33edbdb5f462496f85e52978979b687b","server_timing":{"name":{"cfCacheStatus":true,"cfEdge":true,"cfExtPri":true,"cfL4":true,"cfOrigin":true,"cfSpeedBrain":true},"location_startswith":null}}' crossorigin="anonymous"></script> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9f5c03efbfdcac63',t:'MTc3Nzc3NzIyNg=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script></p><h3 class="wp-block-heading">AutoSecT Changes the Question Being Asked</h3><p>AutoSecT, our AI pentesting tool built by Kratikal, flips the script. Instead of knowing <em>“what vulnerabilities exist?”</em>, you get to know <em>“which vulnerabilities pose a real threat to this specific business right now?”</em></p><h2 class="wp-block-heading">How AutoSecT Uses AI to Find The Impactful Vulnerabilities</h2><p>As the most advanced AI-agentic vulnerability scanner in the market, AutoSecT uses active AI reasoning to go well beyond pattern matching. It doesn’t just detect – it understands. It correlates. It prioritizes.</p><h3 class="wp-block-heading">#1 AI-Driven Real-Time Vulnerability Analysis</h3><p>For B2B organizations managing complex, multi-layered environments, cloud infrastructure, web apps, mobile apps, API endpoints and networks all running simultaneously, this kind of signal clarity isn’t a nice-to-have. It’s the difference between a functioning security program and a reactive firefighting operation.</p><p>One of the most critical standout features in AutoSecT is what happens after a vulnerability is flagged. Where most tools end their work at detection, AutoSecT <a href="https://kratikal.com/blog/how-autosect-vmdr-tool-simplifies-vulnerability-management/"><strong><mark class="has-inline-color has-luminous-vivid-orange-color">VMDR Tool</mark></strong></a> actively validates whether a detected vulnerability is actually exploitable in your environment before it ever reaches your team’s queue.</p><p>This is the near-zero false positive promise. Instead of your concerned team spending hours chasing ‘not-so-real’ threats, AutoSecT’s AI verification layer ensures that what lands in your dashboard is real, confirmed, and actionable. When a team receives an alert, they know it’s worth acting on.</p><h3 class="wp-block-heading">#2 Context-Aware Risk Prioritization</h3><p>If two vulnerabilities share the same CVSS score, but one sits on an externally exposed API endpoint actively targeted by known threat actors while the other sits on an internal development server, AutoSecT knows the difference. Your team sees that difference immediately, and remediation priorities are set accordingly.</p><p>AI-driven AutoSecT AI treats every vulnerability detected differently. Rather than applying a static risk score in isolation, it conducts predictive, context-aware risk analysis. It takes into consideration factors like exploitability, business impact, asset criticality, and real-world threat intelligence. It helps surface the vulnerabilities that pose the greatest danger to your specific environment.</p><h3 class="wp-block-heading">#3 AI-Driven Patch Recommendations That Go Beyond “Update Your Software”</h3><p>Finding a vulnerability is only half the job. The other half is knowing what to do about it, fast. AutoSecT doesn’t just surface the issue; it delivers AI-based patch recommendations tailored to what was found. These recommendations go beyond the generic advisories your security team has memorized on the back of their head, same for all the vulnerabilities. They’re tied to the specific vulnerability, the asset configuration, and the risk context that’s immediately actionable rather than requiring additional research.</p><p>Combined with bi-directional JIRA integration and seamless connections to Slack, Microsoft Teams, Zoho Cliq and Google Chat, <a href="https://kratikal.com/autosect"><strong><mark class="has-inline-color has-luminous-vivid-orange-color">AutoSecT</mark></strong></a> ensures that the right fix reaches the right person at the right time. </p><p>Vulnerabilities don’t sit in a report, rather they move through a workflow.</p><div class="wp-block-image"> <figure class="aligncenter size-full is-resized"><img fetchpriority="high" decoding="async" width="512" height="512" src="https://kratikal.com/blog/wp-content/uploads/2026/05/image.jpeg" alt="" class="wp-image-15131" style="width:798px;height:auto" srcset="https://kratikal.com/blog/wp-content/uploads/2026/05/image.jpeg 512w, https://kratikal.com/blog/wp-content/uploads/2026/05/image-300x300.jpeg 300w, https://kratikal.com/blog/wp-content/uploads/2026/05/image-150x150.jpeg 150w" sizes="(max-width: 512px) 100vw, 512px"></figure> </div><h2 class="wp-block-heading">AutoSecT AI Pentesting Tool Gives Full Coverage Across Your Entire Attack Surface</h2><p>One of the reasons vulnerabilities slip through is fragmentation. Organizations often use different tools for web app scanning, mobile app testing, cloud configuration reviews, and network security and none of them talk to each other. The result is blind spots.</p><p>AutoSecT was designed to eliminate that fragmentation entirely. A single platform covers:</p><figure class="wp-block-table"> <table class="has-fixed-layout"> <tbody> <tr> <td><strong>Assets</strong></td> <td><strong>Highlights</strong></td> </tr> <tr> <td>Web Application Pentesting</td> <td>Automated scanning from a single URL across all pages, forms, scripts, APIs, and endpoints</td> </tr> <tr> <td>Mobile App Security</td> <td>Deep APK and IPA analysis for both Android and iOS</td> </tr> <tr> <td>Cloud Security</td> <td>Continuous automated scanning of AWS, GCP, and Azure for misconfigurations and insecure settings</td> </tr> <tr> <td>API Security</td> <td>Static and dynamic analysis detecting SQLi, XSS, broken authentication, and more</td> </tr> <tr> <td>Network Security</td> <td>IP and MAC-based scanning with real-time exploit validation</td> </tr> </tbody> </table> </figure><p><br> <br> </p><br><meta charset="UTF-8"><br><meta name="viewport" content="width=device-width, initial-scale=1.0"><br><title>Cyber Security Squad – Newsletter Signup</title><link rel="stylesheet" href="https://kratikal.com/blog/how-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter/styles.css"><link rel="preconnect" href="https://fonts.googleapis.com/"><link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin><link href="https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&amp;display=swap" rel="stylesheet"><style type="text/css"> /* Reset and base styles */</p> <p>.newsletterwrap .containerWrap { width: 100%; max-width: 800px; margin: 25px auto; }</p> <p>/* Card styles */ .newsletterwrap .signup-card { background-color: white; border-radius: 10px; overflow: hidden; box-shadow: 0 4px 12px rgba(0, 0, 0, 0.1); border: 8px solid #e85d0f; }</p> <p>.newsletterwrap .content { padding: 30px; display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; }</p> <p>/* Text content */ .newsletterwrap .text-content { flex: 1; min-width: 250px; margin-right: 20px; }</p> <p>.newsletterwrap .main-heading { font-size: 26px; color: #333; font-weight: 900; margin-bottom: 0px; }</p> <p>.newsletterwrap .highlight { color: #e85d0f; font-weight: 500; margin-bottom: 15px; }</p> <p>.newsletterwrap .para { color: #666; line-height: 1.5; margin-bottom: 10px; }</p> <p>.newsletterwrap .bold { font-weight: 700; }</p> <p>/* Logo */ .newsletterwrap .rightlogo { display: flex; flex-direction: column; align-items: center; margin-top: 10px; }</p> <p>.newsletterwrap .logo-icon { position: relative; width: 80px; height: 80px; margin-bottom: 10px; }</p> <p>.newsletterwrap .c-outer, .c-middle, .c-inner { position: absolute; border-radius: 50%; border: 6px solid #e85d0f; border-right-color: transparent; }</p> <p>.newsletterwrap .c-outer { width: 80px; height: 80px; top: 0; left: 0; }</p> <p>.newsletterwrap .c-middle { width: 60px; height: 60px; top: 10px; left: 10px; }</p> <p>.newsletterwrap .c-inner { width: 40px; height: 40px; top: 20px; left: 20px; }</p> <p>.newsletterwrap .logo-text { color: #e85d0f; font-weight: 700; font-size: 0.9rem; text-align: center; }</p> <p>/* Form */ .newsletterwrap .signup-form { display: flex; padding: 0 30px 30px; }</p> <p>.newsletterwrap input[type="email"] { flex: 1; padding: 12px 15px; border: 1px solid #ddd; border-radius: 4px 0 0 4px; font-size: 1rem; outline: none; }</p> <p>.newsletterwrap input[type="email"]:focus { border-color: #e85d0f; }</p> <p>.newsletterwrap .submitBtn { background-color: #e85d0f; color: white; border: none; padding: 12px 20px; border-radius: 0 4px 4px 0; font-size: 1rem; cursor: pointer; transition: background-color 0.3s; white-space: nowrap; }</p> <p>.newsletterwrap button:hover { background-color: #d45000; }</p> <p>/* Responsive styles */ @media (max-width: 768px) { .newsletterwrap .content { flex-direction: column; text-align: center; }</p> <p> .newsletterwrap .text-content { margin-right: 0; margin-bottom: 20px; }</p> <p> .newsletterwrap .rightlogo { margin-top: 20px; } }</p> <p>@media (max-width: 480px) { .newsletterwrap .signup-form { flex-direction: column; }</p> <p> .newsletterwrap input[type="email"] { border-radius: 4px; margin-bottom: 10px; }</p> <p> .newsletterwrap .submitBtn { border-radius: 4px; width: 100%; } } </style><p><br> </p><div class="containerWrap"> <div class="signup-card"> <div class="content"> <div class="text-content"> <h1 class="main-heading">Get in!</h1> <p class="para">Join our weekly <span style="color: #e75d10;">newsletter</span> and stay updated</p> </div> <div class="rightlogo"> <div class="logo-icon"> <div class="c-outer"></div> <div class="c-middle"></div> <div class="c-inner"></div> </div> <div class="logo-text">CYBER SECURITY SQUAD</div> </div> </div> <form class="signup-form" action="https://kratikal.com/thanks/thankyou-newsletter" method="get"> <input type="email" name="email" value="" placeholder="Email" required><br> <input type="submit" name="submit" value="I am interested!" class="submitBtn"><br> </form> </div> </div><p><br> </p><h2 class="wp-block-heading">What As An Organization You Should Know About Our AI Pentesting Tool</h2><p>Understand your current approach to vulnerability management. AutoSecT, as <a href="https://kratikal.com/blog/ai-driven-vulnerability-management-as-a-solution-for-new-era/"><strong><mark class="has-inline-color has-luminous-vivid-orange-color">VMaaS</mark></strong> </a>runs periodic scans, generates real-time reports helping your security team to work beyond the never-ending queue. It guides your team through patching the ones that need real attention, thus, letting you stay forward rather than behind. AutoSecT has proven that AI-driven vulnerability management at scale is not just possible, it’s the new standard. Finding vulnerabilities isn’t the hard part anymore. Finding the ones that actually matter and fixing them before an attacker does is where AutoSecT changes the game entirely.</p><p>Kratikal offers a 15-day free trial. Visit <a href="http://kratikal.com/autosect/pricing"><strong><mark class="has-inline-color has-luminous-vivid-orange-color">kratikal.com/autosect/pricing</mark></strong></a> to get started.</p><h3 class="wp-block-heading">FAQs</h3><div class="schema-how-to wp-block-yoast-how-to-block"> <p class="schema-how-to-description"> </p><ol class="schema-how-to-steps"> <li class="schema-how-to-step" id="how-to-step-1777617940886"><strong class="schema-how-to-step-name"><strong>How does AI help in vulnerability management?</strong></strong> <p class="schema-how-to-step-text">AI helps by analyzing vulnerabilities in real time, validating whether they are exploitable, and prioritizing them based on actual risk, reducing noise and false positives.</p> </li> <li class="schema-how-to-step" id="how-to-step-1777617957115"><strong class="schema-how-to-step-name"><strong>Why are traditional vulnerability scanning methods ineffective today?</strong></strong> <p class="schema-how-to-step-text">Traditional methods rely on static scoring systems like CVSS, which lack context about exploitability, real-world threats, and business impact, leading to inefficient prioritization.</p> </li> <li class="schema-how-to-step" id="how-to-step-1777617966033"><strong class="schema-how-to-step-name"><strong>What makes AutoSecT different from other vulnerability management tools?</strong></strong> <p class="schema-how-to-step-text">AutoSecT AI pentesting tool uses AI-driven reasoning to validate, prioritize, and recommend fixes for vulnerabilities based on context, ensuring teams focus only on threats that truly matter.</p> </li> </ol> </div><p>The post <a href="https://kratikal.com/blog/how-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter/">How AutoSecT Uses AI to Find Vulnerabilities That Actually Matter</a> appeared first on <a href="https://kratikal.com/blog">Kratikal Blogs</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/05/how-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter/" data-a2a-title="How AutoSecT Uses AI to Find Vulnerabilities That Actually Matter"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fhow-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter%2F&amp;linkname=How%20AutoSecT%20Uses%20AI%20to%20Find%20Vulnerabilities%20That%20Actually%20Matter" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fhow-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter%2F&amp;linkname=How%20AutoSecT%20Uses%20AI%20to%20Find%20Vulnerabilities%20That%20Actually%20Matter" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fhow-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter%2F&amp;linkname=How%20AutoSecT%20Uses%20AI%20to%20Find%20Vulnerabilities%20That%20Actually%20Matter" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fhow-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter%2F&amp;linkname=How%20AutoSecT%20Uses%20AI%20to%20Find%20Vulnerabilities%20That%20Actually%20Matter" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F05%2Fhow-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter%2F&amp;linkname=How%20AutoSecT%20Uses%20AI%20to%20Find%20Vulnerabilities%20That%20Actually%20Matter" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://kratikal.com/blog/">Kratikal Blogs</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Puja Saikia">Puja Saikia</a>. Read the original post at: <a href="https://kratikal.com/blog/how-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter/">https://kratikal.com/blog/how-autosect-uses-ai-to-find-vulnerabilities-that-actually-matter/</a> </p>

Digital security company DigiCert Inc. today introduced a new AI Trust framework to help organizations secure AI systems and their outputs, along with new capabilities to help secure autonomous agent… [+4047 chars]

Dublin, April 30, 2026 (GLOBE NEWSWIRE) -- The "Germany Data Center Colocation Market Size and Forecast by Revenue, Capacity, and 70+ Performance Metrics Across Service Type, Facility Architecture, C… [+6873 chars]

If the Arab Spring was defined by optimism about what the internet could do, the years since have been marked by a more sober understanding of what it takes to defend it.  Back in 2011, the term dig… [+11410 chars]