Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

I am no stranger to conferences, and certainly no stranger to security conferences. Over the years, BlackHat and DEFCON have both become staples of my calendar. But this year brought a new one to the list: RSA, and it truly lived up to the hype. The show floor was full of bright lights, fancy booths, and yes, tattoos, if you knew where to find them.

When people talk about AI security risks, the conversation usually starts with the model. Can it be jailbroken? Can someone get around the guardrails? Can an attacker make it say or do something it should not? Those are fair questions, but they are not the most important ones. The bigger risk is not the model on its own: it’s everything the model is connected to.

Source code for Claude Code, Anthropic’s developer facing CLI tool, was exposed through source maps included in a published npm package under Anthropic’s npm namespace. The exposure revealed approximately 500,000 lines of application code across roughly 1,900 files.

Organizations have invested heavily in consent management. Consent Management Platforms (CMPs) are standard infrastructure for privacy programs, and for good reason. Regulations like GDPR, CCPA/CPRA, LGPD, PDPA, and HIPAA require organizations to obtain, record, and honor user consent before collecting or processing personal data. CMPs provide the framework to do that. Most organizations have done the right thing, they just don’t know if they’ve done the right thing right.

For managed security service providers (MSSPs), customer loyalty is the most critical indicator of business health. Unlike other metrics that you directly control, such as mean time to respond or mean time to detect, it can’t be gamed: customers will either stay with you or they’ll churn. This means that the top priority for any MSSP should be to deliver the specific customer outcomes they were hired to provide, like helping to stop threat actors before they cause damage.

Security configurations are not static. They evolve over time due to software updates, policy changes, emergency patches, and human intervention. While these changes are often necessary, they can lead to configuration drift, a gradual misalignment between an organization’s security controls and its intended security policies.