Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your security stack was built for workloads that follow predictable code paths. AI agents don’t. They interpret prompts, generate code on the fly, invoke tools dynamically, and escalate privileges in ways no developer anticipated — all as part of normal operation. The signals that indicate a compromise in a traditional container are indistinguishable from an AI agent doing its job. And most detection tools can’t tell the difference. This isn’t a theoretical gap.

Every cloud security vendor now has an AI-SPM dashboard. Strip away the branding, though, and most of these dashboards are doing the same thing: checking IAM configurations, scanning for misconfigured network access, inventorying AI models across cloud accounts, and flagging compliance gaps. It’s cloud security posture management with an AI label applied. That’s a problem, because AI workloads don’t behave like other cloud workloads.

When Anthropic announced Claude Code Security on February 20th—a tool that scans codebases for vulnerabilities and suggests patches for human review—the reaction from markets was swift and brutal. Major cybersecurity names watched their stock prices fall by double digits within days. The implied thesis behind the selling: AI can now do what these companies do, so why pay for them? It's a compelling fear and an inaccurate conclusion at the same time. The DLP space is a clear example of why.

In Regex is (almost) All You Need, we learned that using a combination of regular expression patterns, entropy, and rule-based filters are an effective way to detect candidate secrets. Regex is used for casting a wide net to identify candidates. Entropy is used as a primary filter on the captured candidates and additional filters like presence of commonly used english words, or filtering on known “safe” files like go.sum are applied last.

Predicting a market disruption is difficult, but the vast rewards of being correct make it worthwhile. Unfortunately, prediction becomes tougher when marketing teams start labelling everything as a "market disruptor". Much like the stock market, if something is being sold to you as “the investment of a lifetime”, it almost certainly is not. Yet market disruptors do exist, and the organizations that identify them enjoy generational success.

In 2026, the digital landscape has shifted from a world of "AI assistants" to one of autonomous operators. For managed service providers (MSPs), this evolution marks the end of the traditional "land and expand" human services playbook and the beginning of a high-speed era of machine-on-machine warfare.

AI tools are quickly becoming part of everyday business workflows. From chatbots to automation tools, large language models now handle sensitive tasks and data. But with this growth comes new security risks. One of the biggest emerging threats is the prompt injection attack, in which attackers manipulate inputs to cause AI systems to ignore their original instructions. Unlike traditional cyberattacks, this method exploits weaknesses through language rather than code.