%term

1 in 15 MCP Servers are Lookalikes: Is Your Org at Risk?

Apr 29, 2026 By Shane Moosa In UpGuard

Researchers recently analyzed 18,000 Claude Code configuration files pulled from public GitHub repositories. What they found was straightforward and alarming: developers are already installing mistyped, misconfigured, and near-identical MCP server names — often without realizing it. The human-error condition that makes typosquatting work was already present at scale before any attacker needed to exploit it.

Read Post

UpGuard

Read more about 1 in 15 MCP Servers are Lookalikes: Is Your Org at Risk?

You Can't Secure AI Agents You Haven't Found

Apr 29, 2026 By Chris Martinez In Nightfall

Most organizations have a reasonable handle on their sanctioned SaaS apps. Model Context Protocol - hit 10,000 public servers within a year of launch, with 97 million monthly SDK downloads. None of those numbers capture the servers your developers configured locally. Those don't appear in any registry. They were added at the IDE level, one developer at a time, with no approval step and nothing that touches a central system. That's the inventory problem. It comes before any question of enforcement.

Read Post

Nightfall

Read more about You Can't Secure AI Agents You Haven't Found

MCP: The AI Protocol Quietly Expanding Your Attack Surface

Apr 29, 2026 By Shane Moosa In UpGuard

In February 2026, researchers uncovered something that should give every security leader pause. A malware operation called SmartLoader, previously known for targeting consumers who downloaded pirated software, had completely pivoted its infrastructure. SmartLoaders new target was developers, and its new entry point was a protocol most security teams had never heard of. The payload delivered to victims: every saved browser password, every cloud session token, every SSH key on the machine.

Read Post

UpGuard

Read more about MCP: The AI Protocol Quietly Expanding Your Attack Surface

AI SOC Metrics That Actually Matter: How to Measure Whether AI Is Working in Your SOC

Apr 29, 2026 By Torq In Torq

Every security vendor shipping an AI product in 2026 makes the same promises. Faster triage. Shorter response times. Fewer false positives. Reclaimed analyst hours. But, six months after deployment, most security leaders still cannot answer a straightforward question from the board: Is this thing actually working?

Read Post

Torq

Read more about AI SOC Metrics That Actually Matter: How to Measure Whether AI Is Working in Your SOC

Mythos, Attackers, and The Part People Still Want To Skip

Apr 29, 2026 By Aaron Beardslee In Securonix

Anthropic built a powerful AI model and then kept it on a short leash. The important part is not that a model found bugs, which has been coming for a while. What’s worth acknowledging is that Anthropic looked at what Mythos could do and decided broad release was a bad idea. Attackers do not need a perfect autonomous system. They need leverage.

Read Post

Securonix

Read more about Mythos, Attackers, and The Part People Still Want To Skip

What Real AI Security Incidents Reveal About Today's Risks

Apr 29, 2026 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about What Real AI Security Incidents Reveal About Today's Risks

Ep. 56 - 10,000 Bugs, 12 That Matter: Using AI to Cut Through Exposure Noise with CTEM

Apr 29, 2026 By SafeBreach In SafeBreach

Are you still stuck on the vulnerability hamster wheel? In this episode of the Cyber Resilience Brief, host Tova Dvorin is joined by SafeBreach VP of Product Koby Bar and offensive security expert Adrian Culley to unpack a major shift in how enterprises approach proactive security — and to announce the launch of SafeBreach Helm, the AI validation layer built for Continuous Threat Exposure Management (CTEM).

View Video

SafeBreach

AI
Security

Read more about Ep. 56 - 10,000 Bugs, 12 That Matter: Using AI to Cut Through Exposure Noise with CTEM

CrowdStrike Frontier AI Readiness and Resilience Service

Apr 29, 2026 By CrowdStrike In CrowdStrike

Frontier AI is shrinking the window between vulnerability discovery and exploitation. Find exploitable risk before adversaries weaponize it. Subscribe and stay updated!

View Video

CrowdStrike

AI
Security

Read more about CrowdStrike Frontier AI Readiness and Resilience Service

Falcon Exposure Management AI Inventory: Demo Drill Down

Apr 29, 2026 By CrowdStrike In CrowdStrike

AI adoption is accelerating across the enterprise, but governance isn’t keeping pace—leaving security teams without a clear view of what AI is running, how it’s being used, and where it introduces exposure. In this Demo Drill Down, we showcase AI Inventory in Falcon Exposure Management, delivering a centralized view of AI across hosts—from local LLMs and MCP servers to IDE extensions, packages, and applications.

View Video

CrowdStrike

AI
Security

Read more about Falcon Exposure Management AI Inventory: Demo Drill Down

Nine Seconds to Delete a Database: What the PocketOS Incident Teaches Us About AI Agent Privilege Management

Apr 29, 2026 By Gabriel Avner In Apono

There’s never a good time to lose a production database, but losing one to your own AI coding agent on a Friday afternoon has to rank near the bottom of the list. That’s the backdrop to the PocketOS incident, and it’s the clearest case yet for why AI agent security and intent-based access control belong at the top of every cloud security roadmap this year.

Read Post