Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cybersecurity has always been defined by moments of inflection. Periods of steady progress are followed by breakthroughs that fundamentally reshape how defenders operate and how technology enables them to succeed. Today we are entering one of those moments.

Every year at RSA Conference, I spend time with security leaders who are trying to solve the same fundamental challenge. They know what strong security operations should look like, but the path to building and sustaining that capability inside their own organization has become increasingly difficult. The market is shifting from buying tools to buying outcomes.

If an auditor walked in tomorrow and asked for a complete inventory of every AI model, agent, and tool in your environment, how long would it take you to produce it? For most organizations, the honest answer is: they can’t because the way AI is entering the enterprise has fundamentally changed.

Boris Kurktchiev is a Field CTO at Teleport, known for his expertise in Zero-Trust identity solutions for cloud and AI, and for his contributions to the CNCF's Cloud Native AI working group. Doyensec dropped a piece last week called The MCP AuthN/Z Nightmare, and I think anyone deploying MCP in production needs to read it.

We built 1Password Unified Access to extend identity security beyond humans to the agents and machine workloads operating across your business. In practice, that means securing not just who gets access, but how agentic systems connect to tools, services, and data.

What happens when a $29 billion company forgets to rename a model ID, and what it means for every organization using open-source AI. On March 19, 2025, Cursor, the AI-powered coding tool valued at $29 billion and generating an estimated $2 billion in annual recurring revenue, launched Composer 2, its newest and most powerful coding model.

In AI systems, PII detection is the first step. Not the most glamorous step. But the one that, when it fails, takes everything else down with it. Identifying sensitive data (names, Social Security numbers, financial records, health information) has to happen before any of it reaches an LLM. Get this wrong, and you’re looking at one of two bad outcomes: Traditional DLP systems could afford to be aggressive with detection. LLMs can’t. They depend on full context to generate correct outputs.