Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

MCP Supply Chain Security: How Malicious MCP Servers Are Infiltrating Enterprise AI Environments

Every enterprise deploying AI agents is building on a foundation of third-party MCP servers they don’t control, can’t verify, and barely track. The security conversation keeps focusing on the model – prompt injection, jailbreaks, hallucinations. That’s the wrong place to look. We’ve covered why that framing falls short elsewhere too – see System Prompts Are Not Security Boundaries. Business Logic Graphs Are.

The Four Attack Patterns Traditional Security Tools Miss at FIFA-Scale Events

Every major tournament cycle, ticketing platforms brace for a traffic spike. Most security teams plan for volume. The attack data tells a different story: the traffic that does the most damage isn’t the loudest traffic. It’s the traffic that looks like a real fan, on a real device, doing something a real fan would plausibly do, just millions of times, in a pattern no single fan ever would.

OWASP Top 10 for Agentic Applications 2026: What It Means for Enterprise AI Security

OWASP, the Open Worldwide Application Security Project, has published Top 10 lists for over two decades to help security teams prioritize the risks that matter most. The original OWASP Top 10 for web applications became the industry’s default checklist for application security. When large language models moved into production, OWASP followed with the Top 10 for LLM Applications, addressing risks like prompt injection and sensitive information disclosure in single-turn model responses.

ServiceNow, Then PeopleSoft: Why the Same Endpoint Failure Keeps Repeating

Three weeks ago, it was ServiceNow: an endpoint that never asked who was calling, exposing customer data to anyone who asked. This time it’s Oracle PeopleSoft, exploited at scale by the threat actor ShinyHunters. Two platforms, two different vendors, the same root failure: an endpoint that skipped the one question it existed to ask. That’s not a coincidence you write off as bad luck at two companies.

OAuth vs. API Keys for AI Agents: Why Static Credentials Break in Production Systems

How do you ensure AI agents authenticate when they interact with your entire enterprise ecosystem when you aren’t there to watch their every move? Today, AI agents can do many things autonomously. They can update CRM records, create tickets, trigger workflows, modify data, and just about anything. The importance of authentication increases as they become more autonomous day by day. For years, API keys were the easy default for connecting applications to APIs.

What Is Agentic AI Security? Why AI Agents Need a New Security Model

AI systems are starting to do more than generate answers. Across customer support, IT operations, software development, and internal business workflows, organizations are deploying AI agents that can retrieve information, use tools, interact with applications, and complete tasks with limited human involvement. This shift is happening quickly. According to a McKinsey Report, 62% of organizations are already experimenting with AI agents, while 23% are actively scaling them across parts of their business.

We Trained Cybersecurity Startups to Win POVs, Not Solve Problems

Cybersecurity has a strange problem. Everyone says they want to reduce risk. But too often, the way we evaluate products rewards something narrower: how quickly a vendor can show value in a POV. Can it deploy fast? Can it work agentless? Can it produce a clean report? Can it map to OWASP, NIST, the EU AI Act, or the latest framework? Can it check enough boxes in the RFP?

5 Agentic AI Security Use Cases Every Security Leader Must Know in 2026

A human employee who wants to delete a customer record, issue a refund, or push a config change has to ask, click, and confirm. An AI agent doing the same thing can plan, decide, and execute the action in one pass, often through a tool it picked itself, in a sequence no one explicitly approved. That shift, from systems that respond to systems that act, is why most application security stacks fall short the moment agentic AI enters the picture.

Top Continuous API Discovery Tools for 2026 (Enterprise SaaS & AI-First Apps)

Not all API discovery tools solve the same problem. Some help teams discover APIs once. Others help maintain a live inventory as APIs change across cloud services, microservices, third-party integrations, and increasingly, AI-driven applications. That is where continuous API discovery stands apart. In this guide, we compare the top platforms using shared capability tags instead of forcing each tool into a single “best for” category.