Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As organizations continue to scale their AWS environments, security teams face increasing challenges in detecting cloud-native threats such as compromised credentials, misused APIs, container breaches, and malicious workload behavior. Traditional perimeter-based controls and legacy endpoint tools are often insufficient in dynamic, cloud-first architectures. AWS GuardDuty provides native,intelligent threat detection for AWS environments.

Before the AI spectacle of RSA arrives, let’s talk about what actually keeps regulated organizations secure RSA is only weeks away. And if you’ve been paying any attention to the pre-conference buzz, or if you work in technology generally, you already know what it’s going to feel like walking that floor: artificial intelligence, everywhere, in everything. AI-powered detection. Autonomous response. Agentic security copilots in everything from threat monitoring to your morning coffee.

Your Bedrock agent running on EKS receives a prompt through your RAG pipeline. CloudTrail logs it as a normal bedrock:InvokeModel event—status 200, authorized IAM role, expected endpoint. But inside the container, the agent’s response triggers a tool call that spawns curl to an external IP, exfiltrating the context window. GuardDuty doesn’t flag it because the connection routes through a permitted VPC endpoint. You open your AWS console and see a healthy API call.

You’ve sat through three vendor demos this week. Vendor A showed you an AI-SPM dashboard with a pie chart of misconfigurations. Vendor B showed you a nearly identical dashboard with different branding and a slightly wider set of compliance frameworks. Vendor C showed you posture findings with an “AI workload” tag that wasn’t in their product last quarter.

There’s a growing acceptance that AI is no longer optional in security. That battle is largely won. The more interesting question — and the one I keep getting asked — is what we actually believe AI should be responsible for, and where human authority must ultimately sit.

On 11th March, our CEO, Rory Innes, stood before the London Assembly’s Police and Crime Committee to represent a group of people who are too often overlooked: victims of digital fraud, cybercrime and online harm. In a session focused on how the Metropolitan Police Service’s Cyber Crime Unit is protecting Londoners from digital fraud, Rory made a direct and powerful case for why the current system is failing the public.

The evolution of cybersecurity challenges and the rapid pace of digital transformation have led security leaders to focus increasingly on robust and adaptive security frameworks. Among them, zero-trust identity management has emerged as a cornerstone of modern security strategies.

Agentic AI promises to improve work processes in all domains and industries. R&D is no different. Recently, Cato R&D built an internal self-evolving pull request (PR) review agent that keeps reviewers in flow by commenting only on high-impact, high-confidence issues, validating every change against its spec from the PR and Jira, and learning continuously from developer feedback through long-term, episodic memory. What were the results?

Insider threats account for 34% of all data breaches, yet most organizations are still building security programs designed to stop attackers from the outside. The harder truth? The risk is already inside your walls, and it doesn't always look like a criminal. Not every insider threat is malicious. Some are distracted. Some are overworked. Some are just trying to get things done faster.

On April 2, 1796, a full house packed the Drury Lane Theatre in London, eager to witness the first showing of a newly discovered Shakespeare play. The problem was that William Henry Ireland wrote the play, Vortigern, and the entire production was a hoax. Although there was some controversy before opening day, several experts reviewed the manuscript and supporting documents and confirmed that the play was a long-lost Shakespeare original.