Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In cybersecurity, speed has always mattered, but never as much as it does today. Modern enterprises are operating in an era of constant digital acceleration. Cloud-first strategies, third-party integrations, and remote workforce enablement have massively expanded the digital footprint of nearly every organization. With that expansion has come an explosion in internet-facing assets, many of which sit outside the visibility and control of security teams.

This article was authored by Daniel Ilan, Rahul Mukhi, Prudence Buckland, and Melissa Faragasso from Cleary Gottlieb, and Brian Lichter and Elijah Seymour from Stroz Friedberg, a LevelBlue company. Recent disclosures by Anthropic and OpenAI highlight a pivotal shift in the cyber threat landscape: AI is no longer merely a tool that aids attackers, in some cases, it has become the attacker itself.

In 2025, KrakenLabs tracked a series of shifts that reshaped how cyber threats materialized across organizations. Drawing on research conducted throughout the year, this article highlights the most consequential developments observed by KrakenLabs in 2025, where attacker success depended less on new tools or novel exploits and more on the large-scale exploitation of people, identity, and trusted access.

Securely scale search, security, and observability apps on any cloud provider. We are thrilled to announce a major milestone in our commitment to security, privacy, and regulatory compliance for Elastic Cloud Serverless. Elastic Cloud Serverless has now attained a comprehensive suite of key compliance certifications across all of our available cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud (GCP).

Some attacks are easy to spot. Others aren’t. In many cases, nothing obviously breaks or crashes, and no malware ever shows up. Nothing looks wrong at first. Access appears normal, and systems continue to run as usual. Modern attacks are challenging to detect because attackers often use the same tools and access paths as legitimate users. In addition, attackers remain low-key and use access that appears normal.

Globally, 88% of companies regularly use AI in at least one business function—a 10% increase from the previous year. But as organizations race to adopt new capabilities, we’ve found that the rigor and maturity of AI governance vary widely by region. ‍ The third edition of our State of Trust report reveals how leading AI adopters outside the U.S.—from the UK to Germany, France, and Australia—are approaching AI security and governance in distinct ways.

Encrypting internal traffic and enforcing mutual (mTLS), a form of TLS in which both the client and server authenticate each other using X.509 certificates., has transitioned from a “nice-to-have” to a hard requirement, especially in Kubernetes environments where everything can talk to everything else by default.

Early in the year, we introduced multiple drafts for Change Control. This feature enables builders to work on the same project simultaneously, each within their own draft environment. The upside? Agents were the talk of the town in 2025. Tines CEO Eoin Hinchy shared his thoughts on how they could help end muckwork, and shortly after, we launched the AI Agent action.

PCI DSS compliance requires an organizational implementation of the required processes and procedures. Your compliance efforts are typically sabotaged by mistakes made from the top. We’re going to briefly discuss the top PCI DSS Compliance Mistakes that are made and how to avoid them.

Organizations face a complex cybersecurity conundrum. Attack surfaces are expanding faster than SOC teams can scan. All of which is leading to a never-ending cycle of swivel-chair security, context-free lists, increased alert fatigue, and slow remediation. The strategic pivot needed to combat this is Continuous Threat Exposure Management (CTEM). A structured and essential alternative that moves teams away from reactive scanning to proactive, ongoing validation and prioritization.