Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It's 8:47 AM. Your phone buzzes with another "urgent" DLP alert. You've already ignored three this morning. This one screams "SENSITIVE DATA DETECTED" in all caps. But it’s just a lunch menu with a credit card number for catering. You silence the notification and grab your coffee. What you don't know? While you're dismissing false alarms, your VP of Finance just dropped next quarter's earnings in a public Teams channel. Your DLP system? Completely silent.

An important supply chain incident has rocked the security industry by showing us that some of the biggest security enterprises are also threatened by the risk of third-party SaaS product integrations. The incident, involving Salesloft Drift, a marketing automation solution integrated with Salesforce, resulted in the threat actor getting OAuth tokens. These tokens allowed them to exfiltrate massive volumes of sensitive data about customers, including account records, case information, and contact data.

Modern enterprises run on automation. But behind every line of code deploying infrastructure, moving data, or triggering workflows is something often overlooked: a non-human identity (NHI). These NHIs—service accounts, machine credentials, API tokens, CI/CD integrations—outnumber human users by orders of magnitude. And they’re everywhere. Yet in too many organizations, they’re still unmanaged, invisible, and dangerously overprivileged.

The Drift OAuth breach didn’t just expose one SaaS vendor — it exposed a systemic blind spot: the sprawling, ungoverned world of Non-Human Identities. In case you missed it, in August 2025, attackers from UNC6395 exploited compromised OAuth tokens from Salesloft’s Drift integration—an AI chat tool—to access and exfiltrate data from Salesforce, including credentials like AWS keys and Snowflake tokens.

There is nary a government that does not have a long list of acronym-heavy compliance requirements on its books, which can be difficult to meet without the help of a Managed Detection and Response (MDR) solution on your side. This means that whether you operate in healthcare, finance, critical infrastructure, or any sector handling sensitive data, adhering to standards like HIPAA, FedRAMP, DORA, CMMC, GDPR, and others is a legal imperative. And, a good practice.

AI agents (utilizing LLMs and RAG) are being used within SOCs and SIEMS to both help identify attacks and assist analysts with working more efficiently; however, I’ve done a little bit of research one sunny British afternoon and found that these agents can be abused by attackers and made to go rogue. They can be made to modify the details of an attack, hide attacks altogether, or create fictitious events to cause a distraction while the real target is attacked instead.

On 19 August 2025, the Arctic Wolf Cybersecurity Operations Center (cSOC) uncovered and remediated a sophisticated delivery chain: a threat actor leveraged GitHub’s repository structure together with paid placements on Google Ads to funnel users toward a malicious download hosted on a lookalike domain. By embedding a commit‑specific link in the advertisement, the attackers made the download appear to originate from an official source, effectively sidestepping typical user scrutiny.

August is usually a quiet month for policy change on both sides of the Atlantic. Not so this year. With follow-ups from the busy first half of the year and preparations for an intensive last quarter, bureaucrats had little chance for summer plans.

The first C in CMMC stands for cybersecurity, so it makes sense that the vast majority of content and information about it (both here and elsewhere online) is focused on the cyber aspect. Digital security makes up the bulk of the certification, and it’s by far the biggest threat vector in a modern business space. There is, however, still that detail that has to matter sooner or later: the fact that everything digital has to have somewhere it lives in physical space.

The state of cybersecurity has always been in flux, but the arrival of tools like ChatGPT heralded one of the most significant challenges for security teams in years. AI has the potential to unlock incredible potential in data processing and malware detection, but in the wrong hands, Large Language Models (LLMs) and other adversarial AI tools can be used to develop polymorphic malware that can escape detection, gain access to sensitive data, and poison data sets.