Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For a brief window, a widely used open source package in the AI ecosystem was compromised with credential-stealing malware. LiteLLM, a model gateway used to route requests to more than 100 LLM providers, has been downloaded millions of times per day. In that short window, the malicious versions were likely pulled tens of thousands of times before being caught.

Microsoft Entra ID Privileged Identity Management is designed to bring structure to privileged access inside Microsoft environments. It allows organizations to make roles eligible, require activation, and enforce approval workflows. Within Azure, it performs that role predictably. The challenge begins when engineering workflows extend beyond Azure. Modern infrastructure rarely lives in a single ecosystem.

The term AI agent is dominant in current cybersecurity discourse. Vendors, analysts, and CISOs all use the label, yet technical confusion remains regarding how agents actually operate and where the security risks reside. Beneath the surface-level familiarity, there is often significant confusion about what an AI agent actually is, how it operates technically, and most importantly for security teams, where the risk actually lives.

Most organizations already have the policies they need in place. The problem is enforcement.

To support enterprise workflows like monitoring systems, triaging support tickets, and automating routine work, AI agents need access to the same sensitive systems employees use, including databases, APIs, SaaS tools, and internal infrastructure. However, many of these systems still rely on shared passwords, API keys, tokens, and other credential-based access paths that are difficult to manage and control.

Apr 2, 2026 Mastering Software Supply Chain Management in 2026 Read More Natalie Tischler Mar 31, 2026 Why Security Debt Should Be a Board-Level Priority Read More Natalie Tischler Mar 26, 2026 Prioritize, Protect, Prove: A Roadmap for Application Security Transformation Read More Natalie Tischler.

Engineering teams face a dual mandate: ship high-quality features faster and keep the underlying infrastructure secure. As development velocity increases, so does the complexity of the tools, libraries, and third-party components that make up your applications. Software Supply Chain Management is the discipline of securing these interconnected components.

Another SaaS integration for the books! Incidents can now be automatically generated in the portal from email addresses in ProofPoint alerts. These are then linked to portal users, as well as any devices those users are logged in to.

Note: The core architecture for this pattern was introduced by Isaac Hawley from Tigera. If you are building an AI agent that relies on tool calling, complex routing, or the Model Context Protocol (MCP), you’re not just building a chatbot anymore. You are building an autonomous system with access to your internal APIs. With that power comes a massive security and governance headache, and AI agent security testing is where most teams hit a wall.

As cyberattacks on industrial systems escalate and supply chains grow more complex, cyber resilience for operational technology (OT) isn’t optional — it’s a business imperative. But with budgets under pressure and resources stretched thin, many manufacturers are left pondering a difficult question: How can we strengthen OT defenses without incurring downtime or breaking the bank? Virtual conference OT resilience.