Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As Claude adoption expands across enterprises and workflows, security and compliance teams need to understand who is using Claude Enterprise, how it is accessed, and how it is administered and configured across the organization. The Claude Compliance API gives organizations access to valuable activity data that supports security monitoring, investigations, and governance initiatives.

Apache HTTP Server is one of the most popular web servers in use today for engineering teams, and its prevalence naturally makes it a frequent target for attackers. In May 2026, the Apache Software Foundation patched CVE-2026-23918, a high-severity double-free vulnerability in Apache 2.4.66’s mod_http2 module. For teams not using Apache’s MPM prefork, the vulnerability would enable an attacker to crash worker processes or achieve remote code execution (RCE) in some specific cases.

Many organizations have hundreds or thousands of API endpoints across their services, each of which handles authentication differently. For example, one service might rely on standard headers like Authorization: Bearer, while another uses an API key, and a third uses a custom JSON Web Token header with mechanisms or naming conventions specific to the team that built it.

When teams start building AI agents, especially with managed systems like Amazon Bedrock, they often wonder whether simply enabling guardrails is enough to secure their agents. A framework like Amazon Bedrock Guardrails provides a solid foundation for content filtering and policy enforcement, but having guardrails in place is only part of the equation.

Software composition analysis (SCA) tools have become essential in modern security programs. They continuously scan software supply chains and match component fingerprints against Common Vulnerabilities and Exposures (CVE) databases to surface vulnerabilities in dependencies. SCA tools are effective at scale, but they introduce a persistent challenge: Not every flagged vulnerability actually presents a risk.

Security operations teams manage a high volume of signals, often across multiple tools. Analysts may triage detections in one system, document progress in another, and coordinate remediation elsewhere. As context becomes fragmented, response times slow and the risk of missed threats increases.

In the latest episode of This Month in Datadog, Jeremy shares how to run autonomous Cloud SIEM investigations, remediate vulnerabilities with auto-generated fixes, and use natural language to explore Datadog. Later, Sumedha Mehta spotlights the Datadog MCP Server, which gives AI agents real-time access to Datadog’s observability data. Then, Chetan Sharma walks through Datadog Experiments, which measures how product changes impact the user journey.

Cloud environments create a flood of security signals, often reaching tens of thousands per day depending on the organization’s size. Security engineers and analysts spend a disproportionate share of their time triaging these signals instead of acting on legitimate threats. But the time-intensive parts of that work, such as identifying related signals and building a timeline, can be handled systematically, leaving teams free to focus on what actually requires human judgment.

As AI adoption accelerates on Google Cloud, the challenge for most teams today is no longer just building AI-powered applications. It’s also managing the full AI stack from end to end, including data pipelines, infrastructure, release process, and security operations. Many teams are monitoring these layers with different tools, creating complexity, fragmenting visibility, and slowing decisions on what to do next.

In March 2026, a GitHub account called hackerbot-claw, describing itself as an “autonomous security research agent powered by claude-opus-4-5,” began systematically targeting open source repositories—including one from Datadog. Over a week, it opened many pull requests designed to exploit misconfigurations in GitHub Actions workflows.