Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today’s climate, where every company is a technology company, there is a simple truth many still overlook: CIOs and CISOs can no longer afford to see themselves primarily as technologists or risk gatekeepers. The mandate is clear: They must be business leaders first, using technology and cybersecurity expertise as powerful tools to drive growth, trust, and competitive advantage.

In Part 1 of this blog series, we explored the architecture, capabilities, and risks of the Model Context Protocol (MCP). In this post, we will focus on two attack vectors in the MCP ecosystem: prompt injection via tool definitions and cross-server tool shadowing. Both exploit how LLMs trust and internalize tool metadata and responses, allowing attackers to embed hidden instructions or persistently influence future tool calls without direct user prompts.

This is a follow up to the blog Cybersecurity as a Business Enabler about the shifting cybersecurity from a cost center to a value driver. If you are a C-level executive looking to transform how your organization approaches cybersecurity, here is how to shift the mindset from viewing security as just another cost center to recognizing it as a true value driver.

The Domain Name System (DNS) is a critical component of internet infrastructure, responsible for translating human-readable domain names into IP addresses. However, the ubiquitous nature and often-overlooked security aspects of DNS make it a prime target for malicious actors. This blog post investigates the tools used for data exfiltration over DNS, the techniques involved, and the countermeasures to mitigate these threats.

In today’s fast-moving digital world, cybersecurity is no longer just an IT concern: it is a business imperative, and a game-changer. For many years, cybersecurity was perceived as a necessary expense, a cost center that consumed expensive resources mainly to mitigate risks and to prevent threats. But leading organizations now realize that strong cybersecurity is not just about protection, but it is a real driver of growth, customer trust, and competitive advantage.

The Model Context Protocol (MCP) is a standardized framework that enables large language models (LLMs) to interact with external tools, APIs, and data sources. While MCP offers powerful integration capabilities across software development, data analysis, automation, and security operations, it also introduces serious security risks. This post provides a technical overview of how MCP works, its architecture, and real-world use cases.

Netskope Threat Labs is pleased to announce the release of a new open-source tool that detects supply chain attacks. Our new tool, Behavioral Evaluation of Application Metrics (BEAM), requires no endpoint agent deployment and will analyze the network traffic you are already capturing in your organization to determine if your applications are communicating with unusual hosts that could be part of an attack. This tool is the subject of a 2025 Black Hat USA briefing.

Large language models (LLMs) are transforming enterprise operations, but their growing use introduces a critical security challenge: securing how they access sensitive data and integrate with existing tools. This is where Model Context Protocol (MCP) servers become a vital, yet often overlooked, part of AI security. These servers act as the crucial link, enabling LLMs to securely connect with diverse data sources and tools, significantly expanding attack surfaces that demand our immediate attention.

Any organization that’s undergone a security transformation knows the promise of zero trust network access (ZTNA): secure, least-privilege access to private applications, anywhere, on any device. But turning that promise into operational reality is often far from simple. Between fragmented tools, complex configurations, and sprawling environments, implementing ZTNA can quickly become a manual, time-consuming, and error-prone process.