Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI security tools are no longer just defensive layers. They are high value targets being studied, fingerprinted, and bypassed much like traditional endpoint detection and response (EDR) platforms and antivirus solutions were in their early days. The speed and scale at which these tools are being deployed makes reactive defense increasingly unsustainable.

As I was writing my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I was hit by how many theoretical and real attacks there are involving AI. There are attacks committed by AI and attacks committed agsinst AI, and I’m not sure which category is bigger.

Anyone who knows me knows I’m passionate about mindfulness. Because I genuinely believe it makes us better humans. But also, because I have one of those brains that desperately needs it. I’m easily distracted and I start new ideas before finishing old ones. My attention can scatter in a hundred directions. I wrote before how I clicked on a phishing test because I was multitasking and running on autopilot. And that moment really changed the direction of my career and my research.

Integrated cloud email security (ICES) is a term coined by industry analyst, Gartner, in their 2021 Market Guide for Email Security. The guide was reissued in 2023 and stated that ‘by 2025, 20% of anti-phishing solutions will be delivered via API integration with the email platform, up from less than 5%” at the time of publication’.

Today, Mend.io is launching Contextual Project Classification, an AI-native feature that automatically analyzes your codebase to identify which applications handle sensitive data like payments, healthcare records, and PII, enabling true risk-based security prioritization.

AI has moved from experimentation to a strategic enterprise imperative. It’s no longer about whether organizations will adopt AI, but whether their security architecture can govern it at the speed and scale at which it is being embedded into the business. This is not a future concern. It is today’s operational mandate to: Securing AI is not limited to software applications and agents.

GitGuardian’s 5th State of Secrets Sprawl report is here. In this blog, we unpack the key findings behind the 2026 edition, from AI-driven leak growth to the remediation gaps security teams can’t ignore.

AI is transforming the cybersecurity landscape for both threat actors and defenders. Learn how AI is being used on both sides of the battle with practical tips to help your security team up-level its AI use.

Cursor's security team built four autonomous agents that review 3,000+ PRs per week, catch 200+ vulnerabilities, and open fix PRs automatically. The engineering is impressive, and the prompts are shockingly simple. But there's a meaningful gap between "LLM agents reviewing PRs" and "enterprise security program," and that gap is exactly where things get interesting.

Agent skills are becoming the building blocks of AI-native software development, giving coding agents structured, versioned context, like how to use your APIs, how to build in your codebase, and how to enforce your team's policies. Developers install them from registries the same way they install npm packages or Python libraries. But unlike npm or PyPI, the agent skills ecosystem is new.