Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As we embed AI agents into our lives and workflows, we’re learning the (sometimes surprising) ways in which they outperform human beings, and other ways in which they fall short. And occasionally, we find an example where agents, paradoxically, are both better and worse than their human users.

WordPress is entering a new phase in how websites are managed with the introduction of API Abilities and support for the Model Context Protocol (MCP). These updates allow WordPress core, plugins, and themes to clearly define the actions they support and how those actions should be executed. For the first time, WordPress can communicate its capabilities in a structured way that large language models can reliably understand.

Today, the government of Canada issued a statement announcing that Arctic Wolf will continue to co-chair the Counter Ransomware Initiative Public-Private Sector Advisory Panel in 2026, alongside Public Safety Canada and BlackBerry. The panel will also include member organizations such as Ensign InfoSecurity, the Institute for Security and Technology, Microsoft, Palo Alto Networks, and the Royal United Service Institute.

For years, security programs reported progress using the same familiar metrics: number of vulnerabilities, patch rates, backlog size. These metrics became the default scorecard not because they reflected risk, but because they were easy to produce. The problem is that these metrics do not measure security improvement. They measure activity. Vulnerability counts rise and fall with scan cadence. Patch rates spike around maintenance windows. Backlogs grow when coverage improves.

For most engineering teams, AI feels like a breakthrough years in the making. Code gets written faster, reviews move quicker, and releases that once took weeks now happen in days—or even hours. But as more of the software lifecycle becomes automated, a less comfortable reality is setting in: application security hasn’t kept pace, and AI-native security practices are often missing. When AppSec foundations are immature, AI doesn’t reduce risk—it scales it.

Why don’t developers fix every AppSec vulnerability, every time, as soon as they’re found? The most common answer? Time. Modern security tools can surface thousands of vulnerabilities in a given codebase. Fixing them all would take up a development team’s entire capacity, often competing with feature development and other priorities.

If you've been paying attention to the AI agent space over the past few months, you've probably noticed a pattern: every week brings a new story about an AI agent doing something it absolutely should not have done: reading private emails, exfiltrating credentials, or executing shell commands that a human would have never approved. The OpenClaw saga alone gave us exposed databases, command injection vulnerabilities, and a $16 million scam token, all in the span of about five days.

A fragmented collection of security tools and services can’t deliver the protection modern organizations require. True resilience comes from integrating those capabilities into a unified, coordinated defense. LevelBlue recognizes that the full value of Managed Detection and Response (MDR) is realized when it operates as more than a standalone service. When positioned as the central nervous system of a broader security ecosystem, MDR connects signals, actions, and intelligence across the environment.

CISA recently published BOD 26-02, the latest Binding Operational Directive shaping how federal agencies manage cyber risk. While attention often gravitates toward highly visible directives like KEV, this one matters for a different reason: it raises the standard for how lifecycle risk must be tracked and sustained over time. BOD 26-02 is described as guidance on unsupported edge devices, which is accurate but incomplete.

Text editors rarely show up in threat models. Installers show up even less. CVE-2025-49144 changes that. The issue is a local privilege escalation in the Notepad++ Windows installer that can allow a low-privileged user to gain SYSTEM-level execution by abusing insecure executable search behavior during installation. Affected versions include Notepad++ 8.8.1 and earlier, per the NVD record.