Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI assistants and search tools are woven into daily work. But not all providers handle your prompts, files, or transcripts the same way. Small policy details determine whether your data trains future models, how long it’s kept, and what an auditor will see. If you use these tools in regulated environments, the safest choice to ensure OpenAI data privacy often depends on your specific channel: consumer app, enterprise account, or API.

The virtual private network (VPN) has been the default way to connect remote employees to company resources for over two decades. In its time, the VPN was a breakthrough ‒ creating encrypted tunnels back to the corporate network and giving road warriors a way in. But today's workplace looks very different. Employees access SaaS applications directly from the Internet. Teams are distributed around the world.

This past month, the Vanta team launched new features to help you: ‍

Local Oracle Linux installations do not support CIS Oracle Linux benchmarks or hardened images. When you implement CIS Benchmarks on an Oracle server, you are on your own. We wrote this post to help you.

In late 2022, AI exploded into the mainstream with OpenAI’s ChatGPT, starting an AI-fuelled shift in both everyday life and the cyber threat landscape. Just as quickly as everyday users rushed to adopt the technology, so did threat actors. From generating phishing pretexts to writing malware and crafting deepfakes, AI systems have become both a new tool and a new target.

CYJAX has identified a growing trend of AI-based tools being developed and shared across threat actor forums for fraudulent and cybercriminal purposes, highlighting the need for proactive monitoring and defence against evolving AI-driven threats.

The General Data Protection Regulation (GDPR) and the UK’s Data Protection Act 2018 (DPA 18) have transformed how businesses must handle personal data. With fines of up to €20 million or 4% of global annual turnover for non-compliance, organisations cannot afford to take data protection lightly. The law‑firm DLA Piper reports that by January 2025 the total fines across Europe since GDPR came into force stood at €5.88 billion.

In the first part of our series, we examined the challenges facing state and local governments as they work to secure and maintain the availability of increasingly complex digital systems. Today, we turn our focus to how collaboration—powered by shared data platforms like Splunk—can enhance incident response and overall digital resilience.

Penetration Testing and Managed Vulnerability Scanning (MVS) are often mentioned in the same breath, yet their true value emerges when they are combined. Each plays a distinct role in building a strong Offensive Security program, and together they form a powerful foundation for reducing risk and improving resilience. However, it is common for those not fully immersed in cybersecurity practices to either confuse or conflate these two practices.

In a rapidly evolving digital landscape, organizations must continuously adapt their security operations to keep pace with new threats and business needs. For the team at Airties, a global leader in Wi-Fi mesh technology and access point solutions, this meant rethinking their legacy security information and event management (SIEM) platform. Airties is a manufacturer of access points, primarily serving large telecom operators. Its solutions power the Wi-Fi networks in millions of homes worldwide.