Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2025, we embarked on a new journey to secure the most important technology transformation of this decade – generative AI. Our vision is to help companies secure their AI fast, so that they can innovate on the cutting edge and put AI and agentic use cases into production. To do this, we built Evo, the world’s first agentic orchestrator for AI security. The foundation of any product is customer needs.

Have you submitted your YDWWT workflow yet? Submissions close April 14th. We’ll be giving away an exclusive Workflow Workshop LEGO set to one lucky entrant. NOTE: everyone who enters YDWWT is eligible to win this prize, winner will be selected at random. Enter now.

Understanding the deadliest cyber attacks in history is crucial not only for historical record but for fortifying our defenses against the escalating threats that loom on the horizon. This article delves into the digital disasters that have fundamentally altered our perception of cyber security, examining their anatomy, impact, and the critical lessons they impart.

‍ The Cyber Essentials scheme, a UK Government-backed initiative, plays a crucial role in helping organisations secure themselves against a range of common cyber-attacks. As April 2026 approaches, significant updates to the Cyber Essentials scheme are set to take effect. These changes are designed to enhance the robustness of the certification and better reflect the realities of modern IT environments, particularly concerning cloud adoption and evolving authentication methods.

Attackers carried out a supply chain compromise by abusing a compromised npm maintainer account to publish malicious Axios versions (axios@1.14.1 and axios@0.30.4). These releases introduced an unexpected dependency, plain-crypto-js@4.2.1, which attempted platform-specific malware execution via an npm lifecycle script during installation on Windows, macOS, and Linux.

TLDR; As compliance requirements tighten globally, Australia has taken a decisive step with the introduction of Prudential Standard CPS 234 Information Security, setting a clear baseline for how financial institutions must protect themselves and the people who trust them. Australia’s financial services sector remains one of the most targeted in the world, with high-profile breaches exposing millions of records.

Global Open banking API call volumes are set to cross the 720 billion mark by 2029, and attackers know it. With the global open banking market surging past $38 billion in 2025 itself and projected to exceed $115 billion by 2030, the financial data flowing through these APIs is highly lucrative for threat actors. With over 7.5 million calls made to just AI APIs, they have now graduated from a technical challenge to a business imperative.

We release some good stuff this week with the CertKit agent version 1.8 from our roadmap, along with some small usability fixes in the CertKit web application.

Fresh off two weeks of back-to-back meetings in Washington, DC, and on the floor/in the wings of the RSA Conference, one theme echoed through nearly every conversation I had with senior government officials and public policy leaders from global technology companies: agentic AI security is the defining emerging security challenge of this moment — and policy is not keeping pace.

Exactly 8 years ago today, we launched the 1.1.1.1 public DNS resolver, with the intention to build the world’s fastest resolver — and the most private one. We knew that trust is everything for a service that handles the "phonebook of the Internet." That’s why, at launch, we made a unique commitment to publicly confirm that we are doing what we said we would do with personal data.