Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For years, the cybersecurity industry has suffered from a "data gravity" problem. Security teams are buried under billions of rows of telemetry, yet they remain starved for actionable insights. A Threat Intelligence Platform (TIP) is a centralized security system that collects, aggregates, and organizes data about known and emerging cyber threats. It serves as the vital connective tissue between raw telemetry and active defense.

Today’s threat landscape is more varied and chilling than ever: Sophisticated nation-state actors. Hyper-volumetric DDoS attacks. Deepfakes and fraudsters interviewing at your company. Even stealth attacks via trusted internal tools like Google Calendar, Dropbox, and GitHub.

The last 12 months have been the most challenging in Tines’ history. They’ve also been the most successful. We navigated macroeconomic headwinds and breakneck technological innovation. At the same time, global growth and scale demanded new operational discipline and relentless focus. But alongside those challenges came major milestones. We maintained a world-class 122% net revenue retention (NRR).

Mobile app risk rarely emerges from negligence. It emerges from fragmentation. In most enterprises, security is applied in stages: Each control works in isolation. None governs how risk evolves over time. Mobile applications are distributed, long-lived systems. Once deployed, they operate outside centralized infrastructure control, exposed to shifting SDK dependencies, evolving APIs, regulatory change, and adaptive adversaries. Security gaps rarely appear within a stage. They appear in the transitions.

Sending a work email to the wrong person – it’s something all of us have done at least once in our working lives. For some people, it’s a regular occurrence. But just how risky is it? Thinking back over your recent emails, you can probably pick out the ones that would have been worse to misdirect than others. In the best case it’s a non-issue or only slightly embarrassing.

There’s a moment every IT and security team recognises. You’ve done the hard work: rolled out SSO, tightened access policies, and moved sensitive tools behind stronger authentication. On paper, it looks like progress.

If you work in IT right now, your feed is probably split between AI hype, AI fear, and confused memes about both. Depending on who you ask, AI is either coming for your job, coming for everyone’s job, or going to “free you up to do more strategic work”—which somehow always looks like doing the same work, just faster, with fewer people. Some of that fear is legitimate.

Deterministic security tools, at this point, have become such a regular part of security that, for a long time, we weren’t questioning the alternatives. With AI becoming a core component of security with probabilistic models, it’s time to revisit determinism and get clear about what it’s needed for. Otherwise, why shouldn’t we just start replacing everything with AI?

Aikido Attack, our AI pentest product, found a WebSocket hijacking vulnerability in Storybook's dev server that can lead to persistent XSS, remote code execution, and, in the worst case, supply chain compromise. Storybook's WebSocket server has no authentication or access control, so if the dev server is publicly accessible, an attacker can exploit this without any user interaction at all. In the more common local setup, a developer just has to visit the wrong website while Storybook is running.

In Regex is (almost) All You Need, we learned that using a combination of regular expression patterns, entropy, and rule-based filters are an effective way to detect candidate secrets. Regex is used for casting a wide net to identify candidates. Entropy is used as a primary filter on the captured candidates and additional filters like presence of commonly used english words, or filtering on known “safe” files like go.sum are applied last.