Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most organizations spend their AI security budget on the wrong layer. The instinct is to just buy visibility to inventory the models, map the APIs, and ship a dashboard. But visibility alone won’t stop the coding agent that just pulled in a compromised MCP server. It won’t stop the production agent that’s about to forward a customer record to a place it shouldn’t go.

Businesses increasingly identify cyber risk as a core operational concern. Yet many cyber incidents still stem from basic, preventable vulnerabilities such as susceptibility to phishing, weak passwords, unpatched software and misconfigured systems. Insurers can play an important role in helping to raise firms’ cybersecurity hygiene and enhancing overall cyber resilience. However, cyber insurance penetration in certain market segments and regions remains low.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A heap of something simple can cause a bit of a headache it seems.

Walking the floor at Infosecurity Europe this week, it was impossible to avoid the subject of AI. Every conversation seemed to touch on it in some way. Vendors were demonstrating AI-powered detection capabilities, security teams were discussing governance frameworks, and practitioners were debating how best to secure the models, agents and data pipelines that are rapidly becoming part of everyday enterprise operations.

Bringing artificial intelligence into the office is a bit like adopting a hyper-energetic, brilliant, but chaotic intern. It can supercharge productivity, but if left unsupervised, it can accidentally delete the company database or invite a lawsuit. While the benefits of workplace AI are heavily advertised, deploying it without a safety net introduces significant vulnerabilities. Here’s a comprehensive breakdown of the risks businesses face when integrating AI into their daily operations.

There’s a persistent myth about red team operators: that the job is all zero-days, glowing terminals, and cinematic “I’m in” moments. The reality is more interesting and far more human. A day in the life of a red teamer is less about chasing flashy exploits and more about understanding how real people, real systems, and real environments fail under pressure.

NVIDIA NIM (NVIDIA Inference Microservices) packages production-ready AI models into optimized containers for enterprise deployment. Your developers need them. Your coding agents pull them. And until now, they pulled them directly from NVIDIA’s NGC registry, bypassing the supply chain controls you’ve spent years building. JFrog AI Catalog now brings NVIDIA NIM models under the same governance as every other artifact in your organization, with no separate registry and no governance gap.

In May 2026, Redis disclosed a high severity memory safety vulnerability tracked as CVE-2026-23479. The issue affects the Redis server, a widely deployed in memory data structure store used for caching, messaging, and real time analytics across cloud and on premises environments. The vulnerability exists in the client unblocking logic and may allow an authenticated attacker to achieve remote code execution under specific conditions.

For organisations considering a penetration test, one of the first questions is often how much it will cost. While this is a reasonable question, the answer is usually not so straightforward. Like many technology products and services, penetration testing is not a commodity. The scope, complexity, and objectives of each assessment can vary which means pricing can vary just as widely.

Are the repeated warnings throughout the years taking effect? Although we would like to say they are, the answer is complex and, most likely, we aren’t quite there yet.