Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your pipeline has an API testing stage. Your scanner runs on every build. A finding list comes back clean. And then something gets exploited in production that your pipeline ran past 47 times without flagging. Here's what happened: endpoint validation passed. Security didn't. They are not the same thing. Here's what that box doesn't capture: APIs don't fail in clean test environments.

Over the past months, I’ve noticed a shift in customer conversations. Coverage, prioritization, emerging threats — those questions have given way to exposed MCP servers, unmanaged AI chatbots, and risks that don’t show up as CVEs. Mythos comes up in every other call. The calculus changed. AI now writes a quarter of production code, with twice as many vulnerabilities. The exploitation window collapsed from days to hours.

CERT-In just published a risk-based remediation framework that resets expectations for every organisation operating in India. The timelines are worth reading twice: Now consider one question: if a known exploited vulnerability appeared on your internet-facing application at 11pm tonight, what would your team do in the next 12 hours?

Phishing attacks are evolving faster than traditional training programs can keep up. Advances in AI — including generative tools — are making attacks more dynamic, personalized, and harder to detect. At the same time, agentic AI for phishing security training is reshaping how programs improve, enabling them to adapt to user behavior and shifting risk in real time.

An AI agent with access to a customer’s brokerage account can begin executing trades. Not because the customer asked. Because someone, somewhere upstream, slipped a hidden instruction into a tool the agent loaded at startup. The agent is doing exactly what it was told. Just not by the customer. This is not a hypothetical. It is the attack class that financial security teams have exactly zero legacy tooling to catch and it is arriving precisely as banks accelerate their agentic AI ambitions.

Anthropic has selected Cyberhaven for its Cyber Verification Program, an application-based program that supports legitimate defensive cybersecurity work involving advanced AI capabilities. The approval gives designated Cyberhaven teams access to advanced AI capabilities with fewer interruptions from default safeguards for certain high-risk, dual-use cybersecurity tasks, subject to Anthropic's applicable policies and program requirements.

AI SOC memory is the difference between an investigation that starts from your team’s history and one that starts from zero. In most security operations centers, there is none: context disappears the moment a case closes. When a new alert fires, the investigation effectively starts from zero.

The recent White House executive order on advancing artificial intelligence innovation and security sends a clear signal about how leaders are framing the future. What stands out most in the executive order is the recognition that AI and cybersecurity are now inseparable. One cannot succeed without the other. While national security is a prominent example, this convergence extends to every organization that depends on digital systems.

Today, we’re excited to share that key members of the team at Ensemble AI are joining Cloudflare to help accelerate our work in AI infrastructure and make it easier for developers to run powerful AI models efficiently at scale. Ensemble AI, founded in 2023 in San Francisco, has spent the last few years focused on one of the most important challenges in AI: making large models faster, smaller, and more cost-effective to serve, without sacrificing quality.

You approved the AI tools. You funded the infrastructure. Now your teams want to deploy AI agents, and the ask sounds reasonable: automate the research workflow, connect the agent to the CRM, let it draft and send. The productivity case is clear. What is less clear is who owns the security exposure when that agent starts moving data across systems it was never explicitly authorized to touch. The answer, increasingly, is you.