Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security teams are dealing with a fundamentally different operating environment than they were a few years ago. AI-assisted development is rapidly pushing more code and infrastructure into production, and according to Datadog’s 2026 State of DevSecOps report, 40% of running services have an exploitable vulnerability.

AI is already incorporated into most of your clients’ workflows. Employees are using chatbots and other built-in GenAI tools to draft emails, analyze data and automate work. The challenge? Much of that activity is happening outside your formal security controls, and that creates a new risk layer. For managed service providers (MSPs), the question is no longer whether to secure AI adoption for their clients, but how to evaluate the right AI security solution.

Today, we’re launching BlueVoyant AI. In my first months as CEO, I’ve had the chance to meet with many of you. What struck me most is the scope and importance of what you’re protecting, and how seriously you carry that responsibility. What also came through clearly is that your vision for the future of security aligns with ours.

Your stack has a SAST. A DAST. An SCA. A SIEM. And probably seven more tools your developers have quietly stopped reading alerts from. None of them were built for mobile. That's not a criticism. It's a fact about what those tools were designed to do. They were built for web applications, network infrastructure, and cloud environments, which were the priorities of a different era. Mobile apps came later. And the security tooling never fully caught up.

Artificial intelligence tools have completely revolutionized the way we work, boosting productivity to heights we couldn’t have imagined just a few years ago. But the upside comes with a high-stakes catch: every time an employee pastes proprietary code, financial records, or sensitive customer data into a public AI prompt, your company is at risk. As Shadow AI adoption skyrockets, implementing robust data leakage prevention is no longer an IT checklist item — it’s a business imperative.

A few weeks ago, we wrote about Project Glasswing and what we observed when we pointed cyber frontier models at our own code. Since then, we’ve seen that the part of the post that has resonated most deeply is the argument that the architecture around the vulnerability matters more than the speed of the patch.

The recent wave of announcements surrounding Claude Mythos and Project Glasswing has certainly filled our feeds. While these developments are technically interesting, the real story for me lately has been what they reveal about where the cybersecurity market is heading and how quickly that evolution is reshaping the risk conversation.

AI demos are easy. AI you’d actually trust near your control environment is not. If you’ve sat through a few of these pitches lately, you’ve probably landed on the same four questions every CISO we talk to is asking. And you’re right to ask them.

ThreatSpike exhibited at Infosecurity Europe 2026 at ExCeL London from 2–4 June this year. Three days, ten expert sessions presented on our stand and more conversations about AI than we’ve had at any event in recent memory. This is our round-up: what we saw on the floor, what we presented, and what the industry is clearly wrestling with right now.