From AI POC to production: A practical roadmap with Robinhood
88% of AI proof-of-concepts never make it to production, according to IDC. That wasn’t the case for Robinhood. But of course, the journey wasn’t without obstacles.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
APIs in an AI World: The Security Blind Spot Business Leaders Must Address
In this session, business leaders will get a clear view of what is at stake and what it means for how you govern, protect, and lead.
Vanta Trust Signals: Shadow AI
Friday: *security team removes Shadow AI app* Monday: *employee immediately reinstalls it* Rinse and repeat—1,000x a year. We analyzed Shadow IT data across 15K+ companies and the numbers are mind-blowing. Get the details in our new data series, Trust Signals, at vanta.com.
Episode 13 - Battle-Hardened Research: Navigating the Intersection of AI and Open Source
Richard Bejtlich sits down with Ali Islam to pull back the curtain on how a security research lab functions within a modern security company. Moving beyond the "ivory tower" of academia, Ali explains why researchers must be battle-hardened by real-world threat actor techniques to remain effective in the field. The conversation dives into Corelight’s unique commitment to the open source community through the direct funding of Zeek and Suricata developers, ensuring that community-driven tools can scale to meet massive enterprise traffic demands.
Detecting Threats in Multi-Agent Orchestration Systems: LangChain, CrewAI, and AutoGPT
It’s Tuesday morning at a mid-size fintech. A customer-support workflow runs on CrewAI in production: a Triage agent reads tickets, a Records agent pulls customer history, a Remediation agent drafts and sends the reply. A user submits a ticket with a pasted error log containing an indirect prompt injection. Triage summarizes and delegates. Records, interpreting instructions embedded in the summary, pulls 2,400 customer records instead of one.
AI Agent Security Framework on GKE: Implementation Guide
Your platform team spent a week configuring the Agent Sandbox CRD on a gVisor-enabled node pool — the architecture Google positions as the recommended pattern for AI agent workloads on GKE. Workload Identity Federation with KSA principals is bound to every agent pod. Container Threat Detection is licensed and active in Security Command Center Premium. And the runtime behavioral sensor you budgeted for won’t install.
When tokenmaxxing leads to riskmaxxing
Accelerating security solutions for small businesses Tagore offers strategic services to small businesses. A partnership that can scale Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.
Fingerprinting AI Attacks: Detection Every SOC Needs
Revisiting a conversation between LimaCharlie co-founder Christopher Luft and Chris Cochran, Field CISO & Vice President of AI Security at SANS Institute, on The Cybersecurity Defenders Podcast. For most of cybersecurity’s history, defenders could operate under a safe assumption: somewhere on the other end of an attack, a human was making decisions. Scripts might automate parts of the kill chain, tools might accelerate execution, but a person was in the loop.
From human-scale to AI-scale: Lessons in resilience from RSAC 2026
The halls of RSAC 2026 were buzzing with a singular question: "How do we defend an ecosystem that is moving faster than we can think?" During a featured session last week, Brian Dye (CEO, Corelight) talked with Deneen DeFiore (CISO, United Airlines) about the realities of protecting one of the world's most complex digital environments.
8.5 Billion Executions. 2 Real Bugs. Here's Why.
That is not a failure of fuzzing. It is a failure of interpretation. In a recent AFL++ fuzzing campaign targeting libarchive, we ran approximately 8.5 billion executions across all fuzzing phases, generated over a thousand crash files, and ultimately reduced them to two unique crash sites through structured crash triage and deduplication. This blog is a practical, engineering-first guide to that process: If your fuzzing pipeline stops at crash counts, you are not measuring security.