Expert analysis
The hidden risk of non-human identities in AI adoption
An employee with persistent, unsupervised admin access across critical systems, with no audit trail, no clear owner, and no regular access reviews, would raise immediate …
May 2026 Patch Tuesday forecast: AI starts driving security industry changes
Microsoft May 2026 Patch Tuesday is now live: Many fixes, but no zero-days Project Glasswing. This is one of three major security industry changes I’ll cover today. The …
Identity discovery: The overlooked lever in strategic risk reduction
If you ask a CISO what keeps them up at night, the answer usually isn’t “lack of tools.” It’s uncertainty. Uncertainty about what they don’t see. Uncertainty about how far an …
Your IAM was built for humans, AI agents don’t care
Identity and access management was built for a simpler world. One where the hardest problem was a human logging in, and where “Who are you?” was sufficient to …
What the EU AI Act requires for AI agent logging
The EU AI Act is 144 pages long. The logging requirements that matter for AI agent developers sit across four articles that keep referencing each other. Here’s what they say, …
29 million leaked secrets in 2025: Why AI agents credentials are out of control
AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of …
April 2026 Patch Tuesday forecast: Spring-cleaning of a preview
I just blinked and the first quarter of the year is GONE. Where does the time go? I looked back at my article from last month where I touched on the use of AI and some of the …
Why I’m done calling humans the weakest link
Cybersecurity has long suffered from a people problem, but not in the way we often hear about. As industry that is based on enabling communication across the globe via the …
Why risk alone doesn’t get you to yes
I have been in security rooms for years, from military operations centers to corporate boardrooms. In all those years I can tell you that the hardest mission that most …
Does Anthropic deserve the trust of the cybersecurity community?
The cybersecurity industry runs on trust. The belief that when a vendor says they will behave a certain way, they will, that critical CVEs are in fact critical, or when …
March 2026 Patch Tuesday forecast: Is AI security an oxymoron?
Developers and analysts are using more AI tools to produce code and to test both the performance and security of the finished products. They are also embedding AI …
Why workforce identity is still a vulnerability, and what to do about it
Most organizations believe they have workforce identity under control. New hires are verified. Accounts are provisioned. Multi-factor authentication is enforced. Audits are …
Featured news
Resources
Don't miss
- Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)
- Vector embedding security gap exposes enterprise AI pipelines
- Sandyaa: Open-source autonomous security bug hunter
- The hidden risk of non-human identities in AI adoption
- Researchers open-source a Wi-Fi cyber range for security training