Featured
Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
Four incidents. Three frontier labs. One unaddressed gap: the release pipelines that sit outside every AI vendor questionnaire.
Louis Columbus
Agent authorization is broken — and authentication passing makes it worse
Verified agents are accessing data they were never scoped to touch. Cisco's Anthony Grieco maps four authorization gaps — and why identity frameworks alone won't stop them.
Louis Columbus
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps
The Mini Shai-Hulud worm hit 172 npm and PyPI packages carrying valid SLSA provenance. Here's the six-gap CI/CD audit grid and the action plan to find it and lock it out.
Louis Columbus
Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses
Four security teams exposed the same Claude architectural flaw in 48 hours. No single patch covers all three surfaces.
Louis ColumbusSubscribe to get latest news!
Deep insights for enterprise AI, data, and security leaders
AI agents are running hospital records and factory inspections. Enterprise IAM was never built for them.
The 80-point gap between AI pilots and production isn't a model problem. Cisco's framework for why identity governance is the missing piece — and what to build first.
Louis Columbus
AI tool poisoning exposes a major flaw in enterprise agent security
AI agents choose tools from shared registries by matching natural-language descriptions. But no human is verifying whether those descriptions are true.
5,000 vibe-coded apps just proved shadow AI is the new S3 bucket crisis
our security stack was built for servers and cloud accounts — not the Lovable app your PM deployed on a public URL last weekend.
Louis Columbus
An AI agent rewrote a Fortune 50 security policy. Here's how to govern AI agents before one does the same.
Every identity check passed — and the security policy still got rewritten. Here's the 6-stage framework for governing AI agents in production.
Louis Columbus
Anthropic Skill scanners passed every check. The malicious code rode in on a test file.
Gecko Security proved Anthropic Skill scanners miss bundled test files that execute via Jest and Vitest with full local permissions. The Anthropic Skill Audit Grid maps seven detection gaps plus three CI hardening steps.
Louis Columbus
One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it
CLI-Anything and similar agent bridge tools created an integration layer no security scanner monitors. Two exclusive interviews, a prescriptive matrix, and a five-step action plan for security directors.
Louis Columbus
Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat
The product, first announced at Microsoft's Ignite conference in November, positions itself as a unified control plane that lets enterprise IT and security teams observe, govern, and secure AI agents wherever they run: inside Microsoft's own ecosystem, on third-party cloud platforms like AWS Bedrock and Google Cloud, on employee endpoints, and increasingly across a sprawling ecosystem of SaaS agents built by partner software companies.
200,000 MCP servers expose a command execution flaw that Anthropic calls a feature
OX Security found 200,000 MCP servers running with an execution surface Anthropic says is by design. A product-by-product patch audit for security teams.
Louis Columbus