Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Standing on stage at Microsoft Build, surrounded by innovators shaping the future in the era of AI Agents, I felt equal parts inspired and responsible. Inspired by the rapid momentum around AI, and responsible for raising a flag about something we don’t talk about enough - how we secure the very systems that are now acting on our behalf. This post isn’t a recap, rather a continuation, a chance to go deeper into the story I shared (and the one we’re still writing.)

Software development is in the midst of a monumental shift, powered by the rapid advancements in Artificial Intelligence. AI isn't just changing how we build software; it's transforming the very nature of applications themselves. As AI-native applications become more prevalent, we're also seeing new, complex security threats emerge. Traditional security approaches aren’t designed for the dynamic and often unpredictable nature of Large Language Models (LLMs), agents, and other AI-driven systems.

As organizations increasingly rely on connected devices to drive efficiency and innovation, the Extended Internet of Things (XIoT) — covering industrial control systems (ICS), operational technology (OT), Internet of Things (IoT), and Internet of Medical Things (IoMT) — has rapidly expanded. This greater connectivity often drives increased vulnerability as critical assets are exposed to sophisticated threats.

Cisco Foundation AI’s Foundation-sec-8b model brings a new wave of innovations and efficiency to security operations. As a purpose-built, open-weight Large Language Model (LLM) designed specifically for cybersecurity, Foundation-sec-8b enables security teams to act faster, reduce fatigue, and scale operations without compromising accuracy.

Organizations investing in Microsoft 365 E5 licensing expect enterprise-grade email protection. Yet despite premium security features, customer feedback reveals persistent challenges with Microsoft Purview DLP across Exchange Online environments. Microsoft deployment specialists report seeing clients deploy Purview on their own, discover a wealth of false positives, and turn off the policies or set them to audit mode. Policies never become useful.

The FBI is warning that threat actors are impersonating senior US officials in phishing attacks designed to compromise users’ accounts. Notably, the attackers are using AI-generated audio to convincingly spoof the voices of real people.

With the recent increase in use and popularity of Large Language Models (LLMs), many organizations are still trying to approach the use of this technology. In this blog, we approach the different log sources that can be potentially used to monitor a local LLM.