Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Building SecOps that improve with every frontier AI release

CEO Maxime Lamothe-Brassard made an observation after the RSA conference that security vendors don't typically say out loud: "The frontier models are just better than anything people roll their own. There's no secret sauce these vendors are offering that is better than the latest frontier model release." That's a pointed claim that carries a significant implication buyers may not have fully considered.

6 WAAP Features Every Bank and Financial Institution Needs in 2026

Banking & Financial Services (BFS) firms are shouldering a uniquely heavy share of the global threat load. The newly released Indusface State of Application Security 2026 study paints a stark picture: Why the laser focuses on finance? Strict regulations mean banks generally run strong perimeters, so adversaries pivot to bots, API abuse, and nuanced business-logic exploits that slip past ‘default’ defenses.

Fix SCA issues at scale in your terminal with Snyk Remediation Agent in the CLI

Snyk is now detecting six vulnerabilities for every one remediated. NIST reported a 33% increase in CVE submissions in Q1 2026. According to Gartner, the average time to patch a high/critical vulnerability is 55 days (Gartner, "How to Respond to the 2026-2027 Threat Landscape," 28 May 2026).

Workforce verification and privacy: How to manage data retention, vendor risk, and compliance

For many security teams, the 2023 MGM Resorts cyberattack was a wake-up call. A single vishing attack exploited weak identity assurance in help desk workflows and disrupted casino and hotel operations for days, causing hundreds of millions in losses and reputational damage. The breach revealed a disconcerting new reality: Just one compromised employee account can enable attackers to bypass the entire security perimeter, regardless of an organization’s size or security budget.

What SPIFFE Answers for Workload Identity and What It Doesn't

On workload identity, a spec the industry has already started building around, and what the next layer looks like. I don't have a better answer than SPIFFE (Secure Production Identity Framework for Everyone) for workload identity, and that's where I want to start, because what follows is going to sound like I do.

Shadow AI: The Hidden Risk Expanding Across the Enterprise

Companies and employees are racing to capture the value and efficiencies offered by AI, but security is often an afterthought. Employees are using unauthorized GenAI tools to summarize documents, draft emails, and analyze potentially sensitive or proprietary data. Developers are adding AI capabilities before security teams can review them. SaaS platforms are adding AI features that may process sensitive business data by default.

MCP Security: How to Secure MCP Integrations

AI agents are connecting to enterprise systems right now. Whether a developer wired up Claude to an internal Confluence instance, a vendor shipped an agentic workflow that calls the CRM, or an employee enabled a browser-based AI assistant that reads email, Model Context Protocol (MCP) is rapidly becoming the integration layer between large language models (LLMs) and corporate data. Most security teams have no visibility into any of it.

CMMC Enclave vs Enterprise-Wide Scope Cost Tradeoffs

One of the biggest decisions you need to make when you’re planning a CMMC implementation is which strategy you’re going to use. Your options are enterprise-wide security or an enclave strategy. Now, we’ve talked about these two options before. Rather than a general guide, though, today we want to look at the factor most likely to drive your decision: costs.

EASM Buyer's Guide 2026: How to Choose the Right Solution for Your Organization

Your external attack surface is bigger than you think, and probably bigger than it was last quarter. Cloud sprawl, third-party integrations, abandoned subdomains, and shadow IT all add up to an internet-facing footprint that’s hard to track manually. External attack surface management (EASM) tools give security teams continuous visibility over that footprint, from the same vantage point an attacker would use.

Why a Credentialing Specialist Is Essential for Healthcare Operations

Every day a provider is not credentialed is a day they may not be able to see patients, bill payers, or generate revenue. For healthcare organizations, credentialing delays affect far more than paperwork. They impact onboarding timelines, payer reimbursement, compliance readiness, provider schedules, and operational continuity across the business. A missing document or delayed approval can slow down provider start dates, interrupt billing, and create avoidable administrative pressure for teams already balancing complex healthcare workflows.