Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The cybersecurity industry is entering a new phase of AI adoption. Frontier AI models are increasingly capable of identifying vulnerabilities, investigating threats, analyzing code, and accelerating security operations at machine speed. At the same time, innovation is moving rapidly. New models, platforms, and security-focused AI initiatives are emerging across the market, each pushing the boundaries of how AI can be applied to real-world cybersecurity workflows.

Mythos changes the speed of attack. Identity controls decide what happens after. The shift underway For the first time in 19 years, vulnerability exploitation now leads the Verizon Data Breach Investigations Report as the breach entry point. It accounts for 31 percent of incidents, ahead of stolen credentials. Threat actors are using AI to exploit known vulnerabilities in hours rather than months. The Verizon data predates the latest frontier AI advancements.

AI agents do not create risk only when they hallucinate or produce an inaccurate answer. They create risk when they take the wrong action. A single user prompt can move through an application, reach an agent runtime, call a tool, trigger an MCP server, and touch a downstream API. By the time the action happens, the original request may be several layers away from the system that actually changes data, sends information, or executes a workflow. That is the problem security teams now face.

PHP obfuscation is a lightweight way to make code harder to read but it does not provide much protection against code exposure or reverse engineering. It is often attractive because it is free or low cost, but that can be risky as it typically only masks the code through substitution techniques and does not meaningfully change how the source code is protected.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! While laudable, I still think many will just allow everything rather than configure complex CI flows. Happy to be proved wrong.

Compliance has traditionally lived in dashboards, spreadsheets, screenshots, audit packets, and point-in-time reviews. Security teams know the reality is more dynamic. The evidence auditors need is often buried across identity providers, endpoints, cloud platforms, network controls, vulnerability scanners, alerts, and custom application logs — all generating live operational telemetry that static tools struggle to keep up with.

Picture two realities for the same compliance control reaching production. Reality One: Your AppSec team writes a new rule. An engineer uses Claude Code or Cursor to generate the OPA (Open Policy Agent) Rego policy in minutes. They deploy it. It blocks a legitimate release on a missing context variable, and the on-call engineer routes around the gate to ship the code. The AI gave them fast code — but not code they could trust.

How Agentic AI Is Outpacing the Compliance Frameworks Built to Contain It.

The rapid adoption of generative AI has transformed enterprise productivity, but it’s also quietly introduced a new, sophisticated vulnerability: the AI insider threat. For years, securing the internal perimeter meant watching for data exfiltration via USB sticks or unauthorized emails. Today, the risk looks entirely different.

Every year, the Verizon Data Breach Investigations Report (DBIR) is one of the most hotly-anticipated and widely-read documents in security. And every year includes some surprising stats and reshuffles the top few threat vectors. But longtime readers will notice that the 2026 DBIR features some advice that ought to be familiar to everyone by now: get the basics right.