Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Model Context Protocol (MCP) is emerging as a foundational interoperability layer for agentic AI, embraced by major platform providers. MCP simplifies how AI models connect to external tools and data. Think of it as a universal remote for security platforms: Instead of building fragile, one-off integrations, MCP allows AI to discover and use capabilities dynamically. For SIEM and detection providers, this shift is significant.

What are HIPAA disaster recovery requirements? Healthcare data breaches exposed over 276 million patient records in 2024, representing more than 80% of the US population according to the HHS Office for Civil Rights. For healthcare organizations, the question is no longer whether a disruption will occur, but when. The HIPAA Security Rule addresses this reality directly through its contingency planning requirements, yet many organizations still operate with significant compliance gaps.

In the race to deploy autonomous AI agents, organizations are inadvertently building on a foundation of shifting sand. While security teams have spent the last year focused on "Prompt Injection" and "Model Poisoning," a much older, more dangerous adversary has quietly become the primary attack vector for the agentic era: Broken Object Level Authorization (BOLA).

When application traffic fails to reach its destination, teams must determine whether the problem lies in routing, firewall rules, NAT behavior, or a combination of all three. In many environments, these components overlap in ways that make traditional troubleshooting slow and error-prone. Engineers often have to run repeated tests, stage changes, or temporarily disable rules to understand why a flow is being blocked.

Protecting sensitive data does require investment, and that mindset hasn’t been universal. Now, it isn’t an option. It’s time to move from debate to execution.

In most organizations, standing privileges don’t show up all at once. They accumulate quietly. A role is added “temporarily.” A contractor needs broad access to finish a project. A service account gets oversized permissions because no one has time to fine-tune them. None of these choices seem harmful in the moment, but over time they build into a privilege surface that’s far too large and far too easy to misuse.

Shai Hulud didn’t invent a new supply chain weakness. It took advantage of something most teams already struggle with: long-lived credentials sitting on developer laptops and CI runners. Once it landed in a workstation or pipeline, it went hunting for secrets, then moved into GitHub, npm, and cloud environments. The damage is huge.

Organizations face a complex cybersecurity conundrum. Attack surfaces are expanding faster than SOC teams can scan. All of which is leading to a never-ending cycle of swivel-chair security, context-free lists, increased alert fatigue, and slow remediation. The strategic pivot needed to combat this is Continuous Threat Exposure Management (CTEM). A structured and essential alternative that moves teams away from reactive scanning to proactive, ongoing validation and prioritization.

PCI DSS compliance requires an organizational implementation of the required processes and procedures. Your compliance efforts are typically sabotaged by mistakes made from the top. We’re going to briefly discuss the top PCI DSS Compliance Mistakes that are made and how to avoid them.

Early in the year, we introduced multiple drafts for Change Control. This feature enables builders to work on the same project simultaneously, each within their own draft environment. The upside? Agents were the talk of the town in 2025. Tines CEO Eoin Hinchy shared his thoughts on how they could help end muckwork, and shortly after, we launched the AI Agent action.