Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Language models now touch contracts, tickets, CRM notes, recordings, and code. That means personal data, trade secrets, and regulated content move through prompts, embeddings, caches, and third-party endpoints. If your audit still reads like a generic security review, you will miss the places where leaks actually happen. A modern LLM Privacy Audit Framework starts where the risk starts.

Recent research from Forrester Consulting commissioned by Tines, Unlocking AI’s full value: How IT orchestrates secure, scalable innovation, underscores the essential role IT leaders must play in AI orchestration, as well as the challenges that stall adoption – and the opportunities that await those who overcome them. But how do these findings translate to real life, and what are leaders and practitioners doing to navigate this landscape?

Modern application development moves at an incredible pace, but this speed often creates a gap between innovation and security. Effective AppSec Solutions close this gap by shifting security from a reactive bottleneck to a proactive, integrated part of the entire software development lifecycle (SDLC). This end-to-end approach doesn’t just detect flaws; it provides a unified framework to manage and reduce risk from the first line of code to the final cloud deployment.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Better get patching!

When I started my career on the trade floor of a Canadian bank, I quickly learned what it meant to work in a fast-paced, highly regulated environment. Every identity had to be secured, justified and auditable. Later, when I moved to the security engineering team, I saw firsthand how compliance could consume entire teams. We weren’t just protecting accounts; we were constantly running manual processes to prove that the right controls were in place.

CyberArk introduces Access Requests for Secure Cloud Access: Secure, seamless user experience for requestors and approvers alike. Securing and requesting access to multiple clouds can feel like navigating through a maze of approvals and endless tool-switching. In an ideal world, access requests would provide users with frictionless, just-in-time access across AWS, Azure, and Google Cloud from within their existing platform.

Over this last year, we’ve seen significant attacks like the Shai-Hulud worm, the Nx build system compromise, and secrets being leaked to public GitHub Actions logs via the tj-actions/changed-files compromise, but I could spend the entirety of this article only listing different attacks, let alone talking about them.

As part of Aikido’s Security Masterclass series, Mackenzie Jackson sat down with Bill Harmer (CISO, Supabase) and Etienne Stalmans (Security Engineer, Supabase) to explore how Supabase approaches security as part of design, not something to bolt on later. From Row Level Security (RLS) to the risks of AI-assisted coding, the discussion focused on what it takes to build fast and stay secure.

We brought together Ian Moritz, Deployed Engineer at Cognition, and Mackenzie Jackson from Aikido Security for a live masterclass on AI-assisted coding. The goal wasn’t to hype new tools. It was to talk about how developers can stay in control while AI starts writing, testing, and securing code beside them.

Highlights from BSides Chicago 2025, where we explored cloud-native identity risks, from service principal abuse to Kubernetes misconfigs and control-plane compromise tactics.