Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On June 1, 2026, multiple npm packages in the @redhat-cloud-services scope were published with malicious versions. Each tarball ships a 4.1 MB obfuscated JavaScript file added to package.json as a preinstall hook. The hook runs a multi-stage loader that ends in a Bun-executed credential stealer hitting AWS, Azure, GCP, HashiCorp Vault, Kubernetes, GitHub Actions OIDC, npm, Bitwarden, and 1Password.

Every AI-SPM tool runs posture and detection with a single arrow: runtime evidence flowing back to rank posture findings. The load-bearing direction runs the opposite way, and almost nothing runs it — posture flowing forward to tell the detection layer what an attack even looks like.

The first time a security team needs an AI agent audit trail is usually 72 hours after the agent has already done something it shouldn’t have. Detection fires. Someone pulls every relevant log from the SIEM (Kubernetes audit, container runtime, cloud audit) and three hours in realizes the events that actually matter were never written. Which prompt triggered the tool call. Which parameters the agent passed. Which output left the cluster.

Most teams buy detection on a single number. The datasheet says “millisecond detection,” the proof-of-concept fires the instant a test payload lands, and the box gets checked. Then a real AI agent incident runs in production, and the postmortem shows the attack completed its objective well before anyone contained it, even though the alert, technically, fired in milliseconds. The number was real. It just measured the wrong thing.

Managing global connectivity is a lot like trying to assemble a puzzle, where the pieces come from different manufacturers, each with its own shapes, colors, and instructions. You might eventually fit them together, but not without significant time, effort, and potential gaps. For IT teams tasked with navigating the complexities of global connectivity, these obstacles can slow progress and create inefficiencies that ripple across an organization.

Earlier this year, BlueVoyant adopted a new detection strategy built on the Advanced Security Information Model (ASIM). For those unfamiliar, ASIM is Microsoft's normalisation layer that standardises log data across products into consistent schemas. Our approach is simple: The result? Dramatically faster use case development and cleaner, more maintainable detection logic.

Traditional API security protects deterministic systems with known endpoints and explicit actions, while MCP-powered AI agents operate through inferred intent, dynamic tool chaining, and natural language interactions. This requires MCP-specific security controls such as tool governance, behavioral monitoring, and semantic anomaly detection.

Houston is one of America’s most commercially active cities — a Fortune 500 corridor, a booming technology sector, and tens of thousands of small and mid-size businesses processing credit and debit card payments around the clock. Every one of those businesses is legally bound by a set of security standards that most owners know surprisingly little about: the Payment Card Industry Data Security Standard, universally referred to as PCI DSS.

The pitch for private PKI gets more compelling every year. Public certificate lifetimes are down to 200 days, dropping to 47 by 2029. If you run your own private certificate authority, you make your own rules. Issue certificates for as long as you want, skip the renewal churn. Let’s Encrypt and DigiCert don’t get to tell you what to do. Apple does though.

In my last post, I explained the math behind cosine similarity. Cosine similarity is a powerful search technique. When you are dealing with thousands or millions of chunks, it provides a fast, scalable way to find content conceptually similar to the user’s question. That is a major breakthrough. Without vector search, modern RAG would be much harder to build. But the mistake is pushing every retrieval problem into vector search. That is where practical retrieval starts breaking down.