Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Global Open banking API call volumes are set to cross the 720 billion mark by 2029, and attackers know it. With the global open banking market surging past $38 billion in 2025 itself and projected to exceed $115 billion by 2030, the financial data flowing through these APIs is highly lucrative for threat actors. With over 7.5 million calls made to just AI APIs, they have now graduated from a technical challenge to a business imperative.

We release some good stuff this week with the CertKit agent version 1.8 from our roadmap, along with some small usability fixes in the CertKit web application.

Fresh off two weeks of back-to-back meetings in Washington, DC, and on the floor/in the wings of the RSA Conference, one theme echoed through nearly every conversation I had with senior government officials and public policy leaders from global technology companies: agentic AI security is the defining emerging security challenge of this moment — and policy is not keeping pace.

Exactly 8 years ago today, we launched the 1.1.1.1 public DNS resolver, with the intention to build the world’s fastest resolver — and the most private one. We knew that trust is everything for a service that handles the "phonebook of the Internet." That’s why, at launch, we made a unique commitment to publicly confirm that we are doing what we said we would do with personal data.

Your AI-BOM shows every model, tool, and data source you deployed. But when your SOC investigates an alert about unusual agent behavior, that inventory tells them nothing about what actually happened at runtime. Static AI-BOMs document what you intended to run. Attackers exploit what your AI workloads actually do in production: which APIs they call, what data they touch, and how they use approved tools in unapproved ways.

When your CNAPP flags a suspicious dependency in an AI agent container, your WAF logs an unusual API spike, and your SIEM shows a burst of cloud storage calls—are those three separate incidents or one rogue agent attack? Most security teams treat them as three tickets in three queues, investigated by three people who may never connect the dots. By the time someone pieces together that a single compromised agent drove all three signals, the attacker has already moved laterally and exfiltrated data.

Compare the top data access governance tools for 2026. Learn what to look for, and which platforms fit mid-market security teams. TL;DR: Data access governance tools map effective permissions to sensitive data, surface overexposed entitlements, and operationalize access reviews across hybrid environments. Without them, organizations cannot answer who can reach regulated data, enforce least privilege, or complete certifications without manual effort.

The recent leak related to Claude Mythos has offered a rare and revealing look inside the real capabilities of frontier AI models. The details of the leak underscore a reality that cybersecurity leaders need to understand clearly: Advances in model capability do not automatically translate into advances in cybersecurity, nor do they translate into better security outcomes without the right platform to apply them.

Over the past year, I have spent a lot of time with security leaders who are trying to navigate the same tension. They know their operations need to move faster. They know the volume, speed, and complexity of what lands in the SOC are not going to ease up. But they are also trying to make smart decisions in environments where trust matters, governance matters, and the cost of getting it wrong is real.