Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you are not using AI to defend against AI, you will lose. But for organizations operating in air-gapped environments, the path to AI-driven defense can be blocked by the very isolation that protects them. Today, we're announcing that Elastic Security is now the embedded security layer for Google Distributed Cloud (GDC) air-gapped environments, expanding our collaboration with Google Cloud.

As AI adoption accelerates on Google Cloud, the challenge for most teams today is no longer just building AI-powered applications. It’s also managing the full AI stack from end to end, including data pipelines, infrastructure, release process, and security operations. Many teams are monitoring these layers with different tools, creating complexity, fragmenting visibility, and slowing decisions on what to do next.

Cloud environments create a flood of security signals, often reaching tens of thousands per day depending on the organization’s size. Security engineers and analysts spend a disproportionate share of their time triaging these signals instead of acting on legitimate threats. But the time-intensive parts of that work, such as identifying related signals and building a timeline, can be handled systematically, leaving teams free to focus on what actually requires human judgment.

A patient calls your privacy office and requests an accounting of every disclosure of her PHI made outside treatment, payment, and healthcare operations over the past six years. This is her right under HIPAA. Your privacy officer pulls the EHR disclosure log. It is complete through the day your organization deployed its first production AI agent.

A CISO at a mid-sized SaaS company pulls her platform lead aside after a board meeting. One question: “Do we have AI agents running in production?” The lead pauses. He knows the data science team has been experimenting with LangChain. He remembers a conversation about a customer-support pilot. He thinks there might be an inference server in staging that got promoted last quarter.

Your platform team deployed eBPF-based runtime sensors on AKS last week. Defender for Containers is enabled. Azure Policy is enforcing pod security standards across your AI workload namespaces. And your Observe pillar is still blind — because nobody enabled the Diagnostic Setting that routes kube-audit logs to the Log Analytics workspace where your tooling can actually consume them.

Part 1 covered CanisterWorm. Part 2 covered the malicious LiteLLM package. Part 3 covered the Telnyx WAV steganography attack. This post covers the latest wave: three malicious versions of xinference on PyPI, carrying the same credential-stealing playbook and a plot twist. On April 22, 2026, Mend.io’s threat detection identified malicious versions of xinference on PyPI: 2.6.0, 2.6.1, and 2.6.2.

Many engineering teams treat zero trust as a simple MFA checkbox. They invest in advanced identity providers but still leave environments exposed, with permanent admin roles and manual ticket queues that frustrate developers. Most teams have adopted the language of zero trust without changing how access actually works. They verify identity at login, then leave broad permissions in place long after the task is done.

Organizations across the Asia-Pacific region are accelerating adoption of open infrastructure, Kubernetes, and modern virtualization platforms. As these environments grow, protecting applications and data becomes a core operational requirement. The strategic partnership between Trilio and Bigstack to deliver integrated cloud-native data protection and migration capabilities for enterprises deploying modern private and hybrid cloud environments.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo The AI SOC is cybersecurity’s fastest-growing category, and for very good reason. Machine-speed threats demand machine-speed responses, and the $82.45 billion market forming around this reality reflects just how urgent that need has become. The Torq AI SOC Platform delivers agentic insights and the ability to streamline action across the full security stack.