Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Financial services firms handling payment card data just ran out of runway. As of March 31, '25, PCI-DSS 4.0 compliance is mandatory. The 64 new requirements that organizations could previously treat as best practices are now enforceable, and auditors are scrutinizing every control. According to Verizon’s 2024 Payment Security Report, only 14.3% of organizations achieved full PCI-DSS compliance during interim assessments. That means most firms are closing gaps while managing day-to-day operations.

When WorldLeaks claimed to have exfiltrated 1.4TB of Nike's corporate data—188,347 files containing everything from product designs to manufacturing workflows—the incident revealed something more significant than another headline-grabbing breach. It exposed a fundamental gap in how organizations approach data loss prevention. The breach reportedly included technical packs, bills of materials, factory audits, strategic presentations, and six years of R&D archives.

The exfiltration problem has evolved beyond what traditional DLP was designed to solve. Your employees work across personal AI assistants, multiple browsers, dozens of SaaS applications, and offline environments. They collaborate through Git, communicate via email clients, and store data on external drives. Each interaction represents a potential data loss vector—and legacy solutions can't see most of them.

A critical vulnerability (CVE-2025-40551) has been identified in SolarWinds Web Help Desk, a widely used IT service management platform deployed across enterprise and public sector environments to manage support tickets, assets, and internal workflows. Successful exploitation could allow an unauthenticated attacker to execute arbitrary commands on the underlying host system.

As we enter 2026, security and risk leaders are navigating a landscape that is both increasingly complex and strikingly familiar. At Bitsight, we have spent the last year listening to our customers, synthesizing insights from the field, and preparing for what lies ahead. In a recent webinar with my colleague Vanessa Jankowski, we explored the forces shaping cyber risk in the year to come.

Small and medium enterprises (SMEs) across Australia and New Zealand are struggling to secure their operations. The threats they face are constantly growing in both number in severity, but SMEs often lack the time, resources or in‑house expertise to protect themselves. Fortunately, the Cyber Health Check from the Australian Signals Directorate (ASD) offers a simple, practical way for organisations to assess their cyber maturity and understand where they can improve cyber protection.

Cybersecurity plays a critical role in preventing attacks through controls such as firewalls, endpoint protection and email security. Despite these investments, breaches still happen. According to the World Economic Forum, 87% of respondents identified AI-related vulnerabilities as the fastest-growing cyber risk in the past year.

ThreatSpike can now use JumpCloud’s Directory Insights API to pull in Login Events, which are automatically analyzed. If suspicious activity is identified, a SaaS Unusual Login incident will be raised – with our 24/7 SOC team on standby to confirm, investigate, and remediate the issue.

Today, we’re thrilled to introduce the AI Security Fabric, delivered through the Snyk AI Security Platform, and operationalized through a prescriptive path for AI security. As software creation shifts to humans, models, and autonomous agents working together at machine speed, security must evolve just as fundamentally. The AI Security Fabric defines the new paradigm, and the Prescriptive Path shows how the Snyk AI Security Platform gets you there.

In introducing the AI Security Fabric, we have outlined how security must evolve as software is built by humans, models, and autonomous agents working at machine speed. The Fabric defines the architectural shift required to build trust at AI speed, delivered through the Snyk AI Security Platform. We’re now focusing on the next question: how organizations put that vision into practice. Operationalizing AI security is not about enabling a single feature or deploying a tool.