Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The rapid adoption of AI agents for development is creating a critical security gap. We are moving from predictable logic, deterministic code paths, and human-driven workflows to non-deterministic agents that reason, plan, and act autonomously using large language models across the broader software development lifecycle. As enterprises adopt these autonomous AI agents, the core challenge isn’t just the new risks and attack vectors; it’s a loss of runtime control.

Large language models (LLMs) have revolutionized artificial intelligence and are rapidly transforming the cybersecurity landscape. As these powerful models become commonly used among both attackers and defenders, developing specialized cybersecurity LLMs has become a strategic imperative. The CrowdStrike 2025 Global Threat Report highlights a concerning trend: Threat actors are increasingly enhancing social engineering and computer network operations campaigns with LLM capabilities.

Imagine this. Your phone rings on January 2nd, and it’s your DevSecOps and AppSec groups. A major security vulnerability is exposing your business, and your teams are trying desperately to find and fix it to protect your data. You probably have scars as far back as Log4j, as well as threats from more recent incidents like npm attacks, Glassworm and others ringing in your ears. With CVEs expected to rise by tens of thousands a year, you can envision that the situation will only worsen.

Energy. Water. Finance. Healthcare. Transportation. Each of these sectors underpins the daily functioning of modern society—and each is now a potential attack vector for cyber attacks.

Following our successful MITRE ATT&CK Evaluation results earlier this month, WatchGuard has now achieved an AAA rating in the SE Labs Endpoint Protection Suite (EPS) evaluation, the highest possible score in this independent test. SE Labs evaluates prevention and response in real-world scenarios, validating the ability to stop attacks while allowing legitimate business activity to continue uninterrupted.

Cyberattacks are growing in frequency and sophistication. Data from the 2024 Verizon Data Breach Investigations Report shows that breaches exploiting application vulnerabilities have increased by 180% in the last year alone. Applications remain a primary target, yet development teams are under constant pressure to innovate and deliver faster. Using disconnected or inadequate application security tools creates security gaps, slows down development pipelines, and ultimately increases business risk.

Welcome back to our threat hunting series with Corelight and CrowdStrike. In our previous posts, we armed you with techniques to spot adversaries during Initial Access and how they establish Persistence to maintain their foothold. Now, we're diving into the shadowy dance of Defense Evasion and Lateral Movement.

For security teams, the adoption of agents showed up operationally before it showed up strategically - creating new expectations and requirements. Risk is no longer tied to prompts or the model alone. It shows up in what agents do once they are connected to critical systems - coming from permissions they inherit, tools they invoke, and data they move.

Static credential practices — where certificates, keys, and tokens persist for months or years and are manually rotated — create systemic risk in DevOps pipelines. Rotating these secrets is time-consuming and costly. In fact, organizations may spend dozens of hours and involve multiple teams to rotate a single credential. Manual rotation quickly becomes impractical across thousands of service accounts. In this post, you will learn.

As the global cyber threat landscape evolves, adversaries continue to refine and adapt their tactics. Bitsight threat intelligence indicates that there are several tactics, techniques, and procedures (TTPs) that are most commonly and consistently leveraged by threat actors. These attacks are not isolated; they’re systemic.