Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Advanced Persistent Threat (APT) groups are not a new scourge. These sophisticated, state-sponsored cyber adversaries, with deep pockets and highly advanced technical skills, conduct prolonged and targeted attacks to infiltrate networks, exfiltrate sensitive data, and disrupt critical infrastructure.

As cyber threats evolve, so must the strategies and frameworks that protect the data and systems that are at the heart of national defense, intelligence, and security. At a time when cyber threats are becoming more sophisticated, the need to protect national security systems (NSS) has never been more critical. With this in mind, the Committee on National Security Systems (CNSS) was formed to oversee cybersecurity standards for some of the most vital and sensitive U.S. government infrastructures.

As many of you may know, MITRE’s DHS contract to manage the CVE and CWE programs expired on April 16, 2025. While emergency funding has since been restored for a short time, the long-term future of these programs still remains uncertain. Understandably, this situation has raised concerns throughout the cybersecurity community about the stability and continuity of vulnerability tracking and management systems that many organizations have come to rely upon.

AI security threats are evolving at roughly the same speed that AI itself is: extremely fast. One of the most recent—and least understood—vulnerabilities involves vector and embedding weaknesses. These issues have gained attention with their addition to the OWASP Top 10 for LLMs, and the risks are becoming more urgent as Retrieval-Augmented Generation (RAG) continues to dominate enterprise AI adoption.

A practical guide for chief AI officers and technology leaders implementing federal AI governance The US Office of Management and Budget's recent memoranda — M-25-21, "Accelerating Federal Use of AI through Innovation, Governance, and Public Trust," and M-25-22, "Driving Efficient Acquisition of Artificial Intelligence in Government" — establish comprehensive frameworks for federal agencies that implement AI systems while maintaining appropriate safeguards.

As stated in my recent blog, CISO: Chief Cybersecurity Warrior Leader, I define warrior-leadership as a term that combines the concepts of leadership and expertise in the field of cybersecurity with the mindset and traits of a warrior. A warrior mindset helps leaders remain calm, focused, and effective in addressing and resolving complex challenges.

Let’s cut the fluff out of cloud security. As you build and innovate in the cloud, you create a maze of roles, permissions and resources that you must secure thoughtfully. The dirty secret is that as organizations launch and build new infrastructure, they also create a labyrinth of permissions that attackers can exploit if they get their hands on a valid password or credential.

We’re excited to announce a new integration with StackHawk—a developer-first DAST platform that brings runtime vulnerability testing directly into CI/CD workflows. With this integration, StackHawk findings are now ingested directly into Jit’s unified product security backlog—right alongside SAST, SCA, CSPM, secrets detection, and more.

When you unify a complex technology landscape that consists of diverse deployments—including on-premises, legacy systems, multi-cloud and hybrid environments—you inevitably create a tangled web of identities, each with its own set of security challenges. Identity and access management (IAM) as we know it struggles to keep up. It becomes increasingly complex to manage user access across disparate systems, to maintain consistent security policies and to meet compliance regulations.

Autonomous AI agents - known as Computer-Using Agents (CUAs) - are no longer science fiction! These systems can browse websites, interact with applications, and carry out tasks on their own. While intended to increase productivity, they can already be repurposed by threat actors for malicious use.