Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When people talk about AI security risks, the conversation usually starts with the model. Can it be jailbroken? Can someone get around the guardrails? Can an attacker make it say or do something it should not? Those are fair questions, but they are not the most important ones. The bigger risk is not the model on its own: it’s everything the model is connected to.

Phorpiex, also known as Trik, is a resilient and long-running botnet with a history dating back to 2011. While it has grabbed some headlines, its sustained presence and adaptability make it a subject of ongoing concern for the cybersecurity community. Phorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform.

Artificial intelligence is moving rapidly from experimentation into everyday use across financial services. From client servicing and research to operations and risk analysis, AI is increasingly embedded in core workflows. This shift is widely recognised within the industry. Recent research indicates that 67% of financial services organisations report rapid AI adoption, with 93% ranking AI as a top security priority heading into 2026. At the same time, governance structures are being established.

In March 2026, Stryker Corporation experienced a global cyber incident that disrupted operations across its environment. Manufacturing slowed, internal systems went offline, and employees were instructed to disconnect devices. At first glance, it looked like another large-scale cyberattack. It wasn’t. This incident exposed a much more important reality about modern cybersecurity risk: organizations are no longer being breached in traditional ways.

RSA Conference 2026 made one thing clear very quickly. Security leaders are done with generic AI pitches. After two years of relentless “AI everything,” the market is now pushing back. There is a growing fatigue with vague promises, surface-level features, and what many are calling outright AI washing. The result is a trust gap. What cut through this year was not another AI-powered detection claim. It was a much more grounded question.

Each year, the threat environment changes, and the way we measure cyber risk has to keep up. Attackers adjust quickly. At the same time, organizations add cloud services, SaaS applications, and third parties to their environments. That makes it harder to maintain a stable, external measure of security performance. At Bitsight, the Ratings Algorithm Update (RAU) is one of the major initiatives that helps keep the Bitsight Security Rating a reliable indicator of security performance.

AI isn’t just another technology wave—it’s a force multiplier for both innovation and risk. In a recent webinar featuring insights from Bryan Palma and guest speaker Jinan Budge, Vice President and Research Director at Forrester, one message came through clearly: the rise of AI and AI agents is fundamentally reshaping the human risk landscape—and security leaders need to move fast to keep up.

Enterprise security teams spent years building data loss prevention (DLP) programs around a predictable set of egress channels: email, USB drives, cloud storage, and sanctioned SaaS apps. Generative AI has rewritten those assumptions almost overnight. Today, the same data those DLP controls were built to protect is flowing into AI interfaces that most organizations have no visibility into and no enforcement capability over.