If your identity governance program feels like a relic from a simpler time, you’re not alone. Traditional identity governance and automation (IGA) was built for a world where job titles told the whole story. A software engineer was a software engineer; a sales rep was a sales rep. Assigning access was intended to be as simple as slotting people into predefined roles.

If you’ve been in security operations for more than a few years, you’ve lived through the automation hype cycle at least twice. First, it was SIEM that was going to solve everything. Then SOAR was supposed to fix what SIEM couldn’t. Now, AI SOC platforms are delivering what SOAR always promised but never actually could.

For many organizations, a single security lapse isn’t just a technical glitch — it’s a catastrophic blow to their brand reputation and bottom line. With the global average cost of a leak reaching record highs ($4.44 million according to 2025 estimates), learning how to prevent data theft has shifted from a best practice to a business necessity. But how do you stay ahead of the latest cyber threats?

Most security teams cannot confidently answer a simple question: who has access to which cloud resources right now? Human identities and accounts now span across thousands of services, subscriptions, and SaaS platforms. The result is a vast, decentralized environment riddled with “unknown unknowns” that security teams cannot fully map, and that traditional security controls weren’t designed to address. Attackers count on these identity blind spots.

Maxime Lamothe-Brassard, founder and CEO of LimaCharlie, sought answers on AI’s current capabilities in the SecOps space. Plenty of benchmarks exist to test AI's knowledge of cybersecurity, but none test whether a model actually does the work. There's a significant difference between an AI that can answer trivia questions about CVEs and one that can pick up an alert, investigate it, and produce an incident report.That gap matters more now than ever.

Beyond hardware failures and cyberattacks, global events and regional instability can halt critical operations without warning. Modern businesses are exposed to forces outside their control, and a single disruption can ripple across systems, teams and customers. You can't predict downtime or what damage it will cause.

As endpoints became more powerful, more mobile, and more exposed, they also became more prone to attacks. Endpoints remain one of the most targeted entry points for attacks. Attacks today are no longer random; they are targeted, deliberate, and increasingly powered by automated AI discovery tools that hunt for unmanaged gaps. Malware, ransomware, and phishing-based intrusions continue to increase, and their first level of interaction often happens on an endpoint.

More than 90% of successful cyberattacks start with email, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). That’s not because security teams lack tools, but because attackers target human decision-making. For years, organizations treated email security as a filtering problem: block enough malicious messages, and risk goes down. That assumption no longer holds.

Security is traditionally a game of defense. You build walls, set up gates, and write rules to block traffic that looks suspicious. For years, Cloudflare has been a leader in this space: our Application Security platform is designed to catch attacks in flight, dropping malicious requests at the edge before they ever reach your origin. But for API security, defensive posturing isn’t enough. That’s why today, we are launching the beta of Cloudflare’s Web and API Vulnerability Scanner.

As I wrote in my recent book, How AI and Quantum Impacts Cyber Threats and Defenses, as we humans use AI more and more, AI will begin to communicate with itself using new AI-only communication methods that humans cannot easily see or read. If there is no human-readable audit trail or code, this is a very, very bad thing. It must be stopped at all costs. Humans are absolutely beginning to use AI more and more to do things they used to do manually. Soon, we will all be using multiple AI agents.