The alert hits after hours. A suspicious sign-in turns into endpoint detections, then someone in leadership asks whether customer data is involved, and within minutes the team is juggling Slack threads, ticket updates, legal questions, and a half-dozen console tabs. Most organizations don't fail here because people don't care. They fail because the response lives in people's heads, scattered docs, and outdated runbooks.

Security teams today face a widening gap between the speed of modern software delivery and the cadence of traditional pentesting. Most teams ship weekly, but a full manual pentest only happens periodically and is gated by resource availability.

Today, Apono is joining 1Password. This is a major step forward for the company we set out to build, the customers who helped shape it, and the future of access governance. When we started Apono, we set out to eliminate the friction that access management creates between security and engineering teams. Access in the cloud was dynamic, but the systems meant to govern it were not. Widespread standing access became an accepted cost of doing business. Engineers waited on tickets.

Brand impersonation account takeover (ATO) happens when attackers use fake brand assets to expose customers, harvest credentials, and attempt access on the legitimate site. The impersonation stage happens outside the enterprise’s login environment, but the ATO risk appears when stolen credentials, attacker devices, or exposed users reach the legitimate login environment. That distinction matters because brand impersonation and account takeover are often handled as separate problems.

The one thing security teams are not short of is data. A day in the life of a security expert is filled with scanners, dashboards, pentest reports, tickets, and compliance checklists. But despite all this data, the one staggering question that every security team would literally trade their last brain cell for (or their entire month’s screen time for) is “What is pentesting (risk) moving towards?”

Today, we’re excited to share that key members of the team at Ensemble AI are joining Cloudflare to help accelerate our work in AI infrastructure and make it easier for developers to run powerful AI models efficiently at scale. Ensemble AI, founded in 2023 in San Francisco, has spent the last few years focused on one of the most important challenges in AI: making large models faster, smaller, and more cost-effective to serve, without sacrificing quality.

The UK’s Cyber Security and Resilience Bill is moving through Parliament and is expected to receive Royal Assent in the 2026–27 session. If you work in IT or security, you’ve likely already heard about it. If your organisation isn’t a hospital, utility, or bank, you may assume it doesn’t apply to you. However, no matter what field you are in, its worth taking a second look and closely evaluating how the legislation may affect you.

The recent White House executive order on advancing artificial intelligence innovation and security sends a clear signal about how leaders are framing the future. What stands out most in the executive order is the recognition that AI and cybersecurity are now inseparable. One cannot succeed without the other. While national security is a prominent example, this convergence extends to every organization that depends on digital systems.