What resonated most at RWC 2026? GitGuardian highlights key research on private key leaks, password managers, trusted execution environments, and secret sprawl.

We’re excited to share new updates and enhancements for March, including: For more info on these updates, check out the list below and dive into the detailed articles. Please join the Egnyte Community to get the latest updates, chat with experts, share feedback, and learn from other users.

Your AI-BOM shows every model, tool, and data source you deployed. But when your SOC investigates an alert about unusual agent behavior, that inventory tells them nothing about what actually happened at runtime. Static AI-BOMs document what you intended to run. Attackers exploit what your AI workloads actually do in production: which APIs they call, what data they touch, and how they use approved tools in unapproved ways.

Although Jira serves as the system of record for many DevOps and IT teams, retrieving secrets or approving requests for privileged information often occurs on other platforms. Teams may depend on external tools, email messages or Slack chats to manage credentials or elevation requests, leading to context switching, audit gaps and delays that increase operational risk.

Public sector organizations are operating in a threat environment that is both relentless and increasingly personal. Federal agencies, state and local governments and educational institutions are prime targets for ransomware, phishing, business email compromise (BEC) and credential theft. Local governments alone account for an estimated 43% of ransomware victims in 2025. But the real shift isn’t just in volume. It’s in tactics. Attackers have stopped trying to break in.

Exactly 8 years ago today, we launched the 1.1.1.1 public DNS resolver, with the intention to build the world’s fastest resolver — and the most private one. We knew that trust is everything for a service that handles the "phonebook of the Internet." That’s why, at launch, we made a unique commitment to publicly confirm that we are doing what we said we would do with personal data.

If the public sector had unlimited cybersecurity budgets and fully staffed SOCs, today’s threat landscape would look very different. But that’s not reality. Public sector organizations face chronic staffing shortages, constrained budgets and compensation structures that make it difficult to recruit and retain cybersecurity talent. Meanwhile, adversaries are accelerating their attacks. The result? Small teams carrying massive responsibility.

Fresh off two weeks of back-to-back meetings in Washington, DC, and on the floor/in the wings of the RSA Conference, one theme echoed through nearly every conversation I had with senior government officials and public policy leaders from global technology companies: agentic AI security is the defining emerging security challenge of this moment — and policy is not keeping pace.

“AI-powered DAST” is everywhere. It signals progress, but assumes something fundamental was missing. It wasn’t. DAST struggled not from lack of intelligence, but from lack of depth. Most tools never reached inside authenticated, stateful, multi-step journeys where real logic, sensitive data, and critical vulnerabilities exist. That’s the part Appknox solved years ago. AI here is not a reset. It is an accelerator, applied to a system already operating where risk actually lives.