As autonomous and semi-autonomous AI systems take on more responsibility within the enterprise, they shift from being “features” of software to becoming true internal actors. They make decisions, take actions, call tools, orchestrate workflows, and influence other AI agents. With this evolution, we must confront an uncomfortable truth: the metrics and response patterns we built for deterministic software no longer work.

A new npm supply-chain compromise is targeting the SAP developer ecosystem. The affected packages we are tracking so far are: The pattern is familiar but also a bit different: a trusted package receives a new preinstall hook, the hook runs a new setup.mjs file, and that loader downloads the Bun JavaScript runtime to execute a large obfuscated payload named execution.js. The payload is an 11.7 MB credential stealer and propagation framework.

Researchers recently analyzed 18,000 Claude Code configuration files pulled from public GitHub repositories. What they found was straightforward and alarming: developers are already installing mistyped, misconfigured, and near-identical MCP server names — often without realizing it. The human-error condition that makes typosquatting work was already present at scale before any attacker needed to exploit it.

On April 29, 2026, security researchers detailed a campaign known as ‘mini Shai-Hulud’ that involves compromised versions of npm packages used in SAP’s Cloud Application Programming Model (CAP). The malicious packages reportedly contain functionality to steal sensitive data such as credentials. The stolen data is encrypted and exfiltrated via public GitHub repositories. The maintainers of known-compromised packages have released updated versions.

A patch management policy is a formal organizational document that defines how software updates are identified, prioritized, tested, and deployed across an organization's systems to address security vulnerabilities that attackers commonly exploit to gain initial access.

On March 11, 2026, the Iranian hacktivist group Handala Hack Team claimed responsibility for compromising the American healthcare technology company Stryker. Public reporting suggests more than 200,000 systems were impacted and up to 50TB of data exfiltrated. While these figures remain unverified, the scale of operational disruption alone places this incident among the most significant enterprise cyber events of the year so far.

We’ve established the new forensic reality: a massive 72.9% inventory gap exists between the vendors you monitor and those invisible to your security. We have seen the shortcomings of SSO and its inability to holistically monitor all the vendor applications your users engage with, along with a Shadow AI explosion that is compounding both issues. The era of procurement-only discovery is over. To secure the modern cyber workforce, we must pivot from "buying-based" to usage-based discovery.

The external auditor’s evidence request lands Tuesday morning. A security architect at a Tier 1 bank pulls up her AI-SPM dashboard for the SOC2 Type 2 review. Eighty-three AI agents running across the bank’s clusters. For each one, the dashboard shows the current configuration and the current behavioral baseline. The data is accurate, comprehensive, and point-in-time.

Most security teams treat a high volume of false positives as an analyst problem. Too many alerts, too little time, not enough headcount. So they add analysts, tune a few policies, and move on. That response is understandable, but it misdiagnoses the problem. When data loss prevention (DLP) false positive rates stay high over time, the issue is not a staffing gap. It is a detection accuracy problem, one that sits inside the tool, not the team.