trustcloud

Agentic AI in security operations: Friend, risk, or both

May 7, 2026 By Shweta Dhole In TrustCloud
Agentic AI is forcing a hard question on every security leader: when your SOC is full of autonomous “doers” instead of just dashboards and scripts, is that your new best friend or a brand‑new risk surface you barely understand? The honest answer is both, and the way you design, govern, and deploy these systems will decide which side wins.
Read Post
vanta

The 5 best GRC software solutions for CMMC compliance in 2026

May 7, 2026 By Vanta In Vanta
Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.
Read Post

The Partnerships Taking on AI Security: Daniel Bernard, CrowdStrike Chief Business Officer

May 7, 2026 By CrowdStrike In CrowdStrike
The previous episode of the Adversary Universe podcast explored the “vuln-pocalypse” and the implications of advanced AI models accelerating vulnerability discovery and exploitation. Now, we’re diving into how companies are working together to face these evolving security risks. CrowdStrike Chief Business Officer Daniel Bernard spends much of his time talking with partners and customers about how to address their growing concerns: Is their business protected? Do they know which vulnerabilities are in their environment? What do they do about them?
View Video
apono

The JSONFormatter Wake-Up Call: How Developer Tools Are the New Identity Breach Vector

May 7, 2026 By The Apono Team In Apono
Everyone uses developer tools to get through the day. A JSONFormatter to inspect an API response, or a JWT decoder when you need to inspect a token quickly. In most engineering teams, these tools are treated as harmless productivity aids. In November 2025, researchers discovered that JSONFormatter and CodeBeautify had been storing everything users pasted into them via a save feature that generated shareable links with fully predictable URL structures. A simple crawler could retrieve all of them.
Read Post
Torq

AI Security and Trust: Why SOC Teams Don't Trust AI

May 7, 2026 By Bob Boyle In Torq
See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo 92% of security leaders say something is actively reducing their trust in AI within the SOC. These aren’t skeptics, they’re people who have already adopted AI and believe in its ability to enhance security operations. We know from the 2026 AI SOC Leadership Report that AI is already widely adopted in the SOC, with 94% of organizations using it in some capacity.
Read Post
sumologic

AI SOC vs. white box AI: Why black boxes fail in the real world

May 7, 2026 By David Girvin In Sumo Logic
There’s a growing wave of “AI SOC” startups promising autonomous everything. They’ll triage your alerts, investigate threats, and even run your playbooks. Push a button, let the machine handle the mess, and enjoy the magic. It sounds great until the moment something breaks. Then everyone, not just security, asks the same question: “What exactly did it do?” And that’s when these systems turn into a liability.
Read Post
veracode

The $10 Million Question: Why Are 81% of Organizations Still Getting Breached?

May 7, 2026 By Natalie Tischler In Veracode
We are living in a security paradox. Cybersecurity budgets are increasing, security stacks are growing more complex, and yet, the needle barely seems to move. According to the newly drafted 2026 Cyberthreat Defense Report (CDR), 81% of organizations experienced at least one successful cyberattack this past year. Even more concerning, the number of organizations suffering from six or more successful attacks is actually creeping up.
Read Post

How Attackers Use Developer Machines to Breach the Software Supply Chain - May 07, 2026

May 7, 2026 By GitGuardian In GitGuardian
In April, three major supply chain campaigns hit npm, PyPI, and Docker Hub in just 48 hours, and while the ecosystems were different, the objective was the same: steal credentials from developer environments and CI/CD pipelines. The malware targeted API keys, cloud credentials, SSH keys, GitHub tokens, npm tokens, environment variables, and more, turning developer machines and build systems into high-value credential vaults for attackers.
View Video
armo

Privacy and Data Residency for AI Agents: What GDPR Requires That Static Controls Can't Show

May 7, 2026 By Yossi Ben Naim In ARMO
The residency evidence GDPR and the EU AI Act now expect lives in the runtime trajectory of every AI agent execution, not in the deployment configuration. Your residency compliance dashboard — every workload in eu-west-3, sovereign cloud configured, SCCs signed — cannot produce it. Your AI agent’s last thousand inferences crossed an external border, on average, eight times each. The translation API routed through us-east-1 when the EU endpoint hit capacity.
Read Post
CalCom

How to Talk to Your Board About System Hardening

May 7, 2026 By Joan Levin In CalCom
You know your servers need hardening. Getting leadership to prioritise, fund, and support the effort is the harder challenge. Here’s our experts’ best advice for how to talk to the C-suite and board about the need for automated server hardening. You already know the servers are drifting. Configurations change. Exceptions pile up. Standards slip over time. The hard part is not identifying the problem.
Read Post
Subscribe to Security

Copyright © 2026 OpsMatters™. All rights reserved.