Shared agent configs, monitor search, and a GDPR policy
A few practical improvements this week, mostly driven by what we’re learning as customers deploy CertKit into larger infrastructures.
Defending at Machine Speed in the Autonomous Age
Frontier AI models are accelerating the discovery of new vulnerabilities combined with the ability to exploit those weaknesses at speed and scale. This alone isn’t the problem. Trust in AI‑driven security outcomes is. With AI dominating headlines, security leaders are asking what models like Mythos or GPT‑5.4‑Cyber mean for their business. The real issue runs deeper. Teams need to be able to trust tools and technology that move at machine speed.
7 Principles of Zero Trust Identity and Access Management
Many engineering teams treat zero trust as a simple MFA checkbox. They invest in advanced identity providers but still leave environments exposed, with permanent admin roles and manual ticket queues that frustrate developers. Most teams have adopted the language of zero trust without changing how access actually works. They verify identity at login, then leave broad permissions in place long after the task is done.
Phishing Campaigns Abuse AI Workflow Automation Platforms
Threat actors are abusing agentic AI automation platforms to deliver malware and send phishing emails, according to researchers at Cisco Talos. The researchers observed attackers using n8n, a legitimate platform that automates workflows in web apps and services like Slack, GitHub, Google Sheets, and others.
Security Without Certainty: Defending in the Age of Mythos
Mythos has elevated cybersecurity concerns, but it does not need to change the playbook completely.
A Poisoned Xinference Package Targets AI Inference Servers
Part 1 covered CanisterWorm. Part 2 covered the malicious LiteLLM package. Part 3 covered the Telnyx WAV steganography attack. This post covers the latest wave: three malicious versions of xinference on PyPI, carrying the same credential-stealing playbook and a plot twist. On April 22, 2026, Mend.io’s threat detection identified malicious versions of xinference on PyPI: 2.6.0, 2.6.1, and 2.6.2.
Understanding DISP Membership and Requirements in the Defence Industry Security Program
If you work with the Australian defence sector, DISP membership is no longer optional. The Defence Industry Security Program (DISP) is a baseline requirement for organisations operating in or supplying into Australian Defence. Most companies still treat DISP in defence as a compliance checkbox, but that approach fails. DISP is about reducing real operational risk across the supply chain.
Building a Governed AI Model Supply Chain: Integrating AWS SageMaker and the JFrog Platform
Amazon SageMaker accelerates the process of training and deploying machine learning models. However, as AI adoption scales from individual experiments to enterprise-wide production, the focus of leading Fortune 500 software development operations and security teams must shift from pure velocity to governance.
Acronis GenAI Protection is now live: Secure the AI era
Generative AI is no longer emerging. It is already embedded in how businesses work. From content creation and research to customer support and internal productivity, AI tools are rapidly becoming part of everyday workflows across SMBs and the MSPs that serve them. But this shift comes with a hard reality: As GenAI adoption accelerates, so do the risks.
GitGuardian Now Flags Overprivileged and Admin Secrets Across AWS, Entra, And Okta Identities
GitGuardian NHI Governance will now automatically flag machine identities that carry admin access and have more privileges than they actually use. GitGuardian NHI Governance has been able to surface policy breaches for long-lived secrets, Duplicated Secrets, and, of course, if the secrets have been leaked publicly or internally.