Data Protection Governance Security Compliance Ransomware.

In our day-to-day work and conversations with security experts, one concern comes up regularly: how consistent is our WAF protection? Our answer is always the same: not as much as you think. The truth is that in the case of enterprises, web application firewall (WAF) coverage is rarely uniform. Protection is often a mixed bag of products from different vendors, managed by separate teams, each guarding only part of the attack surface.

Our customers have been telling us for months: “You’ve made security simple.” Today, Forrester confirmed what our customers already knew. Mend.io has been recognized as a Strong Performer in The Forrester Wave: Static Application Security Testing Solutions, Q3 2025. In our first appearance in the evaluation, we earned top scores in Innovation and Triage. But the recognition that matters most? Being highlighted as a customer favorite.

If you think AI-generated code is saving time and boosting productivity, you’re right. But here’s the problem: it’s also introducing security vulnerabilities at an alarming rate. Our latest research reveals that 45% of AI-generated code contains security flaws, turning what should be a productivity breakthrough into a potential security nightmare.

Industries, governments, and enterprises of all kinds have adopted large language models (LLMs) and generative AI (GenAI) into their operations and workflows, unlocking new possibilities for everything from customer interaction to complex data analysis. But with this innovation comes new challenges for security, observability, and data science teams.

Trustwave's Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. Trustwave, A LevelBlue Company, and its affiliated entities do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration. Based on current information, we confirm there has been no exposure or impact to us or our clients.

Most insider threats do not start with intent; they start with exceptions, such as: These are not always acts of malice, but they create cracks that attackers can exploit. Because they look like “normal” activity on laptops and workstations, IT often does not see them coming. In simple terms, an insider threat is any risk that comes from people inside your organization, be they employees, contractors, or partners, with legitimate access to systems and data.