Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Evaluating AI Security Posture Management Tools: 7 Key Criteria

Evaluating AI Security Posture Management (AI-SPM) tools is a critical process for organizations integrating AI, specifically Generative AI (GenAI) and Large Language Models (LLMs), into their workflows. Unlike traditional security tools, AI-SPM focuses on the unique risks of AI, including Shadow AI, prompt injection, data poisoning, model theft, and improper model configuration. When assessing AI-SPM tools, security leaders should prioritize the following capabilities.

Where Severity Scores Go Wrong: "Just Add Prototype Pollution"

At JFrog, our Security Research team continuously monitors and analyzes newly disclosed CVEs across the open-source ecosystem. Throughout our research, we have repeatedly observed cases where the assigned severity score does not accurately reflect a vulnerability’s real-world impact or exploitability. In fact, during 2025, JFrog researchers reassessed NVD critical-severity vulnerabilities and concluded that 96% warranted a lower severity rating.

June Release Rollup: Building Code Analyst, AI Assistant, and More

June's release brings a range of updates across Egnyte's platform, with the most notable addition being the Building Code Analyst, an AI-powered tool that helps AEC teams quickly surface relevant code requirements across jurisdictions. The release also includes Adaptive Block Caching (now generally available), expanded AI Assistant capabilities like agent mode and multi-file spreadsheet analysis, and several mobile improvements across iOS and Android.

CISO Executive Briefing: This Week's Threats, Priorities, Foresight & Execution

Cyber risk remains at an elevated baseline. Ransomware holds at “new normal” highs, state actors exploit supply chains and zero-days, and AI accelerates attacks. Last week’s signals confirm active exploitation of known vulnerabilities and credential/ICS exposure. Winning CISOs reduce attack surface at first principles, assume breach, and enforce continuous validation with measurable business outcomes.

Why Your Asset Counts Are Wrong (And What to Do About It)

If you've ever pulled an asset count from one tool and compared it to another, you've probably noticed they don't match. The discrepancy isn’t minor, either. The difference is likely to be substantial. One scanner says you have 4,200 assets. Your CMDB says 3,800. Your cloud inventory says 1,100. None of them agree, and none of them are right. That's not a data hygiene problem you can solve with a spreadsheet cleanup.

RBAC implementation: building effective role-based access control

Most organizations already run something they call role-based access control, yet permissions keep accumulating through ad hoc approvals and unreversed role transfers. RBAC holds up only when roles are designed from business functions and least privilege, validated against effective access first, and maintained through governance tied to HR-driven lifecycle events. Without that discipline, the model drifts back into access sprawl.

What is CEN/TS 18099? A guide to the injection attack detection standard

For years, the dominant threat against remote identity verification was the presentation attack: someone holding a printed photo up to a camera, wearing a mask, or playing a pre-recorded video on a phone screen. The industry responded with increasingly sophisticated anti-spoofing technology and vision-based detection models, and the standards to test their effectiveness followed. But many of today’s most sophisticated fraudsters don’t bother with the camera at all.

AI Just Shrank the Time Hackers Need to Weaponize Your Vulnerabilities

The Five Eyes intelligence alliance—NSA, CISA, GCHQ, Australia's ASD, Canada's Cyber Centre, and New Zealand's GCSB—just issued a joint warning: AI has compressed the window between vulnerability discovery and exploitation from years to months. Adrian breaks down what the "AI Shift in Cyber Risk" statement actually means for patching timelines and attacker sophistication—and why most organizations aren't moving fast enough to keep up.