Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Episode 13 - Battle-Hardened Research: Navigating the Intersection of AI and Open Source

Apr 23, 2026 By Corelight In Corelight
Richard Bejtlich sits down with Ali Islam to pull back the curtain on how a security research lab functions within a modern security company. Moving beyond the "ivory tower" of academia, Ali explains why researchers must be battle-hardened by real-world threat actor techniques to remain effective in the field. The conversation dives into Corelight’s unique commitment to the open source community through the direct funding of Zeek and Suricata developers, ensuring that community-driven tools can scale to meet massive enterprise traffic demands.
View Video
armo

Detecting Threats in Multi-Agent Orchestration Systems: LangChain, CrewAI, and AutoGPT

Apr 23, 2026 By Yossi Ben Naim In ARMO
It’s Tuesday morning at a mid-size fintech. A customer-support workflow runs on CrewAI in production: a Triage agent reads tickets, a Records agent pulls customer history, a Remediation agent drafts and sends the reply. A user submits a ticket with a pasted error log containing an indirect prompt injection. Triage summarizes and delegates. Records, interpreting instructions embedded in the summary, pulls 2,400 customer records instead of one.
Read Post
armo

How Healthcare Platform Teams Should Secure AI Agents on Kubernetes

Apr 23, 2026 By Shauli Rozen In ARMO
The surgeon is thirty-two minutes into a procedure. The ambient scribe pod listening to the operating room is mid-encounter — transcribing, retrieving prior chart context, drafting the operative note for post-op sign-off. At the same moment, your SOC gets an alert: anomalous tool invocation from that pod, elevated egress volume, behavioral deviation from the agent’s baseline.
Read Post
armo

AI Agent Security Framework on GKE: Implementation Guide

Apr 23, 2026 By Ben Hirschberg In ARMO
Your platform team spent a week configuring the Agent Sandbox CRD on a gVisor-enabled node pool — the architecture Google positions as the recommended pattern for AI agent workloads on GKE. Workload Identity Federation with KSA principals is bound to every agent pod. Container Threat Detection is licensed and active in Security Command Center Premium. And the runtime behavioral sensor you budgeted for won’t install.
Read Post
vanta

When tokenmaxxing leads to riskmaxxing

Apr 23, 2026 By Vanta In Vanta
Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.
Read Post
mend

The Butlerian Jihad: Compromised Bitwarden CLI Deploys npm Worm, Poisons AI Assistants, and Dumps GitHub Secrets

Apr 23, 2026 By Tom Abai In Mend
Part 1 covered CanisterWorm, the self-spreading npm worm. Part 2 covered the malicious LiteLLM package. Part 3 covered the telnyx WAV steganography attack. Part 4 covered the xinference AI inference attack. This post covers: a compromised @bitwarden/cli package that combines a self-propagating npm worm, a GitHub Actions secrets dumper, and a novel AI assistant poisoning technique.
Read Post
LimaCharlie

Fingerprinting AI Attacks: Detection Every SOC Needs

Apr 23, 2026 By LimaCharlie In LimaCharlie
Revisiting a conversation between LimaCharlie co-founder Christopher Luft and Chris Cochran, Field CISO & Vice President of AI Security at SANS Institute, on The Cybersecurity Defenders Podcast. For most of cybersecurity’s history, defenders could operate under a safe assumption: somewhere on the other end of an attack, a human was making decisions. Scripts might automate parts of the kill chain, tools might accelerate execution, but a person was in the loop.
Read Post
Corelight

From human-scale to AI-scale: Lessons in resilience from RSAC 2026

Apr 23, 2026 By Ed Smith In Corelight
The halls of RSAC 2026 were buzzing with a singular question: "How do we defend an ecosystem that is moving faster than we can think?" During a featured session last week, Brian Dye (CEO, Corelight) talked with Deneen DeFiore (CISO, United Airlines) about the realities of protecting one of the world's most complex digital environments.
Read Post
gitguardian

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Apr 23, 2026 By Guillaume Valadon In GitGuardian
Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines.
Read Post

The New CISO Ep. 144 - Rob Knoblauch | Your Most Valuable Skills Aren't Technical

Apr 23, 2026 By Exabeam In Exabeam
Cybersecurity debates tend to center on tools, frameworks, and threats. But Rob Knoblauch has built a 25-year career in global security leadership by focusing on the soft skills that determine whether a CISO survives, thrives, or burns out. In this episode of The New CISO, Rob joins Steve Moore to trace the through-line from running a multi-node BBS as a kid to serving as Deputy CISO of one of the world’s largest banks — and the career lessons he’s carried through every chapter.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.