Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If everyone owns cybersecurity, no one really owns it.

An AI agent with access to a customer’s brokerage account can begin executing trades. Not because the customer asked. Because someone, somewhere upstream, slipped a hidden instruction into a tool the agent loaded at startup. The agent is doing exactly what it was told. Just not by the customer. This is not a hypothetical. It is the attack class that financial security teams have exactly zero legacy tooling to catch and it is arriving precisely as banks accelerate their agentic AI ambitions.

May 2026 will be remembered as the month the AI developer toolchain itself became the primary attack surface. A single threat actor — TeamPCP — ran a nine-day campaign that started as a worm in open-source packages, escalated through a poisoned code-editor extension, and ended inside GitHub’s own infrastructure.

The recent White House executive order on advancing artificial intelligence innovation and security sends a clear signal about how leaders are framing the future. What stands out most in the executive order is the recognition that AI and cybersecurity are now inseparable. One cannot succeed without the other. While national security is a prominent example, this convergence extends to every organization that depends on digital systems.

The UK’s Cyber Security and Resilience Bill is moving through Parliament and is expected to receive Royal Assent in the 2026–27 session. If you work in IT or security, you’ve likely already heard about it. If your organisation isn’t a hospital, utility, or bank, you may assume it doesn’t apply to you. However, no matter what field you are in, its worth taking a second look and closely evaluating how the legislation may affect you.

Today, we’re excited to share that key members of the team at Ensemble AI are joining Cloudflare to help accelerate our work in AI infrastructure and make it easier for developers to run powerful AI models efficiently at scale. Ensemble AI, founded in 2023 in San Francisco, has spent the last few years focused on one of the most important challenges in AI: making large models faster, smaller, and more cost-effective to serve, without sacrificing quality.

Today, Apono is joining 1Password. This is a major step forward for the company we set out to build, the customers who helped shape it, and the future of access governance. When we started Apono, we set out to eliminate the friction that access management creates between security and engineering teams. Access in the cloud was dynamic, but the systems meant to govern it were not. Widespread standing access became an accepted cost of doing business. Engineers waited on tickets.

You approved the AI tools. You funded the infrastructure. Now your teams want to deploy AI agents, and the ask sounds reasonable: automate the research workflow, connect the agent to the CRM, let it draft and send. The productivity case is clear. What is less clear is who owns the security exposure when that agent starts moving data across systems it was never explicitly authorized to touch. The answer, increasingly, is you.