Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For organisations working towards SOC 2, penetration testing is often one of the more visible and scrutinised components of the audit process. While SOC 2 is not prescriptive in how controls must be implemented, it does require clear evidence that risks are identified, assessed, and addressed through effective security practices. SOC 2 penetration testing plays a key role in demonstrating this.

No matter the country, industry, or company size, IT and cybersecurity teams report a heavy regulatory load and worry about staying aligned with requirements Organizations today operate under a substantial number of IT and cybersecurity compliance obligations.

The AI SOC has arrived. According to the 2026 AI SOC Leadership Report, 94% of organizations are using AI in the SOC in some capacity. The question in 2026 is no longer whether to adopt AI-driven SOC automation, but rather how to do so. Is the architecture behind that adoption actually working?

Voice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant. Notably, vishing is live and interactive, giving the attacker more control over the social engineering objectives. “While email phishing often relies on volume and opportunistic delivery, interactive methods involve a live person steering the conversation in real-time,” Mandiant says.

New age mandates continue to emerge across the world. For product managers, compliance officers, and legal professionals responsible for implementing age assurance, understanding internationally recognized frameworks is essential. ISO 27566 and IEEE 2089 are the two leading internationally recognized standards for age assurance referenced by regulatory bodies creating guidelines for recent age mandates. While both standards address age assurance, they serve complementary purposes.

TLDR: We attended Cyber Security 2026: Kritisk infrastruktur in Stockholm, and the reality check was simple: “breakout time” has hit a record low of 29 minutes. If you’re still scanning monthly, you’re defending a version of your infrastructure that doesn’t exist anymore. The time it takes for an attacker to move after a breach has dropped to just 29 minutes. In 2021, we talked about a “breakout time” of 100 minutes. Today?

Opti9 recently announced it has been approved as an authorized reseller for Anthropic models through Amazon Bedrock, further strengthening its ability to deliver secure, enterprise-grade AI solutions on Amazon Web Services (AWS). In October, AWS enabled its Solution Provider Partners to resell Amazon Bedrock, a fully managed service that provides access to a wide range of leading foundation models from top providers.

The debate over lift and shift versus refactoring is one of the most persistent in cloud migration planning. It’s also frequently framed as a binary choice when it shouldn’t be. Most organizations will do both — the question is which approach applies to which workload, and in what order. Getting this decision wrong is expensive. Over-refactoring adds months to migration timelines and cost that’s difficult to justify.

For years, AI was the defender’s advantage. In the last 30 days, that narrative inverted — AI is now leaking data, generating malware, refusing to shut down, and erasing billions in market value. AI-enabled attacks rose 89% year-over-year. A single model leak wiped $14.5 billion from markets in one day. An AI agent compromised 600+ firewalls across 55 countries without a human operator. And another AI agent refused to shut down when commanded.

Your CNAPP shows green across every posture check—hardened clusters, compliant configurations, no critical CVEs—but when your board asks "Are our AI agents safe in production?", you cannot answer with confidence because your tools see the infrastructure, not what the agents actually do at runtime.