Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Last week at the AI Security Summit, something profound happened. The first cohort of AI Security Engineers in the world earned their certification — a milestone that symbolized not just new skills, but a new mindset. For decades, security has been about control. Rules, gates, and policies that define what’s safe and what’s not. But the age of Agentic AI — systems that perceive, reason, act, and learn — is forcing us to evolve beyond static defenses.

The cloud has transformed collaboration. Teams now share documents, slides, spreadsheets, and more in real time, without worrying about content silos or email chains (a hotspot for inefficient sharing). For most files, it’s seamless. But here’s the reality: Not all work lives comfortably in the cloud. Designers, video editors, engineers, and data scientists are just a few of the professionals who depend on desktop native apps to do their best work.

Does the world really need another study of shadow AI? That was my first thought going into this project. Reading dozens of previous reports did not change that impression: there's a lot of shadow AI out there, and a lot of reports saying so. But the more I read, the more apparent it became that something important was missing. This endless supply was not meeting what was actually in demand.

Six months after launch, Alfred, the AI Agent that autonomously builds security tests, has revolutionized our workflow. Alfred has delivered over 450 validated tests against high-priority threats (average CVSS 8.5) with 70% requiring zero manual adjustment, allowing our human security researchers to concentrate on more complex, high-impact issues. Now, we’re elevating Alfred’s capabilities by integrating real-world threat actor intelligence directly into its core system.

A new class of AI-powered browsers are rewriting the rules of data security. While CISOs focus on traditional vectors, employees are unknowingly creating permanent backdoors to your most sensitive data through browsers that remember everything, sync everywhere, and share it all with AI models. The bottom line: If you're not actively protecting against AI browser exfiltration, you're already leaking data. Here's why it's happening, what it costs, and how to stop it today.

India’s Digital Personal Data Protection Act, 2023 (DPDP Act) is finally moving toward activation. In January 2025 the government published the Draft Digital Personal Data Protection Rules, 2025 for public consultation to operationalize the Act. As of late 2025, the Act is enacted but core provisions still await final notification, so a phased rollout remains likely.