Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

At Tines, we power important workflows for some of the most demanding teams in the world, and for years, that always meant supporting deterministic, auditable automation. But as reasoning models have matured, our customers have started asking a different question: what if the workflow itself could reason?

Editor's note: This guest article by Tanium Senior Sirector, Product Management, Julia Grunewald was originally published in SC Media Exposure management has emerged as a powerful alternative to traditional vulnerability management for good reason. A proactive, always‑on security discipline that continuously identifies an organization’s exposures and prioritizes them based on risk helps us know where to best focus our limited resources.

Maxime Lamothe-Brassard, founder and CEO of LimaCharlie, sought answers on AI’s current capabilities in the SecOps space. Plenty of benchmarks exist to test AI's knowledge of cybersecurity, but none test whether a model actually does the work. There's a significant difference between an AI that can answer trivia questions about CVEs and one that can pick up an alert, investigate it, and produce an incident report.That gap matters more now than ever.

If you’ve been in security operations for more than a few years, you’ve lived through the automation hype cycle at least twice. First, it was SIEM that was going to solve everything. Then SOAR was supposed to fix what SIEM couldn’t. Now, AI SOC platforms are delivering what SOAR always promised but never actually could.

A blanket “no AI” policy is not the answer for most organizations. Prohibiting something people find genuinely useful just drives it further underground.

Most security teams are being asked to "enable AI" before they have any real sense of which tools are safe to use. That gap is costing them. Cyberhaven's research found that the majority of AI tools in active enterprise use today fall into high or critical risk categories, and more than 80% of enterprise data flowing into AI is going to those risky tools, not to platforms built with serious security in mind. To help security teams cut through the noise, we built the Cyberhaven AI App Risk Checker.

Today, we’re launching System Prompt Hardening, Mend.io’s new capability that defends the hidden instructions that control how your AI systems behave. Unlike user-facing prompts, system prompts live behind the scenes, and when attackers manipulate them, the result can be data leaks, policy bypasses, or unsafe model behavior. System prompt hardening stops those attacks at the source and gives security, engineering, and risk teams a practical, auditable way to secure AI in production.

Most security teams cannot confidently answer a simple question: who has access to which cloud resources right now? Human identities and accounts now span across thousands of services, subscriptions, and SaaS platforms. The result is a vast, decentralized environment riddled with “unknown unknowns” that security teams cannot fully map, and that traditional security controls weren’t designed to address. Attackers count on these identity blind spots.