Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

MITRE ATLAS has become a critical resource for cybersecurity leaders navigating the rapidly evolving world of AI-enabled systems.Traditional threat models are built for human-initiated workflows, APIs, and infrastructure, so they are no longer sufficient to describe modern AI attacks..

Over the last year, Model Context Protocol (MCP) servers have transitioned from "cool developer experiments" into critical production infrastructure. Developers love them because they allow AI agents to open tickets, query databases, and update records with almost zero integration backlog. But there is a fundamental truth we must acknowledge before moving forward: The AI revolution is actually an API revolution.

User-installable extensions for Visual Studio Code, Cursor, and other Integrated Development Environments are an increasingly exploited attack vector, with new malicious extensions discovered almost weekly. Do you have visibility and control?

On January 7, 2026, Trend Micro released a critical patch for Apex Central on-premises versions below Build 7190, addressing multiple vulnerabilities. The most severe of the vulnerabilities disclosed is CVE-2025-69258, a critical severity vulnerability, which allows unauthenticated threat actors to load malicious DLLs and execute arbitrary code as SYSTEM without user interaction. The advisory also includes two medium-severity denial-of-service vulnerabilities, CVE-2025-69259 and CVE-2025-69260.

Many attacks start without drawing attention. Nothing looks obviously wrong at first. It could be through a reused password or an exposed service that allows attackers to gain access to their systems. Sometimes, a well-crafted email is all that's needed. By the time security teams notice something is wrong, attackers have already been inside for days or weeks. This poses a huge challenge for many security teams. They often use multiple tools and conduct manual checks to find signs of intrusion.

AI-generated phishing emails now achieve a 54% click-through rate against just 12% for human-crafted messages. No, that is not a typo! With AI, attackers are now 4.5x more effective at breaching and bleeding your defences. Secondly, phishing attacks have surged by over 1,265% since ChatGPT’s launch in 2022, enabling cybercriminals to launch campaigns at unprecedented scales. The harsh reality?

99% of organizations faced API security issues in the past 12 months. Yet only 10% have an API posture governance strategy in place to actually defend against them. What makes this worse is that 95% of API attacks now come from authenticated sources. Traditional defenses built around authentication are failing. Shadow APIs and zombie APIs operate undetected while businesses manage an average of 660 endpoints with little visibility.