Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

You’ve built an arsenal of security tools, but they aren’t even fighting the same war. Today, the average company balances 83 different security systems from 29 vendors. This massive tool sprawl has created a costly problem: fragmented defenses. Although each of your legacy endpoint solutions once served a specific purpose, their lack of integration and communication makes them insufficient today.

A widespread supply chain attack has impacted hundreds of organizations through the marketing software-as-a-service (SaaS) product, Drift, owned by Salesloft. The campaign, attributed to a threat group tracked by Google as UNC6395, is believed to have occurred between August 8 and August 18, 2025. The attackers used stolen OAuth and refresh tokens associated with Drift's AI chat agent to access the systems of impacted companies.

AI marketing platforms have exploded in popularity, becoming everyday tools for creative teams in enterprises worldwide. Platforms like Simplified AI offer marketers the ability to generate content, clips, and campaigns at scale. For CISOs and IT leaders, approving such services often seems straightforward: allow access, whitelist the domain, and enable the marketing team to innovate.

As the summer winds down and conversation around AI Security heats up, the Snyk team is in full swing planning mode for a double-header this October—with the return of DevSecCon’s Flagship conference, focusing this year on Securing the Shift to AI Native, and serving as the founding partner of the inaugural AI Security Summit.

AI agents are rapidly evolving from simple text generators into powerful autonomous assistants that can browse the web, book travel, and extract complex data on our behalf. This new “agentic” AI, which operates in a “sense-plan-act” loop, promises to revolutionize how we interact with the digital world.

Modern software development thrives on speed and innovation, fueled by open-source libraries and third-party components. These resources are essential; they accelerate development cycles, reduce costs, and enable teams to bring complex projects to life. But with great reliance comes great risk. The software supply chain is under attack, and vulnerabilities hidden within can create massive security, operational, and compliance challenges.

Many years ago, a friend of mine worked as a security director at a firm and had what they called an “audit box.” It was a pre-prepared box filled with policies, network diagrams, security controls and checkboxes. Basically, all the things an auditor would want to see during a visit. Except they weren’t always a true reflection of reality. That's a tidy version of cybersecurity. You purchase a tool, deploy it, tick the box and the problem goes away.

Threat actors can now use AI tools to automate entire attack operations, according to a new report from Anthropic. The company says an attacker abused its Claude AI tool to create a hacking and extortion campaign that compromised at least seventeen organizations. The attacker used Claude to conduct reconnaissance, initial access, malware development, data exfiltration, and extortion analysis.

Healthcare organizations need to be prepared for an increase in AI-assisted phishing attacks, according to Zack Martin, Senior Policy Advisor at Venable. In an article for HIT Consultant, Martin explained that AI has made phishing attacks more convincing and easier to launch, posing a heightened risk to healthcare organizations.