The Security Strategist

Podcast: The Security StrategistHost: Richard Stiennon, Chief Research Analyst at IT-HarvestGuest: Nathan Rollings, CISO at ZafranThe cybersecurity enterprise space has been transforming for years, going beyond traditional vulnerability management. According to Nathan Rollings, CISO at Zafran, the next shift is already underway in the B2B Enterprise technology space. It is being driven by automation, AI, and a deeper understanding of context within enterprise environments. Rollings sat down with host Richard Stiennon, also the Chief Research Analyst at IT-Harvest on The Security Strategist podcast to talk about the need for security teams to move beyond dashboards and risk scores to something more operational–agentic exposure management.“Attackers are already using automation and AI,” Stiennon says to Rollings during the podcast. “Meanwhile, most defenders are still focused on risk scores, dashboards, and ticket backlogs.”Rollings believes the real opportunity lies in allowing intelligent systems to analyse exposure continuously and act on it.The Discourse to Agentic ExposureExposure management often appears as a new discipline, but Rollings believes its roots are much older.“If you were to look at a vulnerability management maturity model five or 10 years ago, the characteristics of the most mature programs aligned with what we consider continuous threat exposure management today,” he said.Traditional vulnerability management focused heavily on scanning and prioritising flaws. Continuous threat exposure management (CTEM) builds on that by adding context such as internet reachability, compensating controls, and real-time telemetry from security tools.Agentic exposure management goes a step further, where autonomous systems help drive the processes themselves. “When we look back at the early days of vulnerability management, we did much of this manually,” Rollings said. “Then we moved toward automated processes. Now, we are moving toward autonomous.”Instead of security teams manually distributing vulnerability reports or setting rigid rules for ownership and remediation, AI agents can interpret available telemetry and handle those workflows dynamically. Over time, those same systems may even take remediation actions on their own.The challenge is trust, according to Zafran’s CISO. “Enterprises must trust that the actions taken by these systems are safe and effective within their environments.”Anthropic’s AI announcement sends industry ripplesThe podcast also covered a recent announcement from Anthropic regarding AI-driven code security. This move quickly sparked debate about how generative AI might reshape vulnerability management.Stiennon suggested the technology could disrupt parts of the market focused on application security. However, Rollings believes its impact on exposure management will be more limited. “Code analysis is incredibly powerful,” he said. “But it’s very much a shift-left capability."Exposure management operates on the opposite side of the lifecycle. It focuses on production environments, where context decides whether a vulnerability is actually exploitable.“A good exposure management platform considers your defence-in-depth strategy,” Rollings explained. “That means tens of integrations across an organisation to understand the residual risk of specific exposures.”Runtime behaviour, network paths to the internet, endpoint protection policies, and segmentation controls all influence whether a vulnerability is a real risk. Analysing source code alone cannot provide that operational picture.Why context matters more than another risk scoreFor many security teams, vulnerability prioritisation still relies heavily on numerical risk scoring. Rollings argues that this approach often misses the bigger picture. “You’re spending so much money on these security tools,” he said. “The real question is, what is the return? What is the business value?”Understanding the effectiveness of existing controls, such as intrusion prevention systems, endpoint detection, or micro-segmentation, can dramatically change how vulnerabilities are prioritised.Research cited by Rollings suggests that only around one in 50k vulnerabilities is truly exploitable in a given environment once contextual factors are taken into account. “That means organisations spend enormous effort remediating vulnerabilities that may never actually be reachable,” he added.Agentic systems that correlate telemetry across security tools could narrow that focus significantly. This would allow teams to prioritise the small subset of exposures that really matter.“Security teams were so focused on detection, assessment, and ticketing that they didn’t have time to dig deeper,” Rollings tells Stiennon. “Agentic capabilities free them to concentrate on the things that truly make a difference.”Key TakeawaysExposure management prioritises vulnerabilities using real-world context, not just CVSS scores.Agentic AI can analyse exposures and automate remediation workflows.Security context—controls, network paths, and runtime data—determines real exploitability.Only about 1 in 50,000 vulnerabilities are truly exploitable in most environments.AI-secured code won’t remove runtime risk in live infrastructure.Chapters00:00 Introduction to Cybersecurity Challenges03:19 The Evolution of Exposure Management07:31 Impact of AI on Vulnerability Management11:34 Contextual Understanding in Exposure Management15:37 Efficiency and Cost-Effectiveness in Security Teams18:08 Key Takeaways for Security PractitionersFor more information, please visit em360tech.com and www.zafran.io.Follow: EM360Tech YouTube: @enterprisemanagement360EM360Tech LinkedIn: @EM360TechEM360Tech X: @EM360TechZafran LinkedIn: Zafran SecurityZafran X: @Zafran_io#AgenticAI #ExposureManagement #VulnerabilityManagement #CTEM #Cybersecurity #CISO #SecurityStrategist #RichardStiennon #NathanRollings #Zafran

Podcast series: The Security StrategistGuest: Sam Woodcock, Senior Director of Solutions Architecture at 11:11 SystemsHost: Shubhangi Dua, Podcast Producer and B2B Tech Journalist at EM360TechIn the recent episode of The Security Strategist podcast, host Shubhangi Dua, Podcast Producer and B2B Tech Journalist at EM360Tech, spoke with Sam Woodcock, Senior Director of Solutions Architecture at 11:11 Systems. They discussed what he sees as one of the biggest issues in cybersecurity today: the gap between confidence and ability.Their conversation, based on findings from the company’s latest global survey, revealed a troubling fact. While 81 per cent of IT leaders believe they are ready to recover from a cyberattack, many have already faced serious incidents, sometimes more than once a year.Woodcock pointed out that this confidence can be misleading. “If you think about your cyber recovery planning, it often looks strong on paper,” he said. “That can create a false sense of security because cyber recovery is very complex.”Analyst Read: Forensic Recovery Is Central to Cyber Resilience Cyber Recovery is Not FixedWoodcock explained that many organisations confuse documented plans with actual readiness. Cyber recovery is not fixed; it must change with the infrastructure, applications, and threats.“Change is the only constant in this industry,” he noted. “Things are shifting daily and weekly. What you had in place today can quickly become outdated.”Testing often suffers from time and budget constraints. Many companies test just once a year, if at all. Woodcock advises that quarterly testing should be the minimum.“You’d rather find those issues now instead of during a real ransomware incident.”The costs of misplaced confidence are high, such as prolonged downtime, growing financial losses, regulatory fines, and damage to reputation. Some survey participants reported recovery times of one to two weeks, while others took over a month.The more alarming truth is the risk of getting reinfected. “Enterprises might recover from the first outage and then be hit again,” Woodcock warned. “That extends the recovery time and increases the risk and damage.”How Modern Attackers Hack?One of the most revealing points from the discussion was how modern attackers operate once they gain access. A common way in is through VPN flaws and social engineering. “One of the first things they will do is examine existing documentation within your organisation to understand your recovery strategy,” Woodcock tells Dua. “They’ll look at your company’s cyber incident recovery planning document.”Attackers often target backup systems directly to wipe out recovery options before launching ransomware.In one case, Woodcock mentioned, a company’s local backup systems were compromised. Luckily, they had maintained immutable cloud backups, allowing them to recover even after the primary backup environment was breached.In other cases, entire primary environments were taken offline, forcing organisations to switch to secondary, isolated environments.“You need a safe, trusted, clean space to recover your environment,” he said. “That way, you can understand how the attack happened and be confident that your recovery is clean.”The idea of the "clean room," or an isolated recovery environment, has become crucial to modern cyber resilience strategies.AI vs. AI: A Weapon & a DefenceThe conversation also addressed artificial intelligence (AI), both as a weapon and a defence. Woodcock noted that cybercriminals are already using AI to refine phishing campaigns, increase attack frequency, and add complexity to evade detection.“They’re using AI to potentially improve the language in social engineering attacks or to raise the frequency of attacks,” he said.However, defenders are also making progress. 11:11 Systems collaborates with technology partners like Veeam, Cohesity, and Zerto, all of whom invest heavily in AI for spotting anomalies and providing real-time threat visibility.These tools can help organisations identify when an attack began and find the last known clean recovery point. “It helps them make quicker decisions,” Woodcock added. “They can make better choices by using AI to find the right recovery point.”However, he also cautioned against thinking that technology alone will solve the problem. “Technology by itself isn’t enough. It always comes down to the maturity level and expertise within the business.”Looking forward, Woodcock does not expect ransomware sophistication to slow down. Enterprises now face double extortion tactics—not just encrypted data but also threats of public exposure.“It’s not just ransomware encrypting data,” he said. “There’s also this evolving threat of being told that data will be made public.”In an era where attackers study your recovery plan before you implement it, resilience is about proof, not just documentation.Takeaways81% of IT leaders are overconfident in their recovery abilities.Cyber recovery is complex and requires a robust plan.Regular testing is essential for effective cyber recovery.Organisations often overlook recovery strategies in favour of prevention.AI is being used by cybercriminals to enhance attacks.The frequency of cyber attacks is increasing.Understanding application dependencies is crucial for recovery.A clean recovery environment is necessary to avoid reinfection.Decision-making during incidents can be time-consuming and impact recovery.Building a strong security culture is vital for organisations.Chapters00:00 Introduction to Cyber Resilience01:46 Understanding the Cyber Recovery Gap07:17 Overconfidence in Cybersecurity12:37 The Importance of Testing in Cyber Recovery13:37 Multi-layered Approach to Cyber Recovery17:17 Real-world Cyber Attack Examples20:19 AI and the Future of Cybersecurity24:00 Emerging Threats in Cybersecurity26:31 Key Takeaways for IT LeadersFor more information, please visit em360tech.com and

Podcast series: The Security StrategistGuest: Chip Witt, Principal Security Analyst at RadwareHost: Richard Stiennon, Chief Analyst Researcher at IT-HarvestWhen attackers target modern enterprises, they don’t break in; they log in. This insight came from the recent episode of The Security Strategist Podcast, where host Richard Stiennon, a cybersecurity analyst and Chief Analyst Researcher at IT-Harvest, speaks to Chip Witt, Principal Security Analyst at Radware.The conversation spotlights a critical issue faced by most enterprises – defending APIs as if they are just infrastructure while attackers exploit them as part of the business logic. That gap represents the real risk.What’s the Core Misunderstanding with APIs?As per Witt, enterprise teams often view APIs as technical plumbing instead of business products. Security programs focus on endpoints and authentication, believing that a locked front door means the house is safe.However, the true risk lies deeper — in authorisation logic, identity sprawl, and how applications change over time. Modern development methods lead to constant API drift. New routes appear, fields change, and versions multiply. In many organisations, security leaders cannot confidently state which APIs are live in production. The uncertainty to many is theoretical, but in reality, it’s an operational risk.Also Watch: How Do You Stop an Encrypted DDoS Attack? How to Overcome HTTPS ChallengesHow are Enterprises Shifting Towards Intent-Aware Protection?As enterprises speed up their use of serverless architectures, microservices, and AI-driven applications, API sprawl intensifies. With sprawl, the security model cannot remain unchanged while the application structure evolves.According to Witt, the future of API security must be intent-aware. Protection should assess whether a sequence of calls makes sense within its context for the user, system, or resource initiating them. Simply confirming identity is not enough; security also needs to validate behaviour.Zero trust principles have reshaped strategies for networks and identities. APIs now require similar scrutiny—not just at the perimeter, but within the workflow itself.APIs are no longer just back-end connectors; instead, they are now the visible surface of the enterprise. The most concerning attacks are not brute-force attempts. Most distressing attacks, in fact, are authenticated actions carried out with malicious intent.Organisations that continuously track their APIs, enforce strict authorisation, and identify workflow misuse in real time can significantly reduce their risk of breaches. More importantly, they can align security with the business pace. In today’s digital economy, APIs are the product.TakeawaysAPIs are your primary business attack surface, not back-end infrastructure.Most damaging API attacks use valid credentials and exploit weak authorisation.Visibility gaps and API drift quietly expand your exposure over time.Machine-to-machine identities often carry excessive, unmonitored privileges.Runtime, intent-aware detection is now essential to stopping business logic abuse.Chapters00:00 Introduction to API Security02:04 Understanding API Misconceptions04:49 Current API Threat Landscape06:43 Business Logic Abuse in APIs09:11 Challenges in API Security12:03 Runtime Protection and Intent Detection13:40 Key Takeaways for IT Decision MakersFor more information, please visit em360tech.com and radware.comFollow: @EM360Tech on YouTube, LinkedIn and XRadware YT: @radwareRadware LinkedIn: https://www.linkedin.com/company/radware/Radware X: @radware#APISecurity #BusinessLogicAbuse #AuthenticatedAttacks #RuntimeProtection #IntentAwareSecurity #Radware #Cybersecurity2026 #OWASP #BusinessLogic #ZeroTrust #TechPodcast #EnterpriseSecurity #IntentAwareProtection #TheSecurityStrategist #Cybersecurity

In an era where enterprise data sprawls across cloud platforms, collaboration tools, and SaaS environments, CISOs are under constant pressure to reduce risk without becoming the department that slows everything down. That tension sits at the heart of a recent episode of the Security Strategist, where host Jonathan Care speaks with Ariel Zamir, founder and CEO of Ray Security, about what pragmatic, modern data security actually looks like.Their conversation cuts through the noise around cybersecurity tools and frameworks and focuses instead on how CISOs can think differently about enterprise data, risk management, and control.Understanding Enterprise Data Risk Starts With RealityOne of the most grounded points Zamir makes is also the simplest, and that is, most enterprise data is not being used. At any given time, around 98 per cent of enterprise data sits dormant. From a data security perspective, that should immediately raise questions. Why is data that no one needs today exposed in the same way as data actively driving the business?For CISOs, this reframes the challenge. Instead of trying to secure all data equally, the priority becomes understanding which data is actually accessed, by whom, and when. This shift matters because risk does not come from volume alone, but from unnecessary exposure. Dormant data with overly broad access control is often invisible to the business, yet highly visible to attackers.By grounding cybersecurity decisions in how data is really used, security teams can reduce enterprise data risk without introducing friction for employees who are simply trying to do their jobs.Permission Hygiene, Access Control, and Dynamic SecurityA recurring theme in the discussion is permission hygiene. Over time, access rights accumulate. People change roles, projects end, contractors leave, but permissions rarely get cleaned up. The result is an expanding attack surface that no amount of policy documentation can realistically govern.Zamir argues that improving permission hygiene and access monitoring should come before heavy data classification initiatives. Tightening access control, understanding access patterns, and removing unnecessary permissions can dramatically reduce risk with relatively low operational impact.Crucially, this does not mean locking everything down. Dynamic controls play a key role here. Instead of blocking access by default, organisations can monitor for unusual behaviour and respond in context. Alerts, step-up verification, or temporary restrictions allow security teams to manage risk while preserving user experience. From a business perspective, this approach aligns far better with how work actually happens.This is also where agentic AI and agentless monitoring enter the picture. As autonomous systems increasingly access data on behalf of users, traditional identity-based controls struggle to keep up. Agentless approaches help close coverage gaps without requiring intrusive deployments, while agentic AI introduces new questions about accountability and oversight that CISOs can no longer ignore.Just-in-Time Classification and the Legal Implications of AutomationTraditional data classification has long been treated as a foundational security activity, but the podcast challenges that assumption. Classifying vast amounts of dormant data upfront is expensive, slow, and often disconnected from real risk. Instead, Zamir advocates for just-in-time classification, applying context only when data is accessed.This approach supports more effective risk management while easing the burden on security teams. It also aligns better with regulatory expectations, where proportionality and intent increasingly matter.However, automation and agentic AI introduce legal implications that CISOs must consider when developing their strategies. When autonomous agents access, move, or transform data, organisations need clarity on responsibility, auditability, and compliance. Dynamic controls and temporal insights into data access are not just technical safeguards; they are essential for demonstrating governance in an environment where human and machine actions intersect.Taken together, the conversation highlights a more measured path forward. By focusing on how enterprise data is actually used, improving permission hygiene, and applying controls dynamically, CISOs can enhance data security without slowing down the business. It is less about adding more tools and more about making smarter, context-aware decisions in a landscape where risk is shaped by time, access, and intent.For more information on this, visit: https://raysecurity.io/TakeawaysAround 98 per cent of enterprise data sits idle, creating hidden security risks.Focusing on data dormancy helps prioritise protection and reduce exposure.Permission hygiene and dynamic controls reduce risk without slowing business workflows.Just-in-time classification cuts overhead by securing data only when accessed.Agentless monitoring and oversight of agentic AI improve coverage and accountability.Legal and governance frameworks must evolve to handle autonomous data access.Chapters00:00 Introduction to Cybersecurity Challenges01:38 Understanding Data Dormancy and Its Implications05:10 Focusing on Critical Data for Security08:21 The Importance of Permission Hygiene10:53 Just-in-Time Classification for Data Security12:28 Dynamic Controls for Business Needs16:43 Agentless Monitoring and Coverage Gaps19:32 Integrating Logs and APIs for Security21:34 Future Trends in Cybersecurity

In an environment where cyber threats evolve faster than regulation, UK organisations are being asked to defend themselves with rules written for a different era. That tension sits at the centre of a recent episode of the Security Strategist, where host Trisha Pillay speaks with William Wright, Chief Executive Officer of Closed Door Security and Scotland’s first accredited (chartered) hacker. Their conversation moves beyond headlines and funding announcements to examine why, despite growing awareness and investment, both public and private sector organisations in the UK continue to be compromised.The Biggest Cybersecurity Challenges Facing UK OrganisationsAs Wright explains, cybersecurity cannot be understood purely from policy documents or tooling dashboards. It has to be understood from the attacker’s point of view. From where he stands today, the UK cybersecurity landscape is marked by a growing gap between how organisations believe they are protected and how exposed they actually are.One of the most persistent misconceptions Wright highlights is the belief that buying cybersecurity tools automatically makes an organisation secure. Too many businesses, he argues, rely on poorly implemented services or procure technology they don’t fully understand.The result is a false sense of confidence. Organisations assume they are protected, but still fall victim to ransomware, business email compromise, and financial fraud. Often, the tools they’ve invested in are never properly tested, validated, or tuned to their environment.Awareness is another issue. Despite constant media coverage of cyber attacks, cybersecurity is still not consistently treated as a board-level risk. When it remains a technical afterthought rather than an operational priority, organisations struggle to respond effectively when incidents occur.Wright also challenges the idea of a simple “skills gap.” While much of the discussion focuses on a lack of junior talent, he argues the real problem sits at the top. Too many cybersecurity decisions are being made by individuals without deep, hands-on experience, particularly in senior or policy-shaping roles. This lack of expertise leads to misaligned strategies, both in organisations and in government.The UK Government’s Cyber Action PlanThe UK government’s £210 million cyber action plan is, in Wright’s view, a welcome signal but not a solution. Any investment in cybersecurity is positive, yet the plan largely reflects practices the private sector has been using for years.This creates a familiar pattern as the private sector absorbs the damage, while the public sector learns from it later. Economically, Wright argues, this approach is flawed. When businesses are repeatedly compromised, the impact extends far beyond individual organisations.Legislation is another weak point. Cyber threats evolve daily, but laws move slowly. The Computer Misuse Act, for example, has not been meaningfully updated in over a decade. In a world of cloud computing, automation, and AI-driven attacks, this leaves the UK operating with outdated guardrails.What Government Can Learn From Offensive SecurityAs the CEO of an offensive security firm, Wright sees the same pattern repeatedly that organisations are compromised using relatively unsophisticated methods. These are not advanced, state-of-the-art attacks. They are basic weaknesses that remain unaddressed. The problem, he suggests, is that policymakers are often advised by people who have never actively attacked real systems. This disconnect shows up in legislation and regulation that look sound on paper but fail in practice.Other governments have taken a different approach. Bug bounty programmes, for example, allow ethical hackers to test government infrastructure and responsibly disclose vulnerabilities. These programmes force transparency and accountability. Despite this, the UK has been slow to adopt similar models.Where Cyber Resilience Efforts Should Focus NextBeyond legislation, Wright points to funding and enforcement as critical gaps. Many public sector organisations know where their risks are, but lack the budget to fix them. Meanwhile, regulatory bodies often lack the authority to enforce remediation.Without both funding and enforcement, reports identifying serious vulnerabilities are filed away rather than acted upon. This cycle repeats until an attack forces emergency investment, which is often too late.Emerging Threats Organisations Must Prepare ForLooking ahead, Wright identifies two major areas of concern. The first is the use of AI in cyber attacks. AI is not replacing attackers, but it is dramatically accelerating them. Tasks that once took hours can now be completed in minutes, shrinking the window for detection and response.The second is technology supply chain risk. Attacks on widely used software tools can give attackers access to thousands of organisations at once. Past incidents involving widely trusted vendors show how devastating these compromises can be, particularly when they go unnoticed for long periods.Despite the scale of the challenge, Wright’s advice is grounded and practical. Multi-factor authentication is non-negotiable. Organisations without MFA are, in his words, “sailing blind.”He also urges businesses to validate their security investments. Spending heavily on defence while allocating minimal budget to testing is self-defeating. Security tools do not work perfectly out of the box, and penetration testing must go beyond surface-level assessments. Finally, Wright stresses the importance of depth. Black-box testing alone is not enough. Organisations need to assume breach scenarios and test how attackers move inside their environments, particularly through identity-based attacks such as phishing.TakeawaysCybersecurity is frequently mistaken for deploying tools, rather than managing risk.Cyber risk must be treated as a board-level responsibility, not a technical afterthought.The real cybersecurity skills gap exists at senior and decision-making levels.Cyber legislation is largely reactive and struggles to keep pace with modern threats.Bug bounty programmes can help governments identify weaknesses before attackers do.Offensive security insight strengthens defensive strategy and decision-making.Legacy systems can be secured when risks are properly understood and addressed.AI is accelerating the scale and speed of cyber attacks, not replacing attackers.Security investments must be validated through continuous testing and assurance.Multi-factor authentication is a foundational requirement for modern cyber resilience.Chapters00:00 Introduction to Cybersecurity Landscape02:56 William Wright's Journey in Cybersecurity05:56 Current Cybersecurity Challenges in the UK08:53 Evaluating the UK Government's Cyber Action Plan12:03 The Impact of Legislation on Cybersecurity15:01 Lessons from Offensive Security for Government16:55 Notable Cybersecurity Breaches and Their Impacts19:59 Future Focus: Improving Cyber Resilience24:01 Emerging Cyber Threats: AI and Supply Chain Risks27:48 Practical Advice for Organisations31:05 Conclusion and Key Takeaways

In an era of accelerating digital change, understanding the tactics employed by modern attackers is crucial for organisations doing everything in their power to protect their sensitive information. In this episode of the Security Strategist podcast, host Richard Stiennon and Chester Wisniewski, Director, Global Field CISO of Sophos, examine the findings of the Active Adversary Report, compiled by Wisniewski and his team, shedding light on how cyber threats are changing and what security leaders can do to adapt their strategies. Understanding the Active Adversary Report The Active Adversary Report, compiled by Wisniewski’s team at Sophos, provides invaluable insights into the common pitfalls organisations face when responding to cyber incidents. With Chester's extensive experience in cybersecurity and incident response, the report aims to analyse real-world data from hundreds of incident responses across 50 countries. The report categorises incidents into two main groups: those who seek immediate help during a crisis and those who utilise managed detection and response services. By examining these cases, the report identifies key indicators that contribute to security breaches, offering organisations a roadmap to enhance their security posture.The Focus on Identity TheftOne of the most startling revelations from the report is that nearly 70 per cent of incidents last year were linked to identity-related issues such as stolen passwords, session tokens, or phishing attacks. Chester explains that attackers are increasingly leveraging identity theft because it is often easier to log in as an authorised user than to break into a system. This trend underscores the importance of security teams to prioritise identity management as part of their overall strategy.Wisniewski also emphasises that the ease of access through stolen credentials presents fewer telltale signs of unauthorised activity, making it harder for organisations to detect breaches. In the past, cybercriminals often exploited vulnerabilities in software like Flash and Java, but as security measures have improved, they have shifted their tactics toward the more vulnerable area of user identity. This shift indicates a pressing need for organisations to bolster their identity security protocols.Balancing Vulnerability Management with Identity Security As organisations work to strengthen their security measures, the challenge of balancing patch management with a focus on identity security. He points out that while patching vulnerabilities remains essential, many organisations face difficulties, particularly those with hybrid workforces. Unpatched VPN gateways and firewalls have become common entry points for attackers, making it critical for organisations to prioritise their patch management efforts based on exposure and the sensitivity of the data involved.Wisniewski advocates for a more strategic approach to identity management, highlighting that the adoption of multifactor authentication (MFA) is still lacking across many organisations. He notes that many systems still rely on basic MFA methods, such as six-digit codes or push notifications, which do not provide adequate protection against sophisticated attacks. To truly enhance security, organisations must consider more robust identity verification methods and address the complexities introduced by non-human identities as well.The Challenge of Non-Human IdentitiesIn the current technological climate, non-human identities such as API keys present significant challenges for security teams. There have been recent incidents where API keys were exploited to gain unauthorised access to sensitive systems, pointing out that organisations must be vigilant in managing these non-human identities. As organisations adopt technologies like passkeys for human users, understanding and securing non-human identities is becoming increasingly important. With cyber risks becoming more complex, organisations must adapt their security strategies to address these challenges effectively. Here are a few things businesses can do to protect themselves:Prioritise identity security by implementing robust protocols and strategies to combat identity theft.Balance patch management with a focus on securing critical assets and data.Enhance multifactor authentication practices to ensure stronger protection against unauthorised access.Develop a comprehensive understanding of non-human identities and implement measures to secure them. By staying informed about the latest trends and insights in cybersecurity, organisations can better equip themselves to fend off the growing tide of cyber threats. For more information, visit https://www.sophos.com/TakeawaysNearly 70 per cent of incidents last year involved identity-related issues.Attackers find it easier to log in as authorised users.Patching and vulnerability management are challenging for organisations.MFA adoption remains low despite its importance.Most attacks occur outside of normal business hours.Median incident response time is significantly reduced with MDR services.Employees can act as early warning systems for security threats.Focusing on basic cybersecurity practices is essential.AI can help streamline data analysis in incident response.AI is also being used to enhance phishing attacks.Chapters00:00 Introduction to Cybersecurity Challenges02:57 Understanding the Active Adversary Report05:55 The Shift Towards Identity-Based Attacks08:48 Balancing Patching and Identity Management12:04 Operational Challenges for CISOs15:09 Leveraging Employee Awareness for Security18:12 Practical Steps for CISOs to Strengthen Resilience20:56 The Role of AI in Cybersecurity

Podcast series: The Security StrategistGuest: Doug Merritt, Chairperson, CEO, and President of AviatrixHost: Shubhangi Dua, Podcast Host, Producer and B2B Tech Journalist at EM360TechCloud security now involves more than just protecting a single environment. As organisations grow across multiple clouds, integrate SaaS platforms, modernise applications, and deploy AI-driven workloads, the attack surface expands in complex ways that are hard to see and even harder to manage.In the recent episode of The Security Strategist podcast, Doug Merritt, Chairperson, CEO, and President of Aviatrix, a cloud network security company, sits down with Shubhangi Dua, Podcast Host, Producer and B2B Tech Journalist at EM360Tech. They discuss why gaps in cloud networking visibility are becoming one of the biggest security risks for businesses today.The conversation also covers how cloud complexity has changed over time, why old security models struggle to keep up, and what practical steps leaders can take to lower exposure before attackers exploit hidden pathways.Securing the World’s Digital FabricOn a mission to secure “the world’s digital fabric,” Merritt spotlights the reasons explaining that organisations often perceive cybersecurity through “constructs and silos.” However, attackers see the entire landscape, which leads to a gap in the perspective.Most enterprises started their cloud journey with lift-and-shift migrations, moving familiar applications from data centres to the cloud. Over time, these applications were modernised, broken into containerised services, and expanded with serverless functions, APIs, and third-party SaaS platforms.Merritt notes that applications today often involve "10 to 15 different major components from start to finish," many of which exist across different clouds or outside direct organisational control.This variety has brought speed and innovation, but it has also led to vastly different workload behaviours. Some workloads are long-lasting, others are temporary, and many can be accessed publicly.According to the Aviatrix CEO, this "really powerful landscape" has resulted in "an incredibly powerful attack surface." Without consistent visibility and remediation across all workloads, attackers can find "which workloads have value and which workloads are unprotected" and move laterally until they reach critical assets.AI adds additional challenges. While the technology seems new, he further emphasises that AI agents are still workloads with identities, operating at high speed and broad permission levels. They rely completely on network connectivity, making the network a crucial point for both visibility and control. In a hyper-connected environment, he argues, the network should be seen as a key security layer rather than just a transport system.How to Prepare for the Next Wave of Cloud ThreatsWhen asked what CIOs, CISOs, and cloud leaders should focus on next, Merritt alludes to a reality check. He urges leaders to choose a single complex application and ask their teams to identify every workload involved, every network path taken, and whether there is visibility into "every packet that goes into the workload and comes back out."In most cases, he says, organisations find that they cannot do this. This gap reveals the first and most urgent issue: a lack of understanding of the environment itself. Without a clear map of workloads and communication paths, security teams operate with blind spots.The Chairperson of Aviatrix insists that visibility must come before control. Once organisations understand their exposure, they can prioritise the "most dangerous communication pathways" and secure them. He warns that many large enterprises still have "thousands of workloads with direct internet connections and no filter in front," describing this exposure as "horrific," given how easily even less sophisticated attackers could exploit it.He also points out that visibility and enforcement must be close to the workload. Centralised controls increase costs and latency, while distributed enforcement allows for faster response and containment. Ultimately, just observing traffic isn't enough; organisations need to be able to act.Cloud security isn’t about adding more tools; it’s about changing perspective. By mapping workloads, understanding communication paths, and using the network as a consistent layer for visibility and enforcement, organisations can reduce lateral movement, limit blast radius, and prepare more effectively for the next generation of cloud threats.TakeawaysOrganisations need to focus on the uncovered attack surface.The digital fabric includes diverse workloads across multiple clouds.Visibility and remediation are critical in managing workloads.The complexity of multi-cloud environments is increasing.AI is accelerating the evolution of cloud security challenges.Networking plays a pivotal role in security strategies.Collaboration between security, networking, and cloud teams is essential.Mapping workloads and communication pathways is crucial for security.Organisations must prioritise securing high-risk workloads.Understanding the shared responsibility model is vital for cloud security.Chapters00:00 Introduction to Cloud Security Challenges03:03 Understanding the Digital Fabric05:56 Navigating the Modern Attack Surface08:46 Key Trends in Cloud Adoption12:11 The Complexity of Multi-Cloud Environments14:51 The Evolving Role of Networking in Security17:58 Bridging the Gap Between Teams21:02 Real-World Solutions and Case Studies23:53 Preparing for Future Threats29:09 Final Thoughts and Key Takeaways#CloudSecurity #MultiCloud #CloudNetworking #Aviatrix #CISO #AttackSurface #CloudThreats #EnterpriseSecurity #TechPodcast #SecurityStrategist #DigitalFabric #AIinSecurity #WorkloadSecurityFor more information, visit aviatrix.ai and em360tech.com. Follow: @EM360Tech on YouTube, LinkedIn and XAviatrix YT: @AviatrixSystemsAviatrix LinkedIn: https://www.linkedin.com/company/aviatrix-systems/

Cybersecurity often feels like a battle of technologies—firewalls, AI, monitoring tools, but at its core, it’s human. People are both the first line of defence and, more often than not, the most vulnerable point. On a recent episode of Security Strategist, Richard Stiennon spoke with Nicole Jiang-Gibson, Chief Executive Officer of Fable Security, about why traditional training doesn’t work and how understanding human behaviour can fundamentally change an organisation’s security posture.Humans are the Weakest LinkNicole’s journey in cybersecurity began long before Fable. She was an early member at Abnormal Security, where she helped build email security solutions. That experience exposed a recurring truth, and that was even the best technical safeguards can be undone by human error.“Human error is really the number one cause at the beginning of cybersecurity incidents,” Nicole explains. “Phishing attacks are the number-one starting point—one click, one misstep, and suddenly the consequences are massive.”She recalls the MGM Resorts breach as a turning point: an IT help desk employee took a phone call from someone impersonating an Okta admin, leading to a major security lapse. “Even with strong email defences, people were exposed in ways technology couldn’t prevent. That’s when I realised that this was a human problem we needed to solve.”Seeing Security Through the Attacker’s EyesFable Security’s approach is rooted in understanding both the employee and attacker behaviour. Nicole describes it almost like a conversation at both sides of the table.“Looking at security from the attacker’s perspective changes how organisations design interventions,” she says. Employees often don’t even realise which actions put them at risk. By understanding predictable behaviours, we can build targeted, timely interventions instead of generic training modules that people forget.”The company leverages data to identify risky behaviours and reinforce safe ones. Richard notes that this can turn the math of phishing attacks in an organisation’s favour, reducing the likelihood of a click from 40 per cent to 2 per cent, for example, meaning attackers have to try 50 times to succeed once.Reinforcement Not PunishmentOne of the major differences in Fable’s approach is how they treat learning. Traditional phishing simulations can leave employees feeling tricked or shamed. Fable focuses on reinforcement and repetition, creating a culture where security is part of everyday decision-making.“We empower organisations with data to understand how employees behave and then help them stay one step ahead of attacks,” Nicole explains. “It’s not just about preventing business loss, it’s about protecting culture, brand, and employee safety.”By shifting the focus from blame to understanding and from generic training to targeted behavioural interventions, organisations can finally address the human factor in cybersecurity with the seriousness and nuance it deserves.For more information, visit fablesecurity.comTakeawaysCybersecurity is not just about technology; it's about people.Traditional training often fails to change behaviour effectively.Human errors are the leading cause of cybersecurity incidents.Fable Security focuses on understanding and changing human behaviour.The threat landscape is constantly evolving, requiring adaptive solutions.Organisations must view security as a supportive, not punitive, measure.Phishing simulations can be harmful if not conducted ethically.Building trust with employees is essential for effective security training.Employees can serve as valuable sensors for identifying threats.Meaningful behaviour change requires a shift in mindset and approach.Chapters00:00 The Human Factor in Cybersecurity01:11 Fable Security's Origin Story04:23 Understanding Human Vulnerabilities06:01 The Attacker's Perspective08:29 Fable's Ad Tech Approach12:04 Revolutionising Security Training14:37 The Ethics of Phishing Simulations19:42 Building Trust in Security Training22:56 Empowering Employees as Sensors27:40 Steps Towards Meaningful Behaviour Change

When code is no longer written solely by humans, the way we think about application security has to change. In a recent episode of the Security Strategist podcast, host Richard Stiennon sits down with Gadi Bashvitz, CEO of Bright Security, to talk about the challenges and opportunities of securing applications in an AI-driven world. Their conversation reveals a reality many organisations are only beginning to face, and that is vulnerabilities are multiplying faster than ever, and traditional security tools aren’t keeping up.Rethinking Application Security for a New RealitySince 2018, Bright Security has been helping organisations secure their applications and APIs. Gadi Bashvitz shares that the company’s journey has always been about anticipating challenges before they become crises. “And that’s what we did from 2019 to 2024—signed up some of the world’s largest financial institutions and insurance companies, so very proud of that customer base,” he explains.But in 2024, everything changed. Customers started raising concerns about AI-assisted coding. Bashvitz recalls:“Some of those customers came to us and said, ‘Houston, we’ve got a problem. We’re starting to adopt AI-assisted coding.’ We’ve gone from a world where a developer generates 100 per cent of code and 100 per cent of vulnerabilities, to one where that developer is now generating 200 per cent of code and 600 per cent of vulnerabilities. That AI-generated code is three times more prone to vulnerabilities.”This shift exposes a fundamental truth, and that is that AI is reshaping software development, but not always in ways organisations are ready to manage. What was once a controlled DevOps process is now a rapid, high-volume environment where oversight can easily slip.The Hidden Risks of AI-Generated CodeThe impact is real and immediate. Marketing teams, product managers, and developers alike are generating code faster than ever, but without the traditional checks and balances. Bashvitz highlights that AI models are trained on open-source code, often without security in mind. This means vulnerabilities multiply at a rate that can overwhelm static tools or conventional security processes.Organisations are feeling the pressure daily, realising that if they don’t adapt, AI-generated vulnerabilities could outpace their ability to detect and mitigate risks.Embedding Security Into Every Step of DevelopmentSo how can enterprises regain control? Bashvitz is clear: it’s not too late, but action must be deliberate.“At some point, there will be a few very, very significant hacks that will take us back,” he warns. “The key is to embed dynamic security measures directly into the development lifecycle. That’s how you catch vulnerabilities, even when code is being generated at an unprecedented scale.”Dynamic Application Security Testing (DAST) is one approach Bright Security has championed. Unlike traditional static tools, dynamic testing integrates into code repositories and runs throughout the development pipeline, from unit tests to production deployment. This approach doesn’t just mitigate risk—it empowers teams to continue innovating without being paralysed by fear of vulnerabilities. The goal is to create a balance where AI-driven productivity and robust security coexist.For more information, visit https://brightsec.comTakeawaysBright Security was founded to address application and API security gaps.AI-driven code generation has significantly increased the number of vulnerabilities.Dynamic application security testing (DAST) is essential for modern development practices.Static analysis tools often produce high rates of false positives, wasting developer time.Organisations must adapt security practices to include both finding and fixing vulnerabilities.The integration of AI in security tools can streamline vulnerability management.Dynamic validation of static scan results can reduce noise in security findings.CISOs must collaborate with DevOps teams to ensure security is integrated into development.The rise of AI has introduced new types of vulnerabilities that need to be addressed.Security practices must evolve to keep pace with rapid technological changes.Chapters00:00 The Evolution of Application Security03:41 AI's Impact on Code Generation09:39 Challenges of Traditional Security Tools16:31 Integrating AI in Security Solutions21:20 Future of Security in AI-Driven Development

Cybersecurity, for many years, has functioned on an obvious assumption that attacks repeat themselves. For instance, if a phishing email works once, it will work again. Simply put, catch it, study it, write a signature, update the model — and block the next wave.What if there is no next wave? What happens when every malicious email is now uniquely written by AI, personalised at scale, and never seen before?In the recent episode of The Security Strategist podcast, host Richard Stiennon spoke with Alan LeFort, CEO of StrongestLayer, and Eric Sanchez, CISO at Global Law Firm, about how generative AI is reshaping email security — and why many traditional defences may already be obsolete.Why is Email the Open Door to Attacks? Stiennon questions what many security leaders tacitly ask – If most enterprises run on Microsoft’s ecosystem, why does a separate email security market even exist?LeFort responds, stating that attackers are economically rational. They go where entry is cheapest and easiest. For decades, email has been that open door.However, the industry has changed. First came secure email gateways built on rules and regex. Then, machine learning systems are trained to distinguish “normal” from “abnormal.” Both improved detection rates and both reduced risk.But both depend on historical data. They need to have seen an attack before to stop it again.Generative AI is believed to have changed that. It enables attackers to create perfectly written, highly personalised phishing emails at near-zero cost. According to a study from the Harvard Kennedy School, AI-generated phishing achieved a 54% click rate among trained employees — more than four times the baseline. Even more concerning, the cost of crafting those emails dropped from roughly $15–$20 in labour to just a few cents.That economic shift is seismic. When every email can be unique, the pattern is difficult to spot, signatures are not updated, and a “previous attack” to learn from is nonexistent.Is Alert Fatigue the Hidden Crisis?While breach headlines dominate the industry, Sanchez spotlights a quieter operational threat – alert fatigue.At Orrick, a global law firm handling hundreds of thousands of emails each month, traditional security tools generate a steady stream of alerts. Many turn out to be benign. Analysts triage, close, repeat, Sanchez shared that, over time, the burden compounds. Security teams spend less time stopping real attacks and more time managing noisy systems.LeFort argues that false positives are not merely tuning problems — they are architectural problems. Most detection systems rely on a single scoring threshold. If something crosses the line, it’s flagged. If it doesn’t, it passes.A key insight to note is that deception alone isn’t malicious intent. Marketing emails are persuasive and sometimes manipulative, yet harmless. A credential-harvesting email, on the other hand, carries real risk. Treating both on the same scoring axis inevitably creates noise.From Pattern Matching to ReasoningStrongestLayer’s approach, as described by LeFort, moves away from pure pattern recognition and toward reasoning. Instead of asking, “Does this match something bad we’ve seen before?” the system evaluates multiple dimensions: What harm would occur if this succeeds? Is it anomalous for this recipient? What is the sender’s likely intent? How much deception is present?Crucially, it weighs evidence of innocence alongside evidence of guilt — akin to how opposing arguments are weighed in a courtroom.Such a multi-dimensional analysis, LeFort believes, dramatically reduces false positives while still catching novel threats. For Sanchez, the operational benefit is tangible. He describes scenarios where traditional gateways failed to detect unusual phishing techniques, including Unicode-based obfuscation. A reasoning-driven system flagged the anomaly not because it recognised a known signature, but because the structure and context “didn’t make sense.”That distinction is critical. AI-generated attacks do not need to repeat. They only need to work once.What key Challenges will Security Teams Face within 2 Years?All speakers agree that over the next 12 to 24 months, security teams face a dual challenge of sophistication and scale. AI lowers the cost of creating attacks and automating personalisation. When volume increases, precision increases and speed increases.LeFort emphasises that organisations evaluating AI security tools should look beyond detection rates. Automation matters just as much. Does the system eliminate operational drag? Does it allow analysts to focus on strategic threats rather than inbox noise?The consensus is that email remains the most common entry point into organisations. What has changed is the attacker’s economics. When personalisation costs pennies and sophistication is automated, defenders must respond in kind.The question is no longer whether AI will influence email security. It’s already influencing email cybersecurity across enterprises. The real question is whether an enterprise's defences are still waiting to see the attack twice.Key TakeawaysAI-generated attacks break detection models that rely on past patterns.Email remains the easiest and most economical entry point for attackers.Traditional tools force security teams into a reactive cycle.Effective AI defence must evaluate context, not just rules.Automation is now as critical as detection accuracy.Stopping the first and only attack is the new security standard.Chapters00:00 Introduction to Cybersecurity and AI's Role03:00 The Email Security Landscape and AI's Impact05:49 Understanding Alert Fatigue and Its Consequences08:52 Innovative Approaches to Email Security11:48 The Necessity of AI in Modern Security14:55 Future Priorities for Security Leaders17:57 Conclusion and Key Takeaways#EmailSecurity #AICybersecurity #GenerativeAI #Phishing #B2BSecurity #EnterpriseSecurity #CyberAttack #SecurityStrategist #StrongestLayer #AlertFatigue #CISO #TechPodcast #InfoSec #CyberDefence

As firms increasingly adopt autonomous AI, a key assumption in cybersecurity seems to be disappearing – data security can be understood through static maps. In the recent episode of The Security Strategist Podcast, Abhi Sharma, Co-Founder and CEO of Relyance, speaks to Host Richard Stiennon, Chief Research Analyst at IT-Harvest. Sharma tells Stiennon that most security tools are still built for a world before AI. In that world, data stays still long enough to be scanned, categorised, and managed. AI changes this model.“We’re in the middle of a tectonic shift,” Sharma said. “For the first time, software behaviour is not just defined by the instructions you give it, but by the data in and around it.”In modern AI systems, data is no longer just an asset. It becomes an instruction. The quality, frequency, distribution, and even the absence of data directly influence how models and agents function. This reality makes traditional security models dangerously incomplete.“People are very good at answering what data they have and where it’s stored,” Sharma explained. “But they can’t answer how it got there or what happened along the way.” He argues that this missing context is where AI risk now resides.Agentic AI Turns Data Movement Into Real Security RiskThe issue becomes critical with agentic and autonomous AI workflows. Here, decision-making is not based on fixed code but on a large language model operating in real-time.“In these systems, your control logic is an LLM,” Sharma said. “It’s a black box.”To complete tasks, AI agents must access tools, look at past decisions, copy production data, and dynamically manage infrastructure. In doing so, they create what Sharma calls ephemeral infrastructure—temporary environments that may exist for minutes and disappear without a trace.For example, an agent working to improve cloud costs might create a high-performance database cluster, copy sensitive logs into a staging area, analyse them, and shut everything down in under 20 minutes.“But in that process,” Sharma warned, “a default Terraform script might leave four S3 buckets open to the internet.” Traditional security scans, which often run every 24 hours, would never catch this.“You don’t even know this little circus happened while you were asleep,” he said. “But it created a new risk.”This is why Sharma believes that breaches in the AI era are no longer failures of data at rest but failures of data flow. Attackers don’t target identities or tools in isolation; they target outcomes—especially the theft or destruction of data. Those outcomes occur through movement over time.Data Journey Solution for Responsible AIDespite the widespread use of DSPM, DLP, IAM, AI gateways, and governance platforms, Sharma sees the same pattern in the Fortune 500: security incidents continue not because the tools lack usefulness, but because they operate in silos.“All of the real business impact,” he said, “comes down to flow.”Relyance’s solution is what Sharma calls data journeys—a unified, time-aware view of how data moves across identities, tools, infrastructure, and persistent assets. “If you can consistently reason across all of those layers,” Sharma said, “you finally have a chance to protect data and enable safe, responsible AI.”Looking ahead to 2026 and beyond, he predicts security, governance, and compliance will merge around this shared visibility. Organisations will move away from simple audits toward infrastructure that builds trust by design.Sharma challenges every CIO, CISO, and CTO at the end stating:“Can you always reason about what human or non-human identities, using which tools or agents, took what actions that led to specific data flows over time?”“If you can answer that,” he said, “there is no other way to control AI risk.”In the age of autonomous AI, knowing where your data lives is essential. Knowing its journey may be the only thing standing between innovation and the next breach.TakeawaysConventional data maps are becoming obsolete in AI.Data security must focus on real-time data flows.Understanding data journeys is crucial for security.Siloed security tools fail to address real risks.AI agents create ephemeral infrastructure that complicates security.The future of data security lies in dynamic data journeys.Security, governance, and compliance teams must converge.Trust in data security requires visibility and obligations balance.AI will necessitate new approaches to data governance.CIOs must prioritise reasoning about data flows.Chapters00:00 Introduction to AI and Data Security01:36 The Shift from Space to Time in Data Security03:42 Understanding Data Flow and Security Challenges07:18 Siloed Security Tools and Their Limitations09:52 Dynamic Data Journeys: A New Approach11:37 The Role of AI in Data Security12:58 Convergence of Security, Governance, and Compliance15:07 Key Takeaways for CIOs and Security Leaders#AISecurity #DataFlow #Cybersecurity #AgenticAI #DataJourneys #DLPisDead #DSPM #LLMSecurity #EphemeralInfra #DataSecurityRisk #CISO #CIO #CTO #DataGovernance #RiskManagement #TheSecurityStrategist #RelyanceAI #AbhiSharma #TechPodcast #LLMSecurity #EphemeralInfra #DataSecurityRiskFollow: @EM360Tech on YouTube, LinkedIn and XRelyance YT: @RelyanceRelyance LinkedIn: https://www.linkedin.com/company/relyanceai/ Relyance X: @relyanceai

Cybersecurity has traditionally focused on strengthening corporate networks, cloud systems, and devices. However, in the recent episode of The Security Strategist podcast, Dr. Chris Pierson, Founder and CEO of BlackCloak, and host Richard Stiennon, Chief Research Analyst at IT-Harvest, argue that the most significant vulnerabilities are now outside the office perimeter.As AI-driven attacks increase and cybercrime combines digital, physical, and reputational risks, executives and their close contacts have become prime targets. Protecting the business now involves protecting executives in their personal lives.Broad Attack Surface: Private & Corporate PropertiesPierson points out that cybercriminals follow basic economic principles. Attacking a company that spends millions on security is costly and time-consuming. Instead, targeting an executive’s personal life—home networks, private emails, family devices—is cheaper, quicker, and often much more effective.Executives work in various environments–primary homes, vacation properties, private jets, yachts, and remote offices equipped with smart home technology. Each of these locations broadens an attack surface that traditional corporate security programs rarely address. Home automation systems, private Wi-Fi networks, and personal email accounts have become part of the corporate risk landscape, regardless of whether organisations recognise this.Pierson notes that taking over personal email accounts continues to be the number one attack method, especially for board members who often revert to personal accounts instead of using corporate options. Once attackers gain access, they can steal intellectual property, intercept financial transactions, or link back into the corporate network. The executive home, he states, is no longer just near the perimeter—it is the perimeter.AI, Deepfakes, and the Rise of Targeted ImpersonationThe discussion becomes even more pressing when addressing AI-enabled threats. Deepfakes, once a possibility, are now practical tools for fraud and extortion. Pierson spotlights a critical incident in early 2024, when a deepfake impersonation of a CFO allowed attackers to move tens of millions of dollars in one event.AI has removed much of the background work attackers used to do. Public executive biographies, earnings calls, videos, and high-resolution images provide everything needed to imitate a voice or face. What used to take days to research can now happen in mere seconds. This leads to a rise in hyper-realistic business email scams, payment diversion schemes, and reputational attacks that make it hard to distinguish between truth and lies.Beyond financial losses, the reputational and personal fallout can be significant. Family members can become collateral damage, private moments can turn into leverage, and the risks to physical safety rise when travel plans and locations become known. As Pierson stresses, digital and physical executive protection are now interconnected.The podcast message relays–high-level threats require specialized defenses. BlackCloak’s strategy, which Pierson refers to as “Digital Executive Protection,” safeguards a small but vital group: board members, the C-suite, executive leaders, and key personnel like patent holders, system administrators, executive assistants, and chiefs of staff. These individuals hold essential information, and attackers are aware of this.For security leaders, the question is no longer whether this risk exists, but how quickly they can act to mitigate it. In an age of AI-driven cybercrime, reducing the executive attack surface may be the most crucial security investment an organisation can make.TakeawaysDigital Executive Protection is essential for modern security strategies.AI is changing the landscape of cyber threats significantly.Home networks are increasingly becoming targets for cybercriminals.Reputational risks can affect not just individuals but their families, too.Deepfakes pose a new level of threat to corporate executives.Organisations must consider the personal lives of executives in their security plans.The attack surface for executives is expanding beyond the corporate environment.Cybersecurity must evolve to address the vulnerabilities of home networks.Protecting key personnel is crucial for maintaining corporate integrity.BlackCloak specialises in providing Digital Executive Protection services with concierge support.Chapters00:00 Introduction to Digital Executive Protection02:53 The Evolving Threat Landscape06:04 AI's Role in Cybersecurity Threats09:05 Home Networks as New Battlegrounds11:54 Reputational and Financial Risks14:56 Extending Protection Beyond Executives17:01 Final Thoughts and Recommendations#DigitalExecutiveProtection #Cybersecurity #ExecutiveProtection #AICyberAttacks #Deepfakes #CyberRisk #HomeSecurity #CISOs #CorporateSecurity #TechPodcast #Cybercrime #BlackCloakFollow: @EM360Tech on YouTube, LinkedIn and X BlackCloak YT: @blackcloakcyber2494 https://www.linkedin.com/company/blackcloak/ BlackCloak LinkedIn: @BLACKCLOAK BlackCloak X: @BlackCloakCyber

For decades, identity security relied on the assumption that identities are static, predictable, and mostly human. However, the growing scale and complexity of identities in the modern enterprise, as well as the increasing adoption of artificial intelligence has changed that perspective recently. With AI agents multiplying in enterprises, acting independently, appearing and disappearing, and using credentials, the foundations of identity and access management are being tested in ways many organisations are not ready for.In the recent episode of The Security Strategist podcast, Raz Rotenberg, CEO and Co-Founder of Fabrix Security, sat down with host Richard Stiennon, Chief Research Analyst at IT Harvest.“Everything we knew about identity is about to change,” Rotenberg cautioned Stiennon. “We’ve viewed identities as mostly static. But AI agents are dynamic. They can do various tasks, change their behaviour, vanish, and reappear. Static identity models won’t survive.”The Unplanned Identity ExplosionIdentity has always been complex, but the scale and variety of identities that security teams face today are unprecedented. Besides employees and contractors, organisations now deal with service accounts, cloud workloads, APIs, and increasingly, AI-driven agents that function on their own.According to Rotenberg, the challenge isn't just the number of identities; it's their variability. “The number of ways identities can behave is infinite,” he explained. “Every organisation is unique, every system is distinct, and identities are now changing in real time.”CISOs already see this explosion. Stiennon also noted during the podcast that AI is quickly becoming a major source of new identities, with agents being deployed widely and given credentials to operate at machine speed.However, most identity programs still depend on static role-based models and periodic reviews, approaches that struggle to keep up with dynamic, non-human agents.Multiple Identity Tools Can Lead to Hidden RisksDespite a crowded identity security market with hundreds of vendors in IAM, PAM, IGA, and cloud identity, Rotenberg argues that the main issue is not a lack of tools.“We’ve had identity tools for decades,” he said. “They do a good job of facilitating operations aimed at reducing risk. But they all miss the same point – they rely too much on the human factor.”Each tool, he explained, only sees a part of the identity landscape. Identity providers handle authentication, PAM tools manage privileged access, and governance platforms oversee reviews. None provides a unified, real-time view of identity behaviours across systems.The Fabrix CEO calls it “partial truth.” Security teams dealing with identity issues have to manually gather data from various platforms, piece it together, and make decisions with incomplete information.“This leads to long review cycles, manual investigations, and over-provisioning by default,” he said. “Permissions get copied and duplicated because people don’t fully grasp who has access to what or why.”This can often lead to unclear decisions, with the organisation handing out more permissions than fewer. Eventually, it creates sprawling identity landscapes filled with excessive privileges and risky combinations. In some cases, an individual might have limited rights in one system but full control in another without anyone noticing.“Misconfigurations can occur between systems,” Rotenberg noted. “Things don’t align. And without a unified view, these risks remain hidden.”The Need for Identity Intelligence LayerFabrix’s solution to this fragmentation is what Rotenberg calls an identity intelligence layer. This layer brings together existing identity tools without replacing them. They aim to continuously gather signals from IAM, PAM, IGA, cloud platforms, and other sources, then process them in real time.“It’s not about tearing everything out,” Rotenberg said. “Each tool serves a purpose. But when you connect them through an intelligence layer, you can finally understand your entire identity framework.”This intelligence layer aims to lessen reliance on manual decision-making. By providing contextual insights and recommendations at the moment decisions need to be made—and eventually automating those decisions—it addresses what Rotenberg sees as identity security's weakest link – human judgment at scale.“Even if you set good policies, enforcing them continuously and at scale is impossible without automation,” Rotenberg said. “There’s simply too much data.”Over time, he envisions identity systems that not only provide insights but also manage access automatically. They would revoke permissions, flag anomalies, and adjust as identity behaviours change.“Rather than enforcing more rules,” Rotenberg added, “we need intelligence layers that constantly understand who has access, why that access exists, and whether it still makes sense.”Watch the podcast at em360tech.com. For more information, please visit fabrix.security. TakeawaysIdentity security is becoming increasingly pivotal in modern organisations.The complexity of managing identities is compounded by the rise of AI agents.An intelligence layer is essential for effective identity security.Automation is crucial for managing identity security at scale.Fragmented identity management systems lead to operational inefficiencies and increase risk.Organisations often have over-permissive identities due to poor management practices.Integrating existing tools with an intelligence layer can enhance security.CISOs need to rethink their identity architecture for future flexibility.Identity security is shifting from a static to a dynamic approach.Continuous monitoring and adaptation of identity access is key. Chapters00:00 Introduction to Identity Security Challenges02:53 The Role of Identity Intelligence05:38 Operational Inefficiencies in Identity Management08:49 Integrating Intelligence into Existing Tools11:43 Rethinking Identity Architecture for AI AgentsAbout Fabrix SecurityFabrix Security builds AI Agents designed specifically for identity security. With identities multiplying across SaaS, cloud, and on-prem environments, Fabrix equips IAM teams with the intelligence to make confident, explainable access decisions – right at the moment of decision.By infusing AI into identity security, Fabrix closes today’s biggest gap: visibility and intelligence. It enhances existing IAM workflows with speed, consistency, and accuracy, cutting through the chaos of manual, context-less decision-making. From user access reviews and access requests to full identity lifecycle management and AI-agents governance, Fabrix delivers intelligent, scalable, and proactive identity security.#IdentitySecurity #AIagents #Cybersecurity #CISO #IAM #FabrixSecurity #FutureofIdentity #TechPodcast #TechPodcast #CloudSecurity #DynamicIdentity #SecurityIntelligence #FutureofIdentity #InfoSec

Organisations continue to struggle with device management data and fragmented architectures while facing pressure from business and regulators. As the technology landscape changes, the integration of Internet of Things (IoT) devices with Operational Technology (OT) presents both exciting opportunities and significant security challenges. In a recent episode of the Security Strategist podcast, host Christopher Steffen, alongside Dr Juergen Kraemer, Chief Product Officer of Cumulocity, examines the complexities of securing IoT environments and the importance of resilient analytics and accountability.Understanding the IoT-OT DisconnectAs time passes, the historical divide between IT and OT persists. As highlighted by Dr Kraemer, the operational technology sector has traditionally prioritised physical safety and availability over data confidentiality. This disconnect has created a significant gap in security policies, leaving IoT devices vulnerable to exploitation. The conversation emphasises that as organisations connect these previously isolated systems to IT networks, they inadvertently expose themselves to new risks, demanding a reevaluation of security strategies.Addressing Security ChallengesDr Kraemer points out that securing data access is critical, especially for organisations that deploy IoT devices across multiple sites. For instance, managing security for an elevator company with installations worldwide presents unique challenges. Organisations must navigate various networks and ensure compliance with new legislative requirements, such as the Cyber Resilience Act and NIS2 directive. These regulations demand a structured approach to security that many legacy OT environments struggle to meet.The Importance of Unified Data ManagementAs IoT solutions proliferate, organisations often find themselves managing a patchwork of legacy systems and newer platforms. Dr Kraemer advocates for a hybrid approach, suggesting businesses create a unified data plane that integrates new and old systems. This strategy allows organisations to maintain operational continuity while gradually transitioning to modern platforms, ultimately leading to enhanced innovation and efficiency.Buy and Build StrategyA significant takeaway from the podcast is the concept of “buy and build.” Instead of choosing between purchasing a platform or developing one in-house, organisations should leverage established platforms like Cumulocity while also building innovative applications tailored to their specific needs. This dual approach allows businesses to focus on high-value projects without getting bogged down by the complexities of underlying infrastructure.The dialogue sheds light on the pressing need for organisations to adapt their cybersecurity strategies to accommodate the complexities of IoT and OT environments. By understanding the historical disconnect, addressing security challenges, and adopting a buy and build approach, enterprises can improve their cybersecurity posture and drive innovation in an increasingly interconnected world.To find out more, visit https://www.cumulocity.com/TakeawaysIoT devices are often treated as secondary in security policies.The historical divide between IT and OT creates security challenges.Organisations struggle with integrating legacy and modern IoT systems.A buy-and-build strategy allows for innovation while ensuring security.Deployment flexibility is crucial for global IoT operations.Data silos hinder effective analytics and AI integration.A unified data lake can enhance insights from IoT data.Regulatory compliance is a growing concern for IoT security.Organisations need to enforce strong security measures across the entire IoT lifecycle.IoT should be viewed as a data-driven business opportunity rather than just a connectivity issue.Chapters00:00 Introduction to IoT Security Challenges04:01 The Disconnect Between IT and OT Security10:00 Challenges in Integrating IoT Platforms17:09 Buy and Build Strategy for IoT20:08 Modern Data Pipelines and AI Integration24:07 Bridge between AIOT and IOT28:02 Best Practices for IoT in Risk Management

Security leaders are rethinking how detection and response work in practice in 2026 owing to growing complexities in cybersecurity technology and the threat landscape.On this episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, spoke with Daniel Martin, Director of Product Management at Rapid7. They discussed how modern Security Operations Centres (SOCs) are evolving, where AI truly adds value, and why outcomes—not features—should guide cybersecurity teams.A recurring theme in their discussion was that while the threat landscape continues to evolve, many core challenges for SOCs remain unchanged. According to Martin, security teams still struggle with alert fatigue, lack of context, and the pressure to respond quickly—all while juggling increasingly complicated domains.Organisations now require detection and response that is tailored to their specific environment, not generic threat models. Such a shift explains the rise of Managed Detection and Response (MDR) and the decline of one-size-fits-all managed security services. Customers want results, not noise, and they seek partners who understand their business context.Martin says that this philosophy lies at the heart of Rapid7’s approach to Incident Command, its modern Security Information and Event Management (SIEM) offering. Instead of treating SIEM, Security Orchestration, Automation, and Response (SOAR), and threat intelligence as separate tools, Incident Command integrates them directly into the analyst workflow. The aim is to provide decision support in real-time—delivering relevant context, threat intelligence, and recommended actions exactly when needed, without making analysts switch between different systems.Martin emphasised that a modern SIEM's success isn’t measured by the amount of data it can handle, but by how effectively it helps analysts make high-quality decisions quickly. Automation is important, but only if it’s applied thoughtfully. Deterministic automation, which includes actions that are predictable, auditable, and repeatable, remains vital for security operations. AI is most useful when it aids reasoning, summarisation, and prioritisation instead of completely replacing human judgment.“There’s a lot of excitement around autonomous security,” Martin noted, “but chaining unpredictable decisions together is not something customers can trust.” Instead, Rapid7 focuses on using AI to assist analysts at specific moments in an investigation, such as summarising activity, adding context to alerts, or helping decide if more data collection is needed.Also Watch: Is Your Attack Surface a Swiss Cheese? Solving Attack Surface Management (ASM) Challenges“Customer Zero” ApproachA key aspect of Rapid7’s product development is its “customer zero” approach. By running its own global MDR SOC, Rapid7 continuously incorporates real analyst feedback into product design. Martin shared that an early mistake was putting AI-driven insights in a separate interface to avoid disrupting workflows; this was quickly corrected after analysts indicated they wouldn’t leave their main view to check a secondary opinion. The lesson was clear: if context matters, it must be available where decisions are made.Looking ahead to 2026, Martin sees the next step in detection and response as increased visibility combined with better management of the environment. Customers expect MDR providers and security platforms to gather signals beyond traditional EDR and cloud alerts—without overwhelming analysts with extra noise. He believes that achieving this balance is where AI-assisted automation and context-aware workflows will have the greatest impact.When asked for a final takeaway for CISOs and IT leaders, Martin returned to a theme that ran throughout the conversation: focus on results. It’s easy to be distracted by flashy new features or the latest AI trends, but security improves only when organisations clearly define their goals. When customers express their priorities and vendors align with them, trust increases—and meaningful progress follows.In a landscape full of tools and promises, Martin believes the future of security operations isn’t about removing humans from the process. It’s about empowering them with the right context, effective automation, and AI that enhances—not replaces—the most important decisions.TakeawaysOrganisations are still facing the same core challenges in cybersecurity despite technological advancements.There is a growing demand for more environmental context in detection and response.MDR services are evolving to focus on partnerships rather than just product delivery.Rapid7's Incident Command aims to improve decision support in SOC operations.Automation should be frictionless and integrated into the analyst's workflow.Deterministic automation is crucial for reliable security outcomes.Analysts need to learn from real-time data to enhance response strategies.The future of detection and response will involve broader visibility and ownership of customer environments.Building trust with customers is essential for effective cybersecurity partnerships.Focusing on customer outcomes is key to improving security operations.Chapters00:00 Introduction to Cybersecurity and AI Innovations02:01 Shifts in SOC Operations and Customer Challenges04:29 MDR Services: A New Approach to Cybersecurity06:02 Rapid7's Incident Command: Enhancing SIM with Context08:26 Automation in Cybersecurity: Balancing Efficiency and Control11:01 Learning from Analysts: Enhancing Response and Automation12:43 The Future of Detection and Response in Cybersecurity14:23 Key Takeaways for Security Leaders#Cybersecurity #Rapid7 #SecurityStrategistPodcast #AIinSecurity #SecurityOperations #SOC #MDR #SIEM #SOAR #IncidentCommand #ThreatDetection #Response #Automation #HumanLedAIDriven #TechPodcast #FutureofSecurity #CISOTakeaways #ITLeaders

Podcast: The Security StrategistGuest: John Amaral, Co-Founder & CTO, Root.ioHost: Chris Steffen, VP of Research, Enterprise Management Associates (EMA)For over a decade, shift-left security has been the leading idea in DevSecOps. The concept was straightforward: move security earlier in the software development process so vulnerabilities could be fixed more quickly and cheaply.However, new benchmark data suggests that the reality is quite different.In the latest episode of The Security Strategist podcast, Chris Steffen sat down with John Amaral, Co-Founder and CTO of Root.io, to discuss why shift-left has stalled and why autonomous remediation and “shift-out” security is the best option moving forward.One striking data point mentioned in the episode comes from the Shift-Out Benchmark Report by Root. It reveals that 82 per cent of organisations say they are confident in their shift-left strategy; however, only four per cent have achieved zero CVE backlog.“That four per cent shocked me,” Steffen expressed during the conversation. “Honestly, it felt high.”Amaral explained that this gap exists because the industry has focused on detection instead of remediation. “We built CVE detection at computer speed,” Amaral noted. “But remediation has never scaled beyond human speed.”Modern pipelines can quickly identify vulnerabilities, open tickets, and generate extensive lists. However, the actual work of fixing those vulnerabilities still falls on engineering teams.Detection Scales but Humans Don’tShift-left claimed that developers could fix security issues faster because they work closely with the code. In reality, that assumption falls apart, particularly for third-party and open-source dependencies.The Root CEO added that developers are being asked to fix code they didn’t write, don’t own, and don’t understand. “They want to build features, not reverse-engineer open-source libraries.”With over 90 per cent of modern applications built by leveraging open-source models, fixing vulnerabilities often depends on upgrades. Often, this ends up forming a risky trade-off.Upgrading dependencies has long been the go-to remediation strategy. However, recent supply-chain attacks—like “Sha1-Hulud-style malware injections”—have shown how dangerous blind upgrades can be.“If you compromise a popular repository at the right moment, malware can spread to millions of downstream projects in minutes,” Amaral warned.Organisations now face a difficult choice between upgrading automatically and risking a malware spread or pinning dependencies that build CVEs hard to fix quickly. “Pinning protects you from supply-chain attacks,” Amaral says, “but now you’ve created a CVE backlog you don’t have the resources to clear.”What Is “Shift-Out” Security?Instead of focusing remediation efforts earlier (shift-left), Amaral suggests organisations need to shift it out—removing the responsibility from developers entirely.Shift-out security stresses on pinned dependencies to prevent untrusted upgrades, automated backporting and patching for known CVEs and AI-backed remediation that operates independently of engineering teams.“Remediation shouldn’t be done by your engineers,” the co-founder of Root tells Steffen, “It should be managed by technology that operates at the same speed as detection.”This method allows organisations to keep tight control over dependencies while still meeting service level agreements for critical and high-severity vulnerabilities.“In 2026, you need a real dependency management strategy—one that assumes supply-chain attacks will keep happening,” Amaral added.With state actors increasingly targeting open-source environments, the stakes continue to rise. “Sha1-Hulud is just the tip of the iceberg,” Amaral concluded. “This will happen again and again. You need to be ready.”Shift-left helped organisations identify their risk, but it didn’t eliminate it. As vulnerability backlogs increase and engineering teams face burnout, autonomous remediation and shift-out security are becoming the next step in DevSecOps.To learn more about this approach, visit Root.io or listen to the full episode of The Security Strategist podcast on EM360Tech.TakeawaysThe shift left approach is not yielding the expected results.Only 4% of teams have achieved zero CVE depth, indicating a significant gap in vulnerability management.Remediation processes have not scaled with the speed of detection, leading to a backlog of vulnerabilities.Engineers prefer to work on first-party code rather than third-party open source libraries, complicating remediation efforts.Burnout among engineers is a critical issue due to the overwhelming vulnerability management tasks.Security is increasingly viewed as a business problem, impacting organisational success.Effective vulnerability management requires a shift towards autonomous remediation.Pinning dependencies can help mitigate risks associated with open source vulnerabilities.The Shia Lute attack exemplifies the risks of automated upgrades in software supply chains.Organisations need a cogent strategy for managing software dependencies to stay ahead of security threats.Chapters00:00 Introduction to Cybersecurity Challenges03:00 The Shift Left vs. Shift Out Debate05:48 Understanding Vulnerability Management08:58 The Role of Open Source in Security11:40 Impact of Vulnerability Remediation on Engineering Teams15:00 The Business Perspective on Security18:02 Autonomous Remediation and Its Importance20:47 Strategies for Effective Vulnerability Management#Shift-leftsecurity #vulnerabilitymanagement #autonomousremediation #softwaresupplychainsecurity #CVEbacklog #DevSecOps #Root.io #EM360Tech #dependencymanagement #shift-outsecurity

As companies speed up their adoption of AI, an old but increasingly serious problem is resurfacing: lack of visibility. In the recent episode of The Security Strategist podcast, Eric Schwake, Director of Cybersecurity Strategy at Salt Security, joined analyst Richard Stiennon to discuss why APIs, which have long been the backbone of modern applications, have become essential for AI-driven businesses.They particularly dive deep into the critical importance of API visibility and discovery in the context of rising AI integration within enterprises. They discuss the challenges organisations face in securing APIs, the significance of understanding the attack surface, and the role of governance in managing risks. The conversation also covers the emerging Model Context Protocol (MCP) and its implications for API security, as well as the future landscape of cybersecurity as AI systems become more autonomous. Schwake emphasises the need for CISOs to be proactive in engaging with AI projects to ensure security is prioritised.If this system isn’t secured, the entire organisation faces risks.APIs: The Foundation of AIAPIs have been vital to business structures for years, especially with the growth of microservices. However, Schwake argues that AI has changed the scale of the issue significantly.“We saw a big increase in the number and usage of APIs when microservices became popular,” Schwake explained. “Now, with AI, it’s just 10 times or even 100 times whatever it is for APIs.”While much of the industry talk has centred on large language models (LLMs), Schwake emphasised that the real actions—and risks—occur one layer below.“Everything happening is driven by APIs. The AI agents, the MCP servers, the agents communicating with the LLMs—all of it is API traffic.” In essence, AI may represent innovation, but APIs are the mechanisms that enable it.API is the “Nervous System” Organisations OverlookAs companies rush to implement copilots, agents, and automation, security often takes a back seat. Schwake warned that this creates a dangerous blind spot. “You need to ensure that you’re securing that underlying nervous system of this new world—and that relies on APIs.”This lack of attention has resulted in a surge of unknown, unmanaged, and “shadow” APIs, many of which were never documented or designed with security in mind. Without continuous discovery, security teams might not even know what they are trying to protect.“Visibility is a challenge in security. If you don’t have visibility, you can’t see what you’re protecting—you’re essentially out of luck.”Discovery First, Governance SecondFor the Director of Cybersecurity Strategy, API security begins with understanding the attack surface. This principle hasn’t changed in 20 years, but AI has made it more crucial. “With AI, the attack surface on APIs could grow tenfold. If you don’t have a grasp of that attack surface, you won’t be able to protect it.”After identifying APIs, the next step is governance. This includes finding owners, setting rules, and reducing risks before attackers exploit vulnerabilities. “You want to ensure that there isn’t a big open gap inviting attackers.”This becomes even more important as AI tools start writing code and generating APIs, raising both speed and risk.Schwake concluded the discussion with a clear message for security leaders. “From a CISO perspective, ensure that you engage as early as possible with these projects.”AI initiatives often start outside of traditional security processes, increasing risk by default. CISOs need to insert themselves early, understand business developments, and safeguard the underlying APIs. “You want to support business success and speed, but also ensure it’s secure.”API security is no longer a secondary issue. It’s essential for determining whether innovation can scale safely or risks becoming the next major breach story.TakeawaysAPI visibility and discovery have become crucial due to the rise of AI.Organisations are experiencing a massive increase in APIs.Visibility is essential for effective security management.Understanding the attack surface is key to protection.Governance is necessary to mitigate risks after discovery.MCP serves as a foundational layer for AI communication.The future of API security is rapidly evolving and uncertain.CISOs must engage early in AI projects to ensure security.Security should be integrated into AI development from the start.Organisations need to be aware of AI-related security threats. Chapters00:00 Introduction to API Security and Visibility01:24 The Rise of APIs and AI in Cybersecurity05:04 Challenges in Securing APIs and AI Integration07:08 Discovery and Governance of APIs09:02 Understanding MCP and API Interactions11:04 Future of API Security in an AI-Driven World13:37 Key Takeaways for CISOs#AI #Cybersecurity #APISecurity #AIAgents #AutonomousAI #techpodcast #CISO #APIVisibility #ShadowAPIs #DigitalTransformation #SecurityStrategist

AI agents are evolving into capable collaborators in cybersecurity, acting as operational players. These agents read sensitive data, trigger workflows, and make decisions at a speed and scale beyond human capability.Matt Fangman, Field CTO at SailPoint, explains on The Security Strategist podcast that this new power has costs. AI agents have turned into a new, mostly unmanaged identity type. Enterprises are just starting to realise how far behind they are.In the recent episode of The Security Strategist podcast, guest Fangman sat down with Alejandro Leal, Senior Analyst at KuppingerCole. They talked about the implications of AI agents for identity security and the rapid evolution of AI agents, the challenges of visibility and governance, and the need for operational control in managing these agents. The conversation highlights the importance of just-in-time permissions, the evolution of identity controls, and strategic moves for CISOs to manage the risks associated with agent-based operations.AI Agents Creating Brand New Identity LayersFangman notes a turning point in the last 12 to 18 months, driven by the fast development of large language models (LLMs). These models gave agents the reasoning and autonomy to change from toys in a sandbox to real virtual workers.Organizations can now train agents with goals, equip them with tools, and connect them to one another. Since these agents do not tire, slow down, or forget, companies see a chance to grow their workforce without hiring new people.The issue is: They didn’t establish identity controls for these AI workers.“They’ve created a brand-new layer of identities,” Matt says, “but without the protections, ownership, or visibility that exist for humans.”Shadow agents, sometimes numbering in the thousands, operate unnoticed. Identity teams are unaware of them, security teams can’t monitor them, and cloud teams might spot them briefly in a dashboard, thinking they are someone else’s issue. Meanwhile, the agents themselves explore, share tools, and adapt.It’s a governance gap that keeps widening.When Leal asks how the industry should respond, Fangman answers: “Start by treating agents like people. Give them roles. Define what they can access. Apply entitlements. Enforce policy.”When asked for advice for CISOs and what they should do before agents start to overwhelm security programs?The SailPoint Field CTO recommends beginning with inventory. If an organisation does not know what agents exist, what they access, or what they are doing, nothing else matters. Assigning each agent a corporate identity and tracking its behaviour is the essential foundation for everything that follows.TakeawaysAI agents are becoming operational actors in business systems.The lack of visibility into agents creates governance risks.Just-in-time permissions are essential for managing agents.Agents are evolving into peer systems within organisations.Identity management is shifting towards relationships and context.CISOs need to inventory and track agent behaviour.Behaviour logging is crucial for ensuring agent compliance.Identities for agents will be a new focus area.Control of basic identity management practices is vital.The evolution of AI agents is reshaping identity security.Chapters00:00 The Rise of AI Agents in Identity Security03:14 Challenges of Visibility and Governance05:51 Building an Operational Control Plane09:03 Evolving Identity Controls for Multi-Agent Systems12:08 Strategic Moves for CISOs in Managing Agents

As businesses approach the holiday season, security teams feel the pressure while online activity increases. At the same time, AI is quickly changing how attacks are launched and how organisations function daily.In the recent episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, sits down with Pascal Geenens, VP of Threat Intelligence at Radware, to discuss why CISOs need to rethink their long-held beliefs about attackers, users, and what “web traffic” really means in an AI-driven world.They talk about the dual nature of AI in cybercrime, the emergence of new tools that facilitate attacks, and the importance of automated pen testing as a defence strategy. The conversation also highlights vulnerabilities associated with AI assistants, such as indirect prompt injection, and emphasises the need for organisations to adopt best practices to safeguard against these threats.Also Watch: From Prompt Injection to Agentic AI: The New Frontier of Cyber ThreatsAI Attacks Lower the Barrier for CybercrimeGeenens tells Stiennon that AI’s biggest effect on security is not a new type of futuristic attack but rather its scale and accessibility. Tools like WormGPT, FraudGPT, and advanced platforms like Xanthorox AI provide reconnaissance, exploit development, data analysis, and phishing as subscription-based services. For a few hundred dollars each month, attackers can access AI-assisted tools that cover the entire cyber kill chain.This “vibe hacking” model resembles vibe coding. Attackers describe their goals in natural language, and the AI generates scripts, reconnaissance workflows, or data extraction logic. While these tools have not fully automated attacks from start to finish, they significantly lower the skills needed to engage in cybercrime. As Geenens explains, attackers can now target hundreds or thousands of organisations simultaneously, a task that once required large teams.Attackers can now afford to fail repeatedly as part of their learning process, while defenders cannot. Even flawed AI-generated exploits speed up scanning, vulnerability detection, and phishing at levels that security teams find challenging to handle. The result is a threat landscape that uses familiar techniques but operates with greater speed and intensity.Also Watch: How Do You Stop an Encrypted DDoS Attack? How to Overcome HTTPS ChallengesAI Assistants & Browsers Creating Invisible Data Leak RisksThe second, and more alarming, change that the VP of Threat Intelligence emphasises occurs within companies themselves. As organisations use AI assistants and AI-powered browsers, they delegate authority along with convenience. These tools require access to emails, documents, and business systems to be effective, and this access creates new risks.Indirect prompt injection, shadow leaks, and echo leaks turn normal workflows into potential attack vectors. For instance, an AI assistant summarising emails may unintentionally process hidden commands within a message. These commands can lead the model to inadvertently leak sensitive information without the user clicking any links or noticing anything unusual.In some cases, the data doesn't even leave the endpoint; it exits directly from the AI provider's cloud infrastructure, completely bypassing established data loss prevention and network monitoring.Meanwhile, Geenens points to a fundamental shift in traffic patterns. The web is moving from human-to-website interactions to machine-to-machine communications. AI agents browse, conduct transactions, and query on behalf of users.Bot traffic is growing rapidly, surpassing human traffic, and traditional controls, such as CAPTCHA or login challenges, are no longer effective. Defenders must now focus on behaviour rather than identity—understanding what a machine is trying to do and whether that behaviour matches business intent.For CISOs, the message is straightforward: AI is unavoidable, but it needs to be used with proper governance, monitoring, and behavioural security measures. Understand what data AI assistants can access, log their activities, and get ready for a future where most traffic is automated. Attackers have already adapted.Also Watch: Can You Stop an API Business Logic Attack?TakeawaysThe holiday season sees an increase in cyber threats.AI tools like Worm GPT and Fraud GPT are changing the threat landscape.Automated pen testing can help organisations defend against AI-driven attacks.Indirect prompt injection poses significant risks to data security.Organisations must monitor AI assistant interactions closely.Vibe hacking is a new trend that lowers the barrier to entry for cybercriminals.Behavioural analysis is crucial as machine-to-machine communication increases.Pen testing remains essential to identify vulnerabilities before attackers do.AI can automate parts of attacks, but is not fully autonomous yet.CISOs need to implement strict controls when deploying AI technologies.Chapters00:00 Introduction to Cybersecurity Threats During Holidays02:37 AI's Role in Evolving Cyber Threats05:45 The Impact of AI Tools on Cybercrime08:59 Automated Pen Testing and AI's Defensive Role11:45 Indirect Prompt Injection and AI Vulnerabilities14:37 Best Practices for CISOs in the Age of AI21:39 The Future of Cybersecurity: Machine-to-Machine Communication

Industrial enterprises are undergoing significant transformation as connected devices reshape the way they operate. IoT platforms provide new opportunities for automation, predictive maintenance, and more efficient device management. But these benefits come with challenges. In this episode of the Security Strategist podcast, host Trisha Pillay speaks with Bernd Gross, CEO of Cumulocity, about how enterprises can navigate these complexities and scale their operations successfully.Gross emphasises that the foundation of successful enterprise transformation is having the right data. Organisations need accurate information, clear visibility into device status, and meaningful context to make informed decisions. Without this foundation, even the most advanced platforms cannot deliver their full potential.Strengthening Security and Lifecycle ManagementAs the number of connected devices grows, resilient cybersecurity and cloud security are critical. Bernd shares practical insights for protecting enterprise systems while maintaining smooth operations, from managing access to ensuring device integrity across distributed networks. Alongside security, lifecycle management ensures devices are monitored, maintained, and retired efficiently. Organisations that integrate lifecycle management into daily operations see fewer disruptions and higher overall reliability.Data Strategy and Automation for Smarter OperationsConnected platforms are only as valuable as the data they generate and the processes they support. Bernd explains that a clear data strategy is essential for enriching information, understanding device performance, and driving operational decisions. Automation also plays a key role, allowing enterprises to act quickly, scale efficiently, and maintain control over complex systems. By connecting device management, enriched data, and automated processes, organisations can respond to challenges faster, optimise performance, and create a foundation for long-term transformation.This episode provides practical guidance for technology leaders looking to improve operational efficiency, strengthen security, and optimise connected platforms. For more insights and resources on connected platforms, visit Cumulocity.TakeawaysCumulocity is a leading IoT platform focused on B2B industrial use cases.Security in connected operations requires both IT and OT security measures.No open ports towards the internet is a critical security rule.Device certificates are essential for secure communication.Lifecycle management is crucial for maintaining connected devices.On-premise systems may not be as secure as perceived compared to cloud solutions.Automation can significantly reduce maintenance costs and improve efficiency.Data enrichment is necessary for effective AI model training.Many enterprises struggle with the data challenge in AI deployment.Clear business outcomes should guide IoT and AIoT initiatives.Chapters00:00 Introduction to IoT and AIoT Transformation04:40 Security Challenges in Connected Enterprises13:01 On-Premise vs Cloud Security Perceptions17:44 The Value of Automation in Device Management21:34 Operational Challenges in Deploying AI at Scale26:11 Transitioning from IoT to AIoT Data Management31:18 Practical Advice for Successful IoT and AIoT Initiatives