Welcome to Issue #61 of the Resilient Cyber Newsletter.

School year is or soon will be upon us, and for those working from home like me, it is a bittersweet time. On one hand, you’re sad to see the kids go back to school, and on the other, you can begin to at least hear yourself think amongst the backdrop of kids being kids!

Personal stuff aside, I’m excited about this issue. We have a lot of great content to explore this week, including the state of security budgets, AI, and deep dives into vulnerability scoring, so let’s get started.

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

They’re Not Breaking In — They’re Talking Their Way In

ShinyHunters, an emerging threat group, is targeting Salesforce environments using vishing and social engineering. The attacks tend to impersonate IT support, tricking employees into authorizing rogue apps and allowing the threat group to gain persistent access to sensitive data.

The consequences? Millions of records exposed, financial extortion, and reputational damage across industries like luxury retail, airlines, and financial services.

Varonis Threat Labs breaks down how these attacks work, how to stop them, and how Varonis can automate Salesforce security for your organization. Learn how attackers exploit trust, abuse OAuth flows, and bypass MFA.

Learn more about these cyberattacks

Cybersecurity Leadership & Market Dynamics

Security Budget Growth (Decline) YoY Trends by Industry

IANS and Artico Search recently conducted a Budget Benchmark Report, which supports many of the pain many have been feeling in cyber. While many quip that cybersecurity is immune and insulated from broader economic headwinds or challenges, as it turns out, that isn’t always the case.

Their survey showed that security budget growth is declining or flat in some sectors YoY from 2022-2025. This is likely due to broader economic challenges, but also more scrutiny of security budgets, leadership emphasis on Return on Security Investment (ROSI), and the push for consolidation and to get a handle on security tool sprawl that is driving the platformization push in the industry that Palo Alto Networks and others are making.

Cybersecurity Funding Snapshot

I continue to follow Matthew Ball of Canalys because he routinely shares excellent insights on the cyber ecosystem from a market perspective. He recently shared the image below along with some helpful insights.

Matt covered key points, such as:

• In the first half/six months of 2025, pre-IPO cyber vendors raised a total of $6.74 billion, across 350 funding rounds and slightly higher than the same period in 2024, which was $6.72

• 63 vendors are emerging as the next wave of partners, raising significant funding, and these are firms that have been around for 12 years on average

• Others are positioned to scale quickly, accumulating over $100 million or other values below that, but with strong indicators of future growth, seen at the bottom of the image
  

Cyber Funding Snapshot and Funding Rounds

Speaking of Canalys, Jay McBain, who works with Matthew, whom I cited above, also shared some great insights recently. This includes the fact that the Top 20 pre-IPO cyber companies have raised more than $20.60 billion this year (end of Q2 2025). The largest funding rounds involve leaders such as Cyera, Chainguard, Island, and others.

Jay points out that 73% of the funding was by US-headquartered firms, followed by 14% from Israel.

Competitive Advantage Through Cybersecurity: A Board-Level Perspective

This piece from McKinsey and NACD captured insights from five industry-leading CISOs and board directors about how cybersecurity is changing and how CISOs and Directors can use their position and influence to drive competitive advantage through cybersecurity.

The CISOs being interviewed discuss the challenges of dealing with diverse boards, many of whom have financial and business backgrounds rather than technology backgrounds. They also share insights on how they prepare for board meetings and position cyber issues for input and awareness.

The interview provides valuable perspectives from existing CISOs and board members and is worth reading for those looking to understand better how they can communicate cyber issues to the board.

Why Escape Velocity Is More Important Than Ever

This piece from Reforge also discusses the need to achieve accelerated ARR and broader revenue goals. It opens by discussing how Lovable hit $100M ARR in just 8 months from launch, outpacing traditional metrics, even for outstanding industry-leading firms. Many rapidly growing firms focus on “Vibe Coding” or supporting development workflows more broadly, including examples such as Glean, Cursor, and Codium. These firms hit the Development Platform and Tooling aspect of the previous piece I shared from Bessemer.

Using Lovable as an example, the author discusses how they have navigated three distinct market trends:

• Massive AI interest

• Incumbent mirroring

• Distribution scarcity

This includes riding the wave of AI hype, incumbents copying innovators, and a distribution scarcity creating intense competition.

They argue that this is causing startups to need to get massive distribution quickly to reach “escape velocity” and stay on a trajectory to be lasting industry leaders. As the author notes, speed cuts both ways, though. Just as quickly as an innovator can get breakout velocity, incumbents can copy them.

While the piece isn’t about cybersecurity, many of the same principles apply to the cybersecurity startup and incumbent landscape.

Yes, AI is in a Bubble

At least according to OpenAI CEO Sam Altman. Sam recently discussed that investors are overexcited about AI and compared the current market fervor to the 1990s during the dot-com bubble, which, as we all know, was eventually followed by an associated crash.

Sam cited the small team sizes, high valuations, and abnormally large funding rounds as evidence of the current market hype around AI. He even went on to say:

“That’s not rational behavior, someone’s going to get burned there, I think”

Continuing the interview, Sam said he expects OpenAI to survive the forthcoming burst and that they intend to spend trillions on data center construction soon.

Sam’s comments reminded me of recent comments from Peter Walker, Head of Insights at Carta, whom I regularly follow.

Peter recently stated:

“We are back in a startup bubble, 4 years after the 2021 bubble peaked”.

Peter shared the below image, stating medium figures in every stage are higher than they were last year and rival all-time peak values and points out in some cases (such as the WOW column) we are in a new peak bubble that even makes 2021 look weak.

AI

The State of AI 2025

AI, of course, is dominating headlines, including everything from venture capital to cybersecurity. That is why it was great to check out this State of AI Report from Bessemer Venture Partners (BVP).

As the report discusses, we’re moving past AI's initial big bang and starting to get a stable sense of the ecosystem, including foundational companies, best practices for building, and patterns for startup success.

One of the biggest takeaways from the report is how AI has redefined what “good” looks like from a metrics and benchmark perspective, no longer aligning with benchmarks from the SaaS era.

Since 2023, Bessemer has deployed over $1 billion in capital to AI-native startups. Not only are countless AI-native startups forming, but every established SaaS company is now weaving AI capabilities into its products as well.

Below are examples of new benchmarks when it comes to AI-native startups:

They draw distinctions between what they dub “supernovas” and “shooting stars,” showing the wide range and disparities among AI-native startups. Some achieve unheard-of, rampant, accelerated growth, while others achieve substantial growth by traditional standards. Despite the rapid ARR growth, the report does highlight how tight margins are, being close to zero or even negative in some cases, and we have seen some highlight this with memes, including inference costs, etc.

The report provides some insights into the average gross margins of the supernovas, as listed below:

They discussed how AI “Shooting Stars” more closely resemble traditional SaaS companies, with quick PMF and customer retention/expansion, but not as insane initial ARR’s.

While it could be tempting for founders to hyperfocus on supernovas, Bessemer argues that the shooting stars will include hundreds of new startups, which is what AI founders should aim for.

The report then discusses a roadmap for the AI cosmos, including AI infrastructure, developer platforms and tooling, horizontal and enterprise AI, vertical AI, and consumer AI. It also lays out five key predictions.

Resilient Cyber w/ Andrew Carney DARPA AI Cyber Challenge AIxCC

In this episode, I interview Andrew Carney, the Program Manager for DARPA's AI Cyber Challenge (AIxCC).

DARPA's AIxCC recently concluded at Black Hat, and it brought together the industry's leading experts on AI and Cybersecurity, focusing on securing software critical to all Americans.

Teams had to create novel AI systems to secure critical code, including software involved in critical infrastructure.

Listen on:

• Apple Podcasts

• Spotify

• YouTube

  ---

  We discussed:

• The background of the DARPA AI Cyber Challenge and some of DARPA's historical work, including the Internet!

• The importance of open source software and how it powers everything from consumer goods to critical infrastructure and national security systems

• How the challenge worked, and the way teams used AI and autonomous systems not only to discover but also help patch/remediate vulnerabilities

• The dual nature of AI and how it can be wielded for defenders and attackers alike

• What DARPA is up to next

NIST to Release Security Control Overlay for Securing AI Systems

NIST recently released a concept paper and announced that it will release a security control overlay for securing AI systems for its NIST 800-53 security control catalog, which underpins many popular compliance frameworks, such as FedRAMP, RMF, CSF, and more.

They laid out how the 800-53 AI Security Control Overlay intercedes with other related NIST AI efforts such as the AI RMF and others below:

In short, the overlays aim to provide security controls to manage unique risks for users and developers of AI systems in specific scenarios. They also envision it being able to be used by both organizations using AI, as well as developers of systems involving AI:

AppSec, Vulnerability Management & Software Supply Chain

Conflicting Scores, Confusing Signals: An Empirical Study of Vulnerability Scoring Systems

The more time I spend in this field, the more I believe that Vulnerability Scoring systems are all flawed, imperfect, and just one indicator to drive vulnerability prioritization.

This latest research confirms that, including a lack of correlation across scoring frameworks, limited accuracy in exploitation (including for EPSS), and overall provide limited triage guidance in isolation.

More and more I'm convinced of the importance of organizational context, business criticality, data sensitivity, reachability, architectural considerations, compensating/mitigating controls and runtime detection and response.

I know we all wish there was a silver bullet and that the "x" vulnerability scoring framework would be the panacea for prioritization, but that isn't how any of this works, and it likely never will be.

There are no shortcuts - you have to do the work 🤷‍♂️

Zero Trust is a Bust

Or, at least the leading ZT tools are. That was one of the key points recently made at DEFCON. While ZT has been a trend and term cyber marketing teams have clung to for years, researchers have shown that the leading ZT vendors/tools are rife with vulnerabilities and weaknesses.

They found Checkpoints' product had hard-coded encryption keys, which exposed customer data, Zscaler’s SAML implementation failed to validate signatures, and Netskope suffered from cross-tenant vulnerabilities, letting attackers compromise any organization using leaked enrollment keys. All of these examples violate fundamental tenets of ZT.

This also aligns with an article I wrote recently, calling out the uncomfortable truth that “Your Security Tools May Be Making You Insecure”. In the piece, I spoke about the fact that many security tools are vulnerable and often shelfware, not fully implemented, configured, tuned or used - leaving organizations more vulnerable as these products sit around with elevated permissions and access.

A “Window Sticker” for Software

We’ve heard a lot about software supply chain security in the last several years, since the fallout of events such as Log4j, SolarWinds, and others, as well as the Federal Executive Order (EO), which placed a large emphasis on supply chain security.

Hell, I even wrote a book titled “Software Transparency” on the topic.

This piece from Lawfare discusses the concept of a “Window Sticker” for software, and how buyers can use performance measures to drive better security in software products.

The above image exemplifies what the proposed sticker “could” include, citing examples of compliance alignment, CISA’s SbD pledge, SCA results, product security features, etc.

While on the surface, this is a well-intentioned concept and not a new one, and I like the idea of trying to drive consumers to force vendors to create more security products, the reality is much more nuanced than this.

Most consumers understand little of what this image shows, and more importantly, they know that there is a significant amount of nuance and details this image can’t reflect.

CISA SbD signatories such as Fortinet and others routinely drop news of their products being exploited by zero days. SBOMs have lingering challenges around completeness, correctness, and quality. Not all SCA “Criticals” and “Highs” reflect real-world risk when aligning with CVSS, and much more.

Due to these complexities and the fact that consumers often want the cheapest, not the most secure products, I don’t anticipate this vision becoming a reality anytime soon.

GRC Engineering Learning Hub

You’ve heard me talk a lot about GRC Engineering, and the crew that released the GRC Engineering Manifesto recently released a Learning Hub. This includes, books, courses, labs and podcasts on the topic.

I was pleasantly surprised to see my own conversation with my friend AJ Yawn’s conversation listed among the podcasts.

It also lists a lot of helpful blogs, newsletters and talks and interviews. The learning hub is worth bookmarking and referencing for those interested in GRC Engineering.

Subscribe now

Welcome to the post Black Hat issue of the Resilient Cyber Newsletter.

Coming out of Hacker Summer Camp week, it feels like everyone is trying to catch their breath, dig out of their inbox, and get back into a flow.

I’ve got a lot of great resources this week to share, including a Black Hat Security Vendor Breakdown, AI’s impact on VC, discussions on securing agentic AI, and a look into transparency challenges with CVEs.

So, here we go!

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

AppSec’s New Horizon

As development teams move faster, shift-left strategies have stalled at detection and aren't keeping security issues out of production.

Join the upcoming virtual event to get a practical, prevention-first AppSec blueprint—powered by new Unit 42® research and real-world lessons from Palo Alto Networks' own security teams.

Learn how to stay ahead of emerging threats, intelligently block risks from reaching production, and scale AppSec without slowing developers down.

Don’t miss this look into the future of application security with Cortex® Cloud.

Secure your spot

Cyber Leadership & Market Dynamics

The State of Security Vendors - Black Hat 2025

If you’re like me, you unfortunately (or fortunately) didn’t make it out to Black Hat/Hacker Summer Camp this year, but are still looking to keep up to date with how it went, key takeaways, themes, and so on.

Luckily, industry leader Andy Ellis put together a concise summer:

• 359 total vendors

• 118 vendors mentioned AI

  • 18 mentioned securing your AI usage

  • 20 mentioned agents/agentic

• Code Security was the largest presence, with 105 vendors

• 32 vendors mentioned being a platform, leaning into the platform vs. point solution play

• Zero Trust was only emphasized in 6 booths, demonstrating that the trend seems to be dying down a bit

The report is full of these insights and much more, and I personally appreciate Andy putting this together for the community, especially those of us who couldn’t make it to the event this year.

Platform Expansion via M&A

We hear a ton about the push for “platformization”, or consolidation, as large vendors such as Palo Alto Networks (PANW) make the case for Platforms vs. Best of Breed, but seeing metrics and drivers is helpful.

Matthew Ball of Canalys recently shared some of those insights, showing how platform expansion is driving M&A and how the majority of M&A involves pre-IPO-funded companies, with less than 20 firms being by far the most active acquirers.

He points out some of the acquisitions they analyzed: 104 acquisitions by 44 acquirers from 2022 to 2025 so far. The most active acquirers include some familiar faces, such as Cisco, Palo Alto Networks, Checkpoint, Proofpoint, ZScaler, Crowdstrike, and others. If you read the recent piece on industry consolidation I shared from my friend , you’ll also recognize many of these vendors and trends. These 104 acquisitions totaled $154 billion.

Matthew provides rich analysis in his post I linked to, so I suggest going to read it, but some key takeaways:

• Of the 86 pre-IPO acquired companies

  • 33% were seed or pre-seed

  • 49% were early stage (e.g., Series A or B), with Series A being the most common

  • The remaining 19% were Series C or beyond

  These activities involved over 500 investors, with Cisco again being the most active, but other large names such as Salesforce Ventures, Sequoia, and Insight Partners.

AI is Eating Venture Capital: The VC Dry Powder Forecast

I found this piece from Jon Sakoda of Decibel Partners to be very interesting. Jon lays out the dynamic that is playing out, where a significant share of “dry powder” (e.g. VC fund cash on hand) is being deployed, largely to AI and AI-focused firms, but at the same time, fundraising is hitting lows.

Jon states:

2025 has been one of the best years in the history of venture capital for founders, with over 10,000 companies announcing $162 billion in financings in just 6 months. These numbers rival the glory days of 2021 - the stock markets are back to all time highs, the AI platform shift is in full swing, and the VC industry is on pace to make this year the most active in its history. Now that the party has started, do we know how long it will last?

As he discusses, AI has dominated VC investments, representing 60% of all investments.

But as Jon shows, despite this tremendous run of investments, fundraising has taken a massive dip:

Jon demonstrates that we’re well through the high dry powder phase, with massive allocations having taken place:

Jon isn’t necessarily saying there is trouble at hand, but the metrics above do present good questions about what the landscape will look like in the coming years, as firms are “all-in” on AI-centric investments, exhausting a good deal of dry powder, but without substantial new fundraising occurring, what will backfill it and what are the implications for future founders not riding the present wave?

GSA Doubles FedRAMP Authorizations Compared to Last Year

In an amazing demonstration of program modernization and innovation, the U.S. Federal governments Cloud Compliance & Authorization program, FedRAMP, has doubled its number of authorized cloud services in 2025 compared to the year prior. This is part of the broader FedRAMP 20x efforts by the FedRAMP PMO, who have been embracing GRC Engineering principles and modernizations such as:

• Context-rich vulnerability prioritization and remediation

• Automating assessments using API’s and Cloud-native services

• Leaning into engineering principles such as IaC, machine readable artifacts and automated workflows

This is a great example for industry and government alike of the direction that Governance, Risk and Compliance (GRC) should be heading to catch up with technological and engineering trends that have largely left the compliance industry behind.

AI

DARPA Announces AI Cyber Challenge Winner

DARPA recently announced the winner of its AI Cyber Challenge (AIxCC). The challenge involves using AI-driven systems that are capable of identifying and patching real world vulnerabilities. Team Atlanta, which won, among others, were able to demonstrate their AI-driven systems could identify and patch vulnerabilities in open source software, including those impacting critical infrastructure.

This is a really promising effort that has large implications for cyber defenders if the technologies can be refined and scaled to keep pace with attackers attempts to exploit vulnerabilities.

I’ll be interviewing Andrew Carney of DARPA on my Resilient Cyber Show soon to dive into this so be sure to keep an eye out for that discussion!

I Built an AI Hacker. It Failed Spectacularly

With all the headlines about AI-powered offensive security tools overtaking leaderboards such as Hacker One or LLMs finding zero days, many would assume that AI hacking tools are well on their way to being amazing resources in Offensive Security.

The truth is that it is a bit more complicated than that, as Romy Haik lays out in a recent blog. He set out to build an autonomous agentic pen testing tool. As he mentions, on the surface, the idea is enticing to the entire industry, these autonomous tools and capabilities that never rest, constantly testing, exploiting, and identifying new vulnerabilities and aspects of systems that need to be bolstered; however, his reality proved to be a bit more nuanced than that.

He built a multi-component and phase AI hacking tool to carry out various aspects of the attack lifecycle:

He then pointed at intentionally vulnerable resources typically used for AppSec testing and learning. The results?

My Autonomous AI:

• ✅ 1 Remote Code Execution (RCE)

• ✅ 1 SQL Injection

• ✅ 3 Cross-Site Scripting (XSS)

• ❌ Massive number of false positives

• ❌ Even more false negatives

He also lays out some aspects beyond AppSec that are tied to the economics of AI as well:

The Brutal Economics of AI Hacking

The performance gap was embarrassing, but the cost analysis was the real gut punch:

• Runtime: 100 iterations took 3+ hours (sometimes 25 iterations took over an hour)

• Compute costs: Cloud infrastructure running continuously

• API costs: Thousands of OpenAI calls for planning, execution, and parsing

• Accuracy: Significantly worse than both humans AND traditional tools

The system wasn't just slower than a human. It was more expensive and far less accurate.

He lays out some painful lessons learned regarding AI and LLMs for OffSec and advocates for a hybrid approach of using AI as a force multiplier rather than a full replacement.

None of this is to say that AI doesn’t and can’t be effective for OffSec, but that it isn’t as simple as many suspect.

Securing Agentic System Design: A Trait-Based Approach

There’s no denying that agentic systems and workflows introduce some unique considerations for cyber defenders. This piece from Cloud Security Alliance (CSA) attempts to provide specific guidance for securing agentic environments.

It helps:

• The identifying characteristics and unique security challenges of agentic systems

• Why securing agentic systems requires a fundamental shift from a "perimeter defense" mentality to a "Zero Trust, continuous verification" one

• What a trait-based approach to agentic system design looks like

• Key traits and patterns, including orchestration, communication, planning, perception and context, agent learning, trust, and tool usage

• The need for close collaboration between AI practitioners, security professionals, and system architects

AgentFlayer: When a Jira Ticket Can Steal Your Secrets

Researchers continue to find novel ways to exploit LLMs and agents, with one of the latest examples being dubbed “AgentFlayer” by the Zenity team. It involves a zero-click attempt through malicious prompts in Jira tickets, which can cause Cursor to exfiltrate potentially sensitive data from your repositories or local file system.

A key part of the attack if Cursor being set to auto-run mode, to avoid manual approvals of tool calls. If this sounds silly, it shouldn’t, given it is a common configuration of users wanting to avoid prompt approval fatigue.

What’s funny in the scenario Zenity used is instead of using the term “API Keys”, they used the term “Apples” while still functionally having Cursor look for and potentially expose the same thing - e.g. secrets. It shows how the play on words and natural language nature of LLMs just make them inherently challenging to govern from a security perspective, despite the best attempts to build in guardrails.

Securing Agentic AI: How to Protect the Invisible Identity Access

Identity and Access Management (IAM) remains a key topic of concern regarding Agentic AI. This piece on The Hacker News by Astrix Field CTO Jonathan Suder discusses the topic, along with how to go about securing agentic identity.

As he discusses, AI agents redefine identity risk due to:

• Autonomy of agents

• Unpredictable behavior of LLMs

• The fact that existing IAM tools were built for human users

Typical human identity controls can be applied to AI agents as well:

Key activities involved in securing AI agent access include:

• Discovery and governance

• Lifecycle management

• Threat detection & response

Of course, these activities were and still are relevant for securing human users. Still, now agents are poised to exponentially outnumber human users in enterprise environments, massively expanding the attack surface and complexity of managing these risks.

Astrix Security is a purpose-built platform focused on these risks and is one of the teams leading the charge to secure agents' IAM.

AppSec

CISA Officials Commit to Supporting CVE Program

The CVE program has been a key point of discussion among the AppSec and broader cyber community over the past year, especially due to the ongoing struggles of the NIST NVD and CVE itself, which have nearly lost funding and support from CISA. However, at a recent Black Hat panel discussion, multiple CISA officials committed to CISA’s ongoing support of the CVE program.

They also emphasized the CVE program's critical role in vulnerability management and its centrality to “all of our cybersecurity operations.”

CVE’s Challenge with Transparency

Speaking of CVEs and the CVE program, I recently shared “CNA Scorecard” from my go-to Vulnerability Researcher, Jerry Gamblin. Jerry also recently shared his BSides slide deck and talk unpacking challenges with transparency around CVEs and their data quality.

His presentation has some great summaries of key CVE concepts:

This includes what makes a CVE actionable, such as understanding the type of flaw, what products it affects, how severe it is, and how it can be fixed.

He also has a slide summarizing the crisis around the CVE Program:

The deck has many great insights beyond this, including a proposed path forward out of the mess, so I recommend checking it out in full.

SBOM Divergence and Harmonization

Software Bill of Materials (SBOM) has become a key topic in the broader open source and software supply chain conversation. However, one fundamental challenge and often a key point from detractors or skeptics is the quality and consistency of SBOM outputs from various tools. As they rightly point out, different SBOM tools often produce different SBOM outputs for the same piece of software.

That is exactly what an effort from the Software Engineering Institute recently found, while also making some recommendations for reconciling or harmonizing these challenges.

The team produced a GitHub repo as part of the SBOM Plugfest, where the results and additional data for those interested are recorded.

Subscribe now

The incident involved stolen credentials via an infostealer malware that could be used to access customers’ Snowflake instances. The Varonis Threat Labs team set out to put together some of the most comprehensive and detailed information related to the incident, including helpful diagrams such as the one below:

Mandiant stated the stolen credentials dated as far back as 2020 and allowed the threat actors to gain access to the affected customer accounts and even export significant amounts of customer data from the impacted customer Snowflake instances, which led to subsequent extortion attempts, threatening to sell the data to cybercriminals etc.

The incident also led to much discussion among the community about the fundamental shared responsibility in the cloud, including for SaaS providers and customers, and the importance of safe configurations and security controls within their instances of SaaS environments.

To say SaaS configurations, including those of leading platforms and providers such as Snowflake, are complex would be putting it lightly. That’s why it’s awesome to see industry leader Varonis launch Operation Frostbyte—the first Snowflake GOAT. In this intentionally misconfigured environment, practitioners can tinker, test, and learn how to properly secure their Snowflake environments and keep sensitive data safe.

It’s often said that bank robbers target banks because that’s where the money is, and it can be said that malicious actors target platforms such as Snowflake, where the enterprise data is. This may be sensitive information such as PII/PHI, financial information, enterprise credentials, and even security data for use cases like security data lakes.

How Varonis approached building Snowflake GOAT

There are various intentionally vulnerable technologies, products, and environments out there as the security industry realizes how proper a lab environment can be for educating security practitioners and offering them an opportunity to get hands-on.

The Varonis team set out to build realistic attack paths and scenarios, such as excessive permissions that can allow privilege escalation and potential lateral movement into other sensitive data. They built Snowflake GOAT with practitioners in mind, whether it is red teams looking to sharpen their saw, defenders looking to better understand the potential risks of their enterprise Snowflake implementations, or others. It offers opportunities for both offensive and defensive cyber operators.

They are even hosting a DEF CON workshop to empower the community to kick the tires, hosting a capture the flag (CTF) event where folks can play along, have fun, and see how they fare with exploiting the Snowflake implementations.

Getting Going

Varonis took a fun approach as well, with a video game-themed implementation. They also leaned into the mantra of open source. Rather than hosting the game in a central location everyone must use, they provide the code via open source, allowing folks to download the data, scripts, and clues they need to participate in Snowflake GOAT.

A users environments are provisioned via Terraform, making them declarative and repeatable, with users able to both quickly stand up and tear down testing and learning environments of the intentionally misconfigured Snowflake implementation.

You also have an opportunity to get hands-on with the data in Snowflake, given it is the core value of the Snowflake platform and generally what attackers are after, and what defenders need to prevent against.

Organizations can download the code and spin up a vulnerable/misconfigured Snowflake instance to easily test, learn, and develop defensive capabilities for their Snowflake instances.

This represents an awesome resource for the community. It lets both defenders and offensive security practitioners use it, provide feedback, and even develop different scenarios to prevent future Snowflake incidents.

So dive in, roll your sleeves up, get your hands dirty, and learn how to protect your organizations from risks associated with Snowflake today!

Check Out Operation Frostbyte

Welcome to Issue #59 of the Resilient Cyber Newsletter.

It’s Black Hat/Hacker Summer Camp week and the news cycle is in full effect, from product launches, publications, M&A and more.

I hope you enjoy the resources this week!

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

AI Agents That Triage Vulnerabilities for You

Vulnerability management is broken - bloated backlogs, endless false positives, and constant pressure. Maze changes that. Our AI agents autonomously triage and resolve cloud CVE findings, cutting out the noise so your team focuses on what truly matters.

Think of it as having expert security engineers on demand: contextual, precise, and always on. Faster fixes, fewer escalations, and finally, a backlog you can get ahead of.

Find Out How It Works

Cybersecurity Leadership & Market Dynamics

Resilient Cyber w/ Sid Trivedi - Black Hat, Cyber and AI Opportunities

In this episode, we sit down with Sid Trivedi, Partner at venture capital firm Foundation Capital and host of the Inside the Network podcast.

Sid brings great insights around cybersecurity market trends, industry events such as Black Hat, and the impact that AI is having on the startup and venture capital ecosystem.

We discussed:

• His team at Foundation Capital, where and how they invest, and how they identify opportunities.

• Black Hat (Hacker Summer Camp) and the Startup Spotlight Competition: how they work, what teams are involved, and the benefits for the cyber and venture capital community.

• Other Black Hat events include the Innovators and Investors summit and what they help facilitate.

• M&A Headlines, from Palo Alto Networks (PANW) acquiring CyberArk to other rumors such as Datadog and Upwind, and what we’re seeing play out in the cyber industry related to platforms vs. best of breed.

• How innovative startups can stand out and why a few players will never dominate the cyber ecosystem due to the countless niches, evolving threats, and changing technologies involved.

• The impact of AI on the venture capital and investment landscape and what opportunities there are for AI when it comes to cybersecurity, both for attackers and defenders

• The concept of Services-as-a-Software and the opportunity and Total Addressable Market (TAM) for labor and services work typically associated with software and why it is such an enticing opportunity for both founders and investors.

• Sid’s podcast, “Inside the Network,” interviews industry leaders who have built defining companies, sharing their hard lessons, wisdom, and insights with the community.

Intent Over Tactics: A CISO’s Guide to Protecting Your Crown Jewels

The role of the CISO inevitably can feel overwhelming. Never-ending threats, new technologies, business goals, churn among your team, tool overload, budget constraints, etc.

This piece from longtime industry leader Caleb Sima helps hone in on what matters most. He phrased it as “a practice guide to protecting your most critical assets when budget, headcount, and political capital are tight.”

Caleb discusses constraints nearly all security leaders grapple with, such as:

• A large and complex attack surface

• Limited resources

• Inevitability of breach

He lays out an approach leaders can take to protecting their organizations' crown jewels, which includes identifying them, finding them, and securing them using a threat assessment approach.

SentinelOne to Acquire Prompt Security

Another major GenAI Security acquisition is underway. This time, SentinelOne is acquiring Prompt Security in efforts to advance GenAI and Agentic AI security. This comes on the heels of Palo Alto Networks' (PANW) prior announcement to acquire Protect AI, which was announced during RSA, with the SentinelOne announcement coinciding with Black Hat.

This aligns with broader industry discussions and rumors about industry leaders racing to keep pace with the rise of GenAI and Agentic AI, ensuring their platforms and products stay relevant and position themselves as leaders regarding AI security.

M&A Spotlight Shifts to Lasso, Aim, and Pillar after SentinelOne’s $250M Prompt Deal

Following the acquisitions of Protect AI and Prompt, M&A attention is turning to the remaining innovative startups focused on AI Security, such as Lasso, Aim, and Pillar Security.

This piece from CTech states that the above firms have already received acquisition offers from industry leaders such as Check Point, ZScaler, and F5. It will be interesting to see if the above firms or similar companies become the next in the string of AI Security acquisitions as industry leaders race to position themselves at the forefront of securing enterprise AI adoption.

20 Years of Cyber Consolidation: How 200 Companies Became 11

Over the past couple of years, we’ve heard a lot of discussion around platformization and consolidation in the cyber industry. But what does that actually look like? This excellent piece from my friend thoroughly lays out how 200 cybersecurity companies became 11 industry giants.

Ross draws parallels to the U.S. Department of Defense (DoD) Government Contracting ecosystem and discusses the four stages of industry consolidation and the factors that drive it.

This is a great read for folks looking to understand the cyber ecosystem and its key players' past, present, and future.

Former and Current Officials Clash Over CISA’s Role in U.S. Cyber Defenses at Black Hat

In a rare occurrence, former and current Government officials associated with CISA and the NSA publicly demonstrated a difference of opinion during a recent event related to Black Hat.

It involved CISA’s Communications Chief and former NSA Leader Rob Joyce. The difference of opinion was focused on the impact of scaling back the federal cyber workforce. The CISA official focused on refocusing CISA on its core mission as part of the workforce reductions, while industry security leader Rob Joyce stressed the impact it will have on the Federal cybersecurity landscape, arguing it sets the ecosystem back in terms of security, when it was already struggling

AI

IdentityMesh: Exploiting Lateral Movement in Agentic Systems

As we continue to see the rising adoption and excitement around agents, many are beginning to explore how they can be exploited and the implications for organizations.

This latest piece from AI security leader Lasso explores how agents can be exploited to move laterally across environments and systems. It demonstrates how malicious content can be read by an agent and then subsequently acted upon through later operations on other systems that the agent interfaces with.

Lasso explains how, through AI agents' unified operational identity, attackers can leverage indirect prompt injection and the unchecked flow of information across traditionally isolated identities to propagate malicious actions across various system boundaries.

Some example scenarios:

AI SOC Market Landscape for 2025

One of the areas seeing the most interest within Cybersecurity for AI use is arguably SecOps, based on the number of startups and venture capital allocation. But trying to understand the AI SOC market landscape can be difficult with so many different players, capabilities, and more to make sense of.

This piece from does a great job of framing the current AI SOC landscape, including the various players, trends, and more.

State of Agentic AI Security and Governance

One key theme missing from many conversations about the excitement and adoption of Agentic AI is Security and Governance. IBM's latest Cost of a Data Breach Report evidenced this, finding that the majority of organizations lacked policies and processes to govern Agentic AI (and AI more broadly).

That's why this publication from OWASP GenAI Security Project is timely. It covers the State of Agentic AI Security and Governance, including:

• A taxonomy for agents and their various use cases

• Agent frameworks and the protocol landscape, for interacting with tools, communication between agents and taking actions

• Threats and Mitigations for various risks associated with Agentic AI

• A look at both the regulatory and compliance landscape, as well as future trends and emerging requirements for Agentic AI

  
  Another excellent publication by the OWASP® Foundation team, on a key topic as Agentic AI adoption and exploration heats up!

AppSec, Vulnerability Management, and Software Supply Chain Security

CNA Scorecard

As most of us know, the vulnerability database and scoring ecosystem is a complete mess. From the near collapse and continued struggles of the NIST NVD to the continued irrelevance of CVSS for prioritization, organizations are drowning in CVEs, and more.

This new resource from Jerry Gambling presents a CNA Scorecard and looks to track CVE Data Completeness. Let’s say the figures aren’t pretty.

As he points out, only 2% of CVEs have CPE data, and only 5% have patching information. This hinders automation and leaves security teams in the dark about how to mitigate risks best.

Jerry defines 5 key categories for CVE Data Completeness, as identified below:

The figures speak for themselves and demonstrate the challenges downstream security teams face when understanding what software CVEs apply to or what relevant patches, fixes, and mitigations are.

Automate Security Reviews with Claude Code

One interesting development in the industry is the rising number of AI development platforms looking to add security capabilities natively. While many AppSec vendors are accustomed to filling gaps on native development platforms, cloud environments, etc., the introduction of capabilities focused on AppSec directly by the development platforms poses a challenge.

One such example is Claude Code's recent addition of code security review. They’re doing this via a GitHub Actions integration and the use of the/security-review command. The Claude team released a video showing how it works:

The Claude team states that it can help identify vulnerabilities such as:

• SQL Injection

• XSS

• Authentication and Authorization Flaws

• Insecure Data Handling

• Dependency Vulnerabilities

This can be used to automate security reviews for new PR’s.

What will be interesting to see evolve is the token cost associated with usage of this capability, as well as how it impacts broader AppSec companies offering a similar capability and integrating with workflows associated with some of the leading AI coding platforms.

Securing AI Coding Assistants: A Total Cost Analysis

We know that coding assistants such as copilots and LLM development are seeing rapid adoption across the entire landscape. But what does it take to secure their use, and what is the total cost analysis of their usage?

As this piece from Endor Labs points out, teams are seeing 10-40% increases in code velocity because studies are finding that 62% of AI-generated code is also insecure by default, and developers using AI coding assistants are twice as likely to write insecure code.

Endor discusses how AI-generated code suffers from the same types of weaknesses as broader open source code, which makes sense given that the leading models are trained on large open source datasets. However, traditional SAST tools aren’t poised to meet some of the deeper design flaws and risks that AI code can introduce, either.

As Endor points out, manual code review wasn’t already scalable for a team with a few thousand developers, let alone their increased 10-40% improved code velocity and volume. Endor provides some helpful metrics to show the cost of code review with typical scenarios:

Endor is one of the AppSec organizations pioneering the use of Agentic AI for AppSec use cases, such as multiple agent personas to do security reviews of PR’s, classify risk, prioritize issues, and more. They lay out some of the metrics below based on the use of AI Security Code Review, which is saving thousands of hours annually:

I dove deep into Endor Lab’s CEO, Varun Badhwar, on these topics on an episode of Resilient Cyber titled “AI for AppSec - Beyond the Buzzwords”:

State of Exploitation - A Look into the 1H - 2025 Vulnerability Exploitation & Threat Activity

It’s always good to reflect back on the state of vulnerability exploitation to understand key themes and trends. This piece from my friend Patrick Garrity over at VulnCheck provides exactly those insights along with some great visualizations.

They identified:

• 432 CVE’s that were being reported as being exploited for the first time

• 32.1% of KEVs had exploitation evidence on or before the day the CVE was issued, an increase from 23.6% in 2024.

• Reported exploitation attributed to threat actors in China and North Korea decreased while exploitation attributed to Russia and Iran threat actors increased.

• 26.9% of KEVs first seen in the 1H-2025 were still awaiting analysis by NIST

• While Open Source Software is impacted by a growing number of exploited vulnerabilities, our research shows that proprietary software such as CMS platforms and plug-ins, network edge devices, and server software are larger contributors to mass exploitation - not necessarily open source software.

• 147 of 181 unique CVEs that were used by known threat actors had evidence of exploitation prior to 2025, demonstrating that threat actor exploitation disclosure often lags behind disclosure of initial exploitation evidence.

Some really interesting insights here to call out, such as the fact that 32% of KEV’s are zero days with evidence of exploitation before a CVE is even issued, and the ongoing struggles of the NIST National Vulnerability Database (NVD) when it comes to analysis. Lastly, despite all the hype and focus on open source in the context of software supply chain security, proprietary software vendors and products are still the primary attack vector impacting the ecosystem.

Subscribe now

Want to know what’s alarmingly absent from those conversations?

Oversight.

At least that is the key theme of the latest IBM Cost of a Data Breach Report (2025).

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

While the report covers a variety of topics, I’ll be sticking with the reports theme and focusing on some of the findings that are AI-specific. Below are the key findings summarized by the report:

One interesting stat from the report is that the average cost of a data breach fell globally, but broke a record in the U.S., with the average reaching $10.22 million, a 9% increase from the year prior. The report states this figure is driven by increased regulatory fines as well as higher detection and escalation costs.

I thought this was a bit ironic of a statement, given we’re seeing the U.S. openly embrace a push for deregulation, while other regions such as the U.S. are seeking to increase regulation, especially around areas such as AI and Cybersecurity.

The report goes into much more detail for specific industry verticals and so on, but I again want to focus on the reports theme, which is a neglect of oversight related to AI as well as claims of reduced incident costs, as teams embrace AI from the defenders perspective.

Before we jump right to that though, there are a few painful things to call out, despite the global decrease in incident costs (not you U.S.!), it is taking several hundreds of days to identify and contain data breaches across various environments, whether they are cloud-native, hybrid or even on-prem.

The most costly attacks include third-party vendor and supply chain compromises and phishing, as well as malicious insiders, although those were not as common.

Those same attack vectors also took the longest to identify and resolve:

One great thing to highlight is that organizational security teams are getting better are incident and breach identification, versus finding out from a third party or the attacker themselves:

This seems to support the always elusive Return on Security Investment (ROSI) metric that many security leaders struggle with when demonstrating value to the business.

AI Oversight - Not Even Once

Now, for the report's concerning part and key theme, The report specifically calls out shadow AI and states that AI security is lacking.

They found that 97% of organizations that had an AI-related incident involving their models or applications lacked proper AI access control.

Among those incidents, the leading incident type was supply chain-related (e.g., external apps, APIs, and plugins), and these led to operation disruption and unauthorized access to sensitive data 31% of the time.

This aligns with similar findings, which found that nearly 22% of all uploaded files and almost 5% of all prompts included sensitive data, often involving GenAI tools previously unknown to the organization to even be in use, let alone authorized for use.

These findings from the IBM report also emphasize how quickly AI has been integrated into organizational workflows and the software, products, and services organizations are using, given that it often leads to operational disruptions.

In terms of the type of AI systems involved in the incidents, 29% were external third-party vendors, while 26% were trained in-house. This shows that organizations aren’t just using external AI vendors but also routinely trying to train models in-house. They need to be responsible for their secure hosting and usage.

To further emphasize how prevalent shadow AI usage is, the report highlights that unsanctioned AI security incidents are more common than sanctioned AI incidents. Shadow AI was involved in 20% of the breaches, where only 13% of the incidents involved AI usage the organization was already aware of. Most concerning of all though is the fact that:

”A further 11% of breached organizations were unsure if they experienced a shadow AI incident.”

Organizations literally have poor visibility into their AI consumption, echoing early days of Cloud and SaaS prior (which are still problems)

The report highlights that shadow AI incidents cost more, up to $200,000 more than typical incidents, often involving customer and employee PII, IP, and other sensitive data exposure.

In our era of fear-of-missing-out (FOMO) hype driven AI adoption, where organizations are afraid of falling behind peers, whether internal or external, organizational AI governance lags behind AI adoption.

“87% of organizations said they have no governance policies or processes to mitigate AI risk.”

The above line should alarm security professionals and excite attackers, AI security startups, and investors alike. Most organizations simply haven’t addressed AI governance despite the business and developers being off and running with AI services, products, models, and more.

Two things also jumped out to me:

• Most organizations that DO have some governance policies in place are using “strict approval processes for AI deployments.”

• Yet few have actual AI security tools or governance technology in place

This inevitably leads to problems I have discussed in other articles, where legacy manual approval and assessment processes lead to shadow usage as the business and organizations work around these siloed, ineffective approaches.

We’re literally repeating the painful mistakes of the past, including those tied to SaaS, such as:

• A lack of deep visibility or governance over usage

• Manual ineffective review processes which foster shadow usage

• No real understanding of what is being used, what data is being shared or who is accessing what

• No insight into the provenance of open source models, security of commercial model providers, and more

Security AI and Automation

To be fair, I also want to highlight another interesting takeaway from the report. While organizations with poor AI governance, visibility and security in place are experiencing more costly and impactful incidents, those who are embracing AI for security are seeing lower average costs of a data breach as well.

This reflects the dual nature of AI and security, where AI needs to be secured, but can also be used for cybersecurity, to address systemic challenges in key areas such as GRC, AppSec and SecOps among others.

These reduced incident costs are being driven by factors such as:

• Faster incident identification and containment

• Improved prevention

• Enhanced investigation

Another refreshing metric was that security teams are adopting AI at the same rate as other business functions:

“A combined 77% were either adopting AI on with or advanced than the wider organization.”

This is something I discussed deeply in my article “Security’s AI-Driven Dilemma: A discussion on the rise of AI-driven development and security’s challenge and opportunity to cross the chasm”,

This demonstrates that the cybersecurity community is learning from its past mistakes, where it was a laggard and late adopter of emerging technology. Instead, it is looking to be an early adopter of AI and apply it to various cybersecurity use cases.

This also highlights where we’re seeing a TON of both investments in cybersecurity startups leveraging AI and looking to tackle various cybersecurity use cases. The IBM report even provides insights into the areas organizations are planning to invest in AI-driven solutions (take note, founders, incumbents, and investors):

Closing Thoughts

AI represents a unique time in our technological evolution within the cybersecurity space. On one hand, we’re perpetuating the problems of the past, with a lack of governance and oversight, manual review processes, and rampant shadow usage.

On the other hand, we’re seeing security lean into being an early adopter and innovator with this emerging technology, rather than always being a late adopter and laggard.

This dichotomy represents the double-edged nature of AI more broadly: It offers tremendous potential but also significant problems if adopted poorly.

It remains to be seen which path we take in the long term, but I’m personally bullish on AI's potential to tackle longstanding cyber challenges or at least help.

Subscribe now

It’s fairly well documented how these tools can increase development velocity and developer productivity, but what remains to be seen is how secure the code these tools produce is.

I’ve covered previous resources on this topic, such as BaxBench, which found that:

• 62% of the code generated, even by leading models, is incorrect or contains security vulnerabilities

• Roughly 50% of the correct solutions generated are insecure

Other studies and research with various models have shown that code being generated by LLMs includes vulnerabilities ranging from 40%-74% of the time, especially in the absence of security-centric prompting, something I have discussed with Jim Manico at length on a recent episode of the Resilient Cyber Show, below:

Safe to say, the AppSec community is closely watching the security implications of the widespread adoption of AI and LLMs for software development. That’s why this recent report from Veracode caught my attention and I wanted to take a look at it.

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

Key Findings

As the report opens with, developers can use these LLMs and AI coding tools to get the code and outputs they desire with no mention or consideration of security, which leads to insecure outputs as one might expect.

This is similar to traditional software development in the sense that a combination of factors such as a lack of secure development training and awareness coupled with a lack of incentives to prioritize security leads to developers just moving fast, focusing on speed to market, velocity and feature development (much to the dismay of those who clamor to dreams of widespread Secure-by-Design adoption).

Veracode set out to examine, in the absence of security-specific prompting and guidance, whether LLMs produce secure code?

Veracode ran their own SAST tool against the resulting code to identify vulnerabilities and the results should be telling for the community, as we know most developers adopting these tools aren’t using security-specific prompting and that has implications for the attack surface of the future, especially against the backdrop of double-digit “productivity” gains (e.g. higher code volume and velocity) as well as the democratization of development for those without a background in programming.

Veracode provided 80 coding tasks to over 100 different LLMs to ensure a diversity of models, providers and applications/intents. I want to dig a bit deeper into their findings, but first, they provided a summarized image of key findings below:

I thought a few things right away were interesting. Aside from nearly half of all the outputs being insecure, the security performance remained flat despite larger/newer models, which contradicts a lot of the hype about the latest model or benchmark, etc. - at least from the perspective of a security practitioner.

Larger or newer models don’t necessarily mean better, from a security lens.

Veracode’s research focused on four specific CWEs, 80 coding tasks, for programming languages, and five coding task sequences, as summarized below:

Their core research questions are below:

The Veracode team chose these four vulnerabilities to focus on in the study because they’re among the OWASP Top 10, the accuracy of the SAST tooling for the findings, and the fact that there are at least two possible implementations of the desired output code from the provided functional descriptions.

One important point to highlight is that Veracode points out that its possible security-specific prompting may have led to more secure outputs. I agree with them, and this has been demonstrated by studies such as those I cited earlier in this article, but the reality is that most developers are not using security-specific prompting, much like they haven’t historically focused on developing security code and applications.

All this said, let’s look at the results, which I found interesting.

Results

Veracode found the models are indeed increasingly capable at generating functional code, but when it comes to security, they are not doing well, and that is a problem not isolated to any particular model, model size etc.

They found that 45% of the time, the models introduced detecting vulnerabilities correlated with the OWASP Top 10 we mentioned previously. Below, they summarize that the models are generating compilable functional code (blue), but vulnerable code nearly half of the time (pink).

Now, some may be inclined to say well that’s just for language “x”!

But, Veracode ran the study across Python, Javascript, Csharp and Java, and the findings are pretty consistent across the board and over time.

Again, it’s functional code. But secure? Not so much.

While the general security pass rate is relatively consistent, they did find variability among the CWE’s involved in their study, as shown below:

As I mentioned above, their findings were consistent across model sizes as well:

Veracode closes the report by asking some crucial questions for the security community to reflect on, especially as AI-driven development continues to grow in adoption and use rapidly:

• Why isn’t security performance improving, even as syntactic performance improves?

• Why are there such stark differences between the CWEs? In particular, why do models perform so poorly on cross-site scripting and log injection cases?

• Why is Java performance significantly worse than that of the other languages?

The findings align with broader discussions about AI-driven development among the AppSec community. Fundamental realities include the fact that these models are overwhelmingly trained on open source code, meaning they generally inherit the same vulnerabilities, insecure configurations, etc.

I discussed the vulnerability landscape of the open source ecosystem extensively in a previous article titled “The 2025 Open Source Security Landscape”. This includes metrics such as those depicted below, showing how vulnerable the open source landscape is:

As the saying goes, garbage in, garbage out, or in this case, vulnerable code in, vulnerable code out

Closing Thoughts

This research from Veracode is an excellent contribution to the ongoing discussion about the security implications of AI-driven development. Organizations of all shapes and sizes are rapidly adopting AI coding tools due to productivity and velocity gain democratization of development for non-traditional non-traditional programmers.

This means more code, applications, products, and services, which is an amazing opportunity that will truly change the face of software development.

However, as discussed above, in the absence of security-specific prompting, it is very likely also rapidly expanding the digital attack surface at a pace we’ve never seen before. These challenges are exacerbated by studies showing Developers inherently trust the outputs from AI coding tools and aren’t slowing down to assess the security implications.

Buckle up.

Subscribe now

Welcome to issue #58 of the Resilient Cyber Newsletter.

We’re in peak summer and heading into Hacker Summer Camp (e.g., Black Hat), and things are crazy.

From M&A trends and activities to big moves from the White House on AI, there are a ton of resources around Agentic AI and Cyber and AppSec reports with key insights from security teams and leaders.

So, without wasting more time, let’s get down to business!

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

Legacy DAM is a headache. It's time to get some relief.

For years, database activity monitoring (DAM) has been an obligation driven by checking a box rather than driving outcomes or simplifying compliance.

That's because legacy DAM solutions were built for a different era — when deploying hundreds of agents and monitoring databases in isolation was considered acceptable. The AI era demands a new approach to data security.

Varonis Next-Gen DAM secures thousands of cloud, on-prem, structured, and unstructured databases with agentless monitoring that's easy to deploy and scale. As a part of the Varonis Data Security Platform, database security is no longer the domain of DBAs and a blind spot for security teams. Instead, they have a single pane of glass view into their data — wherever it lives.

Get some DAM relief with Varonis.

Discover Varonis Next-Gen DAM

Cyber Leadership & Market Dynamics

Palo Alto Set to Acquire CyberArk for $25 Billion

In news that is racing through the cyber ecosystem, Palo Alto Networks (PANW) has entered into an agreement to acquire CyberArk, a leader in IAM. This move enables PANW’s platform strategy and helps them move into the Identity Security space with it as a core capability.

This move also signals PANW’s intent to play in the Agentic AI identity security space, where agents are poised and non-human identities are poised to outpace human users, exacerbating existing identity security challenges significantly.

There will inevitably more to come on this and deep industry analysis, so stay tuned for those resources as they get published.

The Case For and Against PANW Acquiring SentinelOne

Speaking of PANW acquisitions, it is also being speculated that PANW is exploring acquiring SentinelOne. In typical fashion, my friend Cole Grolmus of Strategy of Security is on top of it, with an article discussing both the case FOR and AGAINST this move by PANW.

I won’t go deep on this one, given the CyberArk news it remains to be seen if PANW makes this move, but if you’re curious the implications be sure to give this piece a read.

Security is Splitting: Three Acquisitions, Three Different Realities

Apparently M&A season is in full swing, as tackles three potential acquisitions in a recent piece as well, discussing how each one is unique and signals different things to the market.

Frank discusses the three acquisitions below:

• Cursor > Resourcely

• PANW > SentinelOne (Rumored, per the article I shared above)

• DataDog > Upwind (Rumored)

Each move has different motivations and signals. Cursor acquiring Resourcely demonstrates the move of building security directly into DevEx and Dev workflows. PANW, of course, is their desire to expand their platform play. DataDog and Upwind, again, are platform pushes but also align with the broader industry trend of moving towards Runtime security and trends such as Cloud Detection/Application Detection and Response (ADR).

Prophet Security Announces Its $30M Series A

Kamal Shah and the Prophet Security team recently shared that they have finalized their $30M Series A financing, with the round led by Accel and Bain Capital Ventures, among others.

The team is driving towards an Agentic AI SOC Platform and looking to address longstanding SOC challenges, such as:

• Slashing investigation times

• Reducing alert fatigue

• Allowing analysts to focus on strategic work versus toil

They represent one of the promising disrupting firms leaning into AI and Agents, and their potential to revolutionize the SecOps space.

I actually had Grant Oviatt from the Prophet Security team on in the past, who discussed transforming SecOps with AI SOC Analysts, and you can check out that full conversation below:

U.S. Navy Goes All-in on Containers

The Department of Navy CIO (DON CIO) recently released a memo titled “Containerization Technology Usage” which aims to drive adoption and use of containers across the Navy.

It specifically states:

“POLICY: Effective Immediately, all software development activities transitioning to the cloud and/or upgrades that are hosted in a cloud as outlined above must utilize containerization technology to the greatest extent practical".

This is a big opportunity when it comes to cybersecurity companies focused on securing container-based technologies and workloads.

AI

Winning the AI Race 🚀 - America’s AI Action Plan

Last week The White House unveiled the U.S. AI Action Plan. It's aimed at ensuring U.S. dominance in the race around AI. It is a great example of the intersection of technology, cybersecurity, AI, and geopolitics.

I spent some time this weekend delving into the plan and analyzing its major implications, both technologically and politically.

• This includes the race for AI dominance, largely between China and the U.S.

• Nuances around commercial and open source models, energy demands, and workforce implications

• Venture capital, investments, startups, and resource allocation

• AI's intersection with Cybersecurity, both from a governance and regulatory perspective, as well as the dual-edged nature of AI, both needing to be secured and having promising potential to address systemic cybersecurity challenges, both offensively and defensively.

  Software and technology increasingly underpin everything from critical infrastructure, consumer goods, geopolitics, and national security

Shadow AI, Scope Creep, and the CISO in the Corner

We continue to see rampant AI adoption across enterprise environments, and like previous technological waves before it, Cyber is challenged with keeping pace, being viewed as an enabler rather than a blocker to the business and simply governing the consumption and use of new technologies, products, and services.

This piece from serves as a field report from CISOs on the state of enterprise AI adoption and the challenges CISOs face.

In the article, she frames CISOs as the “adult chaperones at the no-holds-barred enterprise AI party”. She lays out three key things for security leaders to do or keep in mind:

• Governance must assume AI is already in use

• Scope creep is inevitable; plan for it

• Experimentation is the goal, not the threat

• AI amplifies old risks more than it invents new ones

• Policies are only as good as their enforcement

She highlights that AI governance isn’t a new discipline but is much faster, messier, and has higher stakes than previous challenges. Therefore, ensuring the security fundamentals are more important than ever to enable secure enterprise AI adoption.

We Built the Security Layer MCP Always Needed

The Model Context Protocol (MCP) continues to generate excitement, as it helps give LLMs arms and legs, supports semi- or fully autonomous workflows, facilitates tool integrations, and more.

That said, various folks have raised issues with the MCP specification around IAM and ways to abuse MCP, such as embedding prompt injections in the MCP tool descriptions. Attacks include data exfiltration and code execution, among others.

That’s why this open-source tool from Trail of Bits (in beta release) is so awesome. “mcp-context-protector” functions as a security wrapper for LLM apps using MCP.

The tool sits between LLMs and downstream servers and can perform security checks on messages before they enter an LLMs context window. The key security features the team highlights as part of the mcp-context-protector tool include:

• Trust-on-first-use server pinning

• LLM guardrail scanning of tool responses

• Sanitizing ANSI control sequences

The LLM Guardrail allows for integration with other toolkits such as LLamaFirewall from Meta, or NeMo Guardrails from NVIDIA. Then if unsafe content or prompt injections are detected, responses get placed into a quarantine:

That said, they also admit to some challenges, such as the need for manual configuration review and alert fatigue associated with reviewing quarantined alerts that the tool may flag.

GenAI Incident Response Guide 📕

The recent U.S. AI Action Plan published by The White House called for updating incident response plans and measures to account for AI-related threats. And, in typical OWASP GenAI Security Project fashion, the crew just dropped OWASP® Foundation's "GenAI Incident Response Guide 1.0"

It's a comprehensive guide, covering:

• Defining AI incidents, including real-world examples, and distinguishing between AI and Cyber incidents

• Preparing for AI Incident Response, including Risk Assessment and Management, AI system inventory, detecting and reporting AI incidents, and responding

• Event-specific guidance, such as attacks on AI systems, supply chains, and third-party model providers

  This is a great resource for organizations looking to modernize their IR plans and processes to account for emerging AI threats and risks.

Resilient Cyber w/ Christian Posta MCP, Agents & IAM in the age of LLMs

In this episode, we sit down with Christian Posta, the Field CTO at Solo.io and an industry author and leader on topics such as Microservices, AI, and IAM.

We will explore the rise of Agentic AI and its supporting protocols, such as MCP and A2A, and the broader challenges and considerations of Identity security in the age of LLMs.

We discussed:

• The topic of Agentic Identity and the rise of protocols such as MCP

• The original MCP specification, gaps it had and why they were concerning

• Despite improvements to the MCP spec, continued challenges and risks for organizations to consider

• How the widespread adoption of Agents and Agentic Workflows and their associated protocols will change the attack landscape

AppSec, Vulnerability Management, and Supply Chain Security

The SDLC is Changing and So Will AppSec (Again)

We know that we’re seeing AI-driven development fundamentally reshape software development, from coding agents, copilots, LLM’s and more. These changes inevitably will have downstream ramifications for AppSec.

of Boring AppSec makes that case in a recent article.

As he discusses, each aspect of the SDLC is changing from Design through Deployment, with new AI-powered technology stacks coming into play. Sandesh gave a topic focused on this at TiE Silicon Valley:

Sandesh doesn’t pretend to have all of the answers of what AppSec looks like in the future, but says these two questions must be answered:

• How should we manage prompts?

• What should automated code and prompt review look like?

Each of these questions come with their own nuances and considerations as well. Such as how prompts get stored and versioned, or what a testing cadence for prompts looks like.

This is a thought provoking piece for the changes to AppSec as part of the changes to upstream software development with AI-driven development taking major hold across the industry.

Software Under Seige 2025

What are the blind spots in software security? This is a good report from the Contrast Security team diving into those exact topics. It covers topics relevant for security teams and CISO’s, such as

• Attack Volume and Breakdowns

• The Growth of Software Vulnerabilities

• Disadvantages of Defenders due to the increasing speed of attackers compared to organizations ability to patch

The report discusses how AI-driven development is only exacerbating existing AppSec challenges, and the average application is exposed to 81 confirmed viable attacks monthly, and over 10,000 probes/attack attempts that don’t succeed. This is all while the average number of vulnerabilities continues to grow per application.

The report emphasizes the importance of runtime data, and aligns with the broader industry shift towards Application Detection and Response (ADR), especially among many growing frustrated with how poorly DevSecOps has been implemented and the toil it has caused Developers.

There’s a lot of great insights in this report, and I plan to give it a deeper review and possibly a write up soon.

Subscribe now

The current presidential administration has made positioning the U.S. as a dominant force in AI at the forefront of their policy objectives and recently unveiled the U.S. AI Action Plan, which I will be diving into throughout this article, looking at it from various angles in terms of economics, national security and of course, cybersecurity.

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

High Level

At a high level, the AI Action Plan covers three core pillars:

Pillar I - Accelerate AI Innovation

Pillar II - Build American AI Infrastructure

Pillar III - Lead in International Diplomacy and Security

Each pillar covers different aspects of the U.S.’s overall AI aspirations and key pathways to enabling U.S. dominance in AI through various means.

Chamath Palihapitiya and the crew at All-In recently helped facilitate a “Winning the AI Race”, featuring speakers across Government and industry, including comments from President Trump himself on the AI Action plan.

I recommend listening to not just President Trump’s comments but the other parts of the series too, as it provides insights from founders, investors, Government senior leadership and policy folks and more. This includes leadership from NVIDIA, AMD, Vice President J.D. Vance, the Treasury Secretary among others.

The introduction of the AI Action plan discusses the U.S.’s ambitions around achieving and sustaining AI dominance. This is primarily of course a race between the US and China, as the nations pursue global AI leadership.

I recently shared an excellent deep dive from on this topic, titled “AI Progress: The Battlefield of Cold War 2.0”. It discusses the distinct approaches between the two nations, with the US approach being more capital markets-driven and compute rich, whereas China’s approach is more state-led ambition, along with its accompanying hurdles.

The White House previously issued EO 14179 “Removing Barriers to American Leadership in AI”, which laid the groundwork for the action plan we will discuss.

Many of these topics and more were covered during the All-In AI Race event from the various speakers and perspectives.

Pillars and specifics aside, it is clear not just in the action plan but from the current presidential administration in general that they believe AI is absolutely critical to US geopolitical interests, economic prosperity and national security.

Before going deeper, the the action plan does call out specific principles that it says cut across all three pillars, which I think are worth highlighting:

• The importance of American workers and the need to ensure American workers and their families benefit from the opportunities of the AI revolution

• The need to ensure American AI systems are free from ideological bias and designed to pursue objective truth over social engineering

• Preventing advanced technologies from being misused or stolen by malicious actors

Pillar I: Accelerate AI Innovation

As the name implies, this pillar is all about acceleration and calls out specific phrases such as “removing red tape and onerous regulation”. This particularly draws stark parallels in my mind when it comes to the drastically different approaches being taken between the US and EU when it comes to AI regulation.

In the US, we see a clear call out and emphasis on removing regulation to accelerate innovation, whereas in the EU we see a push to become a regulatory super power and an emphasis on safety and security (even if misperceived) over enabling commercial innovation and speed.

In fact, the EU Commission recently stated there will be “no pause” when it comes to the roll out and timelines of the EU AI Act, despite pleas from 46 of the EU’s largest companies calling for a pause on the implementation of the EU AI Act.

No where was this distinction between the US and EU on AI more evident than Vice President JD Vance’s comments at the Paris AI Summit, where he railed against topics such as excessive AI regulation:

While not directly related to AI, diagrams such as the ones below highlight just the massive difference between the US and EU when it comes to markets, capital and technology (note the outsized presence of technology centric companies in the US side of the first diagram).

Furthering this trajectory is news that Europe’s VCs are on pace for the lowest fundraising year in a decade:

This is much different than the U.S. where 57% of total worldwide deal value was accounted for via the US in 2024, at an estimated $215.4 billion. Bringing it to AI and Cyber in particular, AI dominated security investments across stages in 2024, as laid out by my friend Mike Privette of Return on Security:

Going back to the US AI Action plan, it lays out key policy actions to reduce red tape, such as:

• Looking to remove current Federal regulations that hinder AI innovation and adoption

• Work with Federal agencies to identify, revise and repeal regulations that hinder AI development or deployment

• Consider a state’s AI regulatory climate when making Federal funding decisions (more on this topic later)

There’s also an emphasis on ensuring Frontier AI protects free speech and American values, which includes revising the NIST AI RMF to eliminate references to DEI, Misinformation and Climate Change.

Encouraging Open-Source and Open-Weight AI

This section of the first pillar I found particularly interesting, for reasons I will discuss below. The section emphasizes the importance of open source/weight models when it comes to not being dependent on a provider, and also allowing organizations with sensitive data to use models without needing to send their data to the provider for example.

This speaks to platforms such as HuggingFace and the rise of open source/weight AI models, allowing transparency and visibility that isn’t freely available with commercial AI models and providers. That said, there are risks with open source/weight models too, much like open source software itself, given how expansive and complex the ecosystem is.

This is a nuanced topic, because similar arguments were made about Cloud in the early days, but now the US Department of Defense, Intelligence Community now routinely run sensitive workloads in hyperscale cloud environments, albeit with proper measures such as encryption, to protect data from being disclosed to the providers without authorization, building on compliance programs such as FedRAMP and the DoD Cloud Security Requirements Guide (SRG) and Impact Levels, for different classifications and data sensitivities.

What makes this section interesting too is that the DoD recently awarded contracts to leading proprietary commercial model providers, such as OpenAI, Google, Anthropic and xAI, up to $200M each, to scale up adoption of advanced AI capabilities in the DoD. These of course are commercial model providers that don’t necessarily have the same level of transparency as open-source/weight models that the AI Action Plan emphasizes.

I recently sat down with Daniel Bardenstein to dive into the complexities of the AI supply chain, including discussing the differences between commercial and open source models when it comes to code and weights.

All this said, this section of the AI Action plan does emphasize the importance of open source/weight models, and this includes the rise of platforms such as HuggingFace.

From a policy perspective, the AI Action Plan includes actions such as improving access to compute for startups and academics, driving adoption of open source/weight models by SMBs and more.

Enabling AI Adoption

An interesting aspect of the AI Action plan is that it doesn’t just take aim at the Federal landscape, but commercial industry too, with a section focused on accelerating adoption of AI among established large enterprise organizations.

On one hand, this can be seen as the Federal government looking to accelerate the US adoption of a transformative technology, given how pivotal the administration views it to economic and national security, but on the other, I could see some making the point that this is looking to drive spending and consumption of technologies and companies, some of whom have close relationships with the current administration, as well as are financially backed by venture capitalists who do.

To help accelerate adoption the AI Action plan has policy actions such as establishing AI Centers of Excellence (AI CoE)’s, launching domain-specific efforts to measure/demonstrate the productivity boost of AI and also use the DoD, IC and ODNI to measure US adoption contrasts with competitor nations.

Improving the Understanding, Control and Robustness of AI and LLMs

The Action Plan also specifically calls out the current challenges in understanding how frontier AI models work. It is well known that we currently do not thoroughly understand why a model produces a specific output for example. This is problematic for many use cases, including cybersecurity, especially when it comes to adoption in industry’s such as Defense, National Security and Intelligence.

The Action Plan calls on DARPA in collaboration with others to spearhead research to understand the interpretability and robustness of AI and frontier models as well as building out an AI evaluation ecosystem, to help measure AI reliability and performance, which is also critical as we look to weave these technologies into everything from consumer goods to critical infrastructure and defense systems.

Increased Adoption Throughout Federal and Defense Agencies

This administration has already made it clear how critical they view AI, not just for commercial purposes but also Federal agencies, civilian services and national security. I mentioned earlier the multi-million dollar contracts being awarded to the frontier model providers such as OpenAI, Anthropic, Google and others and the Action Plan highlights the need to accelerate adoption of AI in Government and the DoD.

This includes taking aim at manual internal processes and improved citizen and national security outcomes. Anyone who has been around Federal/DoD cybersecurity knows it is rife with opportunities to streamline and accelerate, whether it is currently manual and cumbersome compliance processes, enterprise SOC environments and threat hunting, vulnerability management and more.

The DoD’s IT and Cyber executives already have efforts underway to leverage AI to transform existing manual cumbersome compliance processes, such as the DoD Software Fast Track (SWFT) initiative, which I covered in the article “Buckle Up for the DoD’s Software Fast Track ATO (SWFT).”

These use cases have commercial equivalents and this is why we’ve seen a wave of AI security startups looking to tackle systemic cybersecurity issues through AI-native capabilities and products.

I’ve covered the intersection of AI and Cyber extensively, but a couple of my resources I primarily recommend include:

• Security’s AI-Driven Dilemma

• Agentic AI’s Intersection with Cybersecurity

Pillar II: Build American AI Infrastructure

While topics such as the potential value and ramifications across society of AI adoption are exciting, one truth is fundamental, none of it can run without a sufficient underlying infrastructure.

While estimates vary, studies project that U.S. data centers already consume more than 4% of the nations total electricity and it is set to rise to nearly 10% or more by 2030. Industry leaders such as Sam Altman of OpenAI and Andy Jassy of Amazon have each made public remarks about the energy constraints and the need for an “energy breakthrough” to power the future demands driven by AI growth and adoption.

Tying back to the “Winning the AI Race” event hosted by All-In, you can listen to this clip below which includes commentary from the Secretary of the Interior as well as the Energy Secretary each discussing the current and future energy demands of the U.S. tied to AI, and what steps need to be taken and how the Action Plan addresses those.

Not to make everything about China, but various speakers, including President Trump commented on the pace at which China is expanding their energy capacity (often through Coal) and how the U.S. is far behind China’s growth in terms of energy capabilities, and that must change, if we want to keep pace with AI, which has such strong energy demands.

This second pillar of the AI Action Plan covers key activities to facilitate the energy demands, such as:

• Creating streamlined permitting for Data Centers, Semiconductor Manufacturing Facilities, and Energy Infrastructure

• Developing a Grid to Match the Pace of AI Innovation

• Restoring American Semiconductor Manufacturing

• Building High-Security Data Centers for Military and Intelligence Community Usage

• Training a skilled workforce for AI Infrastructure

While I won’t comment as much about the above areas, both due to being outside of my area of expertise and also not as relevant to cybersecurity, I was pleased to see a specific carve out focusing on my wheelhouse:

Bolster Critical Infrastructure Cybersecurity

Before diving into the specifics of the AI Action Plan related to Critical Infrastructure and Cyber, let’s recap what the last year or more have involved when it comes to the intersection of these two topics.

The Critical Infrastructure Sectors, as identified by the Department of Homeland Security (DHS) can be seen below.

All of these sectors actively deal with cyber threats of some sort and many have been impacted by security incidents. This includes:

• Massive IP and sensitive data theft across the Defense Industrial Base (DIB), as nation states and hackers target the DoD’s “Soft Underbelly”

• The largest U.S. Telecommunications hacks in history as recently as 2024

• Cyber incidents impacting water facilities

• Incidents impacting U.S. fuel and oil sectors

• Countless incidents involving Government facilities

• Cyber attacks against emergency services

• Foreign nations burrowing and embedding themselves in U.S. energy systems

The Action Plan acknowledges the capability and value of AI systems from coding and software engineering and the potential for AI to enable cyber defensive tools and also bolster organizational defenses in the face of advanced threats, especially for organizations lacking financial resources and deep cyber expertise, which includes many organizations in the critical infrastructure sectors.

That said, as is the nature of AI and any technology, it is a double edged sword, both offering opportunities as well as obstacles. Adversaries are actively using AI to improve there malicious activities, and the AI Action Plan acknowledges this. It calls for use of AI in Critical Infrastructure to ensure the use of Secure-by-Design, Robust and Resilience AI systems that can also detect performance issues, malicious activities or data poisoning and other AI-direct attack vectors.

Some of the recommended policy actions here include establishing AI-ISAC’s, having DHS issue and maintain guidance to sector entities on addressing AI-specific vulnerabilities and threats, as well as enabling information sharing and collaboration between public and private sector organizations about known AI vulnerabilities, leaning into existing cyber vulnerability sharing pathways.

Promote Secure-by-Design AI Technologies and Applications

The AI Action plan also specifically calls out the promotion and use of Secure-by-Design AI Technologies and Applications. For those unfamiliar with the concept of Secure-by-Design, it has most recently been championed by CISA, and I have covered it extensively in previous pieces, such as:

• The Elusive Built-in Not Bolted On

• Secure-by-Design (and Demand)

• Secure-by-Design vs. Secure-by-Default: What’s the Difference?

• Secure-by-Design Delusions

While I’m a big proponent of Secure-by-Design and the value it brings the ecosystem, I also openly acknowledge the challenges, most notable the competing prioritization it presents businesses, over other goals, such as speed to market and revenue, which much to the dismay of security practitioners, will always take the drivers seat over any security aspirations a business has.

AI will inevitably face this same dilemma. That said, to help promote the Secure-by-Design AI Technologies and Applications the recommended policy actions include refining the DoD’s Responsible AI and GenAI Frameworks, Roadmaps and Toolkits, and also publishing an AI Assurance IC Standard.

Promote Mature Federal Capacity for AI Incident Response

Like any other technology, no matter how great your defenses, incidents will inevitably occur, making incident response absolutely critical. The Federal government realizes this, and that CISA in collaboration with other agencies and private sector partners held an inaugural tabletop exercise focused on AI security incidents. This was led by amazing security leaders such as Jen Easterly and others.

CISA through its Joint Cyber Defense Collaborative (JCDC) even published the AI Tabletop Exercise scenario document, outlining exercise purpose, objections, scenarios and more - all of which private sector organizations can use to inform their own AI incident response exercises and activities, and agencies can use to inform future maturity around AI incident response.

The tabletop resource asks a great series of questions that can help organizations reflect on their AI incident response processes and capabilities, or lack thereof.

Policy actions to mature the Federal capacity for AI IR include ensuring NIST and others include AI in the establishment of standards, response frameworks and best-practices. It also calls for CISA to update IR and vulnerability response playbooks to include considerations for AI systems, deeper collaboration between CISO’s and Chief AI Officers, as well as responsible sharing of AI vulnerability information through DoD, DHS and the Office of the National Cyber Director (ONCD), among others.

Pilar III: Lead in International AI Diplomacy and Security

A big emphasis, and rightfully so, throughout commentary by President Trump and others as part of the Winning the AI Race event, was the importance of adoption of American AI systems, computing hardware and standards.

The most poignant example of this is China’s Digital Silk Road (DSR) and larger Belt and Road Initiative (BRI), which involves embedding Chinese technologies and infrastructure around the world, expanding China’s influence while also raising various concerns around cybersecurity and privacy.

The U.S. itself is currently going through major efforts to remove Chinese tech, such as Huawei and others, which is pervasive across many areas.

Efforts to exert this influence through digital technologies is well documented by organizations such as The Atlantic Council. These influences and embedding of technology have not just cybersecurity and privacy implications, but also geopolitical and economic considerations as well.

Some of the key themes in the third pillar include:

• Exporting American AI to Allies and Partners

• Countering Chinese Influence in International Governance Bodies

• Strengthening AI Compute Export Control Enforcement

• Plugging Loopholes in Existing Semiconducting Manufacturing Export Controls

• Align Protection Measures Globally

• Ensuring that the U.S. Government is at the Forefront of Evaluating National Security Risks in Frontier Models

There’s a lot to unpack in this pillar due to the expansive focus areas but the key theme is exerting American influence to ensure American dominance in AI, which shouldn’t be surprising given that is a topic of the AI Action Plan itself, and also echoed in previous Trump EO’s focused on AI, such as “Removing Barriers to American Leadership in AI”.

The U.S. is looking to establish a consortium from industry to create full-stack AI export packages. To indicates the U.S. tapping into its commercial tech sectors to help ensure U.S. technologies are pervasive around the globe among partners. The U.S. is also striving to align international AI governance approaches with American values and counter authoritarian influence. This may be challenging given how increasingly far the U.S. and EU are growing apart when it comes to their regulatory and AI governance approaches, as I discussed above, albeit both entities oppose authoritarian influence, at least historically.

Strengthen AI Compute Export Control Enforcement & Plugging Loopholes in Semiconductor Manufacturing Export Controls

The U.S. has taken a stance of pushing for export controls focused on limiting China’s access to advanced semiconductors and associated manufacturing equipment. The success of these efforts has been far from perfect though.

Just two days ago, news broke that at least $1 billion of NVIDIA AI chips illegally entered China, as well as commentary from NVIDIA’s CEO Jensen Huang that they would resume selling H20 chips to China. It is also widely reported that China has worked around these restriction mechanisms through pathways such as smuggling networks, transit points in bordering nations such as Vietnam, Taiwan and Singapore, relying on front companies and also utilizing offshore AI services and data centers, all in attempts to succeed in their AI ambitions despite these export controls from the U.S.

Additionally, they often say necessity is the mother of invention, and one stark example of that is the Chinese AI company DeepSeek. DeepSeek-R1’s launch rattled U.S. markets, leading to a tech sector sell off, including the Nasdaq dropping 3.6%~ and the S&P 500 falling 1.8%. DeepSeek has a focus on efficiency with their LLMs, including lower resource requirements and innovative architectural approaches, which some speculate is a direction taken due to the difficulty in acquiring leading AI chips due to the export controls mentioned above.

The AI Action Plan seeks to strengthen these export controls, as well as plug loopholes in existing controls, such as targeting component sub-systems rather than just major systems necessary for semiconductor manufacturing.

Many have raised cybersecurity concerns around the DeepSeek models, discussed in this Center for Internet Security (CSIS) article, with some nations outright banning their use, and the U.S. some Federal agencies instructing employees against using it due to national security concerns. Despite those concerns, research from industry leaders such as Wiz earlier this year showed rapid adoption of DeepSeek-R1, with it quickly approaching 10% among self-hosted AI models. Wiz also found exposed DeepSeek databases leaking sensitive information, including chat histories.

The AI Action plan also aims to align International partners with the U.S. approach, and even calls for the U.S. to use methods such as secondary tariffs to achieve greater international alignment. Tariffs of course have been a hot topic in 2025, and this indicates the U.S. is willing to use economic incentives and policies to exert its influence globally in efforts to stymie China’s access to AI related technologies and equipment.

Another area of the AI Action Plan that highlights cybersecurity risks discusses evaluating national security risks in frontier models. This includes assessing potential security vulnerabilities as well as foreign influence from the use of adversaries AI systems in critical infrastructure as well as in the broader U.S. economy.

While not specific to AI, this aligns with recent headlines where the Defense Secretary Pete Hegseth issued a directive ordering the DoD CIO to take additional measures to ensure DoD technology in protected from the influence of top adversaries. Ironically, this came after news broke that one of the DoD’s largest tech vendors, Microsoft, was relying on China-based engineerings to support U.S. DoD cloud environments.

This is where things get problematic, given some of the DoD’s largest IT vendors are also global technology giants with footprints around the world and complex supply chains, relationships and competing priorities, often pitting themes of economics and profits against the backdrop of national security interests.

Closing Thoughts

The U.S. AI Action Plan is ambitious and brings together various things that are critical to ensuring U.S. dominance when it comes to AI. These include economics, capital, incentives, energy demands, model development and adoption, and cybersecurity.

All of the topics are underpinned by geopolitics, especially as the world two leading nations on the AI front continue to race for supremacy, allocating investments, aligning their national policies accordingly and looking to exert influence globally to ensure their interests thrive.

It remains to be seen how much of the action plan materializes, especially given it will face some challenges due to recent Federal workforce restructuring, RIFs and budgetary cuts, some also speculate the very technology itself will help address some of these challenges.

For those in the software and cybersecurity communities, while the AI Action Plan is produced by the government, its ambitions and intentions expand well beyond the U.S. Federal government into the entire nations economic prosperity and national security.

We need to be producing the most innovative and capable AI software, products and models, as well as leveraging this transformative technology to both address longstanding systemic cybersecurity challenges such as vulnerability management, application security, workforce shortfalls and more, while also leaning into best practices and guidance from sources such as NIST, OWASP and others to ensure we secure AI itself and don’t make the U.S. critical infrastructure and commercial attack surface more porous than it already is.

We’re in this together, for better or worse.

Subscribe now

Welcome to issue #57 of the Resilient Cyber Newsletter.

It’s been quite the week, with reflections on Stuxnet and the state of IT/OT security, discussions/rumors around Israeli AI Cyber exists, the White House unveiling the U.S. AI Action Plan, FedRAMP dropping modernized continuous vulnerability management publications, and Microsoft incidents impacting the industry (again).

So, let’s go get going, because we have a lot of ground to cover!

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

Security Leaders Trust Absolute Security for Endpoint Resilience

Between cyberattacks, outages, and hybrid work, it’s a struggle to keep devices secure, compliant, and operational. Blind spots create risk, and manual remediation slows things down.

Absolute Secure Endpoint 10 introduces AI-powered Assistant for automated workflows and Customizable Dashboards for deeper insights to improve productivity and reduce risk. Required Applications (coming soon) ensures critical tools are in place and configured to optimize compliance.

With self-healing capabilities rooted in firmware, Secure Endpoint 10 revolutionizes endpoint control, security, and resilience from the core. 

Take control of your cyber resilience strategy today.

Explore Secure Endpoint 10

Cyber Leadership & Market Dynamics

One Year Later: Reflecting on Building Resilience by Design

We recently passed the one-year mark (July 19th) of the infamous CrowdStrike incident, which impacted organizations worldwide, from IT firms to airlines. It was one of the most significant IT incidents in recent memory, and the vendor at the center of it, CrowdStrike, recently shared a blog covering some of the key efforts and changes they’ve made in the past year.

This includes a three-pillared approach to Resilience-by-Design, across Foundational Adaptive and Continuous improvement. They go on to discuss their sensor and content safety, standards for customer control, and infrastructure and operational excellence.

How AI and Outsourcing Are Killing Junior Jobs

We continue to hear about AI's impact on the workforce, predominantly white-collar jobs. That impact is disproportionately impacting junior roles in the workforce so far. This article from CTECH appears to emphasize that point, stating:

"Only 360 junior employees entered Israel’s high-tech industry last year, out of approximately 6,500 university graduates who complete relevant degrees each year.”

The article cites findings from Israel’s Employment Service, which revealed that the number of job seekers in high-tech professions has more than doubled, from 7,000 in January 2019 to 15,00 in April 2025. It says these figures don’t typically include entry-level candidates, indicating the figures may be even worse.

The article goes on to discuss a lack of programs for employees to hire and train entry-level talent, as well as increased use of AI or aspirations to do so, which is causing companies to slow down hiring to evaluate whether AI could potentially do the work of some of these junior roles. That said, it also makes the point that junior talent are often “AI natives” and are not only introducing AI to teams but teaching senior staff how to use it.

It’s worth noting that this article refers to Israel, not the U.S. Still, it does represent a microcosm of a larger discussion about the intersection of AI, economics, and the workforce.

It does remind me of comments of Dirty Jobs host Mike Rowe, who discusses the unintended workforce impacts of driving kids away from aspiring towards blue collar work and instead into tech, and the fact that AI isn’t quickly replacing Electricians, Plumbers, Linemen, and more, like it is with the white collar workforce. He cites quotes from folks like Larry Fink, who claim we need hundreds of thousands of Electricians and other similar blue-collar workers.

Stuxnet - 15 Years Later & the Evolution of Cyber Threats to Critical Infrastructure

This week the Committee on Homeland Security hosted a session reflecting on the 15 years since Stuxnet and the evolution of threats facing IT/OT environments. It featured witness testimony from industry leaders:

• Tatyana Bolton

• Kim Zetter

• Robert Lee

• Nate Gleason

I had a chance to listen to most of the session and there was a lot of great points made, ranging from the evolution of cyber threats and malware, the nuances of OT environments compared to IT, risks facing critical infrastructure, the need to sustain funding and support for CISA and much more.

This was very well done by Tatyana, Kim, Rob and Nate, attempting to explain complex cyber topics to a non-technical audience while not just raising awareness but garnering support for deeper commitments for cybersecurity.

Build vs. Buy in the Age of AI: A New Equation for Security Teams

Does AI change the Build vs. Buy paradigm for security teams?

That's the intriguing question posed by Rob Fry in this piece. Historically, organizations have faced the Build vs. Buy dilemma, which often comes down to factors such as cost, internal expertise and competencies, total cost of ownership (TCO), and more.

With the rise of AI and LLM-driven development, some are revisiting this dilemma with fresh eyes and the ability to replicate vendor capabilities much easier than in the past. Rob raises a lot of thought-provoking questions and topics in the post.

That said, I still strongly think most organizations will rightfully opt to Buy vs. Build, due to building not being a core competency, and often a distraction from focusing on delivering value to stakeholders and customers, rather than leaning into innovative commercial offerings and capabilities.

In fact, I think AI will (and likely already is for some) lead to faster/short iterations among product versions and the ability to field customer requests into product backlogs, innovate and turn new capabilities around to customers faster than we have seen historically.

Securing the Budget: Demonstrating Cybersecurity’s Return

One of the most real challenges for CISOs and security leaders is demonstrating an ROI for cyber spend. This article from Kara Sprague, CEO of HackerOne dives into tying security investments into measurable business outcomes, including reduces breach likelihood and minimized financial impact to help align internal stakeholders when it comes to investing in cybersecurity.

Kara discusses why traditional ROI doesn’t cut it for cyber, due to distinct aspects of cyber. Whereas other areas such as product and sales focus on revenue generation, new customers and more, cyber is often measured based on risk/cost reductions and avoidance. It is akin to trying to prove a negative, and that is why it is easy to get lulled into a false sense of security. “We haven’t had an incident yet, so we must be spending enough”, is a common phrase rumbled.

Wave of Israeli AI-Cyber Exits Looming?

In the dust settling of the massive $700 Million Prompt AI acquisition by Palo Alto around RSA, something and I discussed in an interview last week, there are now rumors that there may be other AI cyber exits on the horizon.

An article from CTech calls out other players such as Lasso, Aim, Pillar and Noma as the next potential targets in the hot Israeli AI cyber landscape as potential M&A targets.

The article cites ZScaler and F5 as potential acquirers, looking to follow suit of PANW in terms of large AI acquisitions, to accelerate their role as becoming key players in the AI security space. This isn’t a surprise, given large incumbents are often faced with the Build vs. Buy paradigm when it comes to expanding into new categories, and it is often faster to acquire an innovative startup in the space than try and organically build the capability themselves.

These industry leaders, atop the cyber market through tremendous performance have “earned” the right to become a platform, as discussed by my friend recently in a piece titled “You don’t start a platform, you earn the right to become one”.

The industry leaders such as PANW, ZScaler and F5 have all earned their stripes, starting with a core competency and are now rightfully expanding into AI security, which does and will include various subsets of capabilities itself, something broken down exceptionally well by in his “2025 Latio AI Security Report”, as shown below:

James and I dove deep into this topic in an episode of Resilient Cyber titled “Analyzing the AI Security Market”.

AI

Winning the AI Race

The White House recently unveiled "America's AI Action Plan." It's built around 3 pillars:

1️⃣ Accelerating AI Innovation
2️⃣ Building American AI Infrastructure
3️⃣ Leading in International AI Diplomacy and Security

The plan contains a TON of interesting intersections around cybersecurity and national security, which are all underpinned by economic prosperity.

This plan also emphasizes the further bifurcation of approaches between the U.S. <> and EU, with one emphasizing removing barriers to innovation, unleashing economic opportunity, and the other pushing to be a regulatory superpower, and saying there will be "no pauses" on regulatory efforts, despite pleas from industry.

I'll be writing a much more detailed article on this, but whether you're an investor, founder, or practitioner in technology and cybersecurity, there's something here for you.

and the crew at All-In recently helped facilitate a “Winning the AI Race”, featuring speakers across Government and industry, including comments from President Trump himself on the AI Action plan.

Why I’m Betting Against AI Agents in 2025 (Despite Building Them)

The industry fervor around Agentic AI continues to be at a fever pitch, with VC firms dubbing 2025 the “year of agents” and the ecosystem seeing both a lot of capital allocated to Agentic AI startups, as well as founders and incumbents focusing on this space.

That said, this piece from Utkarsh Kanwat is a thoughtful counter-piece around the Agentic AI hype and its coming. from someone who has built 12+ production AI agent systems. Utkarsh mentions that they’ve built agents for a variety of purposes including Development, Data & Infrastructure and Quality & Process Agents.

He goes on to lay out three hard truths about AI agents:

• Error rates compound exponentially in multi-step workflows. 95% reliability per step = 36% success over 20 steps. Production needs 99.9%+.

• Context windows create quadratic token costs. Long conversations become prohibitively expensive at scale.

• The real challenge isn't AI capabilities, it's designing tools and feedback systems that agents can actually use effectively.

There’s a helpful diagram showing how multi-step agents fail with the increased number of steps necessary:

He points out that production systems need 99.9%+ reliability and if each step in a agent workflow has 95%~ reliability and each step (as seen below) diminishes the success rate, this poses a real problem for all the claims and hopes around multi-agent multi-step workflows, especially in the context of Services-as-a-Software and those who are looking to have AI and Agents augment and replace human labor.

• 5 steps = 77% success rate

• 10 steps = 59% success rate

• 20 steps = 36% success rate

Key characteristics for a successful agentic system includes bounded contexts, verifiable operations and human decision points (sometimes) at critical junctions. He explains that when you stray from these themes the math simply works against a successful agentic workflow and implementation.

Another excellent point made is the token economics, using conversational agents as an example of how it doesn’t scale:

The more turns in the conversation the higher the costs. While this article isn’t focused on security, you can see how this would play out if you look at SecOps, AppSec, or GRC as cyber specific examples. For example, using conversational agents for threat hunting, compliance assessments and remediations, vulnerability management and more will likely require multi-turn conversations that could have token based economic implications that make them unfeasible or expensive.

One thing I thought was interesting was this statement:

“The most success agents in production aren’t conversational at all. They’re smart, bounded tools that do one thing well and get out of the way”

This makes me think we will most certainly see agent “sprawl” to come, with agents exponentially outnumbering human users, and create the strong need for agentic governance as well as tackling problematic topics such as agentic IAM, zero trust and threats pointed out in OWASP’s Agentic AI Threats and Mitigations publication.

The author also highlights challenges he dubs the “tool engineering reality wall”, where he discusses the need to have effective tool design, accounting for factors such as not overwhelming context windows, agents knowing if operations fully or partially succeeded, communicating state changes without burning tokens and much more.

Another excellent point raised is the “integration reality check”, where he highlights the complexity of integrating agents with enterprise systems, such as a lack of clean API’s, partial failure modes, authentication flow complexity, rate limits and more. I particularly thought this line jumped out:

“The companies promising "autonomous agents that integrate with your entire tech stack" are either overly optimistic or haven't actually tried to build production systems at scale. Integration is where AI agents go to die.”

The article isn’t all doom and gloom though, and highlights why the dozen agentic systems he’s built do work, which includes key aspects such as:

• Humans reviewing UX generated interfaces before deployment

• Humans maintaining control over the integrity of database integrity

• Defining discrete, well-scoped tasks

• Leverage robust deployment pipelines with review and analysis prior to deployment

• Having functional rollback mechanisms in place

The author suspects venture-funded “fully autonomous agent” startups will hit economic walls, as they struggle to scale beyond demos, adoption will stagnate when it comes to real workflows, and the real winners will be those building “constrained, domain-specific tools that use AI for hard parts while maintaining human control or strict boundaries over critical decisions”.

While many may disagree with this piece, I thought it was a reasoned insightful rebuttal to the current bubble and hype. This isn’t to say agentic AI isn’t without its promise and potential, but it is clearly not without its problems either.

The piece closes recommending building the right way, with these key principles

• Defining clear boundaries

• Designing for failure

• Solving the economics

• Prioritizing reliability over autonomy

• Building on solid foundations

Enterprise Challenges with MCP Adoption

We continue to see widespread excitement around Agentic AI and protocols such as MCP. That said, the security community has raised concerns around IAM, inherent gaps in the original spec and more.

One of those folks include Christian Posta, who previously had written how the MCP spec is for enterprises. That said, Christian recently wrote a great article discussing. that despite recent improvements around the MCP spec itself, enterprise challenges with adoption still remain, and key questions such as:

• How to onboard/register/discover MCP services

• How much of the MCP authorization spec to adopt

• How will they manage upstream API/service permissions and consent

As Christian points out, it seems like every vendor is quickly standing up MCP servers, as are others across the Internet, and as it turns out, many are connecting to/with these servers with little consideration for the security implications of doing so. Much like SaaS, Christian says organizations should have a way to inventory and onboard new MCP connections and integrations as well as a method to assess and approve new MCP integrations for security risks.

Christian also lays out aspects of the MCP Authorization spec which MUST, and SHOULD be implemented:

As he closes with, MCP Services and the MCP protocol more broadly offer a lot of innovative opportunity for enterprises, but they aren’t without security implications to, and as they said, an ounce of prevention is worth a pound of cure, but this infers organizations actually take the time to thoughtfully and securely think through what they’re implementing and integrating with - which as we all know, isn’t likely, especially against the FOMO back drop around AI.

AppSec, Vulnerability Management & Supply Chain Security

FedRAMP Vulnerability Management Evolution 🚀

We recently saw FedRAMP® release its Continuous Vulnerability Management RFC. It's a long-overdue evolution towards context-based vulnerability prioritization. This includes accounting for known exploitation, exploitability, and reachability, along with business context (e.g., criticality, compensating controls, etc.)

FedRAMP provides a summary and motivation of the RFC as laid out below:

This standard’s intent is to ensure providers promptly detect and respond to critical vulnerabilities by considering the entire context over Common Vulnerability Scoring System (CVSS) risk scores alone, prioritizing realistically exploitable weaknesses, and encouraging automated vulnerability management. It also aims to facilitate the use of existing commercial tools for cloud service providers and reduce custom government-only reporting requirements.

Gone are the days of prioritizing vulnerabilities based on legacy CVSS base scores without consideration for the above criteria. This wasted the time of developers and engineers and failed to remediate real organizational risks.

In this article, I break down the rise of CVEs contrasted against actual exploitation.I also dive into the use of reachability analysis for vulnerability prioritization, citing some of the helpful resources from my friend .

I discuss some of the innovative offerings from folks such as Chainguard and Endor Labs that allow teams to focus on their core competencies and deliver value to customers rather than vulnerability toil. I share the link to a live deep dive Ron Harnik and I did on the FedRAMP RFC and vulnerability management more broadly.

This is great work by Pete Waterman and the FedRAMP team, and I'm glad to see them bring innovation to cloud security and compliance, and hope other compliance frameworks follow suit!

Microsoft Software Being Exploited (Again)

News broke this week that Chinese hackers were actively exploiting flaws in Microsoft’s software, this time in SharePoint. The activity involves Chinese APT’s dubbed “Linen Typhoon” and “Violet Typhoon” and involved on-premise versions of SharePoint, which have now had patches rolled out.

This comes on the heels of news in 2024 where U.S. government officials criticized Microsoft’s handling of the breach of U.S. government officials’ email accounts, which included a once active Cyber Safety Review Board (CSRB) investigation of the Microsoft outlook incidents, but has been stalled due to political changes and impacts at CISA/DHS.

Microsoft also made headlines recently when ProPublica published an extensive report describing how MSFT was using engineers in China as part of its support for the U.S. DoD’s cloud Azure services, which is truly astounding when you realize this was happening at the same time as the MSFT Exchange incidents impacting the U.S. Government, CSRB investigation, inquiries from Congress on national security risks from MSFT and more.

All the while, MSFT has continued to receive large Federal/DoD IT contracts too, really calling into question the power of lobbying and the inability of the Government to change its purchasing patterns despite massive risks from one of its largest IT vendors.

The team at Rapid7 recently shared a Exploit module for Microsoft SharePoint ToolPane Unauthenticated RCE (CVE-2025-53770 and CVE-2025-53771.

Google’s AI “Big Sleep” Discovers a Zero Day

Google recently shared that their LLM-assisted vulnerability discovery framework “Big Sleep” helped discover a zero day impacting the SQLite open source database engine, prior to hackers being able to exploit it in the wild.

"Through the combination of threat intelligence and Big Sleep, Google was able to actually predict that a vulnerability was imminently going to be used and we were able to cut it off beforehand," Kent Walker, President of Global Affairs at Google and Alphabet, said.

Subscribe now

Welcome to issue #56 of the Resilient Cyber Newsletter.

It’s been a really exciting past week with a lot of great resources discussing topics such as the potential for Services-as-a-Software, AI’s intersection with venture capital, and Vulnerability Management, including updates from FedRAMP, deep dives on reachability and more.

So, grab a coffee, here we go!

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

The Cost of CVEs 2025: How much are CVEs costing your business?

Vulnerabilities are more than just security risks—they’re an expensive, ongoing drain on resources. Chainguard just released an in-depth report, The Cost of CVEs 2025, revealing how vulns are costing organizations of all sizes and industries tens of millions each year. From patch cycles and downtime to compliance overhead and incident response, the report breaks down the true, often overlooked, financial impact of vulnerability management.

Based on data from industry leading security and engineering teams, this report quantifies the organizational toll of chasing CVEs in today's threat landscape. Spoiler: patching everything is neither scalable nor sustainable. It’s time to rethink traditional approaches and consider upstream strategies that eliminate vulnerabilities before they ever make it to production.

This is an excellent report for security leaders to benchmark their current vuln management strategy—and explore how leading teams are shifting left to reduce risk and cut costs.

Get the Report

Cyber Leadership & Market Dynamics

Resilient Cyber w/ Ed Sim - The Intersection of Venture, AI, and Cyber

In this episode, I sat down with Boldstart Ventures Founder and GP Ed Sim. Ed is also the author of "What’s Hot in Enterprise IT/VC,” which I’ve been reading for some time and strongly recommend checking out. We dove into the intersection of Venture Capital, AI, and Cybersecurity.

• Ed and I started the conversation discussing boldstart ventures, their role as an inception fund and their recent announcement of a $250M fund for those building the “autonomous enterprise”

• Ed and I explored how AI is having an outsized impact on the investment and venture landscape and why that is, with it poised to be the largest platform shift of our lifetimes.

• Ed laid out his 5 P framework, for evaluating what teams/founders to bet on and back and what he’s learned through decades of investment experience and expertise.

• One of his recent success stories was investing in Protect AI, which recently was acquired by Palo Alto for roughly $700M, with the news breaking around RSA. Ed discussed the origin story of Protect AI and what the acquisition signals for the cybersecurity and AI security market.

• One paradigm unfolding right now is that between AI Native firms and Incumbents, and it is a race between speed of innovation and speed of distribution. We discussed how this race is and can play out and what will help determines who wins or loses.

• We wrapped up the conversation discussing the rise of AI driven development with coding agents, copilots, and LLMs and the implications for the AppSec space.

You Don’t Start a Platform, You Earn the Right to Become One

We’ve heard a ton in recent years about the age-old debate in cyber of Platform vs. Point Products, or, framed another way, Best of Breed vs. Consolidation. However, no company starts as a platform and instead is formed around a core competency and capability, and then expands from there.

and Shashwat Sehgal make this point exceptionally well in their recent piece on Venture In Security. They discuss the “Four Stages of Building a Platform”, which they define as:

• Stage 1: The one-trick pony that opens doors (Seed to Series A)

• Stage 2: Expanding to adjacent use cases (Series B to Series E/Growth Stage)

• Stage 3: Becoming a platform by IPO (late stage/pre-IPO)

• Stage 4: The $100B+ mega platform (post-IPO/public scale)

However, few make it fully down this path, falling victim to various risks and challenges or not aspiring to make a platform play. Some of the challenges cited in the article include trying to expand too quickly without establishing a core capability and customer base, and never earning the right to do so due to not differentiating themselves in their initially targeted use case.

The image below shows that companies start with a core focus and expand into new feature sets and adjacencies.

The $4.6T Services-as-Software opportunity: Lessons from year one

I wrote a deep dive piece late in 2024 titled “Agentic AI’s Intersection with Cybersecurity: Looking at one of the hottest trends in 2024-2025 and its potential implications for cybersecurity”.

In that piece, I discussed the concept of “Services-as-a-Software”, a phrase that was getting a lot of excitement from venture capital firms such as Sequoia and others, and it was because the Services market has a much larger Total Addressable Market (TAM) than software, as seen in the image below:

While the software market is measured in Billions, the services market is estimated to be in trillions, making it a massive target and compelling space for venture capital and other investors, startups, founders, and more.

This piece from Ashu Garg and Jaya Gupta of Foundation Capital caught my attention this week. They reflected on the Services-as-a-Software opportunity one year into focusing on the space. As they discuss, thousands of AI-native startup companies have set out to use agents to replace human workers, whether SREs, SDRs, Accountants, etc.

While they don’t cite Cyber workers, the issue is real here, too, with startups aiming at roles from SecOps, GRC, AppSec, and more. Usually, it is phrased as “augment” rather than “replace,” partially because the technology simply isn’t mature and proven, but additionally to quell (valid) concerns from the workforce that AI is coming for their jobs.

As they discuss, the rise of AI-driven development and LLMs is impacting SaaS companies' ability to differentiate themselves based on features alone. As they say, what you build is no longer your moat; it is how you integrate, embed, and operate that is the differentiation (I would argue that to some extent, it always has been, but nonetheless).

The authors argue that three consistent patterns separate Services-as-a-Software companies with real traction from those just riding the hype.

• Product differentiation comes from implementation

• The line between pre-sales and post-sales no longer exists

• Companies are aligning their pricing with customer outcomes

These patterns include the commoditization of development through AI-driven copilots and LLMs, which forces companies to compete on business outcomes rather than features alone. They cite the rise of forward-deployed engineers (a trend many are copying from Palantir) to help navigate customer environments, manage edge cases, improve feedback loops, and bring insights back to the core product roadmap.

Another major change includes companies revising pricing models to focus on customer outcomes, which reflects AI doing work, not just a tool to facilitate workflows and business processes. The authors discuss a spectrum moving from Seat/Access-based pricing, Usage-based pricing, Workflow-based pricing, and Outcome-based pricing. Each model has unique considerations, such as tokens and queries used, documents processed, or reports written, and at the highest end, business outcomes delivered.

While not cited in the Foundation article, a good talk on this topic came from a Sequoia event a couple of months ago, featuring Paid CEO Manny Medina

As the article discusses, outcome-based pricing is a high bar though, due to unique organizational processes, requirements and more, leaving more vendors orienting around usage and workflow-based pricing for the time being.

They close the article discussing how there needs to be a shift to focus on speed-to-value over “vibe revenue”, with companies needing to focus on the iteration of getting feedback and insights from on the ground engagement with customers and bringing it back to the product and offering to further optimize it, with an eye on the price, as described below:

Why fight so hard to perfect that loop? Because the prize isn’t the familiar $200B SaaS pool; it’s the $4.6T enterprises pour each year into salaries and outsourced services – the very labor-intelligent agents are now poised to absorb.

AI Agent Security <> Investments

I stumbled across this LinkedIn post from Brian Sack and it caught my attention. No doubt AI and Agentic AI are dominating the landscape when it comes to venture, investments and startups, as discussed by others such as Mike Privette over at Return on Security.

However, this post from Brian highlights some key points that startups pitching investors need to keep in mind. The paradigm and operating model for agentic workflows and innovations is and will be fundamentally different than traditional IT and security workflows.

DHS, National Guard Confirm Salt Typhoon Attacks on Guard Networks

Officials with the National Guard Bureau and DHS both confirmed that the China-based Salt Typhoon hacking group targeted national guard networks between March and December of 2024. This includes potentially impacting National Guard unit networks and other critical infrastructure they protect.

This continues a trend of Salt Typhoon impacting U.S. critical infrastructure and China more broadly likely lying in wait to potentially invoke exploitation in the future potential conflicts between U.S. and China, which are heavily discussed in excellent books such as Dmitri Alperovitch’s “World on the Brink: How America Can Beat China in the Race for the Twenty-First Century”.

AI

Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity

We know the industry has seen rampant adoption of AI coding tools, for LLMs, copilots and coding assistants, with companies seeing rapid revenue growth and an expanding developer base as customers and users. Much of this is all underpinned by claims or productivity gains. However, most of these claims are anecdotal and not formally measured or researched quite yet, which is why this new research paper made headlines this week.

The study involved 16 experiences open-source developers (albeit a small sample size, no doubt) looking to navigate 246 tasks. Each developer has 5~ years of experience and has moderate experience with AI tooling.

The findings are what caught folks attention, where the Developers used Cursor Pro and Claude 3.5/3.7 Sonnet. The developers estimated the use of AI would reduce completion time by 24%, but the findings however showed that the use of AI increased completion time by 19%, slowing developers down. The researchers point out these findings not only contradict assumptions by the Developers by also contradict predictions from experts in economics and ML who projected AI will speed development by 38%-39%.

Much of the overhead in the study occurred not due to the code being unusable but the developers dealing with overhead of prompting, waiting, reviewing and fixing the code that was provided before it could be used in production. This includes Developers spending 9% of their time cleaning up the code AI produced. It also found only 44% of the code produced from the AI tooling was usable.

Red Teaming AI Red Teaming

We've heard a lot about "AI Red Teaming" in the last 18-24 months. However, it has overwhelmingly focused on model-centric vulnerabilities. This is problematic, especially with the rise of Agents, enabling protocols (e.g., A2A, MCP, et), underlying Cloud infrastructure, organizational context, users, and more.

In short, it's a myopic way to red team AI, as laid out by Brian Pendleton, D.Sc., and team in this new paper titled "Red Teaming AI Red Teaming". They recommend a much more comprehensive approach, including multifunctional teams, a study of systemic vulnerabilities, and the interdependencies of technical and social factors.

Defense in depth is alive and well, or should be!

Benchmarking LLMs on the Vulnerability Prioritization Task

We seem to be living in an era where AI and LLMs are the answer to everything…and shouldn’t be. This recent research from the Empirical Security team is a good reminder of that, as they compared the performance of LLMs to the Exploit Prediction Scoring System (EPSS) and found that LLM’s underperform compared to LLMs.

Not only were they not as effective at prediction but there are also substantial inference costs involved, where EPSS is a free community resource. The LLMs generated probabilities that skew upwards, over actual exploitation, meaning they not only would be more costly due to inference, but also would likely lead to increased false positives (FP) and wasted time on remediation and toil for developers, the exact thing we need to be moving away from as a community in AppSec too.

Anthropic Proposes Transparency Framework for Frontier AI Models

Anthropic’s CEO recently announced that the Anthropic team is proposing a targeted framework that involves a series of transparency rules around safety and secure development of frontier AI models. They’re aiming for it to also be lightweight and flexible and not impact innovation either.

It is proposed due to the reality that industry, governments, and academia may be working on safety standards and evaluation methods, these likely will take several years to be fully matured, implemented and adopted or required.

Their proposal would require developers to publicly release a secure development framework which details how they assess and mitigate unreasonable risks, and also publish a system card which summarizes their testing and evaluation procedures.

AppSec, Vulnerability Management and Supply Chain

Endor Labs & Oligo: Closing the Loop Between Secure Code and Secure Runtime

If you’ve been following me for a while, you’ve likely heard me mention both teams, Endor Labs and Oligo. I currently serve as the Chief Security Advisor at Endor Labs, and they’re a leader in the Software Composition Analysis (SCA) and AppSec space. In recent years, runtime security has also gotten more attention, as organizations look to not just “shift left” but also remain aware of runtime risks and vulnerabilities as well.

In this joint blog between the teams, they discuss how Endor Labs uses their MCP server to enable AI-assistant context rich data including call graphs, function-level reachability and signed container images in leading IDE’s such as Cursor. Moving further in the SDLC, Oligo comes into play via the CI to provide an SBOM of what’s actually running, and provides that SBOM to Endor, include package ID’s, licensing and known CVE’s, coupled with Endor’s static reachability graph.

This duo of Endor and Oligo provides runtime prevention coupled with context-rich remediation opportunities, providing end-to-end coverage for AppSec teams.

I love to see this partnership between two industry leaders each bringing their unique capabilities and differentiation to bear for AppSec teams to reduce organizational risks.

Continuous Vulnerability Management Standard

Everyone is talking about the latest FedRAMP® Continuous Vulnerability Management Standard and how FedRAMP is modernizing its approach to vulnerability management.

I'm a huge advocate of this, of course, having written a book titled "Effective Vulnerability Management" from Wiley

That said, before discussing the fundamental changes they're making, I wanted to give a shout-out to Pete Waterman and the FedRAMP team for this line in particular:

"FedRAMP now works with the community to understand the impact of its policies and adjust them based on real-world experiences"

This seems trivial and a given, but the truth is many compliance frameworks and policy makers rarely take the time to truly listen to practitioners in the trenches doing the work, and revise and iterate compliance policies accordingly.

This is often why you have compliance requirements that are out of touch with reality and usually don't make sense, or worse, create more risks than they mitigate. You should read this if you're a Cloud Service Provider (CSP) working with the U.S. Government or DoD.

It demonstrates that FedRAMP is listening to the industry and moving towards factors such as known exploitation, exploitability, reachability, mitigating controls, and organizational context over legacy approaches such as CVSS base scores.

I’ll likely be doing a standalone deep dive piece on this updated FedRAMP Vulnerability Management guidance soon and why it is long overdue, and also helpful, so stay tuned for that.

Miggo Predictive Vulnerability Database

We all know when it comes to vulnerability management, focusing on context such as known exploitability, exploitability, reachability, business context and more is key. That is why it is cool to see runtime and Application Detection & Response (ADR) vendor Miggo share their predictive vulnerability database.

The database aims to not just document CVE’s but also provide insights such as how a vulnerability works, how it can be exploited and what defenders can do about it. This includes providing data such as function-level evidence, root cause analysis, exploit condition simulations and even tailored WAF rules for mitigation.

Much of the data seems to be free, but also there seems to be an aspect of it that allows teams to pay for additional resources (e.g. WAF rules for example). Even that aside, the free insights are key to helping AppSec teams dig deeper and better understand vulnerabilities and what they can do about them.

Everything to Know about Runtime Reachability

We’ve seen an industry shift (pun intended) from the hyper-focus on “shift left” to now accepting that runtime visibility, reachability and security is key as well, especially knowing production runtime workloads and environments are a core target for attackers, coupled with many getting fatigue from how poorly shift left has been implemented with noisy tools and a lack of context.

In this piece on Hacker News, my friend provides a masterclass on “everything you need to know about runtime reachability”.

As James describes it, reachability is essentially showing exploitable vulnerabilities (e.g. they can be reached/exploited) and he compares static and runtime reachability and he even argues that if the goal is to fix exploitable vulnerabilities, then runtime is the way to do so. I won’t go as far as James, because I think there is value in fixing things before they make it to production (and potentially get exploited), as well as earlier in the SDLC, but I understand the sentiment of what James means here.

He lays out flavors of runtime reachability, as seen below:

They include a spectrum of trustworthiness of de-prioritization as well as a trustworthiness of prioritization, which is key as organizations want to make sure they focus on the right things and reduce risks to organizations while also not ignoring things which can have an impact.

James provides the below diagram to depict the key differences between Static and Runtime Reachability:

As you can see, the core differences include both when they occur in the SDLC, as well as what they can and the type of insights they can provide (or not). As James discusses, the context of exploitability can be complex, involving factors such as where the vulnerability exists in the workload, cloud or application environments.

To put it shortly, reachability is complex and there is no silver bullet, and James concludes emphasizing that you need all of them depending on the vulnerability.

Subscribe now

Not to be left behind, the Cloud Security Alliance recently launched its “AI Controls Matrix: A Comprehensive Framework for Trustworthy AI,” and I wanted to check it out and share my findings with you all.

So, let’s take a look.

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

High-Level

At a high level, CSA:

“Envisions organizations using the AI Controls Matrix (AICM) to develop, implement, and operate AI technologies in a secure and responsible manner.”

Thankfully, CSA didn’t set out to reinvent the wheel and instead leaned into some of the resources I mentioned above, such as ISO 42001, ISO 27001, NIST’s AI Risk Management Framework (AI RMF), and BSI.

It is also a freely available resource to the community, developed by leading AI and security professionals through collaborative input. It is vendor-agnostic and not tied to any specific AI product, platform, or provider.

The AICM has five pillars, which are seen below:

Each control covers factors such as:

• Control Type

• Control Applicability and Ownership

• Architectural Relevance

• Lifecycle Relevance

• Threat Category

The CSA also released a presentation introducing AICM:

At the AICM landing page you can download an “AICM Bundle”, which I did, and it includes an AI-CAIQ of AICM (Questionnaire), mappings of AICM to BSI AI C4 and AICM to NIST 600-1, as well as AICSM v 1.0 itself.

AICM includes 243 controls structured across 18 domains.

When you open AICM you can see the various taps, such as Introduction, AICM v1, Scope Applicability, AICM Self-Assessment Questions, and more.

Below is a snapshot, where you can see Control Domains, Titles, ID’s, Specifications, Type and more. You can see how some controls are Cloud & AI Related, while others are strictly AI Related.

Additionally, they help break down the typical control applicability and ownership, with some being owned by the model provider whereas others for example may be shared by the owned by the AI customer and some are shared, much like the Cloud Shared Responsibility Model prior to AI’s widespread adoption.

AICM Scope/Mapping

Another tab in the AICM sheet is the AICM Scope Applicability (Mapping) tab, which is helpful if you’re organization has or will need to align with and implement other frameworks such as BSI AI C4, NIST AI RMF etc.

It lays out what AICM controls have no gaps with mapping to other frameworks, and which ones either are a full or partial gap, as you crosswalk your compliance and alignment across the various frameworks.

AICM Control Domains

Personally whenever I see a new control framework, I like to get a look at the control domains that it involves, to understand how it groups controls as well as what the scope of the overall framework is. Let’s take a look at the Control Domains from AICM

• Audit And Assurance

• Application and Interface Security

• Business Continuity Management and Operational Resilience

• Change Control and Configuration Management

• Cryptography, Encryption and Key Management

• Datacenter Security

• Data Security and Privacy Lifecycle Management

• Governance, Risk and Compliance

• Human Resources

• IAM

• Interoperability and Portability

• Infrastructure Security

• Logging and Monitoring

• Model Security

• Security Incident Management, E-Discovery & Cloud Forensics

• Supply Chain Management, Transparency and Accountability

• Threat & Vulnerability Management

• Universal Endpoint Management

As you can see, the AICM Control Domains are both robust and diverse, covering a combination of people, process and technology, as well as both underlying infrastructure and core application security concepts while also accounting for novel aspects of AI, such as Model Security.

AICM Self-Assessment Questions

The AICM Self-Assessment Question tab is helpful as it lays out the controls discussed above and provides a library of self-assessment questions so organizations can conduct self-assessments to identify where they are meeting AICM controls (and controls in the other frameworks it maps to) and where they gave gaps they need to document and remediate at a future date.

LLM Taxonomy

The LLM Taxonomy is also helpful as much of the lexicon around LLMs and AI may be new to organizations, security practitioners and the assessment and audit community. Phrases such as Retreival-Augmented Generation (RAG), Fine-Tuning, Data Poisoning, Model Manipulation and more.

Tying It All Together

AICM represents another great contribution to the Cyber community from CSA and ties into the CSA ecosystem of other resources as well. For example, they shared they launched their “STAR for AI Program” where organizations can demonstrate a commitment to trustworthy AI and even achieve a third-party validation of organizational alignment with AICM. They also offer an AI Trustworthy Pledge organizations can make.

While not currently required by regulatory frameworks and regimes, AICM represents a robust and coherent approach to helping organizations implement AI securely and a repeatable and scalable way for assessors to measure that. It’s ability to tie together the various leading frameworks from a mapping perspective also makes it a great resource for organizations to measure their maturity across leading AI frameworks in an effective manner.

Great work by the entire AICM and CSA teams who contributed to this resource for the community!

Subscribe now

Welcome to issue #55 of the Resilient Cyber Newsletter.

I hope everyone is enjoying summer, as I know it is going well on my end. As I mentioned, I recently visited Northern Virginia to watch my son compete in the Virginia Little League State Championship this past weekend.

We made it to the quarter finals but lost to a Northern Virginia team. Apparently, my NOVA friends are a little league powerhouse, boasting several teams making it to the finals!

But, enough about me, this week we have a lot of awesome cyber resources to dive into, including a look at how immutable laws of cyber still stand strong 25 years later, AI regulatory contrasts between the U.S. and EU, using LLMs to produce secure code (or not) and the introduction of an Application Attack Matrix among much more.

So, here we go!

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

The Cost of CVEs 2025: How much are CVEs costing your business?

Vulnerabilities are more than just security risks—they’re an expensive, ongoing drain on resources. Chainguard just released an in-depth report, The Cost of CVEs 2025, revealing how vulns are costing organizations of all sizes and industries tens of millions each year. From patch cycles and downtime to compliance overhead and incident response, the report breaks down the true, often overlooked, financial impact of vulnerability management.

Based on data from industry leading security and engineering teams, this report quantifies the organizational toll of chasing CVEs in today's threat landscape. Spoiler: patching everything is neither scalable nor sustainable. It’s time to rethink traditional approaches and consider upstream strategies that eliminate vulnerabilities before they ever make it to production.

This is an excellent report for security leaders to benchmark their current vuln management strategy—and explore how leading teams are shifting left to reduce risk and cut costs.

Get the Report

Cyber Leadership & Market Dynamics

The Cybersecurity Job Market is Broken - And Everyone Knows It

In a damning piece from Tracey Webb, he calls out the cybersecurity job market, arguing that CISOs and security leaders have outsourced critical hiring functions in Cyber to HR, AI and keyword searches.

The post must have resonated, as it garnered several hundred interactions and nearly 100 shares on LinkedIn. The piece raises points that remind me of a piece I shared earlier this year from Chase Cunningham, who said rampant layoffs weren’t due to AI, but companies just looking to maximize profit and cut expenses (labor).

There’s truth to this piece, but I would also say that struggling folks often miss critical activities such as building a deep network, building a personal brand/reputation, staying relevant in the domain knowledge of emerging technologies, and more.

It’s a two-way street. While hiring is getting more difficult due to ridiculous position descriptions, requirements, automation, and outsourcing to HR, we also need to do everything we can to ensure we’re in a position to be highly in demand and marketable from a labor perspective.

Black Hat Startup Spotlight Competition Finalists

One of the largest cybersecurity conferences is around the corner, in Black Hat. Much like RSA, this event has an angle that looks to highlight the most innovative and disruptive startups, and their recent “Startup Spotlight Competition” finalists were recently announced.

They include:

• FireTail.ai

• Keep Aware

• Prime Security

• Twine Security

As seen above, the judging panel also made honorable mention of 5 other firms. Watching the finalists' presentations and seeing who walks away from the event at the top will be exciting!

Reflecting on “10 Immutable Laws of Security” 25 Years Later

My friend recently wrote a piece on Microsoft’s Security Response Center’s 10 Immutable Laws of Security, which are now more than two decades old and are framed as fundamental truths related to cybersecurity.

As MSFT pointed out way back, the origin of security issues is much more closely related to the nature of systems, people, and trust than to any specific code or bugs, almost like universal laws of nature.

The laws are inevitably spot on, and what’s ironic is how painfully true they are, but we still counterintuitively violate their principles. See below for some examples:

• Law #1 - “If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore”.

  • They explained how, if a stranger came up and handed you a sandwich, you would eat it. Of course not. Yet, ironically, when it comes to open source, we rampantly consume open source software with little insight into its true provenance and origin or its safety, at a pace that is growing more than ever, as I have discussed in various pieces.

• Law #8 - “An out-of-date virus scanner is only marginally better than no virus scanner at all.”

  • While this one is focused on AV, which is still relevant, I couldn’t help but think of the whole shift-left mantra, and how low fidelity noisy tools we’ve dumped on developers that orient around non-exploited/non-exploitable vulnerability, base CVSS scores, and more feel right at home with this law. They’re purely noise and toil, and next to useless.

• Law #10: Technology is not a panacea

  • This one in particular is so damn true as it was 25 years ago. I’ve written many times about People, Process, and Technology - in that order, regarding significance. Yet, the entire cybersecurity industry is oriented around tools, venture capital, and startups; all enterprises drown in tens to hundreds of security tools, most of which are never fully implemented, configured, tuned, optimized, or deliver real value in stopping organizational risks. As I have written, your security tools may be posing more risk than they are stopping!

Ross does a great job covering the 10 Laws and how they are as true as ever, while also weaving in relevant context about how the landscape and technology have changed in the past 2+ decades.

The Cybercriminal Group Wreaking Havoc on Corporate America

This piece from Axious highlighted the ongoing activity of “Scattered Spider,” a hacking group that has been targeting retailers, grocery chains, insurance providers, and airlines across the U.S. using techniques such as help desk impersonation and SIM Swapping.

One thing that makes the group unique is that it isn’t a mature, organized hacking group but a loose coalition of young men and teenagers who came out of the gaming community and are using ransomware to impact their victims.

Despite their age and loose nature, they have an internal organizational structure, tiered positions of maturity, and run like an actual business. While they have made recent headlines, they first gained fame by hacking MGM Resorts and Caesars Entertainment in 2023 and are largely using the same techniques today with much success. This highlights the bleak nature of most modern corporate cybersecurity.

Industry leader Jen Easterly took to LinkedIn, calling the group “Scumbag Spider” instead, and stating they aren’t ninjas and are using attack techniques that could be mitigated by a Secure-by-Design/Demand approach from industry.

She stated:

“IMHO, this isn't a story about clever hackers or even about human error. The fact that Scumbag Spider continues to succeed using largely unchanged tactics over multiple years is yet another example of systems that were never designed with security as a foundational principle.”

Silicon Valley Defense Group (SVDG) NATSEC 100 - 2025 Edition

I spend a fair amount of my time focused on the public sector, including DoD, due to my role as the Co-Founder and CEO of a Public Sector-focused digital services firm, Aquia.

That’s why the SVDG NATSEC 100 caught my attention this week. Produced in partnership with JP Morgan, it provides insights into the top 100 venture-backed, dual-use, and defense technology companies focused on national security.

The report cites in 2024 they saw a ~2.3x increase in prior year spend by the DoD on NatSec 100 companies, which isn’t too surprising for those paying attention, as the current administration had a strong backing from silicon valley and venture capital as well as a mandate to try and disrupt the status quo in terms of primes and vendors. The report also points out that this still accounts for <1% of the total DoD budget, emphasizing just how dominant the traditional DoD primes are.

Another interesting anecdote is that they offer their analysis and dataset with and without SpaceX, due to its outsized funding, as well as its outsized Government contracts compared to the rest of the NatSec 100, which again for those following politics, could be an interesting thing to keep an eye on given the tension between President Trump and Elon.

Below is a snapshot of some of their key stats/findings:

Also, the top 15 companies ranked:

The report is worth reading if you’re interested in and passionate about the DoD market from a technology and capital perspective.

AI

AI Patchwork Quilt of Regulation Forthcoming

As part of the recent “Big Beautiful Bill,” a 10-year moratorium (e.g., a ban) on state-level AI compliance and regulation was proposed, but it was recently struck down and removed from the bill's version that passed.

This is a dynamic topic that has valid arguments in both directions. On one hand, AI is too immature and evolving to be regulated effectively. Efforts to do so could hinder innovation and lead to economic and national security consequences for the U.S. (and others).

On the other hand, it could be argued that we need a comprehensive, cohesive compliance regime to avoid a patchwork quilt of state-level regulations that will be costly and cumbersome for businesses to navigate and impose challenges and impacts on consumers. Citizens of different states/nations could be constrained regarding what innovative AI services, products, models, etc., they can access.

We’re headed for that patchwork quilt, as the 10-year state-level ban was removed from the passed bill. Many states have already ushered in one or more AI regulatory requirements that businesses must now navigate.

This topic, as discussed in major news outlets such as AP and many others, involves many dynamics and angles, from differences between the two parties to big techs pushing for the moratorium, to states looking to assert their rights to regulate. In the absence of a coherent Federal-level AI regulatory regime, states are expected to step in, much like they’ve done with privacy here in the US.

The AI Regulatory Moratorium Fails: What Comes Next?

In the wake of the 10-year regulatory moratorium failing, some have penned strong opinions on what will happen next. This includes Adam Thierer, who details some of the policy and even national security and economic implications in this piece.

Adam makes three primary arguments:

• California and New York will now take the lead in shaping national AI policy

• It’s a devastating blow for “Little Tech” AI players, as large tech companies will be able to easily comply with the confusing, costly compliance burdens that will come from the patchwork reality

• It represents a major setback for America’s efforts to have a coherent, pro-innovation, pro-investment policy approach in the battle against China for global AI leadership

While some may find Adam’s arguments flawed, he raises some good points. In security and compliance, we often use the phrase “high water mark” to meet the most rigorous compliance requirements upfront. Many tech and AI organizations will inevitably be forced to meet the most stringent U.S. (and global) AI regulatory requirements, such as those from NY and CA, regardless of what the other states say or do, due to the reality that it is too costly and impractical to have countless different products and services for each state.

Adam argued that the irony is that much of the animosity around the moratorium was directed at “Big Tech.” Still, those big firms are the ones who will be able to navigate the costly and confusing patchwork AI regulatory model where they are headed, with smaller firms struggling to manage the cost and complexity of compliance. I have seen this play out in areas such as FedRAMP and the DoD SRG related to Cloud and ATO’s in the public sector, as larger firms can afford the time and cost to meet the compliance requirements, and afford to enter these markets, essentially locking out smaller firms with less resources, even if they have innovative products and services the industry could benefit from.

To his last point about impacting a pro-innovation and pro-investment policy approach to compete with China for AI leadership, one of the best ways to mitigate what is happening would be for the Federal government to take the lead with a coherent, cohesive approach to AI regulation, mitigating the states’ need to step in. That said, of course, some states, such as CA/NY, can and will impose their regulatory requirements, but this would at least provide a uniform Federal pathway for industry and also allow companies to avoid some states if needed while still driving the nation forward from a competitive and innovative perspective.

However, watching how we have failed to do something similar around Privacy will leave those of us watching this AI regulatory battle with a sense of déjà vu.

Europe’s Biggest Companies Call for a Two-Year Pause on EU’s Landmark AI Act

Not to be left out of the conversation, our friends in the EU saw action on AI regulation recently, too. A coalition of Europe’s largest companies asked for a two-year freeze on the implementation of the EU’s AI Act, citing concerns it could impede the EU’s ability to keep pace with China and the U.S.

It will be very interesting to see how this plays out, given the EU by its own admission in some ways has set out to be a “regulatory superpower” despite many concerns from national and industry leaders alike who state the heavy handed compliance approach of t he EU is impacting the EU’s ability to compete and also its economic prosperity and national security.

And, right on cue, as expected, EU leaders stated “No pause for the EU AI Act Implementation timelines”.

The EU government and bureaucracy seem to be committed to this path, regardless of the impact on economics or national security.

"I've seen, indeed, a lot of reporting, a lot of letters, and a lot of things being said on the AI Act. Let me be as clear as possible, there is no stop the clock. There is no grace period. There is no pause," Commission spokesperson Thomas Regnier told a press conference.

I always enjoy sharing the below diagram as a stark reminder of just how different the US and EU ecosystem for growth and high-tech are:

The Rise of the Agentic SOC

The industry continues to be enamored by AI's potential to transform cybersecurity, including in key areas such as SecOps with the SOC. This piece from Spear Investments explores the topic, looking at technical and market factors driving this focus.

The piece emphasizes what is foundational to Agentic SOC operations, which are the data sources and data infrastructure layer. As seen in the image above, this is no small feat and often involves a complex combination of systems, products, and environments to bring things together. As the authors point out, the modern SOC isn’t a static dashboard, but instead a system built on robust real-time data sources providing actionable insights, and can come from sources such as the network, endpoints, identity, and cloud environments.

The industry leaders, such as Crowdstrike and ZScaler, have a significant advantage when it comes to data, given each protects billions of digital assets and/or processes billions and even trillions of transactions, providing them a massive data set to drive higher fidelity insights and even further train models tied to products. This data “moat” is a point the CEO of Horizon3AI, whom I respect, has often cited as key.

From an investor’s perspective, each of these areas of the cyber market has and continues to see double-digit growth annually, as depicted below:

The piece goes on to break down each of these key cybersecurity end markets, leading vendors, disruptors, and the complexity involved within each category defined above. It then discusses how they all provide insights key to powering the future agentic SOC.

Can LLMs Develop Secure Code?

As it turns out, it depends.

A recent paper found that smaller specialized models, coupled with security-centric prompting and guidance, can develop more secure code. While the results seem promising, I inevitably think about reality versus academia and research.

The truth is that most developers have little security education and training and won't natively use security-centric prompts and requests, as this paper outlines.

This means the attack surface is poised to grow exponentially as Developers use vanilla prompts for code generation with little to no context added for security and hardened code, inherently trusting whatever the models output for the sake of moving fast, as developers are incentivized to do.

I suspect that in the future, we will see the everyday use of tools and secure coding prompt libraries to implement guardrails, allowing developers to lean into AI-driven development while also ensuring more secure outputs. Shout out to Varun Badhwar for also bringing this paper to my attention.

AppSec, Vulnerability Management & Software Supply Chain

This Sh*t Is Hard: Vulnerability Scanner Integration

Continuing their series about activities that are difficult behind the scenes that organizations grapple with, Chainguard recently released a piece discussing vulnerability scanner integration.

They outline the challenges of dealing with multiple vulnerability databases, which often have duplicative information, conflicting data, and disparate IDs, making vulnerability scanning and management difficult. Chainguard also describes its internal processes and the tools it uses to identify and communicate vulnerabilities to customers. This activity leads to remediating vulnerabilities, communicating changes to customers in advisories, and providing context-rich information from which scanners can pull.

Chainguard summarizes the difficulties, including the reality that there are tens of thousands of vulnerabilities every year, many captured in NVD and other vulnerability databases, many different vulnerability scanning tools, the need for context, and much more.

This blog is a great peek behind the curtain of vulnerability management as a software vendor.

The Application Attack Matrix 🧨

Several of the industry-leading reports, from M-Trends to DBIR, show that application exploits are on the rise as one of the most dominant attack vectors.

However, the AppSec landscape has changed drastically in the last several years, from Cloud, Microservices, Supply Chain, Runtime, App Logic, and AI 🤖. This Application Attack Matrix from Avi Lumelsky, Hadas Marzook, Gal Elbaz, and the Oligo Security crew is timely.

It looks at the four phases of application attacks: Pre-Intrusion, Intrusion, Post-Intrusion, and Impact. It's tied to real-world security incidents and attacks using various attack techniques and their associated organizational impacts.

This is a great resource that security practitioners, leaders, researchers, and others can leverage. It is grounded in real-world data and accompanying mitigation techniques and can lead to a more resilient digital ecosystem!

fwd:cloudsec Summaries

One of the leading cloud security conferences of the year recently took place, bringing together industry-leading experts with deep experience in various CSPs, multi-cloud, identity, AppSec, and more.

The playlist is live, but it can be difficult to keep up with, with 43 talks covering various topics and domains. Luckily, this repository puts it all together neatly and well organized, allowing you to focus on the most interesting topics. It breaks the 43 talks down into the following categories:

• AI/ML Security

• IAM

• Threat Hunting and Detection

• Attack Techniques and Vulnerabilities

• Cloud Infrastructure and Architecture

From AWS Detection Deficit to Detection Maturity

Building robust and effective detection capabilities in leading CSPs such as AWS can be a complex endeavor, even for the most capable teams. This incredible blog detailing how one team identified their AWS detection deficits and matured them while diving deep into AWS log sources and telemetry is helpful for any security practitioner securing workloads in AWS.

The below image helps highlight the AWS services involved, both from a data source, monitoring, and aggregating perspective.

The author lays out an AWS Log Source Security Summary:

They discuss how they built out detections and enriched log sources with additional information such as network context and threat intelligence, where possible, to provide deeper insights.

Their journey captures key lessons as well:

• Context is everything, and raw logs must be enriched with context

• Automation is key, due to the scale and complexity of environments

• False positives kill

• Insights are hidden in the cross-service correlation

• Use IaC to manage detection rules

• Continuously validate detection rules because they degrade over time

Non-Human Identity (NHI) Discussion

NHI’s continue to be a hot topic, and something I have written and spoken a lot about, including with my friends at Astrix Security. That said, I found this discussion with investor Pramod Gosavi and the founder of Clutch Security to be a good one, covering a wide range of topics related to NHI’s, such as:

• How NHI’s are an old problem but being newly recognized as critical

• Limitations of traditional secrets management tooling

• What NHI attack vectors and breach mechanics look like

• The impact of Agentic AI on NHI

• Clutch’s vision for this space, and where they’re headed

Subscribe now

Welcome to issue #54 of the Resilient Cyber Newsletter.

We’re heading into the 4th of July weekend, and I’m heading up to Northern VA where my son will be participating in the Virginia State Little League Baseball championships, which should be a lot of fun for our family.

I hope everyone has a great holiday weekend and take time to reflect on the significance of the holiday for those of us in the U.S.

All that said, we have a lot of great resources this week from conversations on GRC Engineering and its impact on compliance, a comprehensive state of AI report, the introduction of a new AI secure lifecycle framework and discussions about AI’s impact on AppSec, so here we go!

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

Navigating M&A: What every security leader needs to know

M&A is exciting – new products, new colleagues, new possibilities. Often overlooked, cybersecurity can make or break the success of a deal. Acquirers often face fragmented systems, different security policies, and new vulnerabilities. These issues introduce real security risks.

On July 17th, CISOs Dave Lewis, Wendy Nather, and Kane Narraway draw on the collective experience of 30+ M&As to examine the security implications of M&A and outline strategies for mitigating risk.

Join the webinar for practical advice on:

• What to evaluate during due diligence, and how to prioritize risks.

• How to approach access control across fragmented systems.

• How to respond to growing risks like social engineering and insider threats.

• How compliance adherence becomes more complex—and the first steps you should take

  Register for the Webinar

Cyber Leadership & Market Dynamics

Resilient Cyber w/ AJ Yawn - Transforming Compliance Through GRC Engineering

In this episode, we sat down with AJ Yawn, Author of the upcoming book GRC Engineering for AWS and Director of GRC Engineering at Aquia, to discuss how GRC engineering can transform compliance.

We discussed the current pain points and challenges in Governance, Risk, and Compliance (GRC), how GRC has failed to keep up with software development and the threat landscape, and how to leverage cloud-native services, AI, and automation to bring GRC into the digital era.

We dove into:

• What the phrase “GRC Engineering” means and how it differs from traditional Governance, Risk and Compliance

• What some of the major issues are with traditional compliance in the age of DevSecOps, Cloud, API’s, Automation and now AI

• Specific examples of GRC Engineering, including the use of automation, API’s and cloud-native services to streamline security control implementation, assessment and reporting

• The promise and potential of AI in GRC, and how AJ is using various models for control assessments, artifact creation and more, and how GRC practitioners should be leveraging AI as a force multiplier

• AJ’s new book “GRC Engineering For AWS: A Hands-On Guide to Governance, Risk and Compliance Engineering”

The State of AI Report: The Builder’s Playbook

While this is an AI focused resource, I feel it makes more sense in this section of the newsletter due to the emphasis on the broader market dynamics, startups, incumbents, investors and more.

This “State of the AI Report” from Iconiq is one of the best resources I have seen so far in 2025 on this front. It claims to lay out a practical roadmap for AI innovation and it does so in my opinion, while also providing deep insights on the evolution, adoption and future implementation of AI, much of which is very relevant to security as well.

In fact, Security ranks among the top 5 challenges for those deploying models, in addition to issues such as Hallucinations, Explainability and Trust, all of which I would argue are directly related to security, and have security implications, such as package hallucinations which I discussed last week.

Agents of course are a hot topic, with 80%+ of organizations reporting they are either actively deploying agents, experimenting with doing so, or in the early research phases.

The report shares a TON of other insights related to spending, hiring, costs related to AI initiatives, budget allocations and more. Another key insight shared was that coding assistants by and far were the leading use cases in terms of impact on productivity, which has major ramifications for AppSec, as we know with the rise of vibe coding, and just the implicit trust developers place in code generated by LLMs and coding assistants.

For a deep dive on the implications of coding assistants, I recommend a recent article from Dave Aitel and Dan Geer titled “AI and Secure Code Generation” or my own article titled “Security’s AI-Driven Dilemma”.

The 10 Hottest Cyber Startups of 2025

If you’re like me, you often don’t give a ton of credibility to the “Top” lists that come out, however some are worth paying attention to. One is CRN, which recently named the leading up-and-coming companies that are offering new approaches to securing cloud, data, AI and identities.

Among those cited include Endor Labs and Oligo, the former of which I currently serve as the Chief Security Advisor, and the latter I’ve had a chance to interact with quite a bit and are leading the charge around runtime security and Application Detection and Response (ADR), as well as doing some amazing research, including breaking news of a vulnerability to Apple around RSA.

Scattered Spider Hacking Group Now Targeting Airlines and Transportation

News broke last week that the notorious hacking group “Scattered Spider” is targeting aviation and transportation sectors with some such as Canadian airline “WestJet” already seeing some outages to its system and mobile application.

The news and guidance has come from credible sources such as Charles Carmakal, who serves as the CTO for Google’s Mandiant Consulting.

AI

Predicting AI’s Impact on Security

If you’re like me, you likely read, listen to and consume as much as you can related to the intersection of AI and cybersecurity. That said, it can be a lot, from startups, VC’s, the need to secure AI as well as using AI for security use cases.

One of the top leaders I follow is Caleb Sima, who produces a lot of excellent content on the topic. He recently put out a Medium article titled “Predicting AI’s Impact on Security” which I found informative and resonated with a lot of my thinking on the topic as well.

During the article (and associated talk), Caleb makes the case that AI has the potential to “revolutionize” cyber by addressing key challenges in coverage, context and communication. He sees AI being able to help CISO’s in areas where systemic challenges exist such as vulnerability management, third-party incidents, IAM and more, while also helping with more mundane activities from internal documentation, meeting transcription and more.

As organizations engineering practices change to adapt to AI, the security landscape will need to change alongside it, both in terms of tools and technologies but also practices and methodologies as well.

AI for Security: It’s time to get over our trust issues

Anyone who’s been paying attention to the AI discussion in cybersecurity knows it involves two angles:

• Securing the use of AI

• Using AI for Security

The latter of course has been a much harder conversation for many security practitioners, as they’re rightfully concerned with the security implications of AI adoption. That said, many should equally be concerned with the prospects of what AI can do for security, a point I tried to make in my own article titled “Security’s AI-Driven Dilemma: A discussion on the rise of AI-driven development and security’s challenge and opportunity to cross the chasm”.

In that article I argued that security is historically a late adopter and laggard of technological waves, but AI offers an opportunity for cyber to be an early adopter and innovator, and to use the technology to address longstanding cyber issues.

VC firm Chemistry makes a similar point in an recent article discussing how security needs to get over its trust issues and lean into adopting AI to aid security use cases. They point out examples from VulnMgt, AppSec, Email Security and more, along with vendors operating in those spaces (albeit likely with some bias for their portfolio companies).

This piece lays out the various areas where AI is and will have an impact, tackling challenges around vulnerability backlogs, GRC artifacts and processes, SecOps alert fatigue, identity security and more. I agree with the authors and I’m excited about the prospect of AI in cyber.

Secure AI Lifecycle (SAIL) Framework

With the rapid adoption and evolution of AI teams are often looking. for a framework to help turn principles and guidance into action.

Excited to have collaborated with the Pillar Security team on this publication, which I think is a helpful tool for security and software practitioners building with and on AI systems. From executable data in the form of prompts, agency via Agentic AI and nuanced angles to consider such as model poisoning and more.

The paper:

🔷 Lays out the AI development lifecycle and AI security landscape
🔷 Maps more than 70 risks across various AI development and deployment phases
🔷 Provides mitigations, mapped to leading frameworks such as ISO and NIST AI RMF
🔷 Captures a comprehensive definition of AI system components

Asana AI Incident: Comprehensive Lessons Learned for Enterprise Security and CISOs

We recently saw incident involving Asana AI, which helps enable organizations with AI assistants. The incident impacted over 1,000 organizations data through a single line of code. This equates to 0.8% of Asana’s 130,000 enterprise customers.

This piece from Adversa AI breaks the incident down, which is tied to MCP, which we’ve seen rapid adoption and implementation of, despite many security practitioners and researchers also raising security concerns.

The blog does a great job summarizing key impact metrics, what was at risk and why this matters to CISO’s below:

As the blog points out, the crux of the issue is that via the Asana MCP server, Organization A was able to query cached results from Organization B via a “confused deputy bug” in the MCP server, that doesn’t re-verify tenant context for cached responses, as well as a missing identity management piece for AI agents (a hot topic I have been talking quite a bit about).

The blog dives much deeper in terms of who was involved, the specifics of the incident, and the technical details. It is worth a read.

Intro to OAuth for MCP Servers with Aaron Parecki

There’s been a lot of fuzz about Authentication/Authorization when it comes to MCP among its rapid adoption. One of the key folks leading that thought leadership is Aaron Parecki at Okta, who has authored several crucial blogs on the topic as well as leading improvements for the MCP spec itself.

I stumbled across this session Aaron delivered at the MCP Developers Summit, and I recommend giving it a listen if you’re looking to better understand MCP and OAuths intersection.

AI Supply Chain Constraints

While not a specific security topic, supply chain constraints can impact things such as availability and internal business AI initiatives. This piece from Venture Beat discusses an uncomfortable open dialogue that is happening more and more.

This includes situations where leaders such as Anthropic, Cursor and OpenAI are seeing significant ARR growth but users are being constraints via API limitations and token shortages due to limits in power supply capacity, building permits, data centers, and high-end chip manufacturing.

It dubbed it as “the capacity crisis no one talks about” and provides direct quotes from industry leaders about the token constraints they’re facing from leading providers as well as varying quality among the model providers. It is partially being driven by model providers using techniques to improve inference costs, only to suffer downstream quality impacts on model outputs.

“Each optimization degrades model performance in ways enterprises may not detect until production fails”

With my security hat on, I could see the implications for everything from AI-driven development and vulnerable code to effectiveness and accuracy related to SecOps use cases of AI.

The article quotes comparisons to early oil competitions with leaders such as Standard Oil and others, with some diluting quality, suspecting customers won’t notice, only for the measures to have real ramifications on society and the consumers of the products.

They cite immediate imperatives for enterprise buyers as follows:

• Establish quality benchmarks before selecting providers.

• Audit existing inference partners for undisclosed optimizations.

• Accept that premium pricing for full model fidelity is now a permanent market feature.

  Quality variance, the difference between 95% and 100% accuracy, determines whether your AI applications succeed or catastrophically fail.

AppSec, Vulnerability Management, and Software Supply Chain

AI and Secure Code Generation

This piece on Lawfare from longtime industry leaders Dave Aitel and Dan Geer is a great read about the intersection of AI and AppSec. As they say:

“AI is reshaping code security - shifting metrics, unknown bugs, and autonomous decisions humans may never understand”.

In the article they discuss the massive impact AI is on having on software development, from both finding and fixing bugs, vulnerabilities becoming immediately and transparently visible (e.g. From N-Day to Every-Day Vulnerabilities) and the impact that Autonomy will have on the ecosystem.

The authors make the case for provenance standards for AI generated code, similar to SBOM’s, but tracking models, prompts and datasets which can be helpful in auditing the security of largely AI-written codebases. I will point out that some of this is underway by groups such as OWASP’s CycloneDX and folks such as Helen Oakley. I actually explored the topic with her in an episode titled “Exploring the AI Supply Chain”.

Can we fix all the vulnerabilities?

Much of the discussion in AppSec revolves around fixing “all the things”, scanner findings, vulnerabilities, misconfigurations, weaknesses and so on. This piece from Josh Bressers discusses the practical implications of trying to fix all of the vulnerabilities.

He starts by discussing how zero CVE base images are all the rage right now, and rightfully so, as we should build from secure base images. That said, when it comes to dependencies in images and keeping those in a constant state of zero findings is another story and many organizations instead optimize for their assessment or audit schedule as opposed to truly zero findings perpetually.

There are also operational challenges to navigate such as breaking things due to dependency changes or only updating dependencies that have associated vulnerabilities.

The question at its core is misguided because you’re really asking, can we eliminate all risk, and the answer is sure, if you want to prioritize above everything else and redirect resources that could be spent better for the organziation.

That’s why we have what’s called risk tolerance, and it looks different for each organization.

Just Because There’s No CVE Doesn’t Mean You’re Safe - And Just Because There Is One Doesn’t Mean It’s Bad

VP of Engineering at Edera recently published a good piece diving into the nuances of CVE’s and that their mere presence doesn’t mean things or bad, and conversely, their absence doesn’t mean you’re safe. This is a point known by many with deep AppSec expertise and experience but it is worth discussing nonetheless.

As Kavita discusses, fixing CVE’s alone doesn’t mean your safe or secure, and conversely a lack of them doesn’t mean all risks have been eliminated. As she notes, vulnerabilities may not be assigned CVE ID’s, same for a software bug, insecure default configurations and more.

Lately many incidents have started with hardcoded credentials in container images or source code for example. On the flip side, we know 95%~ of CVE’s annually are never exploited and pose little to no operational risks to organizations as well.

Like everything in cyber, and life - context is key.

Subscribe now

Welcome to issue #52 of the Resilient Cyber Newsletter. This marks one whole year since I embarked on the journey to begin a newsletter for the community focused on Cyber Market Dynamics, Leadership, AI, AppSec, Vulnerability Management, and Software Supply Chain Security.

I have been sharing resources, thoughts, discussions, and more with the community primarily on LinkedIn for roughly a decade, but I never formalized storing all of the resources and making them available on a weekly basis—until now!

If you’ve been on this journey with me for the past year, I truly appreciate your support. I hope you’ve enjoyed the resources and shared them with your network. We work in a highly dynamic, quickly changing field, especially with AI and its intersection with cybersecurity, and I’m learning alongside the community every day.

Below is another excellent collection of timely and relevant resources, and I look forward to continuing to share many more in the coming weeks and years.

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

Secure Kubernetes Environments with Cortex Cloud’s KSPM

Managing Kubernetes can be complex. Misconfigurations, hidden vulnerabilities, and leaked secrets can turn clusters into gateways for attackers.

Cortex Cloud’s Kubernetes Security Posture Management (KSPM) helps security teams identify misconfigurations, vulnerabilities, malware and secrets across code, build, deploy and runtime.

Interactive dashboards show your full asset inventory, rank the riskiest clusters, and highlight critical findings. Click straight through to investigate and remediate without jumping between tools.

Follow proven best practices and integrate KSPM into your container security strategy. Take control of your Kubernetes security today.

Read the Blog

---

Cyber Leadership & Market Dynamics

Hitch Partners 2025 Security Organization Compensation, Responsibilities, and Structure Survey Results

If you're like me, you're always looking for insights into CISO and security leader compensation, responsibility trends, and reporting structure insights.

That's why this recent survey from HITCH PARTNERS is an absolute gem.

They surveyed 500+ security leaders, exploring compensation, team dynamics, reporting structures, functioned managed, board exposure, and more.

Some key takeaways:

• Public company CISOs trend well ahead of their private counterparts in terms of compensation, benefits, and protections (e.g., D&O and Indemnification)

• CISOs continue to juggle more functions and responsibilities, often 10+, with private CISOs having broader responsibilities (and usually smaller teams)

• Speaking of team size, companies with < 250 employees have teams under 10, while companies with > 5000 employees often have teams approaching 100.

• The larger the company, the less likely the CISO is to report to the CEO. Over 50 % of CISOs report to CTOs/CIOs (which creates a conundrum in my opinion, as they're often pushing back on initiatives of their senior leadership).

• The average tenure of security leaders is up to 39 months, likely tied to broader economic disruption and instability.

• One of the most significant justifications for the budget?

  Compliance
  
  As I've been saying, it's almost as if security is biting the hand that feeds it when they go around chanting, "Compliance isn't security!"
  
  The report has many more insights, so be sure to check it out. It's helpful from multiple perspectives for fellow security leaders, organizations, vendors, and benchmarking.

Verizon’s DBIR vs. Cyentia’s IRIS

I have written articles discussing Verizon’s DBIR findings this year and last, and recently did a deep dive on Cyentia IRIS with Cyentia’s CEO, Wade Baker. Industry leader and author Rick Howard recently authored a LinkedIn article comparing the two.

He points out that DBIR isn’t that useful and is more news than intelligence, while IRIS has some news but is more of an intelligence report, and something you can use to make actionable decisions. I agree with him.

His primary point is that IRIS better equips you to make specific decisions regarding investments, focus areas, threats, and more. Listen to the discussion I had with Wade Baker below, and you’ll likely come to the same conclusion.

Agentic Vulnerability Management Startup Maze Announces $25M Series A

News recently broke that British cloud security startup Maze announced a $25M Series A, raising a total of $31M since launching nine months ago. They are coming at vulnerability management from an interesting angle, including looking to use swarms of autonomous agents to hunt and fix vulnerabilities.

They break workloads into concurrent tasks and test every possible attack path looking to hone in on specific vulnerabilities that are exploitable/reachable in cloud environments and pride themselves on being an AI-native security platform.

SMB Security Budgets

I recently shared IANS report 2025 Compensation and Budget for CISOs in the SMB market. It provided insights into security budgets, compensation for CISOs and security leaders and more.

One interesting insight was the percentage of security budget in terms of related to IT spend and/or percentage of revenue. Essentially the smaller the organization, the larger the proportion of IT spend and revenue security budgets represent, and then it shrinks as the organizations IT spending and revenues grow.

This makes sense given larger firms have both larger IT spending and revenue but I was personally surprised to see that security budgets are nearly 20% for SMB’s under $50m, which shows just how seriously many of them take security threats, at least from a resource allocation perspective.

AI

Benchmarking LLMs for Autonomous Alert Triage

We continue to see the exploration of AI for security use cases, including SOCs and Alert Triage. However, we lack insight into how those models and tools perform for use cases like the SOC.

AI SOC company Simbian recently attempted to tackle this gap by conducting benchmarking of LLMs for autonomous alert triage.

They cite the existence of benchmarks such as CyberSecEval and CTIBench but state they aren’t as realistic and don’t have the depth needed. Simbian conducted a real world test using their Simbian AI SOC agent and an evaluation process grounded in evidence and data.

As shown above, they used popular models from Anthropic, OpenAI, Google, and DeepSeek. They saw models completing over half of the investigation tasks, with results ranging from 61% to 67%. They did stress the importance of thorough prompt engineering and agentic flow engineering to be effective. Initial tests saw lower results, leading to the need to improve prompts.

The Lethal Trifecta for AI Agents

We see a lot of excitement about Agentic AI, Agents, and their potential use cases across countless industries and environments.

That said, they also introduce some significant risks and potential vulnerabilities, primarily through access to private data, the ability to communicate externally, and exposure to untrusted content, as Simon Willison expertly lays out in this article.

Simon discusses the inherent problem with LLMs is that they follow instructions in content, for better or worse. Due to this behavior, it is easy to be exposed to risks, especially when introducing things such as MCP, agents, and semi- or fully autonomous workflows.

Excellent article by someone I've been learning a lot from when it comes to AI security lately.

AIRTBench: Measuring Autonomous AI Red Teaming Capabilities in LLMs

Speaking of benchmarks, another area of cyber being explored with AI is that of AI red teaming, or more broadly, AI models' abilities to autonomously discover and exploit vulnerabilities, including in AI/ML systems themselves.

Ads Dawson and other researchers from Dreadnode recently shared the Arxiv paper that introduces their “AIRTBench” which focuses on measuring autonomous AI red team capabilities in LLMs.

They conducted 70 realistic CTF challenges that involved the models writing Python code and interacting with and compromising AI systems. The findings are interesting, as they mention Claude-3.7-Sonnet was the clear leader, solving 43 challenges (61% of the total suite, with a 46.9% overall success rate), followed by Gemini-2.5-Pro, GPT-4.5-Preview, and DeekSeek R1.

They found frontier models were far outpacing open source alternatives, with the best open source model being Llama-4-17B, which only solved seven challenges. The researchers concluded that compared to human researchers, LLMs could solve challenges with remarkable efficiency, doing in minutes what takes humans days or weeks, further validating the promise of LLMs for red teaming and security use cases.

xbow Tops HackOne Leaderboard

Speaking of AI’s ability to identify and exploit vulnerabilities autonomously, news broke recently that xbow, an AI-native startup that aims to boost offensive security (OffSec) with AI, took over the top spot on the HackerOne leaderboard.

This seems to be further real-world validation of the effectiveness of AI in optimizing OffSec and vulnerability identification and exploitation. That said, some have pointed out that these tools are great at finding known vulnerabilities and simple bugs fast, while others emphasize that humans will still have a role to play, especially for complex bugs involving business logic and nuance.

AI Discovery Orientation

Much like other areas of cybersecurity, visibility is key, and why controls such as hardware/software asset inventory are critical. We hear that when it comes to AI security too, with discussions related to AI discovery and inventory, but what does that actually entail?

This recent blog from Noma Security discusses both how AI discovery if the foundation of AI security and the importance of demanding breadth and depth for a useful AI inventory.

They emphasize that breadth means complete coverage across the five critical surface areas including:

• AI platforms

• Cloud AI Services

• Source Code

• Self-Managed MLOps

• Third-Party Agents

Depth on the other hand focuses on deep context to lead to actions, and involves insights for AI components such as:

• Model lineage and data relationships

• Agent capabilities

• AI risk context

• Insights that facilitate action

Decoding the Building Blocks: MCP, A2A, and AG-UI

We continue to hear a lot of hype about Agentic AI, this includes for cyber use cases such as AppSec, GRC, and SecOps among others. Many innovative startups and existing industry leaders are working towards disrupting the SOC through AI and Agents.

We’ve also seen the rise of scaffolding to truly empower organizations to take advantage of LLM’s and Agents via protocols such as MCP and A2A

Filip Stojkovski breaks it all down in this great article, along with the need for an Agentic UI (AG-UI) to enable human/agent collaboration.

AppSec, Vulnerability Management and Software Supply Chain

Next-Gen Pentesting: AI Empowers the Good Guys

We've seen a lot of excitement around AI, both the need to secure it and its ability to help with security use cases.

One of the leading examples involves Offensive Security (OffSec), or Pen Testing in particular. This is a good piece from Andreessen Horowitz discussing how AI can empower defenders via penetration testing.

It covers:

• Background on Pen Testing

• Why traditional Pen Testing is no longer enough

• Rewriting the Pen Testing playbook

• Limitations and Challenges

The article covers some of the traditional categories of Pentesting tools, with some examples (notice the emphasis on open source). It also discusses the typical pentesting phases from reconnaissance through reporting.

It discusses why traditional pentesting is no longer enough, due to factors such as mounting unpatched vulnerability backlogs, growing numbers of CVEs, and complexities in modern environments due to Cloud, DevOps, and SaaS. I particularly liked the below quote from Max Moroz as it summarizes not just pentesting but the current state of compliance in Cyber too, which is a snapshot-in-time model with cyclical reviews and assessments, when the threat is constantly changing as well as the underlying environments being assessed.

The article makes the case that pentesting of the future will shift from labor-constrained engagements to scalable AI-native systems able to match the pace of modern development through the combination of LLMs, traditional exploit tooling, real-time telemetry, and proprietary data (which is the actual moat in my opinion).

The overarching theme is a model that isn’t constrained by expertise, labor, and expenses but software-first, continuous, and AI-augmented systems. They call out some of these in a market map.

The article goes on to argue that AI will rewrite the pentest playbook as it thinks like a hacker, trained on real-world exploits, codebases and system behavior to identify flaws in business logic, will shorten testing cycles as it can be run continuously, aren’t constrained to legacy scopes due to human staffing and will focus on verifiable exploits as opposed to noise.

While much of this remains to be seen, I certainly think AI will disrupt pentesting much like it will the broader cyber ecosystem as we lean into this technology to take advantage of it much like attackers already are.

The piece does discuss limitations such as constrained depth and context that some human expertise may bring where AI tooling is still evolving, as well as problems around accountability.

Shout out to folks such as Jason Haddix, who's also cited.

Threat Technique Catalog for AWS

AWS remains one of the most dominant CSPs in the world, where organizations store and run critical and sensitive workloads. This Threat Technique Catalog for AWS describes techniques used by threat actors to take advantage of security misconfigurations or compromised credentials on the customer side of the shared responsibility model. It’s also based on MITRE ATT&CK.

They map to AWS CloudTrail Event Names when malicious actions are logged in CloudTrail and can be used to assist during incident response and investigations.

Users can navigate through the various phases and lifecycle of attacks and dig into the specific techniques, such as “Account Manipulation,” and see the technique’s ID, how it can be detected, and how it can be mitigated.

Publish Your Threat Model?

To many, publishing threat models, risk assessments, and other potentially sensitive artifacts that may be useful to attackers seems like blasphemy.

However, Adam Shostack of Threat Modeling fame makes the case that it is exactly what we should be doing. In addition to an essay arguing for the practice, Adam points to emerging compliance requirements, particularly from the compliance juggernaut, the EU, that may require it.

The Cursor Moment for SecOps: How MCP and AI Coding Agents are Enabling the Next Evolution of Detection Engineering

continues to post thought-provoking content about the role of AI, Agents, and MCP and its implications for the future of SecOps.

His latest piece is no exception. He discusses the current state of manual detection engineering and the traditional detection engineering process, including how cumbersome and time-consuming they are.

He discusses how a significant paradigm shift can occur by connecting your SIEM with leading AI tools via MCP such as Cursor, Claude, Goose, or others and asking questions about unusual patterns, insights into logs, user behavior, and more. The days of manually combing through logs and system data are quickly moving behind us as we pivot to using natural language and AI to gain insights that weren’t impossible without massive human capital.

Jack walks through a practical example of having AI analyze CloudTrail logs and product reports related to activities impacting service roles, access attempts, changing IAM permissions and other potentially concerning activities.

Jack discusses how MCP can function as a glue, connecting various platforms and tools within the same AI session, such as your SIEM, ticketing system, on-call rotation tooling, Slack channels, and more, into a single thread to ensure we move from signal to outcomes in the security context of mitigating organizational risks.

Ironically, MCP and AI create the ever-elusive “single pane of glass”, weaving together insights across tools and platforms, minimizing the need for context switching and overload for security practitioners and analysts.

Jack discusses the time savings and multiplier effects of the new AI-augmented workflow for detection engineering, offering strategic and tactical improvements to the practice.

This Is How They Tell Me Bug Bounty Ends

We continue to see the rapid exploration of the art of the possible when it comes to AI, including cybersecurity use cases such as Offensive Security/Pen Testing, as I discussed above. We’ve seen promising startups such as Xbow and Ethiac demonstrate the power of automated, autonomous, AI-powered pen testing.

That said, as Joseph Thacker lays out in this thought-provoking piece, the disruption to bug bounty and offensive security more broadly is likely to happen gradually rather than immediately. He discusses how these emerging tools and companies are able to find 1% of vulnerabilities on live production applications, typically simple single-step verifiable bugs, but that will grow in time to larger percentages and more complex bugs and flaws.

However, that doesn’t mean bug bounty will go away, even if some leverage these tools to capture bounties and scale their findings. Joseph makes the case that there will always be a need for hackers, the creative, innovative types who grind, find nuanced problems and flaws, refuse to give up, and even leverage these tools to be more effective than they ever were.

Demystifying Confidential Computing

There’s been a lot of hype and buzz around the topic of confidential computing lately, but what exactly is it? This is a great primer from Edera, who focuson making secure computing simple and secure, with a focus on Kubernetes, multi-tenancy and AI.

As they put it, it involves encryption for data “in use”, to coincide with encryption of data at-rest and in-transit, providing full lifecycle coverage of data confidentiality regardless of the state of the data. Edera states confidential computing is projected to reach a TAM of $350M by 2032. Edera emphasizes that confidential computing means that other apps, the host OS, hypervisor, system admins and even those with physical access cannot view or tamper with a running program under a confidential computing implementation.

Edera states that confidential computing is primarily achieved through hard-ware based attested Trusted Execution Environments (TEE)’s, involving hardware next to the CPU that performs operations on encrypted memory. They show that there are various designs of TEE’s from different vendors and providers, each with their own considerations and security benefits. The TEE’s often involve keys generated by the TEE and involved monitoring by privileged hardware, with further isolation conducted via the Kernel and/or User Level.

The blog goes on to discuss current applications and emerging use cases for confidential computing, including:

• Confidential AI

• Multi-party computation

• Regulatory compliance

They also discuss there are costs to confidential computing, including the hardware as well as potentially higher compute costs and implications of the number of applications that can be run concurrently on a single TEE. These costs continue to decline with modern implementations and innovations as well.

The blog has much more detail and insight but ultimately a renewed interest in confidential computing is being driven by increased AI adoption, virtualized workloads and regulatory compliance calling for stricter controls on segmentation, confidentiality and integrity of data, including in-use.

Subscribe now

Welcome to issue #51 of the Resilient Cyber Newsletter.

It is almost unbelievable that we’re one issue away from one year of issues, and a year since I kicked this initiative off. I’m genuinely thankful for the thousands of folks who have joined me on this journey and I look forward to speaking more about that soon!

This week there is a lot to discuss, including a new Cyber Executive Order (EO) out of The White House, utilizing LLMs for secrets detection, Congress calling out NIST’s NVD/CVE program and the introduction of an AI Vulnerability Scoring System (AIVSS).

So, let’s get into it.

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

Cyber Leadership & Market Dynamics

Trump Admin Publishes New Cyber EO

Cybersecurity Executive Orders (EO) have played a significant role in cybersecurity discussions over the last several years, most notably due to President Biden’s 14028. However, the Trump administration recently released a Cyber EO, which revoked some aspects of prior Biden Cyber EOs.

The two primary areas it target include:

• Rescinding Biden EO’s digital identity development section

• Rolling back secure software attestations, including SSDF and CISA’s self-attestation repository

The EO also emphasizes using AI to tackle vulnerabilities and setting definitive post-quantum deadlines.

Horizon3.ai Raises $100M to Cement Leadership in Autonomous Security

Horizon3.ai, an offensive and autonomous security leader, has recently announced its $100M Series D funding round. In the announcement, they touted their NodeZero capability and over 3,000 customer organizations using it, leading to a sustained 100% YoY ARR growth and being Rule of 40 positive.

I interviewed the founder of Horizon3.ai, Snehal Antani, in an episode titled “Building and Scaling a Security Startup” a while back, which you can catch below:

Horizon3.ai states they’re targeting an $80B TAM in autonomous security, due to the generational shift that AI is driving where human labor can be replaced with AI and agentic capabilities.

Their plans for the use of funding include scaling through partners, product innovation and pursuing the Federal market, building on their success in the DIB, NSA and other pockets of the Federal market already.

a16z Targets Elite IDF Alumni for Startup Accelerator

You’ve inevitably seem me speak about the outsized role Israel plays in the startup and cybersecurity ecosystem at large. This is a trend many others are deeply familiar with as well, including the silicon valley venture giant Andreessen Horowitz, who its been reported is targeting Israel’s IDF alumni for startup acceleration.

a16z, which manages roughly $45 billion is looking to expand their Israe li market and have been hosting events and what they have called a 16z “speedrun program” where they try and lure Israeli talent to their organization rather than competing funds such as Sequoia and Greylock. It’s aimed at Seed and pre-Seed stage startups and provides up to $1 million per company along with mentorship and network access.

Security is not the department of “No”; it’s the department that gets told “No”

We often hear the tired quote that “security is the office of no”, this is perpetuated due to the fact that security tends to be risk adverse and shut everything down. Most practitioners know the folly of this approach and that this just leads to rampant shadow risks and a lack of engagement from peers as they do things anyways and just avoid us, or telling us about whatever it is.

In this hard hitting piece from at Venture in Security, he points out how security isn’t the office of no, but instead is the department that gets told no, which is true, even if it bruises some egos.

As Ross points out, sure, security gets to say no to things, but it is generally on the outskirts and obscure technical decisions related to SSH access, browser extensions, MFA and so on. When it comes to actual business impacting decisions such as product launches, feature releases or partner integrations, security often has little say, and if they do, they generally get overridden by the business, because security typically doesn’t get to shut down revenue related activities.

Ross’ take in the article reminds me of my own article “Cybersecurity’s Delusion Problem: A discussion about cybersecurity’s inability to accept the world (business) doesn’t revolve around them” where I made similar points.

MSFT Copilot Flaw “EchoLeak” Signals Broader Risk of AI Agents Being Hacked

AI security startup AIM Security identified a “zero-click” attack on an AI agent. The attack can be triggered by simply sending an email to a user and a combination of clever techniques that turns the AI assistant against itself.

It preys on the fundamental way Copilot works, and involves the attacker sending an innocent-seeming email with hidden instructions for Copilot, and since Copilot scans user’s emails, it inadvertently follows an embedded prompt to dig into files and pull out sensitive data.

Aim points out similar agent-based capabilities from other vendors may have a similar vulnerability and given it is a fundamental design flaw with the technologies, is very likely to be happening in other places.

They call it an “LLM scope violation vulnerability”, where a model is tricked into accessing or exposing data beyond what it’s authorized or intended for. Challenges involve right-sizing permissions and the unpredictable nature of AI.

This is something many have raised before, being tied to content and prompts and AI struggling to distinguish between instructions and data.

AI

2025 Latio AI Security Report

If you’re like me, you are likely often looking for quality reports that aren’t filled with vendor fluff and hype and truly cut through noise to help you understand the various vendors, technical considerations and problems within security.

This latest AI Security Report from my friend James Berthoty of Latio Tech does just that, covering the top AI risk types:

It also provides a market map of leaders across various product categories such as End User Data Control, AI Posture, AI for Security and AI Application Protection. It discusses the key problems related to AI security and the innovators making an impact. This was a highly informative and well put together report, as someone who shares a lot of ’s content, I can say this is some of the best stuff he has produced so far.

Model Context Protocol (MCP): The Good, the Bad, and the Ugly of AI’s interface to the real world

The Model Context Protocol (MCP) continues to dominate discussions around AI, specifically for its potential to enable agentic workflows and extend the capability of many existing tools and services.

This post on Stackaware from Daniel Kalinowski discusses MCP, including the good AND the bad. It frames MCP as a natural language for DevOps, facilitating improved security efficiency. It also discusses challenges such as a lack of fine-grained permissions and access control, opaque auditing, and supply chain risks.

Given that MCP is in its infancy, we will continue to see organizations encounter the good, the bad, and the ugly as they explore how MCP can power the modern agentic enterprise.

The last six months in LLM’s, illustrated by pelicans on bicycles

It can be incredibly tough to keep up with the rate of developments in the AI and LLM space, even for the best of us. Industry AI leader Simon Willison recently gave a keynote at the AI Engineer World Fair and covered the last six months in LLMs in a great talk.

He covers key developments, capabilities across models and much more.

Security Takeaways from 2025 AI Engineer World’s Fair

Speaking of the AI Engineer World Fair, Matt Maisel put together a great article discussing the security-specific takeaways from the event.

It shouldn’t be a surprise that one of the primary takeaways is 2025 is being positioned as the year of agents. This is something I discussed extensively in an article titled “Agentic AI’s Intersection with Cybersecurity: Looking at one of the hottest trends in 2024-2025 and its potential implications for cybersecurity”.

The key takeaways Matt highlights include:

• Anatomy of an AI breach

• The system-level control imperative

• The promise and limits of private compute

• When standard AI evaluations fail

• Solving the agent identity crisis

• Containing the software-building agent

• A new framework for agent reasoning

As you can tell, and Matt points out, the key themes involve moving beyond the LLMs and into the broader architecture and workflows agents will be involved in.

Lean and Mean: How We Fine-Tuned a Small LLM for Secret Detection in Code

There’s a lot of focus on frontier models and the industry leading mega models, but many are experimenting with smaller models as well. This piece from Wiz looks at how they fine-tuned a small LLM (Llama 3.2 1B) to be used for detecting secrets in code, reaching an 86% precision and 82% recall, which outperformed traditional regex-based methods for secrets detection, a painful false positive problem many are familiar with when it comes to existing tools.

The Wiz research also highlights challenges such as secrets being stored in repositories (and potentially exposed).

The Wiz blog goes on to discuss how they handled training the model, testing results, moving into production and more. It is really promising to see LLMs applied to cybersecurity use cases in the real-world and the potential use cases expand well beyond secrets detection.

AppSec, Vulnerability Management and Software Supply Chain

Congress Sends Letter to NIST about NVD/CVE Performance and Effectiveness

I shared recently how the Government Accountability Office (GAO) had sent an inquiry to NIST about the efficiency and effectiveness of NVD and CVE. Now, a letter from Congress themselves has been sent to the GAO regarding NIST, NVD and CVE.

The letter lays out the initial importance of NVD/CVE’s, as well as recounting some of the programs struggles starting in 2024 with funding issues, backlogs of unenriched CVE’s and more.

It asks that GAO assess the efficiency and effectiveness of:

• NIST programs that support the creation and publication of standards-based vulnerability management data, including the NVD

• The CVE program, including DHS’s role in supporting CVE

• The degree to which the government and non-government entities rely on the NVD and CVE

CISA’s North Star Vision for the CVE Program

Speaking of the CVE program and DHS (CISA)’s involvement in the program, as part of VulnCon 2025, CISA spoke at the event, laying out their “North Star Vision” for the CVE program. The talk stresses the importance of the CVE database, the uptick in CVE records and the challenges that brings as well as CISA’s goals for CVE such as:

• Intentional Scaling and Federation

• Raising the Data Enrichment Bar

• Improving Quality

This is a really informative talk, not only discussing the CVE program but broader industry trends around vulnerability management.

AI Vulnerability Scoring System (AIVSS)

Incredibly excited to be among the Founding Members for the OWASP® Foundation AIVSS. It's clear that AI introduces challenges, such as prompt injection attacks, its non-deterministic nature, lifecycle vulnerabilities, and even ethical impacts.

Agentic AI further challenges this in terms of autonomy, dynamic identity, multi-agent systems, tool use, and adaptability. Traditional vulnerability systems and scoring methodologies aren't well-suited for AI, particularly Agentic AI.

Existing scoring systems can be leveraged with AI-specific metrics and environmental factors to help prioritize AI vulnerabilities, but work must be done to get there.

I'll be collaborating with a powerhouse group of folks, such as Ken Huang, CISSP, Michael Bargury, Vineeth Sai Narajala, Rob Joyce, Jason Clinton, Apostol Vassilev, and a great group of founding members to build out AIVSS for the community.

Salesforce Industry Clouds: 0-days, Insecure Defaults and Exploitable Misconfigurations

Most know the industry leader Salesforce and the fact that they have a massive customer base and presence in enterprise environments. That’s why this recent report and research from AppOmni, a SaaS Security vendor was interesting. They identified over 20 security issues in OmniStudio along with five critical CVE’s in Salesforce.

The paper covers key topics such as default sharing settings, access control, caching and data leaks and more.

Insuring Catastrophic Cyber Risk

I’ve spoken many times about how were living in a software-driven society. Software powers everything from consumer goods to critical infrastructure and touches nearly every aspect of society from in our homes, to national security and geopolitics.

This recent paper out of RAND looks at an investigation being done by the Department of Treasury about the potential need for a federal response to manage harms from a catastrophic cyber event. They discuss the implications of the nature of cyber risk for the functioning of insurance markets, review trends, and potential gaps in the insurance market and also potential policy options about a public-private risk shartng scheme such as a Federal “Cyber Risk Insurance Program (CRIP).

Subscribe now

Welcome to another issue of the Resilient Cyber Newsletter.

A good mix of resources this week in terms of cyber market analysis and technical topics, so let’s get to it.

I hope you enjoy this week’s resources!

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

Hardening AD? Start with your passwords

Not all complex passwords are secure. Specops Password Policy lets you enforce true security hygiene across your Active Directory, using real-time breached password filtering, granular policy targeting via GPO, and compliance-ready enforcement for NIST, NCSC, and more.

Go beyond Microsoft’s legacy settings with custom dictionaries, passphrase support, and rules that adapt to your environment. No schema extensions. No agent sprawl.

Just precise control at scale.

If you’re hardening AD, your password policy shouldn’t be the weakest link.

Enforce a real password security

Cyber Leadership & Market Dynamics

Rising in Cyber 2025 List Unveiled

Notable Capital recently unveiled their “Rising in Cyber” list, highlighting the most promising private cyber companies selected by leading CISOs and security executives and those who have been nominated by top VC firms.

Companies are categorized as Early Stage (~$35M), Mid Stage ($35M-$100M) or Late Stage ($100M+) raised.

The publication also discusses the state of the industry and provides some solid insights. This includes the dichotomy of AI, where it is dominating headlines and investments, but also making many concerned from the security angle as well.

It’s amazing to see the market cap of publicly traded cyber companies exceed $625 billion, when it was just $116 billion 10 years ago, that’s a hell of a decade for cybersecurity.

It also pointed out that 51 of the 75 cybersecurity deals over $200 million since 2022 were done by strategic acquisitions (e.g. existing players) in the ecosystem, showing the push towards consolidation, large players innovating through acquisition versus organic R&D and the overall vitality of the cyber industry as it grows.

Elastic’s CISO is even quoted as saying

“Startups are the R&D labs of the larger security companies”

The report projects cyber spending to double by 2029, reaching an annual total of $229 billion.

Notable’s report shares several key insights pulling from Morgan Stanley analysis, including that we have a complex need in cyber that’s leading to a booming market, see below:

They also provided insights into the trends and changes of the Top 10 publicly listed cyber players in terms of market cap over the last decade, and the growth is truly astounding:

They point out the role of strategic acquirers (e.g. existing companies) being a driving force behind the industry’s M&A activity, as they look to enhance their offerings, expand their market share, and consolidate competitors.

A key theme of Notable’s piece is just how critical cybersecurity is to running modern businesses, to which I agree with completely, because never every business runs on software to some extend and software plays a key role from operations to value delivery to customers.

We live in a software-driven society.

Some of they key survey findings involve budget pressures, the role of AI and agents, and the foundational role that identity plays:

One key theme throughout the Notable piece is also the potential of AI, from SecOps, to AppSec and GRC, many are looking for this promising technology to help alleviate workload challenges, automate toil, accelerate meantime-to-detection, mitigate vulnerabilities and much more. This is also evident in the massive number of startups that are both focused on AI and Cyber, as well as the premium in terms of valuation and fundraising that AI-native firms are fetching.

FedRAMP 20x - Two Months In and Taking Off

If you pay any attention to the public sector you likely have noticed the U.S. Federal Government’s cloud authorization program, FedRAMP, has been undergoing some big changes.

Some of these include contractual changes in terms of workforce and PMO size etc. but others include efforts to streamline, innovate and modernize the FedRAMP program itself, which has been dubbed as “FedRAMP 20x”, and being championed by the programs lead Pete Waterman.

FedRAMP recently shared an update on being two months in to FedRAMP 20x and some of the key changes. and progress.

This includes launch FedRAMP 20x Phase One pilots, updating key FedRAMP guidance such as the introduction of Key Security Indicators (KSI)’s aligned with NIST 800-53, as well as guidance on “Minimum Assessment Scope” which looks to narrowly define boundaries for assessment and authorization.

State of Enterprise Software 2025 Report

Silicon Valley Bank recently published their “State of Enterprise Software 2025 Report” which has a lot of great insights on the current software startup ecosystem in terms of funding, exits and more.

Some of the key metrics they cite:

• 43% YoY growth in US VC investments in enterprise software companies

• 1 in 6 deals involve AI/ML startups, showing the outsized role AI is playing

• 307 US VC-backed unicorns are enterprise software, which is 40% of ALL VC backed unicorns, up from 31% five years ago

The below chart shows just how dominant of a role QAI is having right now in terms of fundraising:

This shows 40% of capital raised from US VC funds in 2024 was from funds targeting the AI vertical.

The report also demonstrated that the “time to unicorn” has accelerated:

Another interesting insight is the role of seed-stage exits, with companies exiting at seed stage nearly 25% of the time, which is up 13% from 2019.

Resilient Cyber w/ Bob Ritchie - Securing Federal and Defense Digital Modernization

In this episode, I sit down with SAIC Chief Technology Officer (CTO) and longtime Federal/Defense leader Bob Ritchie to discuss his experience securing public sector digital modernization, including everything from large multi-cloud environments to zero trust, identity, and where things are headed with AI.

• Bob starts discussing SAIC and his background there. He went from intern to CTO over 20 years with this public sector industry leader, including a brief stint with Capital One on the commercial side.

• We covered the current state of the federal cloud community across multiple clouds (e.g., Azure, AWS, and GCP) and some of the challenges and opportunities on the security front.

• We often hear phrases such as “identity is the new perimeter,” but the perimeter is porous and problematic, especially in large, disparate environments such as the Federal/Defense ecosystem. Bob touched on the current state of identity security in this ecosystem, where progress is being made and what challenges still need to be tackled.

• The government is doing a big push towards Zero Trust, with the Cyber EO 14028, Federal/Defense ZT strategies, and more. But how much progress is being made on ZT, and where can we look for examples of innovation and success?

• We dove into the rise of excitement and adoption of AI, GenAI, Agentic AI, and protocols such as MCP, A2A, and where the public sector community can lean into Agentic AI for use cases ranging from SecOps, AppSec, GRC, and more.

• Bob explains how he balances a good business focus while staying deep in the weeds and proficient in relevant emerging technologies and nuances required as a CTO.

I’ve known Bob for several years, and you would be hard pressed to find a more competent technology leader. This is not one to miss!

Trump’s CISA Budget Lays Out Deep Job Cuts, Program Reductions

There’s been a lot of focus on the current proposed budget, both in terms of spending and cuts. One area that got some attention is the proposed budget cuts to CISA in FY2026, which include $45.4 million cut from CISA’s Cyber Defense Education and Training Program, and a cut of $30.8 million to CISA’s vulnerability assessment program.

Some have asked what this may mean for things such as the CVE program, CISA’s Vulnrichment, CISA-alerts, CISA KEV and more which the community relies on.

107,000 Federal Jobs Set to be Slashed Next Year

New details from the presidents projected FY2026 budget show a proposed 7% reduction to non-defense agencies next fiscal year, which is roughly 107,000 employees.

The below graph helps visualize where those cuts will occur based on agency.

AI

Cyber Opportunities and Risks of Agentic AI

As always, I've been looking for good resources on the intersection of Agentic AI and Cyber. This comprehensive piece from Haiman Wong and Tiffany Saade from R Street Institute was one of the best I found this past week.

➡️ It provides a comprehensive breakdown on AI and Agentic AI, and its rise and interest
➡️ Breaks down the potential cybersecurity benefits of Agentic AI, such as Continuous Monitoring, VulnMgt, real-time threat detection, and augmented decision support for the broader workforce
➡️ It also lays out potential cyber considerations and risks across the four layers of Agentic AI, which include Perception, Reasoning, Action, and Memory

It cites good research on the cyber risks of AI-generated code, something the team and I at Endor Labs have discussed quite a bit.

➡️ It concludes by discussing the need for industry-wide policy-based approaches, technological innovative solutions, and responsible design and deployment for end users.

Mitigating MCP Attacks 🔓

We've seen the rapid rise in popularity of MCP to enable agentic AI

We've also seen teams like Invariant Labs and folks like Idan Habler, PhD, and Vineeth Sai Narajala lay out MCP vulnerabilities and potential attack paths.

This latest paper introduces the "Enhanced Tool Definition Interface" (ETDI), a security extension to fortify the MCP.

It does so through cryptographic identity verification, immutable versioned tool definitions, and explicit permission management, leveraging OAuth 2.0 and addressing potential vulnerabilities and threats to MCP that many have pointed out.

As MCP, agents and agentic workflows become more pervasive, a secure implementation model will be necessary to ensure we don’t have a sprawling attack surface of insecure and poorly implemented MCP servers and workflows putting organizations at risk, and this paper is a great step down that path.

AppSec, Vulnerability Management and Software Supply Chain Security

We're entering AppSec's "Exploitation Era" 📊

At least, that is the overarching theme of leading reports such as DBIR, M-Trends, and Datadog's DevSecOps report. In my latest piece with Endor Labs, I:

👿 Discuss the themes from these industry-leading reports, and the outsized role that application exploitation is playing
📈 The fact that traditional AppSec already struggled to keep pace, with vulnerability backlogs ballooning out of control, and teams clamoring for context from the noise
🤖 The role of AI-driven development and how it is only accelerating the gap and expanding the attack surface
💡 The focus of security must be to be an early adopter and innovator with AI, much like our Development and attacker peers; if we fail to do so, the existing problems and vulnerabilities are only going to be exacerbated

AI has the potential to be a force multiplier for AppSec, but it requires rethinking how we approach longstanding challenges as opportunities.

Weaponizing Dependendabot: Pwn Request at its finest

It’s always interesting to see the innovative and novel approaches both attackers and researchers come up with when it comes to exploiting systems. As shown in this piece, it isn’t just the code itself, but widely used projects and infrastructure which can play a role.

This article looks at the widely used and trusted Dependabot GitHub bot and how through “confused deputy” attacks it can be used to trick Dependabot into merging malicious code and even escalate into command injection and bypass branch protection rules.

Gartner’s Leaders’ Guide to Modern Machine IAM

By now you’ve likely seen me writing and speaking quite a bit about identity security, including Non-Human Identities (NHI)’s. Gartner recently released their “Leaders’ Guide to Modern Machine IAM”.

It lays out the state of Machine Identity and Access management and why this is a critical aspect of modern identity and access management (IAM) security. It also recognized firms such as Astrix as leaders in the space.

This marks Gartner’s first dedicated report on Machine IAM and demonstrates the continued growth of the sector and problem space, being recognized by one of the leader industry analyst firms. Several of us have been beating this drum for several years with deep dive pieces dedicated to the problem space, but I digress :)

Subscribe now

Welcome to another issue of the Resilient Cyber Newsletter.

The amount of activity in the ecosystem is truly impressive, including funding, acquisitions, interviews, AI innovations and exploitations, and continued disruption across the vulnerability management ecosystem.

I hope you enjoy this week’s resources!

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

ASPM'verse: Your Guide to Securing Software in the AI Era

Gain critical insights into the future of application security at Cycode's ASPM'verse Virtual Summit on June 4th! Chris Hughes, Founder of Resilient Cyber, will join the speaker line-up of CISOs and Security Leaders at Worldpay, Schneider Electric, Lyft, and many more!

Unlock the Future of AppSec: Discover how Agentic AI is reshaping security strategies and explore the next frontier in protecting your applications.

Master Modern Threat Defense: Learn techniques to defend against AI-driven risks, refine your threat modeling, and secure your use of agentic coding tools.

Bridge Security & Development: Gain actionable strategies for integrating ASPM with vulnerability management and breaking down silos for more effective security practices.

Register for Live & On-Demand Access

Cyber Leadership & Market Dynamics

Resilient Cyber w/ Phil Venables Security Leadership: Vulnerabilities to Venture Capital

In this episode, I sit down with longtime industry leader and visionary Phil Venables to discuss the evolution of cybersecurity leadership, including Phil's own journey from CISO to Venture Capitalist.

We chatted about:

• A recent interview Phil gave about CISOs transforming into business-critical digital risk leaders and some of the key themes and areas CISOs need to focus on the most when making that transition

• Some of the key attributes CISOs need to be the most effective in terms of technical, soft skills, financial acumen, and more, leaning on Phil's 30 years of experience in the field and as a multiple-time CISO

• Phil's transition to Venture Capital with Ballistic Ventures and what drew him to this space from being a security practitioner

• Some of the product areas and categories Phil is most excited about from an investment perspective

• The double-edged sword is AI, which is used for security and needs security.

• Phil's past five years blogging and sharing his practical, hard-earned wisdom at www.philvenables.com, and how that has helped him organize his thinking and contribute to the community.

• Some specific tactics and strategies Phil finds the most valuable when it comes to maintaining deep domain expertise, but also broader strategic skillsets, and the importance of being in the right environment around the right people to learn and grow

For those who prefer audio, you can check this interview with Phil out on Spotify, and please be sure to leave a review/subscribe

Audio Interview with Phil Venables on Spotify

ZScaler to Acquirer Red Canary

Cole of Strategy of Security took to LinkedIn to point out that the ZScaler > Red Canary acquisition marks one of the largest strategic acquisitions in cybersecurity history, and is specifically unique due to the fact that it isn’t a large tech firm who’s primary focus isn’t cyber (e.g. Google’s acquisition of Wiz).

It signals a very serious effort by ZScaler to expand into the world of SecOps.

While the price isn’t disclosed, it is rumored to be around $4 Billion USD.

Funding Roundup

Industry Analyst Richard Stienonn shared a snapshot of funding that has gone to 18 of his IT-Harvest Cyber 150.

DoD Secretary of Defense Sets Restrictions on IT and Management Services Contracts

We’ve seen a big focus on Federal contracting, of course from DOGE. However, others are making attempts to change the Federal IT and contracting landscape as well, with a recent example from the DoD’s Secretary of Defense, who issued guidance restricting the use of IT and Management Consulting contracts without justification as to why the work cannot be done in house with existing expertise or the software/product vendors themselves.

This will have ramifications for both large and small DoD contracting firms. As someone who owns a digital services company that serves the DoD, as well as Federal Civilian agencies and has been active duty military and a Federal Civilian myself, I can tell you that this is a double edged sword.

On one hand it will force the DoD to build more internal competencies and expertise, which is indeed needed, but will be difficult to do given the recent workforce shakeups. On the other, the DoD often lacks internal expertise in the various technologies and effective implementation, making support from industry critical.

Below is a quote from the memo:

Going forward, DOD components “may not execute new IT consulting or management services contracts or task orders with integrators or consultants -defined as entities providing system IT integration, implementation, or advisory services (e.g., designing, deploying, or managing IT systems, or offering strategic or technical IT expertise) – without first justifying that no element of the contracted effort can be: (1) accomplished by existing DoD agencies or personnel; or (2) acquired from the direct service provider, whereby the prime contractor is not an integrator or consultant,” he wrote.

It is great that the DoD is looking to inhouse the expertise and implementation, but as I mentioned above, that expertise doesn’t often exist, at least not the scale needed to oversee its sprawling IT environment with thousands of hardware and software vendors, needing expertise in everything from cloud, kubernetes, conatainers, AI, Cyber and much more. It will require a concentrated effort to bring those skills in-house, when Federal employment is already volatile and the DoD has struggled with fostering IT talent to ensure the countless programs and projects don’t get implemented poorly, and even create cybersecurity risks.

How Many Seed Startups Get to Series B?

While on the surface it may seem incredibly common for startups to launch or come out of stealth, build on Seed funding and go to Series A, Series B etc. but the reality is much different.

In typical Peter Walker fashion, Peter and the team at Carta visually demonstrate this.

As Peter lays out, even in the best market conditions it is about 32%, but in the current market and over the last several years it is closer to 15%, demonstrating just how difficult it is to mature from Seed to Series B, and how many organizations (roughly 85%) die on the vine and never mature beyond Seed/Series A to see a Series B.

This data of course isn’t specific to just cybersecurity, which have different metrics, but are likely not entirely far off. So, when you see those companies making it to Series B and beyond, it is worth recognizing the insane amount of hard work, toil, long days/nights, grind and even luck are involved.

AI

Agentic IAM Framework

Credential compromise and sound Identity and Access Management (IAM) are longstanding challenges in cybersecurity, and they play an outsized role in incidents.

Issues include least-permissive control, proper identity lifecycle governance, and zero trust.

The potential widespread adoption of Agents and Multi-Agent Systems (MAS) is poised to exacerbate these longstanding challenges, especially as traditional identity models leave some gaps regarding agents.

Cloud Security Alliance's new paper proposes a novel Agentic AI IAM framework.