Search Results

The Dawn of the Networking Super-Cycle The industry is standing at a precipice, moving beyond the "Chatbot Era" into the "Agentic Era." At CiscoLive last week, CEO Chuck Robbins and Chief Product Officer Jeetu Patel leaned heavily on what they call the transition from human-led, "spiky" AI interactions (chatbots) to a world where AI agents act as autonomous digital co-workers. Cisco’s argument is that this shift is not merely a cyclical trend. It is a “Networking Super-Cycle,” a secular, multi-year re-architecting of global infrastructure driven by a multi-trillion-dollar data center buildout. It is not just a good story. It is a very good bet. But the more important point for Cisco is this: the agentic era is not only an infrastructure story. It is a security story. Once agents begin to act, transact, authenticate, consume resources, write code, query data, and make decisions at machine speed, the network becomes more than a transport layer. It becomes the control plane for trust. Building out the story Agentic AI changes the shape of infrastructure demand. Cisco’s research suggests that agents can generate approximately 450% more network traffic than humans performing the same task. That increase comes from a new kind of machine behavior: persistent, coordinated, high-frequency exchanges among agents, models, tools, data sources, and applications. In practical terms, this means the enterprise is preparing for a swarm of digital workers. A swarm of AI agents. The surge is propelled by several forces: Constant memory and skills refreshes: Agents must continuously exchange high-volume files, context, instructions, and tool definitions to refresh their memory, task state, and skillsets. Persistent signal: Unlike humans, agents operate continuously. They replace “spiky” traffic patterns with sustained, machine-speed demand. Token velocity: Every autonomous decision requires a high-frequency exchange of tokens between the agent, the model, the application, and the data source. This places new strain on throughput, latency, cost controls, and policy enforcement. This is where the security implications become impossible to separate from the infrastructure story. Agentic systems do not simply create more traffic. They create more privileged activity, more non-human identities, more API calls, more data movement, more lateral paths, and more chances for small failures to compound quickly. In the chatbot era, the main concern was whether a human entered sensitive data into a prompt. In the agentic era, the concern is whether an autonomous system can access the wrong tool, retrieve the wrong data, call the wrong API, exceed its intended authority, or continue to act after its behavior drifts from the user’s intent. Why This Is a Good Bet From a purely systemic standpoint, agentic AI looks inefficient. Each additional agent adds compute load, network activity, storage demand, observability needs, and operational complexity. Yet the agentic shift is hard to dismiss because the value proposition is equally clear: coordinated agents could produce the productivity gains enterprises are now counting on. This combination of inefficiency and productivity creates a timely opening for Cisco. The inefficiency drives demand for the very architectures Cisco is building: networking, security, observability, orchestration, and policy control. AI gives Cisco the opportunity to become essential to how enterprises build, secure, and manage the next generation of distributed compute. The company's stock performance agrees. Cisco’s prospect is not simply tied to carrying more AI traffic. The company is betting not only on the growth of AI-driven infrastructure demand, but also on the need for a trusted control plane to govern, secure, and manage that demand. Strategic Foundation: Security Built from Silicon to Agents Cisco has inverted the traditional R&D model, moving “outcome-back” from the CISO’s most pressing fears to the silicon foundation. As Chief Strategy Officer Ammar Maraqa explained, Cisco identifies the desired business outcome, such as an AI-ready data center, and works backward through organic development, venture investment through its $1 billion AI fund, and strategic M&A, including Splunk, Galileo and acquisition target Astrix. Cisco’s AI infrastructure strategy builds on its existing Silicon One architecture. Vertical integration from the physics layer, including silicon and optics, to the semantics layer, including agent behavior, creates what Ammar and Jeetu call a co-designed full stack. Cisco argues that AI infrastructure cannot be optimized one layer at a time. The silicon, optics, networking, security, telemetry, data layer, and operations model need to be designed synchronously so the system performs better, is easier to manage, and has security and observability built in from the start. That matters because agentic AI will stress the seams between layers. A model may appear to be the source of an issue, but the root cause could sit in identity, policy, packet flow, API access, latency, data quality, or tool permissions. Security teams will not be able to manage agentic systems through isolated controls alone. They will need telemetry, least privilege access, policy, and response stitched across the full operating environment. According to Cisco’s strategy, controlling the underlying hardware, the telemetry fabric, and the agent guardrails gives Cisco a path to manage AI workloads with machine-speed precision. Cisco is not alone in claiming a full-stack AI infrastructure story, but it has a more credible claim than most because it can connect silicon, networking, security, observability, telemetry, and services into one operational architecture. The opportunity for Cisco is to prove that tighter engineering across those layers can reduce operational friction, improve performance, and make AI infrastructure safer to run at enterprise scale. This is again a big bet for the network behemoth, but one in which it has already invested billions of dollars. The Mythos Moment: Re-Engineering the Economics of Vulnerability The emergence of frontier models like Mythos represents a step change in the industry. The “Post-Mythos World” collapses the time between vulnerability announcement and exploit development from weeks to minutes. That changes the economics of defense. Human-led patch cycles cannot keep pace with AI-assisted exploit development. In this world, the question becomes less about whether an organization can patch everything immediately and more about whether it can reduce exposure fast enough to keep the business operating. Cisco’s answer is a shift from patching alone to shielding. Humans cannot patch at the speed of AI, but Cisco believes it can re-engineer the economics of defense through controls that buy time, reduce exploitability, and preserve uptime. CodeGuard: Cisco describes CodeGuard as part of its AI-assisted secure coding and validation framework. Cisco said it used AI-powered code analysis and testing workflows to examine more than 1.8 billion lines of code, achieving a 3% false-positive rate, allowing engineering teams to identify and fix potential vulnerabilities before they could be exploited. Live Protect: Powered by technology from Cisco’s acquisition of Isovalent, including eBPF and Tetragon technology, Live Protect uses kernel-level enforcement to deploy targeted protection against known exploit paths. These runtime controls can block malicious activity without requiring an immediate patch or system reboot, helping organizations reduce risk while preserving operational continuity. This is not a replacement for patching. It is a recognition that patching alone is no longer a sufficient operating model. Cisco states that together these controls provide immediate defense without requiring a device reboot, maintaining mission-critical uptime while buying time for traditional patch windows. This is not a replacement for patching. It is a recognition that patching alone is no longer a sufficient operating model. Securing the Non-Human Identity: Duo and the Intended Astrix Acquisition As digital co-workers proliferate, Cisco is evolving from traditional access control, which verifies entry, to what it calls “action control,” which verifies every move. This shift is critical because agents possess intelligence but do not always have full context. Human or non-human? Astrix, when acquired, will help manage the explosion of agentic non-human identities. It will give Cisco a stronger foundation for discovery and lifecycle management across machines, services, applications, integrations, and agents. This is one of the most critical security problems in the agentic era. Agents will need access to tools, APIs, data repositories, SaaS applications, and cloud services. But giving autonomous systems standing credentials, broad permissions, or reusable secrets creates obvious risk. If an agent can be manipulated, its credentials can become the attacker’s credentials. Cisco’s Duo Agent Security, introduced earlier this year, reimagines trust through what the company says is a vault-injected credential model. In this model: Agents never touch or hold long-lived tokens or API keys. Credentials remain in a secure Cisco vault and are injected server-side only at the moment of an authorized action. Permission is separated from possession. An agent may be authorized to act, but it does not receive a reusable key or token. That limits what an attacker can steal if the agent is manipulated. Least privilege is enforced at the action level. Credentials are injected only for approved resources, methods, or paths, rather than giving the agent broad standing access. Agent trust is tied to identity, authorization, and real-time risk. Cisco’s approach treats AI agents as autonomous non-human identities, but ties them to human accountability, lifecycle governance, and behavior-based controls. This is where Cisco’s agentic security story becomes particularly salient. Identity security has historically focused on humans, devices, service accounts, and privileged users. Agentic AI expands that problem by introducing autonomous actors that can reason, call tools, and move across systems. The enterprise will need to know not only who or what an agent is, but whether each action is appropriate in context. Data Fabric and Observability: Solving the “Tokenomics” Problem To defend at machine speed, the SOC requires a data fabric that can correlate signals from across the enterprise at scale. Cisco’s answer is the Cisco Data Fabric, powered by Splunk. While traditional observability focuses on CPUs, packets, logs, and application performance, Cisco’s acquisition of Galileo extends the story into agent behavior. That includes detecting drift, hallucinations, misalignment with user intent, and abnormal consumption patterns. This observability hopes to be the cure for the “tokenomics” nightmare. An agent drifting from its guardrails can consume an entire year’s token budget in a single week, turning a $50 task into a $40,000 liability. Cisco provides the tooling to monitor these consumption patterns and intercept rogue agents before financial damage occurs. The security point is broader than cost control. Token consumption is a signal. Tool calls are signals. API activity is a signal. Agent drift is a signal. Excessive data retrieval is a signal. Unusual privilege use is a signal. In an agentic environment, the SOC will need to correlate security, identity, infrastructure, and economic signals in near real time. In an agentic environment, the SOC will need to correlate security, identity, infrastructure, and economic signals in near real time. That is why Splunk matters to the Cisco story. Without a data layer capable of making sense of high-volume telemetry, machine-speed defense becomes more aspiration than architecture. Operations Reimagined: Cisco Cloud Control To bring this all together, Cisco is unifying its portfolio under Cisco Cloud Control, a management platform that provides “simplicity without losing sophistication.” For the first time — at least within Cisco, if not more broadly — networking, security, compute, observability and collaboration are managed from a single interface, representing the culmination of years of platform integration. Key features of this unified platform include: Cross-domain telemetry: Correlating network configuration issues with security events automatically. Trusted agents: Built-in Cisco agents to assist with troubleshooting and core-to-edge fabric configuration. Open marketplace: Cisco has launched with 52 partners building integrated applications, positioning Cloud Control as an ecosystem rather than a walled garden. This matters because agentic AI will increase operational complexity faster than most teams can add staff. Enterprises will need centralized policy, distributed enforcement, trusted automation, and a way to see across domains without forcing every workflow into a single product silo. Cisco Cloud Control is the operational expression of Cisco’s larger thesis: AI-era infrastructure must be managed as a system. Networking, security, compute, observability, and identity cannot remain separate operational lanes if agents are moving across all of them. The New Cisco Cisco is much closer to a unified platform company than it was several years ago, but the transformation is still a work in progress. The combination of Silicon One, Splunk, Duo, Isovalent, Galileo, Astrix (when and if it closes), and its broader networking and security portfolio gives Cisco a credible foundation for the AI infrastructure and security era. The question now is execution: whether Cisco can integrate these assets into an operating model that is simple enough for customers to adopt, differentiated enough to matter, and secure enough for the agentic workloads Cisco believes are coming. That is the bet. If agentic AI drives more traffic, more non-human identities, and increases autonomous actions, token consumption, and drives greater operational complexity, Cisco is well positioned on paper. It has the assets across the layers that matter: silicon, networking, identity, security, observability, data, and agent governance. If Cisco can turn those assets into a coherent customer experience, the bet can be realized.

The emerging use of agentic AI in automating hunting tasks has the potential to considerably change the game - for defenders as well as attackers. It is therefore worth looking at the current state of the market, including why security professionals should assess their current defensive strategies, and which vendors and service providers are bringing new offerings to market. In the beginning... While many of you will know much of the following, some might not, so it’s worth giving a short history. If nothing else, it helps us understand why current market developments are so important to understand, and the challenges we face. Threat hunting has been a part of the wider conversation around threat detection, threat intelligence, and threat modelling for many years, but as adversaries have become more sophisticated and capable, the “hunting” aspect takes things a few steps further. Up until recently, threat hunting has developed along two broad lines: Reactive - the “what happened?” scenario. This involves hunting that is triggered by a known signal, such as an alert, indicator of compromise, or breach report. The goal is to determine if an event is isolated or part of a larger compromise. How quickly we respond, and how well we identify and then recommend actions to tackle the threat is a critical metric. Proactive - the “something like this has happened and/or this attack vector is known in this environment” (industry, customer segment, etc.) scenario.This involves hunting without a known alert, but driven by a hypothesis e.g. that an attacker might be using valid credentials, or some other possibility. This approach requires a higher level of skills coupled with broader telemetry across cloud, email, and network environments. It also often involves dark web work - which not everyone has the ability to do. In theory, if the strategies put in place through previous reactive activities worked well, then a proactive approach should reduce the time to act following an attack, and increase the speed of response and resolution. Whether reactive or proactive, there is also the question of how far the above strategies extend i.e. the balance between detection and response, how much activity happens prior to any security breach versus remediation that is implemented post-breach. Then along came AI… Without re-hashing the history of the advent of generative AI, the appearance of AI agents and the introduction of the technology into both the defender’s SOC, and the cyber criminal’s cybersecurity toolkit, we need to take note of why this matters. In the last 12 months or so, vendors, analysts and service providers have started talking about “pre-emptive” threat hunting. Although the exact definition is debatable, it is generally acknowledged that pre-emptive is the most difficult and modern iteration of threat hunting, where telemetry and attacker behaviour are analysed to identify and stop threats - such as taking down malicious domains - before they reach a company’s environment. The difference with pre-emptive is the speed and scale at which defenders need to operate. Until AI agents became widely available, proactive strategies requiring the fastest and broadest responses were ultimately limited by the size and speed of the analyst teams. Advanced automation tools can help offset this, but not completely. By using AI agents to hunt, triage and remediate at machine-speed, it is possible to implement activities at the scale and extent that have not been possible until now. Does this mean that pre-emptive is the “new” proactive? Well… yes and no. Pre-emptive threat hunting assumes that the activities and actions of attackers can be predicted based on not just previously identified threats, intended effects, and (in the best cases) tried-and-tested mitigations, but also on origin, behaviour, similarity etc. And despite advances in AI, reactive threat hunting will likely exist forever. This is because the industry often prioritises speed and efficiency in development, which leaves security as a trailing concern that requires constant “chasing". It’s the whack-a-mole situation that will not disappear anytime soon. The importance of partnerships As noted above, pre-emptive threat hunting is the most difficult in terms of the sheer volume of telemetry required. The challenge boils down to: can a provider correlate the necessary data (client risk, industry-specifics, vulnerabilities, likely threat actor attack interest given past history and ‘noise’) in the wild to guess/approximate where an attack will occur and provide remediation steps ahead of an attack? That no single provider has been able to do this (yet) is not due to lack of interest or intent. Rather it is the sheer scale of what is required. Major service providers like IBM and Google emphasise the need to integrate planet-scale telemetry and threat intelligence into their security platforms to improve investigation and response. Individual companies may have proprietary databases built over many years, but can never have all the telemetry, all of the time. Which is why an ecosystem of industry partnerships is vital - the strategy is much less about keeping your own data close to your chest, and more about sharing telemetry with those who also encounter and track threats at different points across the wider global digital infrastructure. This means having deep relationships with ISPs, internet registrars, network providers and others. Additionally, digital risk protection (DRP) and attack surface management (ASM) companies hunt across the internet for: phishing domains before campaigns launch, fake login pages, brand impersonation, people/exec impersonation, fake social accounts, etc. Given the current geopolitical tensions and the potential for isolationist or sovereign-only solutions, vendors and providers will need to work hard to maintain the above capabilities for threat hunting. Who are the early movers? The threat hunting market is broad, and current capabilities are baked into numerous solutions available from vendors, managed service/security service providers, MDR providers, system’s integrators and consultants. Leading threat hunting vendors and providers include Google, CrowdStrike, IBM X-Force, LevelBlue, Bishop Fox and others. Where the market is rapidly developing is the action that takes place after the threat is located - the threat "takedown". While pre-emptive hunting asks: "Is the attacker preparing to target us?", takedown services ask: "Can we remove the attacker's infrastructure before they target us?" The line between threat hunting and takedown services will blur in the future. Today, they are related conceptually, but they operate in very different parts of the security lifecycle. The largest threat intelligence providers like Google and Crowdstrike perform threat hunting and will absolutely move toward pre-emptive hunting, but to complete the lifecycle, perhaps its relevant to consider partnering now and in the future with takedown service providers. Some examples of providers offering takedown services include: BforeAI is a newer entrant and positions itself in preemptive domain and infrastructure defense following malicious campaign patterns that can be predicted before attacks fully launch. Its PreCrime platform is positioned around predicting and blocking malicious campaigns days or weeks ahead of execution. Doppel - also a startup - focuses on AI-driven detection and removal of impersonation threats across domains, social media, ads, marketplaces, and other digital channels. Netcraft has a long and rich heritage in threat hunting, and has incorporated AI in its solutions to perform pre-emptive domain disruption, proactively identifying and taking down criminally controlled domains before they can be used in phishing or fraud campaigns. ZeroFox positions takedowns as part of broader digital risk protection. Like each of its competitors, it monitors the external attack surface for brand, domain, social media and asset abuse, then uses automated enforcement workflows to remove phishing domains, fake accounts, fraudulent apps, counterfeit listings, and other policy-violating assets. Nisos comes to mind where takedown requires investigation, attribution, and human-context intelligence. It is less of a pure automated takedown utility and more of a digital investigations partner for executive impersonation, fraud, harassment, insider-adjacent risk, trust and safety, and actor identification. We list it here because we think the realm of pre-emptive executive protection is an interesting and growing area in the takedown space. Where is the market headed? Threat hunting has been accelerated by the advent of AI agents that automate tasks at machine-speed and scale. At the same time, attackers are using agents to automate the creation of new threats. If we assume that some form of pre-emptive capability is emerging and that AI agents are fuelling the ability to achieve this, what does this mean for the market? If we go back to evolutionary theory, the next stage of threat hunting should be a significant upgrade in terms of capability. But what could be beyond pre-emptive? Fully-autonomous, sentient security maybe? Proponents of the advent of Artificial General Intelligence (AGI) might support that view. Imagine an agentic-powered SOC that operates in almost real-time, that anticipates and blocks attacks before they happen, and remediates any structural or code-level vulnerabilities without a human analyst needing to intervene. AI agents trolling the internet, our network and services, validating against threat intelligence and seeking criminal activity in the "wild" and then taking down a service with partners on our behalf without our knowledge. We’re not there yet, but we don’t need 100% of the technology to be able to provide good, pre-emptive threat hunting capabilities for defenders today, if we continue to share telemetry and avoid any retreat from our global partnerships. In the meantime, there are plenty of moles to be whacked.

AI Perception & Execution Studies 2025-26 The enterprise Artificial Intelligence (AI) landscape is undergoing a professionalization phase that is moving significantly faster than previous shifts in the security stack. To understand this trajectory, we have analyzed two Richmond Advisory syndicated studies: the 2025 AI Security Perception Study and the 2026 Agentic AI Study. Together, these reports provide a rigorous, data-driven narrative of an industry moving past the initial "hype cycle" and into a disciplined era of execution, maturity, and autonomous accountability. The Methodology: Consistency in the Mid-to-Large Enterprise To ensure the validity of this year-over-year comparison, it is essential to note the commonality of the respondent pools: The 2025 Study (N=300): Surveyed qualified U.S.-based respondents in organizations ranging from 1,000 to over 25,000 employees. While the study included the ultra-large enterprise bracket, the vast majority of the data centered on the 1,000–9,999 employee range. The 2026 Study (N=400): Shifted the focus specifically toward autonomy and agentic AI, targeting U.S.-based leadership in organizations with 1,000 to 9,999 employees. Crucially, both studies targeted the "power players" of enterprise tech. In 2025, 93% of respondents were primary decision-makers; in 2026, this figure remained high at 90%. This ensures that the insights reflected here are not just technical observations, but the strategic priorities of the C-Suite and senior IT leadership. The 12-Month Pivot: From Onboarding to Orchestration Between 2025 and 2026, the fundamental question regarding AI changed. In 2025, the enterprise was asking, "How do we start using AI?" By 2026, the inquiry matured into, "How do we manage AI as it starts acting on its own?" AI leapfrogged from LLMs to Agents in 3-4 months from November 2022 to March 2023. While the rate of adoption has remained remarkably stable, the depth of that adoption has shifted from general "perception" to the granular realities of autonomy and accountability. We are witnessing the birth of the "Agentic Enterprise"—a state where AI is no longer just a tool for analysis, but an active participant in security operations. Theme 1: The Institutionalization of AI Despite the volatile news cycle surrounding AI, the actual adoption rate within the enterprise security stack has hit a ceiling of institutionalization. AI is no longer a peripheral experiment; it is a permanent pillar of the modern defense-in-depth strategy. 2025 Adoption Rate: 91% 2026 Adoption Rate: 91% This consistency indicates that the market has moved beyond the trial-and-error phase. The stability of these numbers, coupled with sustained leadership involvement, anchors AI as an essential fixture. The strategic takeaway is clear: the focus is no longer on whether to use AI, but on how to optimize the 91% of the market already utilizing it. Theme 2: Specialization Over Sprawl: The Rise of AI-Native Security Ops As organizations grew more comfortable with AI, their use cases evolved from broad, exploratory tasks to specialized, high-impact operations. This reflects a move from "static" security to a more dynamic, behavioral approach. Vulnerability Management: This sector saw the most aggressive growth, surging from 35% in 2025 to 60% in 2026. This reflects a transition where AI is now entrusted with the critical task of prioritizing and remediating vulnerabilities in real-time. Identity as the New Perimeter: In 2025, 39% used AI for "Access control and authentication." By 2026, this evolved into "Identity / UEBA" (User and Entity Behavior Analytics) at 56%. This shift is significant; it represents a move away from static, rule-based security toward AI-native, behavioral monitoring. Security leaders are recognizing that in an era of compromised credentials, identity must be defended through continuous AI-driven analysis of "normal" behavior. SOC Analytics: The 2025 focus on broad "Threat detection and analysis" (44%) narrowed into specific, sophisticated implementations by 2026, with 63% focusing on "SIEM / SOC analytics" and 44% on "EDR/XDR." Theme 3: The Barrier Shift—From Market Hurdles to Performance Failures Perhaps the most telling evolution lies in the obstacles preventing adoption. We have seen a distinct transition from external/market hurdles to internal/performance failures. Integrity - Trust - Reliability are deeply related. 2025: The Year of Strategic Caution In 2025, the barriers were largely related to the "cost of entry" and organizational trust: Trust/Reliability: 44% Implementation Costs: 41% Integration Challenges: 41% 2026: The Year of Technical Accountability By 2026, our focus moved past the budget and onto the performance of the models themselves: Hallucinations: 39% Lack of Explainability: 39% Model drift: 37% Poor Data Quality: 32% The "Explainability Gap" and Audit Readiness As AI moves closer to autonomous action, the "Explainability Gap" has become a major strategic pain point. In 2025, 42% were generally concerned with a lack of explainability. By 2026, this matured into a hard requirement: 49% of organizations now demand a replayable "why" trail for every AI-driven action. For the C-Suite, this is no longer about technical curiosity; it is about regulatory compliance and audit readiness. If an AI agent takes an autonomous action—such as shutting down a port or isolating a user—the security leader must be able to prove why that decision was made to satisfy both internal risk boards and external regulators. Theme 4: The Autonomy Tipping Point The most profound shift identified in the 2026 study is the maturation of AI controls and the emergence of the Autonomy Maturity Model. We are currently at a "tipping point" where human oversight is shifting from a gatekeeper role to a monitor role. Maturation of Governance Governance structures have hardened to meet the risks of autonomous agents. In 2025, 55% of organizations had "Formal AI usage policies." By 2026, among governed organizations, that number jumped to 80%. The Maturity Model: Stage 3 vs. Stage 4 The 2026 data reveals where the market stands on the path to full autonomy: Stage 3 (AI recommends/human approves): 42% Stage 4 (AI executes with guardrails): 27% The fact that 27% of the market believes they have reached Stage 4 is a massive strategic insight. It suggests that nearly a third of organizations have enough trust in their guardrails to let AI act without waiting for a human "click." However, this does not mean humans are out of the loop; rather, they are moving to a "monitor and verify" stance. In 2026, 48% of teams still "Always verify" AI recommendations, a direct continuation of the 34% who expressed deep concern over human oversight in 2025. Conclusion: The Road Ahead for Enterprise AI The longitudinal data from 2025 and 2026 paints a picture of an industry that has rapidly outgrown its "perception" phase. The conversation has decisively moved from seeking entry points to managing autonomous execution and specialized security operations. AI's future long and winding road. As we look toward the next 12 months, two new frontiers will dominate the C-Suite agenda: Lateral Impact Management: Security leaders must now account for "Lateral Impact"—the risk that an autonomous agent, while performing its intended task, may inadvertently affect systems or data beyond its immediate scope. Managing this "blast radius" is the next great challenge of the agentic enterprise. Intent Explanation: Organizations will increasingly move away from vendors who offer "black box" solutions, instead favoring those that can provide clear "Intent Explanation"—not just what the AI did, but what its ultimate goal was. The transition from 2025 to 2026 shows that while the "hype" may have stabilized, the "utility" of AI is only beginning to be fully realized. The goal for the modern security leader is no longer to adopt AI, but to govern its autonomy with the same rigor applied to any human operator.

I have always thought of IBM as a technology innovator. That has never really been the question for me. IBM has invented, reinvented, contributed to, or commercialized more enterprise technology than most companies ever will. It has deep engineering roots, real research credibility, and a long history of showing up in infrastructure markets before they are obvious to everyone else. What I did not fully appreciate before spending a day with IBM Consulting on Monday, May 4, was the scale and strategic importance of the consulting business itself. Consulting has historically been a people-heavy business, but it is rapidly changing. IBM Consulting represents roughly one-third of IBM’s total revenue. That matters. It means Consulting is not a sidecar to the technology business. It is one of the primary engines through which IBM’s broader transformation story is being tested, operationalized, and taken to market. The organization is structured around four major pillars: Data and AI, Business Transformation and Operations, Hybrid Cloud Transformation and Management, and Cybersecurity. My lens was naturally pulled toward Cybersecurity Services, but the more interesting story - at least on this trip - was bigger than cyber. The day also provided very strong access to IBM Consulting leadership. That made a difference. This was not just a parade of product messages. The conversations touched on operating models, internal transformation, workflow redesign, agentic AI, productivity, and the hard reality that most enterprises will not get value from AI simply by sprinkling copilots across broken processes. IBM is not presenting enterprise AI as a lab experiment. It is trying to show that AI can change how large organizations actually operate. The connective tissue for this story is IBM’s own internal transformation, its "Client Zero" program, IBM Consulting Advantage, and the newer IBM Enterprise Advantage offering. Client Zero: IBM as Its Own First Customer Client Zero is IBM’s internal transformation program. The basic idea is simple: IBM uses itself as the first client for the AI, automation, workflow redesign, and operating model changes it eventually takes to market. That may sound like standard “drink your own champagne” positioning, but in IBM’s case, it is more meaningful because of the company’s scale. IBM has the same complexity its clients have: legacy systems, global operations, entrenched workflows, large shared services organizations, governance requirements, and a workforce measured in the hundreds of thousands. In other words, if IBM can make something work inside IBM, it has at least some credibility in arguing it can work inside another large enterprise. The goals of Client Zero appear to be several things at once: Improve IBM’s own productivity and operating efficiency. Identify repeatable AI transformation patterns across functions. Create proof points that resonate beyond the CIO and CTO. Turn internal lessons into reusable consulting assets. Move AI from pilot projects into scaled operational change. The goal of Client Zero is to do more but with less friction for humans in the loop. That last point is important. One of the recurring messages from the day was that automation alone is not enough. IBM leadership emphasized workflow simplification before AI embedding. I think that is exactly right. Too many organizations are trying to apply AI to messy, inefficient processes and then wondering why the return is underwhelming. IBM’s argument is that AI value comes when you first understand the work, simplify the work, redesign the workflow, and then embed AI or agents where they can actually change the outcome. Procurement was a good example. IBM did not frame transformation as simply automating invoice chasing. The more interesting idea was redesigning the function so procurement can spend less time on administrative drag and more time on strategic business outcomes. IBM shared several metrics tied to the Client Zero effort: Approximately $4.5 billion in productivity gains over the last 2.5 years. Another $1 billion in productivity gains targeted in 2026. Roughly 190 AI use cases across procurement, finance, HR, sales, and operations. HR transformation supporting approximately 280,000 IBMers globally. 94% of HR queries reportedly resolved in real time. Those are big numbers, and like all vendor-reported transformation metrics, they deserve some measured skepticism. But the direction of them is important. IBM is not just saying AI can improve productivity. It is trying to tie AI to redesigned workflows, business outcomes, and new commercial models. And, the commercial model piece may be one of the more important details. IBM leadership discussed a shift toward outcome-based contracting. Instead of charging only for labor, IBM increasingly links some engagements to business results, such as reducing the cost of a finance function. In some cases, IBM uses gain-share agreements where productivity benefits are split with the client. That is a different posture than the traditional consulting model. It is also a signal that IBM knows AI will pressure the rates-and-hours model. If AI can materially accelerate parts of consulting delivery, then consulting firms need to rethink what they are selling. The value moves from labor capacity to transformation assets, domain expertise, workflow redesign, orchestration, and measurable outcomes. My read: Client Zero is not just an internal efficiency program. It is a go-to-market strategy hiding inside an operating model transformation. It gives IBM a way to say, “We did this to ourselves first. Here is what worked. Here is what did not. Here are the assets that came out of it. Here is how we can help you do it too.” That is way more compelling than another AI strategy deck. IBM Consulting Advantage: The Internal Operating Engine IBM Consulting Advantage, or ICA, is the AI-powered platform IBM consultants use to deliver client work more efficiently and consistently. It is also one of the clearest examples of how Client Zero becomes more than a story. ICA functions as an internal operating engine for consulting delivery. It combines most of the AI models, IBM methods, reusable assets, process intelligence, and agentic capabilities into a platform consultants can use across advisory, design, implementation, and managed workflows. The way I think about it: ICA is IBM’s attempt to codify consulting expertise into a technology-enabled delivery system. That does not mean replacing consultants. It means giving consultants a more powerful way to understand environments, analyze workflows, generate blueprints, build agents, and assemble solutions faster. Some of the components stood out: Context Studio Process Studio Context Studio ingests client-specific information, such as process documentation, system configurations, and other relevant data. It then layers that information with industry benchmarks, including data from the IBM Institute for Business Value (IBV), to establish a baseline for transformation. Generic AI can produce generic answers. Enterprise transformation requires company-specific, workflow-specific, industry-specific context. Process Studio includes a capability called “Procedure Eater,” which is a memorable name, if nothing else. Its purpose is to analyze existing business processes, identify handoffs, systems, pain points, and inefficiencies, then generate a redesigned blueprint. The blueprint is both human-readable and agent-readable, which an important concept. If the future of enterprise operations includes humans working alongside agents, then process documentation cannot just be written for people. It also needs to be structured in a way agents can interpret, execute against, and improve over time. Agentic App Studio Product Workbench Agentic App Studio turns those blueprints into specific AI agents or digital workers. These agents can be equipped with data contracts, tools, and integrations into enterprise systems such as SAP, Azure, and other platforms. This is where the conversation shifts from copilots to digital labor. Not in a hype-cycle way, but in a practical workflow sense. The agent needs a role, a process, a set of permissions, data access, governance, and a way to interact with systems of record. Product Workbench lets consultants build applications or user experiences on top of the agents and redesigned workflows. This is important because most business users do not want to interact with “AI architecture.” They want something that helps them complete work. Product Workbench appears to be part of the translation layer between agentic capability and usable business applications. IBM also shared scale indicators around ICA: Approximately 4,000 curated digital workers, refined from a much larger pool of roughly 50,000. Productivity improvements of 40% to 60% for various consulting tasks. Approximately $3 million per quarter in AI token spend to run ICA globally. A security-focused agent set that reportedly performed 70,000 investigations using 9 billion tokens in one month. $3M per quarter is a hefty price. Is the productivity gain worth the investment? IBM says yes. The token consumption point was interesting. It was a reminder that enterprise AI at scale is not lightweight. It requires real investment, orchestration, monitoring, and cost control. That will become a bigger issue as companies move from experimentation to production. I also liked IBM’s emphasis on interoperability. ICA is designed to work across a heterogeneous enterprise environment. IBM talked about agents being callable from other systems of engagement, including Microsoft Copilot, SAP, Palo Alto Cortex, and other platforms. That feels practical. Large enterprises are not going to throw away their existing environments and standardize on one AI ecosystem. The winning model likely has to integrate across the messy reality of enterprise technology. My opinion: ICA is interesting because it makes IBM Consulting less dependent on heroic individual effort and more dependent on repeatable delivery patterns. That is probably necessary if IBM wants to scale AI transformation beyond bespoke projects. IBM Enterprise Advantage: Turning Internal Lessons Into a Client Platform IBM Enterprise Advantage is the client-facing evolution of its ICA work. While IBM Consulting Advantage is used internally by IBM consultants, Enterprise Advantage gives clients access to a similar asset-based approach for building, governing, and operating their own AI platforms and agentic workflows. This is where I think IBM is trying to make the bigger model shift. I think: Enterprise Advantage is not just a tool. It is a consulting-led platform model. IBM brings the assets, methods, agents, governance, integration expertise, and operating model lessons. The client uses those capabilities to move from scattered AI pilots to more structured, scalable AI operations. This is a real market need today. Many companies have pilots everywhere. They have copilots in productivity suites, experiments in customer service, pockets of automation in finance, AI-assisted development, and shadow AI use across the business. What they often do not have is a coherent way to govern, orchestrate, measure, and scale those efforts. Enterprise Advantage is designed to address that gap. The offering includes: A pre-built agent catalog with industry-specific agents and applications. A claimed “80% head start” for certain critical business processes. Support for multi-vendor AI and hybrid cloud environments, including AWS, Microsoft Azure, Google Cloud, IBM watsonx, and open-source models. IBM experts and engineers to help shape, deploy, manage, and govern agentic applications. Reusable transformation patterns derived from IBM’s own internal work. The multi-vendor foundation is important. IBM seems to understand that enterprise AI will not be a single-model or single-cloud story. Clients already have mixed environments. They will have multiple models, multiple clouds, multiple systems of record, and multiple systems of engagement. The governance layer may end up being as important as the agents themselves. The use cases IBM highlighted were practical: Customer service agents that resolve queries while maintaining cost and brand control. Regulatory reporting agents that support writing, review, validation, and traceability. IT innovation workflows that accelerate code generation, testing, and delivery. Document processing agents that extract and organize information from complex enterprise documents. Functional transformation across finance, HR, procurement, marketing, and operations. Early adopters include Pearson, which is using the service to build a platform that blends human expertise with agentic assistants to help manage day-to-day work. IBM also cited business impact ranges that included: 50% to 60% cost reduction through self-optimizing agentic workflows. More than 50% faster time to market. 40% to 50% increases in innovation yield. Reclaimed employee hours for higher-value work. Again, I would treat those as directional proof points rather than universal outcomes. But I do think IBM is pointing at the right problem: AI value will not come from disconnected experiments. It will come from redesigning work, embedding intelligence into workflows, governing digital labor, and measuring outcomes. That is the part of Enterprise Advantage that feels most aligned with where large enterprises are headed. Enterprise Advantage also signals a larger shift in the consulting market. Traditional consulting has been built around people, methods, expertise, and delivery capacity. AI-enabled consulting will still need people and expertise, but the delivery model increasingly includes platforms, reusable agents, internal IP, and outcome-based accountability. IBM is not alone in seeing this. But IBM has a credible argument because it is applying the model internally and then exposing parts of it externally. The Bigger Point Obviously, IBM hasn't suddenly "discovered AI". IBM has been in and around AI for a long time with Watson, now watsonx. The more interesting story is that IBM Consulting appears to be using AI to rethink how work gets done, how consulting gets delivered, and how large enterprises can move beyond pilots into operating model change. That does not mean IBM has escaped all of its own complexity. It has not. IBM is still IBM. There is still organizational weight, legacy, process, and the natural drag that comes with being a company of its size and history. But that is also why the story is worth watching. If IBM can use Client Zero to simplify its own workflows, use IBM Consulting Advantage to codify and accelerate consulting delivery, and use IBM Enterprise Advantage to help clients build governed agentic operations, then this is more than another AI services announcement. It is IBM is turning its own transformation into a repeatable enterprise model.

The "Hair on Fire" State of Security Has Become a Bonfire If you spend five minutes talking to a CISO these days, you’ll realize the industry is in a permanent "hair on fire" state. Now, with AI, the "hair on fire" has become a bonfire. Fire can be a catalyst or a destructive force. The latest lightning rod for the incendiary is the launch of Anthropic’s "Mythos." Since the first ripples of generative AI hit the security sector, we’ve seen a frantic mix of genuine innovation and unsettling workforce displacement. But Mythos? Mythos raises both innovation and displacement to a new level. As an analyst, my job is to filter the signal from the noise, and believe me, there is a lot of noise. Between Anthropic’s 200-page nightmare of a report—filled with enough literary and philosophical references to make a grad student blush—and the breathless funding announcements, it’s easy to lose sight of the technology. My goal here is to deconstruct the hype, call out the market manipulation, and look at what this "leapfrog event" actually means for the humans left in the loop. Defining Mythos: Research Scenario vs. Product Before we get swept away by the marketing, let's be clear: Mythos is currently a research scenario, not a direct-to-market product. It is a specialized environment designed to see how far a large language model (LLM) can push the boundaries of vulnerability discovery. The numbers being touted are indeed staggering. In testing, Mythos is finding vulnerabilities at a phenomenal pace, though some question whether those vulnerabilities are relevant or actually real. However, Mozilla put Mythos to the test and found 271 vulnerabilities, a massive jump from previous benchmarks. To put that in perspective, Opus 4.6—a model we already considered quite capable—only managed to uncover 22 in a similar environment for Mozilla. This isn't an incremental improvement; it’s an order of magnitude shift. What if AI lived on a deserted island? Critics will tell you it’s just glorified pattern matching. I disagree. Mythos has demonstrated an ability to synthesize a viewpoint or a takeaway that it was never explicitly prompted to generate. That is a form of intelligence. However, it’s not AGI. What looks like emergent reasoning is better understood as higher-order synthesis across patterns—but in practice, that distinction matters less than the outcome. However, If you put Mythos on a desert island, it wouldn't have its own "inspiration" or cognitive drive to create. It is a tool—a terrifyingly sharp one—but still a tool. The Hype, the Funding, and the Timing I’ve been in this space for twenty years, and I’ve learned that timing is never accidental. The Mythos announcement happened to coincide against the backdrop of tens of billions in hyperscaler AI investment from players like Google and Amazon Web Services. We know AI creators are starving for compute power, and they need these massive infusions of cash to feed these large reasoning machines. There is also the "scratch back" nature of these deals with providers like AWS that warrants a raised eyebrow. Anthropic restricted access to Mythos to just 40 "trusted" partners—the ultimate "haves vs. have-nots" scenario. This feels like blatant market manipulation. By creating an artificial scarcity while dropping a rambling marketing report, they’ve successfully fueled a hype cycle that helps secure their financial survival. I question the ethics of that. Is there signal here? Yes. Is it being used as a lever for the next funding round? Maybe. The "Reward Hacking" Controversy Mythos was trained on a previously unsupported framework that utilizes a concept known as "reward hacking" where models optimize for passing evaluation criteria rather than embodying true safety. Essentially, the model has been optimized to pass Red Team testing by looking like the safest possible model, rather than actually being inherently safer. The irony is that the very researchers involved in creating Mythos were previously on record as being against this type of training framework. They knew the risks of creating a model that knows how to look good for its evaluators while potentially hiding unpredictable behaviors in the wild. Project Glasswing and the Disclosure Dilemma Project Glasswing was formed in response to the AI-driven risks generated by Mythos. This research collective purportedly brings together the "brightest minds" across industries to manage a coming tide of vulnerabilities. But why release the Mythos announcement before Project Glasswing was fully operational? To me, this is a classic case of putting the cart before the horse. We’ve already seen reports of "unauthorized access" to the model—not for malicious gain, but by researchers wanting to show they could get in through a "side door" or via contractor access. If researchers can find these openings, so can attackers. By announcing the ability to find a treasure trove of vulnerabilities before a robust disclosure and remediation framework is live, Anthropic has essentially dumped a bucket of gasoline on the floor and then started looking for a lid. We are about to see a massive surge in AI-discovered vulnerability disclosures—a "detritus" of noise that many companies are simply not equipped to handle. The "Same Dance, only Faster": Strategy in the AI Era The emergence of Mythos doesn't mean we need a new playbook; it means we need to run the current one 100x faster. It’s the "same dance," just at a lethal tempo. Traditional hygiene—patching, configuration, and basic security posture—is still the bedrock. If you aren't doing the basics well, AI is just going to help the attackers find your flaws more quickly. The Cloud Security Alliance (CSA) recently published a paper that every CISO should read. It was authored and reviewed by many industry veterans like Gadi Evron, Robert T. Lee, Rich Mogull, Sounil Yu, Bruce Schneier, and Jen Easterly and countless other great cyber minds. Their message is clear: the era of "machine vs. machine" defense is here. We can no longer rely on human-speed responses to AI-speed threats. Strategic Actions for the AI Era: Near-Term: Accelerate Patching: You need to be thinking in minutes and hours, not weeks. Rigorous Hygiene: Remediate potential unauthorized access that can come comes through the most boring, overlooked configuration errors. Long-Term: Agentic AI Integration: You must add agentic AI to your security stack. These aren't just chatbots; they are agents that can monitor, triage, and remediate in real-time. Board-Level Education: The Board needs to understand that we are fighting a 100x speed war. Budget is no longer just about "more tools"; it's about "faster response." The document goes on to suggest a Mythos-ready security program and offers a 10 question assessment to understand your current status. It's a good read. The Human Element: Graybeards, Youngins, and Task Rabbits The "Mythos moment" is causing a fascinating but painful upheaval in our workforce. Some OGs and Graybeard CISOs look at the prospect of "machines watching machines" and are deciding it’s finally time to retire and head for the golf course. Others are leaning in, recognizing that their entire careers have been a series of technology waves to be mastered. The real crisis is for the "Youngins." I’ve been reading the Reddit threads, and the "hair on fire" sentiment among recent graduates is real. They were promised six-figure careers in cybersecurity, only to find that Level 1 SOC Analyst roles—the traditional entry point—are being swallowed by AI. Entry-level developers are facing the same disintermediation. There is a genuine fear that we are all becoming "task rabbits for the machine," merely Oh dear! Are we becoming task rabbits? performing the manual cleanup for AI agents. To survive, the next generation has to stay in the "human cognitive loop." They need to move from execution to ideation—suggesting where the code should go, auditing the agents, and providing the strategic context that a model on a "desert island" simply cannot replicate. Optimism Remains I’ve said a lot about the risks, the hype, and the potential for breaches that are orders of magnitude larger than anything we’ve seen. It’s sobering, but I remain an optimist. This is a leapfrog event. It is a moment of pain, reskilling, and intense pressure, but it is also an opportunity to finally filter out the noise and focus on what matters. We are augmenting the machines as much as they are augmenting us. Mythos isn't the Singularity, but it is a call to action. This is a tech revolution similar to many others but much faster and less forgiving than previous ones. We will be able to find more vulnerabilities faster but will the noise of the sheer quantity and relative importance overwhelm us? When the threat attacker inevitably gains access, what havoc will they wreak? Humans cannot respond quickly enough. If we are to build programs that can keep up with machines we need to build for machine governance of machines, and we humans must stay in the cognitive loop.

Carol Anderson, President of Imagent Inc., interviewed Rock Lambros. Agentic AI requires new thinking about governance Richmond Advisory Group recently interviewed Rock Lambros , Director of AI Standards and Governance at Zenity and Founder of RockCyber. The conversation explored the inevitability and necessity of using AI to govern AI, with insights into humans in the loop, non-human identities, and OpenClaw.   Why this matters Traditional governance thinking and processes can’t keep up with the agentic AI world, which is moving at blazing speeds. In the past couple of months, the Model Context Protocol (MCP) accumulated 30+ CVEs, NIST launched the AI Agent Standards Initiative, and major vendors shipped agent governance tooling at RSA 2026. The gap between agent capability and governance maturity is widening, not closing.   When organizations deploy agents and rely on current governance methods, the risks may outweigh the rewards. A NIST-aligned, novel platform offers organizations an alternative way to govern AI using AI.   What Is the Janus System? It’s a concept based on Janus, the two-faced Roman deity, that I’ve been thinking about for a while. Janus seems like a useful model for governing dual-component AI. The second you break out a single-agent pattern into a multi-agent pattern, the challenges explode exponentially.   Janus splits AI into two components: one is the agents that face forward and ruthlessly pursue their objectives. The other component is a governance orchestrating agent that looks backward to check the agents at machine speed. An agent checking the agents. We need this duality. Only AI can govern AI. How Does Janus Improve AI Governance? The agentic world is moving at blistering speeds. Two months ago, I would have said we don't have agent standards. That's changed. NIST launched the AI Agent Standards Initiative in February. AIUC-1 gives us an objective framework for classifying agent use cases. CoSAI published its Principles for Secure-by-Design Agentic Systems and an MCP security taxonomy . Zenity joined CoSAI's Project Governing Board because the open specifications that enterprises will operationalize are being written inside those workstreams right now. If you're not at the table contributing practitioner evidence, you're deploying agents on a governance framework you had no role in shaping. "If you're not at the table contributing practitioner evidence, you're deploying agents on a governance framework you had no role in shaping." The standards are arriving. The deployments aren't waiting. Most organizations still govern AI the way they govern traditional software. Deploy, audit, check a box, come back in 90 days. That fails catastrophically when an AI agent can write its own instructions, rewrite its guardrails, and pursue goals you never named, all at machine speed.   Some colleagues and I wrote a paper that describes an open-source governance platform called AAGATE , which stands for Agentic AI Governance Assurance & Trust Engine. It aligns with NIST’s AI Risk Management Framework  and bridges policy, security, and AI development. The platform is a way to operationalize Janus with Kubernetes-native deployment and governance as code. It’s designed to enforce policies dynamically.   The shadow-monitor pattern, an agent watching agents, has become a product category. Multiple vendors shipped versions of it at RSA 2026. The Janus concept anticipated this. Where AAGATE goes further is the integrated stack: MAESTRO threat mapping across seven layers, AIVSS risk scoring, SSVC response prioritization, ANS-based cryptographic identity, UEBA behavioral profiling, and ZK compliance proofs. No one ships this full architecture. The governance stack must be as sophisticated as the agent architecture it monitors. A shadow agent with a kill switch is one component. The integrated platform is the contribution.   In the past few weeks, multiple major vendors launched agent governance tooling at RSA 2026, including open-source policy enforcement engines, agent red-teaming platforms, and zero trust extensions covering the full AI lifecycle. These are runtime containment and policy enforcement tools. They validate the pattern. They don't replicate the full governance architecture.   The Kubernetes-native AAGATE architecture with service mesh, observability, and governance orchestration. Source: arXiv, Cornell University. https://arxiv.org/pdf/2510.25863   How Do We Keep Humans in the Loop? Keeping humans in the loop is an intentional architectural decision. Some human triggers need to be configurable and some will be based on a behavioral analytics engine like the UEBA in the traditional cyber world. An agent going beyond a risk threshold triggers a human. There’s never going to be a hard line on this because the triggers will change as agent behaviors change.   Whatever the interface looks like, and it could be email, WhatsApp, or Slack, agent X stops due to a rule-based policy or risk threshold. It explains why it stopped and asks how to proceed. The analyst can recommend yes, no, or other action. Or kill the agent, which should trigger an investigation before re-enabling it.   The most dangerous moment in AI governance isn’t when the system fails. It’s when it works so well that nobody bothers checking anymore. You deploy an agent, and it delivers results. The ROI is great. But humans get used to rubber stamping things. After 10 corrective actions in a row, we use the stamp. Then humans are loop-adjacent.  "The most dangerous moment in AI governance isn’t when the system fails. It’s when it works so well that nobody bothers checking anymore." In addition to policy guardrails, we need mandatory incident reviews and a dedicated incident broker that evaluates what an agent is about to do.   What Is Your Take on OpenClaw? It’s an open-source AI agent that really took off. But in about a nanosecond, researchers found hundreds of vulnerabilities and thousands of instances where people’s secrets and API credentials were exposed to the internet.   OpenClaw was developed to be a consumer personal assistant, not an enterprise solution. But people immediately tried to slam it into their corporate environments as a magic way to solve problems. But that’s wrong. You wouldn’t expect your washing machine and dryer at home to survive in a laundromat, right?   Is OpenClaw disruptive? Is it transformational? Was it meant to be experimental in pushing the limits of what we can do with agents? Absolutely. But at the end of the day, it’s software, and there are implications for operations, security, and privacy. For example, OpenClaw self-codes by design. Without good context engineering and context management, meaning clearer context, an agent can write code and potentially drift. Old permissions can linger. I'm not trying to anthropomorphize it, but agents remember. Just like ChatGPT or Claude or Gemini remembers past interactions.   I think we’ve forgotten basic software development and lifecycle principles when it comes to rolling out AI agents. And I’m seeing a general lack of security-first thinking. Hopefully, each iteration of OpenClaw gets better.   I'm waiting to hear a story about someone who asks OpenClaw to invest $10,000 in the most tax-friendly way. And then, three months later you get a knock on the door because you're being accused of money laundering. This goes back to how you use an agent, understanding its capabilities and its limitations.   "I'm waiting to hear a story about someone who asks OpenClaw to invest $10,000 in the most tax-friendly way. And then, three months later you get a knock on the door because you're being accused of money laundering. This goes back to how you use an agent, understanding its capabilities and its limitations." Will You Comment on Agentic AI Security? From a security perspective, we're focused on some of the wrong things. We're obsessed about prompt injection, for example, but we really need to start obsessing over what the agent can reach once it's compromised. We need to focus on authorization boundaries and policy gates and the governance and orchestration mechanisms around them. The permissions that you give an agent are the payload. "The permissions that you give an agent are the payload." I worry most about over-permissiveness and the lack of a good identity framework around agents. We treat agents like they’re kind of human or non-human identity hybrids, but agents are a new class of non-human identities. In a typical MCP interaction, the human user's identity disappears entirely. The MCP server sees an authenticated agent using a static API key. It has no idea who authorized the action or the scope of that authority.   Organizations give permissions to agents they would never give a human employee. We need to treat AI agents as dumb interns. An intern will likely be smart enough to escalate if something's ambiguous or fishy. An agent can't do that. An agent is going to try to complete its task, no matter what. What Are Your Top Takeaways for Governing Agentic AI? Inventory all agents used in your organization. Inventory what they can access, not what you think they’re allowed to access or do. Then, understand your use cases. Implement dual-layer oversight, like the Janus system, to separate capability from governance. The actor and the monitor need have an independent incentive structure. In other words, ethical circuit breakers, and governance as code. An orchestrator can quarantine a particular pod or revoke OAuth tokens in milliseconds. Governance must be decentralized, executable, and enforceable at runtime, combined with continuous red teaming. A distributed ledger allows for the immutability of agent decisions and logs, and it provides a complete audit trail. Agent identity management moved from research to active standards work in the past two months. NIST's AI Agent Standards Initiative issued a formal concept paper on AI Agent Identity and Authorization in February, with listening sessions underway now. I submitted 33 formal comments on NIST GCR 26-069 covering agentic AI gaps. The agent naming system concept, like DNS for agents, is gaining traction. OWASP  has released some research about an agent naming service. OAuth has to evolve, and one of the original authors of OAuth has published an AAuth draft. The standards are coming, but the deployments aren't waiting. Shadow AI is growing exponentially. Employees will deploy powerful agents on corporate machines without security reviews because they can. It’s important to have the detection capabilities to find unauthorized AI. I think we’ll make progress with machine-readable governance policies and regulations this year. The EU AI Act has some logging and oversight mandates. And watch the Open Policy Agent ecosystem. It can translate regulatory text into executable rules. Additionally, we’ll hear more about multi-agent coordination. People are still trying to wrap their heads around LLMs, generative AI, and single agents. With agentic AI, we’ll see collusions or cross-agent privilege escalation or cascading failures and attack patterns that current frameworks don’t address. Forward Thinking About AI Governance Slowing agentic AI rollouts to consider agent identity management, security, governance, risk, and regulations is advisable but not likely to happen. Thoughtful assessment, clear use cases, governance-as-code and a framework for governing AI will help organizations use AI more securely. The idea of AI governing AI may not be an easy-to-digest concept, but it looks like the only way forward.     Readers might also be interested in the OWASP GenAI Security Project Agentic Security Initiative and the Top 10 Vulnerabilities for Agentic Applications  as well as a podcast featuring Rock Lambros.

They Are Design Signals Over the past year, a series of so-called “leaks” involving large language models (LLMs) and emerging agentic systems have captured industry attention. The most cited example is the exposure of system prompts and behavioral scaffolding behind models like Claude from Anthropic, alongside similar disclosures affecting models from OpenAI. These events have often been framed as isolated incidents or, alternatively, dismissed as overblown artifacts of jailbreak culture. Both interpretations miss the point. What we are seeing is neither a traditional breach nor a trivial curiosity. It is something more foundational: The control mechanisms governing LLMs and agents are inherently observable, influenceable, and probabilistic. This is not a bug. It is a property of the system. What Actually “Leaked” and Why It Matters In the case of Anthropic’s Claude models , a 59.8MB JavaScript source map file in its Claude Code v2 1.88 exposed 1,906 files of unobfuscated code, allowing developers to see the complete agent harness and workflow. The leak provided a roadmap of Anthropic's proprietary tools to competitors and created potential vulnerabilities for exploitation. Additionally, researchers and users were able to extract elements of the system prompt, including: Constitutional AI principles guiding responses Safety and refusal logic Tone, persona, and escalation instructions This was not achieved through infrastructure compromise, but through interaction . Carefully constructed prompts, recursive queries, and tool-mediated workflows surfaced what was intended to remain hidden. Similar dynamics have been observed across other leading models. System prompts, tool policies, and behavioral constraints are not sealed. They can be inferred, reconstructed, and in some cases directly elicited. The implication is straightforward but profound: System prompts are not a security boundary. They are part of the attack surface. From Models to Agents: Expanding the Exposure Layer If prompt exposure were the full story, the industry could treat this as a manageable transparency issue. The real shift emerges as organizations move from standalone models to agentic systems . Agents introduce: Tool access (APIs, databases, SaaS platforms) Memory (persistent or session-based) Autonomy (multi-step reasoning and execution) In this context, prompt injection is no longer just a way to manipulate output. It becomes a mechanism for action and exfiltration . We are already seeing credible demonstrations of: Malicious content embedded in documents or web pages altering agent behavior Retrieval-augmented generation (RAG) pipelines surfacing sensitive data that can then be extracted Agents being induced to call external tools with unintended parameters or data The critical issue is that the model does not reliably distinguish between: Trusted system instruction Retrieved content Adversarial input To the model, these are all tokens in a sequence. The burden of separation falls on architecture, not the model itself. The Deeper Pattern: A Soft Control Plane Across Anthropic, OpenAI, and the broader ecosystem of agent frameworks, a consistent pattern is emerging. Control is Textual, Not Enforced System behavior is governed by instructions written in natural language. These instructions are interpreted, not enforced. Boundaries Are Probabilistic Safety, policy, and task constraints are applied with high likelihood, not certainty. Under pressure, they can degrade. Context Is Ambiguous The model does not possess a native mechanism to assign trust levels to different inputs within its context window. Taken together, this creates what can be described as a soft control plane . It is effective under normal conditions, but susceptible to manipulation under adversarial ones. Why the Anthropic Case Resonates Anthropic’s approach is particularly instructive because of its emphasis on Constitutional AI (see "What is Constitutional AI?" blog ). By encoding principles and behavioral guidelines directly into the system prompt, the company has made its alignment strategy more explicit than most. When those prompts are exposed, what becomes visible is not just implementation detail, but philosophy in action. This has two effects: It demystifies how alignment is operationalized It reveals the limits of that approach under adversarial interaction In this sense, the “leak” functions less as a failure of secrecy and more as a window into the current state of AI control systems . Implications for Security and Risk Leaders For CISOs and security leaders, the takeaway is not that LLMs are unsafe. It is that they must be understood on their own terms. LLMs and Agents Are Influenceable Systems They can be guided, steered, and in some cases manipulated through input alone. This places them closer to human operators than to deterministic software components. Traditional Boundaries Do Not Apply You cannot rely on hidden prompts, internal policies, or model alignment as hard controls. These are advisory layers, not enforcement mechanisms. Agentic Architectures Increase Blast Radius Once a model can take action, access data, or invoke tools, the consequences of manipulation expand from “incorrect answer” to “material impact.” Aligning to a Probabilistic Security Model These dynamics reinforce a broader shift already underway in security: From deterministic control to probabilistic risk management. In practical terms, this means: Assuming that prompt injection will occur Designing systems that constrain what an agent can do, not just what it is told Implementing verification layers around high-impact actions Maintaining human oversight where context and judgment are required This is not a temporary phase. It is the operating model for AI-enabled systems. The Path Forward: From Trust to Governance The industry often frames AI adoption in terms of trust. Trust in the model, the vendor, or the outputs. A more useful framing is governance. What can the system access? What actions can it take? How are those actions monitored and validated? Where does human authority intervene? As organizations move toward agentic AI, these questions become central. The Gist The recent wave of LLM and agent “leaks” is not a series of isolated events. It is a signal. The mechanisms we use to control AI systems are visible, influenceable, and inherently probabilistic. As a result: Security strategies must shift from concealment to containment From preventing manipulation to managing its impact From trusting the model to governing the system The organizations that internalize this distinction early will be better positioned to harness AI’s capabilities without inheriting disproportionate risk.

Manage Detection & Response (MDR) and Extended Detection & Response services have come a long way since MDR was openly defined in 2016 (although many would consider the activity had been around for a lot longer!). The emergence of the Managed Security Service Provider (MSSP) in the last 10 years or so has focused attention on customer requirements for a much more specialised role. The rapid development of AI tools in the last three to four years has seen specific technologies become available that MDR providers can potentially benefit from, helping to turn reactive tools into potentially autonomous systems capable of operating at a scale and speed that humans alone cannot match. The following is not an exhaustive list, however we have chosen ten areas where we believe that AI and AI agents are providing some kind of potential benefit to MDR & XDR providers. These benefits are worth considering if you are considering contracting for services with an MDR or XDR provider. Note that while we’ve provided some examples of vendors and how they use these tools, this is not intended to be an exhaustive list of companies. Many of the big names in MDR/XDR - Microsoft, CrowdStrike, Palo Alto Networks et al - will have multiple offerings that use many - if not all - of these technologies, and it would be too much to list them in every area. We’ve therefore tried to include a variety of different vendors for each example to illustrate how extensive these tools are being used across many different sectors of the market, and the breadth of functionality on offer. 10 Ways To Transform MDR & XDR #1. Behavioral Analytics (Anomaly Detection) A key benefit of AI agents is that they can quickly analyze historical data and user behavior to identify patterns that deviate from the established "norm,". This often indicates hidden or novel threats that could otherwise be overlooked. Examples: AhnLab's AI Plus security platform provides comprehensive protection for endpoints. The firm says it offers advanced threat prevention by using AI agents to interpret the causes, flows, and contexts of attacks. The ESET PROTECT Platform leverages AI-native protection to detect anomalies missed by traditional rules. Its AI Advisor agent acts as a generative AI-based assistant integrated with ESET Inspect (the XDR-enabling module of the ESET PROTECT Platform). #2. Alert Triage and Summarization When harnessed well, AI agents can automatically evaluate large volumes of incoming security alerts to determine their severity, summarizing complex logs into actionable insights and prioritizing critical risks for analysts. Examples: Dropzone AI uses several different role-based agents for specific tasks. These include one that acts as an autonomous SOC analyst that it says can investigate alerts 24/7. Intezer Labs' AI SOC agent provides forensics-based alerts, emphasizing speed of triage and reduced escalations to human analysts. #3. Cross-Domain Signal Correlation While XDR provides the integration layer, MDR operates the "human-led" services on top. When required, AI agents have the potential to more quickly connect disparate telemetry data across identities, endpoints, networks, and cloud workloads to identify a single, complex attack chain. Examples: CrowdStrike's Falcon Platform provides unified, cross-domain protection across all enterprise risk areas, and similarly, SentinelOne's Singularity Platform uses an AI-powered unified data lake to correlate telemetry autonomously. #4. Rapid-Response Containment Implemented correctly, AI agents can enable advanced, automated workflows that take immediate action the moment a threat is verified. This could include some of the most timely and critical responses, such as quarantining a compromised device, blocking malicious code execution, or revoking access. Examples: ReliaQuest’s GreyMatter security operations platform is designed to detect and contain threats quickly, including in multi-MDR environments, using its role-based autonomous Agentic Teammates Microsoft Defender provides a wealth of agentic AI features, including autonomous defense to block high-speed attacks before they spread via its Security Copilot offering. #5. Autonomous Remediation Depending on the level of autonomy, AI agents can find and "fix" vulnerabilities by automatically applying software patches and updates across a global network without manual IT intervention. A note of caution should be given here, as many vendors, service providers and CISOs are wary of giving agents full autonomy without guardrails in place - or a "kill switch" to shut an errant agent down.... Examples: For patch management, Action1 provides an autonomous remediation engine that bridges the gap between vulnerability discovery and automated patching, with built-in agent audit trails. For MDR providers looking at managed vulnerability management, Mondoo offers an agentic service that identifies and fixes policy violations automatically at machine speed. #6. Policy and Access Optimization Fast and efficient identity and access controls are key for modern security operations - including for agentic AI. Agents that continuously monitor the security environment and dynamically adjust access rules, security policies, or guardrails in real-time can be a much more efficient way to close exploitable gaps. Examples: Cyata provides a posture-first platform that uses adaptive guardrails to control agentic identities, protecting companies from the risks of autonomous agentic workflows. Skyrelis offers behavioral monitoring and runtime policy enforcement for AI agents, tools, and data via a policy layer that adapts security controls across users and geographies in real-time. #7. Reducing MTTU and MTTR AI can potentially reduce the Mean Time to Understand (MTTU) ie. how long it takes to figure out what happened, and the Mean Time to Respond (MTTR) - basically how long it takes to fix it - by translating complex data into plain-language insights. Examples: Protos Labs builds AI agents that it says reason like human analysts to significantly accelerate investigations in threat intelligence operations. Prophet Security’s AI SOC uses agents to bring context and reasoning to flagged alerts, thereby helping human teams act faster. #8. Forensic Augmentation As the complexity of threats grows, the use of AI assistants and agents can provide analysts with deeper context and automated evidence collection at scale, significantly accelerating the forensic analysis of security incidents. When combined with industry or sector-specific technologies, the agent's capabilities can be enhanced to tackle niche use-cases. Examples: SentinelOne's Purple AI accelerates investigations by providing comprehensive details about incidents, as well as answering natural language queries about threat data. Test and measurement specialist, VIAVI Solutions, offers its XEdge Sensors that bring packet-level forensics to speed up detection and resolution for edge-based, network infrastructure. #9. Agentic SOC (Human-Led, AI-Operated) One of the most-discussed and fiercely debated AI/agentic AI topics, the Agentic SOC is a next-generation security operations model where a fleet of autonomous AI agents handles the bulk of triage, investigation, and remediation, while human experts focus on high-level strategy and policy orchestration. Examples: Many firms already offer agentic SOC capabilities - and more will follow in 2026 - but the following vendors illustrate the kinds functionality that AI agents can offer. Anomali and Elastic both offer Agentic SOC platforms where SIEM and XDR functions are driven by AI automation Elsewhere, Microsoft is developing its Security portfolio along the lines of an agentic platform as it doubles-down on tools built specifically for this "AI-operated" era. #10. Security Data Fabric While data fabrics are arguably more of an architectural strategy than a set of features or functions, they do provide a layer that unifies enterprise data from disparate sources in a clean, structured, way. In theory, this provides an AI-ready foundation that agents can use to perform investigations at machine speed. Examples: Cribl creates an AI-ready security data foundation by unifying, enriching, and routing telemetry. Cisco's Data Fabric unifies machine data to enable real-time, AI-powered threat detection and response. The Gist As attackers use AI to create threats at scale and at machine speed, agents are already being used by many MDR and DXR vendors and service providers to supply autonomous features that assist human operators and augment existing security tools. From detection through triage and ongoing threat intelligence, agents can be a valuable tool in the security professional's arsenal, but with autonomous capability comes increasing risk. When contracting with a supplier of security services that uses AI agents, companies should check for governance and guardrails, including audit trails and human oversight. AI agents will become increasingly pervasive, and used wisely, can help combat the efforts of bad actors looking to exploit vulnerabilities.

As artificial intelligence systems become more capable and more embedded in business operations, a central question continues to surface: How do you ensure these systems behave in ways that are useful, safe, and aligned with human intent? One of the more influential answers to emerge in recent years is Constitutional AI , an approach pioneered by Anthropic . How AI moves from training to the reinforcement phase in "Constitutional AI" (AI generated image) At its core, Constitutional AI is an attempt to move beyond ad hoc guardrails and toward something more structured: A system where AI models are guided by an explicit set of principles and taught to evaluate their own behavior against them. A Different Approach to Alignment Most modern language models rely heavily on Reinforcement Learning from Human Feedback (RLHF) . In that model, humans review outputs and steer the system toward preferred responses. Constitutional AI takes a different path. Instead of depending entirely on human reviewers, the model is given a written “constitution” . This is a set of rules or principles that define how it should behave. The model then learns to: Generate a response Critique that response against the constitution Revise it to better align This introduces a layer of self-regulation . The model is not just responding. It is also evaluating. What’s in the Constitution? The “constitution” is not legal code or hard logic. It is written in natural language and typically includes principles such as: Be helpful, honest, and non-deceptive Avoid harmful or unsafe content Respect user intent while maintaining boundaries Provide balanced and accurate information Because these rules are expressed in language, the model can interpret and apply them across a wide range of scenarios. This is both the strength and the constraint of the approach. How It Works in Practice Constitutional AI generally unfolds in two stages. First, during training, the model is shown examples of how to apply the constitution. It learns to critique and revise its own outputs, improving alignment without requiring constant human intervention. Second, in a reinforcement phase, the model generates multiple possible responses and uses the constitutional principles to determine which ones are preferable. Over time, it internalizes these preferences. The result is a system that can scale alignment more efficiently  than approaches that rely solely on human feedback. Why It Matters Now Constitutional AI reflects a broader shift in how the industry is thinking about AI control. Rather than treating safety and behavior as afterthoughts, it embeds them directly into how the model reasons. This creates: Greater consistency in responses More transparency in how decisions are shaped A framework that can evolve as expectations change For organizations adopting AI, this signals a move toward more governable systems , rather than opaque ones. The Subtle but Important Limitation It is tempting to view Constitutional AI as a solution to AI risk. It is not. It is an improvement in how systems are guided. The constitution itself is still text . The model interprets it probabilistically, just like any other input. Under normal conditions, this works well. Under adversarial conditions, it can be strained. This leads to an important distinction: Constitutional AI provides guidance, not enforcement. It shapes behavior, but it does not guarantee it. From Models to Agents As AI systems evolve into more autonomous, agent-like architectures, this distinction becomes more consequential. A model that produces text can be corrected after the fact. An agent that takes action based on that text introduces a different level of risk. In these environments, Constitutional AI plays a valuable role, but it must be complemented by: Access controls Action constraints Monitoring and validation layers Human oversight where needed In other words, it becomes part of a broader governance system. The Gist Constitutional AI is an approach to aligning AI systems by giving them a defined set of principles and teaching them to evaluate their own behavior against those principles. It represents a meaningful step forward in making AI more consistent and scalable. At the same time, it reinforces a reality that organizations are only beginning to fully absorb: AI systems are guided by language, not governed by hard rules. Understanding that distinction is key to using them effectively and safely.

The last twelve months has seen many new developments in the cybersecurity industry, but one that stands out is the arrival of AI agents. The fact that these semi-autonomous, task-focused virtual machines are now “in the wild” is both alarming and exciting. AI agents are here and being used extensively by technology vendors, service providers, and enterprises across most industry sectors. While many are still getting to grips with adoption and deployment, early adopters are facing the challenges of any new technology: management, governance and compliance. While regulations governing the use of AI have lagged its most recent advances - GenAI, bots, semi-autonomous agents etc. - the security implications of unregulated use are becoming known. AI agents can offer task completion at a scale and speed that humans cannot. At the same time, such powerful capabilities open new attack surfaces that security teams need to be ready for. Treating AI agents as non-human identities in the way that we consider service accounts is not enough. We need to start treating AI agents in much the same way as we do human beings: as complex entities that require careful management, nuanced governance and real-time monitoring. New solutions for a new era? Security professionals have been using Governance, Regulatory & Compliance (GRC) tools to manage and report on network, application, cloud and on-premises infrastructure for many years. As a broad category of activities, governance does not require a regulatory environment to function, but it is the precursor to the latter being successful. Governance is something that any organisation can apply to any part of its infrastructure, including AI tools and agents, without necessarily creating a compliance framework. While governance is often mentioned in the same phrase as compliance, AI and AI agents have developed far ahead of the ability of regulatory bodies to catch-up. Many large and/or established vendors - such as IBM, Microsoft, Palo Alto Networks, SailPoint, DataDome, and others have added AI agent management and governance capabilities to their AI security platforms. These solutions tend to be integrated with the vendor’s overall GRC framework and will focus on holistic approaches to security operations. It makes sense for these vendors to add AI agent governance to the management of AI security. Others however are focusing on the specific requirements of AI agents and architecting new approaches, using human psychology, behavioral analytics and context-specific permissions. When managing AI agents, it is increasingly clear that context is the key to both productivity and risk mitigation. Context covers all the information sources, prompt history, documents etc. that allow the Large Language Model (LLM) to perform its task-specific requirements as accurately and effectively as possible. Context can be complex, incorporating rules-based behavior, compliance requirements, corporate policies and so on. In theory, the more context - of the correct kind - that can be given, the better the AI agent will provide results. The use of Retrieval-Augmented Generation (RAG) is especially important for AI agents, allowing them to connect with trusted, up-to-date domain-specific sources prior to response generation. It may seem that this level of context is overly cumbersome and unnecessary, but the enhanced capabilities of AI agents means that careful understanding of their requirements, behavior and potential interactions is critical. Context is Everything This year’s RSAC Innovation Sandbox Top 10 Finalists include two companies that offer tools to help companies govern AI agents at a much more detailed level: Geordie Geordie provides tools for AI agent governance by helping customers gain a deep understanding of agent behaviour and providing tools to develop detailed context requirements. Geordie describes a fundamental shift: while standard software is an execution engine for human choices, AI agents combine LLMs with real-world tools to make independent choices based on a task brief. In turn, Geordie believes that this shift changes the way risk is manifested in AI agents, given the minute-to-minute changes in the tools they have access to and the context they are currently processing. The solution is contextual - as opposed to static - governance: deep configuration awareness, behavioural observability over time, and real-time, scenario-based interventions. Token Security Token Security considers AI agents to be a new form of identity threat, but the firm’s goal is to help companies adopt them - mitigating these threats by treating AI agents as “first-class” identities. Token’s offerings cover established non-human identities such as API tokens and service accounts but lean strongly into the classic identity management approach to AI agents, prioritizing visibility, ownership attribution, control, and governance. Like Geordie, Token believes that context is key, describing how it applies intent-aware, least-privilege to AI agents, with the intention of ensuring that agents have only the permissions needed for their purpose, and only for the time required. The Gist Management of non-human identities has evolved in response to the rapid adoption of semi-autonomous AI agents. The complex nature of their interactions with both human operators and other agents means that security teams need a more sophisticated approach that uses behavioural context to determine an agent’s permissions. Leading security vendors are adding advanced AI discovery and management capabilities to their platforms, but several specialist firms are developing sophisticated AI agent governance products. Firms such as Geordie and Token Security are leveraging an identity management approach mirroring the complexities of human operator requirements, but at a vastly bigger scale and in near real-time. Implementing context-specific permissions that can change on a minute-by-minute basis seems unimaginable - especially if many hundreds of different agents are being monitored. For some of these finalists at this year’s RSAC Innovation Sandbox awards, confidence is high that this can be achieved. Watch this space!

Managed detection and response did not emerge as a fully formed category. It grew out of a very specific problem. Organizations bought better tools, but too many still lacked the people, process, and operational maturity to run them well around the clock. What began in the mid-2010s as a service layer around endpoint detection and response (EDR) has since evolved into something much broader: a security operations model that spans endpoint, identity, cloud, email, SaaS, and now increasingly AI-related risk. A short history helps explain why the market feels so crowded today. EDR started reshaping endpoint security around 2013, and MDR followed as a managed service model around 2016, offering organizations 24/7 monitoring, threat investigation, and response support they could not easily build in house. Since then, the market has exploded, with hundreds of providers now claiming MDR capabilities. That expansion has created both opportunity and confusion. Buyers are no longer asking only who offers MDR. They are asking what kind of MDR they are really buying. That is where an MDR 3.0 lens becomes useful. Early MDR was largely an outsourced detection function tied closely to endpoint telemetry. The next phase broadened into XDR-style visibility and more integrated response. MDR 3.0 is different. It is less about monitoring a narrow stack and more about operating as an intelligence-driven control layer across a fragmented environment seeking inherent business risk. In this model, the provider is expected to correlate signals across identity, endpoint, network, cloud, and applications, apply automation where it helps, retain human judgment where it matters, and increasingly support investigations shaped by AI-assisted triage and response. That shift is why the market conversation is moving from “Do you have a SOC?” to “How quickly and intelligently can you contain risk across my environment?” Recent buyer behavior reflects that evolution. Buyers are still led by familiar needs, but the hierarchy has changed. Access to 24/7 SOC expertise remains foundational. That is not surprising in a market where true continuous operations are now expected rather than exceptional; the 2025 SANS SOC Survey reported that 79% of SOCs operate around the clock. At the same time, buyers are placing greater weight on response speed, broader visibility, and the ability to investigate across endpoint, identity, cloud, email, and SaaS rather than in silos. Another important constant is that expertise is winning over price-led procurement. Organizations still care about cost, but fewer serious buyers treat MDR as a commodity. They are more focused on whether the provider can actually reduce operational burden, improve investigation quality, and accelerate containment when something goes wrong. That makes sense in a threat environment where internal teams are often overstretched, alert fatigue remains real, and building a mature 24/7 operation internally is still difficult. In this context, MDR is being purchased less as outsourced monitoring and more as a force multiplier for resilience. One of the other buying forks in the road is still vendor-agnostic versus platform-led MDR. For many buyers, this is the practical question behind the shortlist. Do they want a provider that works with the tools they already own, or one that is optimized around a tightly integrated native stack? The vendor-agnostic camp has appealed to organizations that want flexibility and want to preserve existing investments. The platform-led camp appeals to buyers who believe a deeply coupled stack can produce stronger telemetry, better workflows, and faster operational outcomes. That tradeoff remains central to the market. That tension also explains why the same names keep surfacing, but for different reasons. CrowdStrike remains one of the most visible and frequently shortlisted providers, but its story is no longer just endpoint leadership. The company has been extending into AI and identity, including its SGNL acquisition announced in January 2026 and its earlier Pangea move to secure enterprise AI use and development. CrowdStrike is clearly trying to position Falcon as an operating layer for the AI-era SOC, not just an EDR platform with services attached. Palo Alto Networks is pushing even harder on platform breadth. Its July 2025 acquisition of Protect AI expanded its coverage across the AI lifecycle, and its CyberArk acquisition closed in February 2026, adding deeper identity security to an already broad platform strategy. The company has also been explicit about securing human, machine, and agentic identities, which makes it one of the clearest examples of how MDR is being pulled toward AI security, identity security, and cloud operations all at once. Arctic Wolf is another example of the MDR market maturing beyond a pure service wrapper. Its acquisitions of Revelstoke and Cylance , combined with the Aurora platform, signal a move from service-led MDR toward greater ownership of the operational control stack. In other words, Arctic Wolf is not just managing tools around the edges. It is building more of the underlying engine. What buyers want now, then, is not just MDR in name. They want coverage that matches how modern attacks move. They want a provider that can see across identity and cloud, not just endpoint. They want response support, not just detection noise. They want flexibility when they have an existing stack, but they also want evidence that a platform-led provider can deliver better operational outcomes if they go all in. And increasingly, they want a credible answer to the AI question: not just whether a vendor uses AI in marketing, but whether AI materially improves investigation, prioritization, and containment without removing humans from meaningful control. That is why MDR 3.0 matters. It is not just a label for the next generation of providers. It is a way to understand a market that is moving from outsourced alert handling to intelligence-driven, cross-domain security operations with risk at its center. The winners will not be the loudest companies claiming MDR. They will be the ones that best align service, platform, response, and AI-assisted operations to the reality buyers are facing now and which help to quantity and recommend the remediation of identified risks.

In a market this crowded, dark horses are the companies that could meaningfully reshape shortlists because they are changing the rules, not just competing inside the old ones. MDR Dark Horses for 2026 Every MDR market conversation starts with the obvious names. CrowdStrike is still highly visible. Microsoft has enormous installed-base gravity. Palo Alto Networks continues to expand its footprint. But dark horses are not simply smaller vendors or long shots. In a market this crowded, dark horses are the companies that could meaningfully reshape shortlists because they are changing the rules, not just competing inside the old ones. That is the more interesting question for 2026. Before we tell you ours, which MDR provider do you pick? Here are our thoughts on dark horses for 2026 #1 The most compelling dark horse for 2026 is Google SecOps . Google  still enters many MDR conversations from an unusual angle. Plenty of buyers know Mandiant. Plenty know Chronicle. Plenty know Google Cloud. Fewer yet instinctively think of Google as the vendor that could climb MDR shortlists fast. That gap between capability and perception is exactly what makes Google SecOps such a strong dark-horse candidate. The case starts with the pieces Google already has: Google SecOps is explicitly positioned as an intelligence-driven, AI-powered operations platform. Mandiant gives it front-line incident response credibility and threat intelligence depth. Its Chronicle heritage gives it a strong story around large-scale data processing, search, and analytics. And Google has been getting more concrete about AI inside the SOC, including its Triage and Investigation Agent documentation, which describes an AI-powered assistant embedded in SecOps that evaluates alerts, executes an investigation plan, and provides a structured assessment grounded in Mandiant principles and industry best practices. That is more tangible than the broad AI promises many vendors are still making. Then there is Wiz. Google announced its agreement to acquire Wiz in March 2025, and on March 11, 2026, Google announced the deal had closed . Google has been explicit that the acquisition is about improving cloud security and supporting organizations building across multicloud and AI environments. That is critical because Wiz adds something Google SecOps needs in order to become more than a promising operations story: deep cloud exposure context. Wiz is strong in graph-based understanding of cloud assets, identities, attack paths, runtime risk, and code-to-cloud relationships. If Google operationalizes the Wiz context effectively inside SecOps workflows, it could significantly strengthen prioritization, investigation quality, and remediation guidance. This is why Google SecOps is the dark horse to watch. Many MDR conversations are still endpoint-forward. Google has a chance to push them toward a more cloud-native, intelligence-rich, AI-assisted model. Its upside is not simply that it can offer MDR-adjacent services. Its upside is that it could redefine what buyers expect from MDR by connecting SOC operations with cloud context, Mandiant-grade response expertise, and AI-assisted triage in a more unified way. There is still execution risk, of course. Google must prove it can translate impressive parts into a buying experience that is simpler, clearer, and more operationally compelling for customers. It must show that Wiz enhances the SecOps story in practice, not just on slides. And it must convince buyers that its AI capabilities improve analyst outcomes rather than add another layer of complexity. But that is exactly what makes a dark horse worth watching. The upside is real, and the market may not be pricing it in yet. #2 Our next dark horse is Sophos. Not because it is unknown, but because it is easy to underestimate. For years, Sophos was often viewed through the lens of midmarket strength and a more stack-centric model. That is why its Secureworks acquisition matters so much. By completing that deal in February 2025, Sophos added the Taegis platform and expanded its position in MDR in a way that strengthened both technology depth and enterprise relevance. Sophos now frames the combined company as a leading pure-play MDR provider supporting more than 28,000 organizations, with a platform that includes hundreds of built-in integrations. That is not a small tweak. It is a meaningful go-to-market shift toward greater openness, stronger operations, and broader appeal. Why does Sophos qualify as a dark horse? Because it is improving its odds of showing up in deals where it previously may not have made the final cut. Buyers that once saw Sophos as too tightly coupled may now revisit it as a stronger integration-plus-value play. If the company executes well on the Secureworks integration and successfully brings that platform and advisory depth into a more unified message, it could outperform expectations in 2026. The #3 name is Arctic Wolf , though it is arguably halfway out of dark-horse territory already. Arctic Wolf built its reputation as a service-led pure play, which made it attractive to buyers who wanted operational help without necessarily replacing their entire stack. What makes it more interesting now is its steady move toward deeper platform ownership. Revelstoke brought more automation and SOAR capability. Cylance added endpoint security depth. Aurora gives Arctic Wolf a clearer platform foundation underneath the service model. The result is a company that can still speak the language of managed outcomes while gradually owning more of the technical substrate. That matters because some buyers are tired of the old false choice between pure service and pure platform. Arctic Wolf is one of the firms most clearly trying to bridge that gap. It is a dark horse because it could appeal to organizations that want a partner-like operating model today, but do not want to be stuck with a limited service wrapper tomorrow. IBM deserves mention as a sleeper rather than a classic dark horse but we'll make them #4. IBM has global reach, enterprise credibility, and X-Force intelligence, but it is not the company most buyers point to when discussing who is redefining MDR. That is precisely why it is worth watching. IBM tends to matter most in large, regulated, globally complex environments where integration depth, consulting reach, and operational scale can outweigh market buzz. It may not reshape the narrative for the broader market, but in certain enterprise segments it can still change outcomes in a meaningful way. Which dark horses matter most heading into 2026? Sophos is the integration-and-value surprise. Arctic Wolf is the service-to-platform hybrid worth taking seriously. IBM is the sleeper for complex enterprise environments. Google SecOps is the one that could most dramatically change the conversation if buyers start prioritizing cloud context, AI-assisted investigations, and Mandiant-backed operations over traditional MDR packaging. On that basis, Google SecOps is not just a dark horse. It may be THE dark horse.

With contributions from Christina Richmond. The current escalation involving Iran, Israel, and the United States marks a clear transition in the doctrine of modern conflict. Military operations, economic disruption, and cyber activity unfold simultaneously and influence one another in real time. The conflict illustrates a broader transformation in geopolitical competition that has been unfolding in isolated silos; this war brings those dynamics together at once. Cyber campaigns influence public perception, economic stability, and operational resilience. Military operations, cyber campaigns, economic pressure, and information warfare now operate as interconnected elements of a single strategic environment. The result is a hybrid conflict landscape in which organizations far removed from the geographic center of hostilities still face meaningful operational risk. Digital infrastructure now sits directly inside the arena of geopolitical competition. For global enterprises, this shift carries significant implications. Networks, cloud platforms, supply chains, and public digital services have become extensions of geopolitical tension. Cybersecurity can no longer be treated purely as a technical discipline. It is increasingly tied to geopolitical instability, economic volatility, and the resilience of global infrastructure. Cybersecurity can no longer be treated purely as a technical discipline. The conflict involving Iran provides a clear example of what can be described as a hybrid frontline. Military operations extend beyond borders into cloud infrastructure, internet-facing applications, global logistics systems, and financial platforms that underpin everyday economic activity. Every organization connected to the global internet now operates somewhere along this frontier. The Convergence of Physical and Digital Disruption Thousands of Brits stranded in Dubai due to the conflict. Hybrid conflict often becomes visible first through disruptions in physical systems that are supported by digital operations. For example, airspace closures across the Middle East created the highest volume of flight cancellations since the COVID-19 pandemic. More than 100,000 British citizens were stranded in regional transit hubs as aviation routes across the region were disrupted. Energy markets experienced immediate volatility as well, with natural gas prices rising by more than ninety percent within forty-eight hours of the escalation. While these events are typically viewed as geopolitical or economic developments, they also create cybersecurity consequences that organizations frequently underestimate. Economic pressure often forces enterprises to reduce operating expenditures, including security budgets. At the same time adversaries intensify activity to exploit instability. The result is a cyber-economic feedback loop in which risk increases while defensive investment becomes constrained. Another illustration of the physical and digital convergence occurred on March 1-2, 2026, when two AWS data centers in the United Arab Emirates were directly struck and an AWS facility in Bahrain was damaged by a nearby strike causing outages in the region. The cloud is built on physical infrastructure. Data centers, fiber routes, power distribution systems, and satellite links remain vulnerable to disruption. A strike that damages a regional data center simultaneously disrupts every digital service dependent on that facility. E-commerce platforms, SaaS applications, supply chain systems, financial services, and government portals may all be affected at the same time. Cloud capacity pressure worldwide escalates in a rush to move workloads from in-region to Europe, U.S., and Asia regions. This convergence of physical and digital vulnerability has become one of the defining characteristics of modern hybrid conflict. The AWS UAE outages in March 2026 are significant examples of how physical conflict can disrupt global digital infrastructure. Critical Infrastructure and Systemic Exposure The immediate fallout from the conflict highlights how fragile civilian infrastructure can become when exposed to nation-state aggression. The shutdown of oil fields and key shipping routes which triggered the 93% spike in natural gas prices within forty-eight hours extends far beyond commodity markets. It affects manufacturing output, corporate investment, and national economic stability. Threat intelligence data indicates that adversaries increasingly target sectors capable of producing systemic disruption. The IBM X-Force Threat Intelligence Index 2025 shows that critical infrastructure organizations accounted for roughly 70% of all attacks the company responded to over the past year. Manufacturing has been the most targeted industry for four consecutive years due to its near-zero tolerance for downtime. Infrastructure disruption produces cascading consequences across digital systems. Manufacturing environments rely on operational technology, industrial control systems, and highly connected supply chain platforms. Even limited interruptions can ripple across global production networks. The geographic location of digital infrastructure therefore becomes a meaningful factor in cyber risk modeling. The vulnerability of regional cloud services during the conflict further illustrates how closely physical and digital systems are connected. The impact of the military strikes causing UAE AWS data centers to go offline extended well beyond regional infrastructure. Cloud outages propagate through global application ecosystems and affect organizations that may have no direct presence in the region. The geographic location of digital infrastructure therefore becomes a meaningful factor in cyber risk modeling. Events that disrupt physical infrastructure can produce immediate consequences for digital operations. The Speed of the Modern Adversary The threat environment surrounding these systems has also evolved dramatically. The 2026 CrowdStrike Global Threat Report recorded the fastest observed breakout time between initial compromise and lateral movement at 27 seconds. That figure illustrates how quickly attackers can move once they gain access to a network. The same research identified a 266% increase in cloud-focused intrusions conducted by state-aligned actors. These numbers highlight a difficult reality for many organizations. Traditional incident response models assume defenders will detect a breach, investigate the event, and then determine a response. When attackers can move across systems in less than half a minute, the opportunity for human-driven response becomes extremely limited. AI Bombing and the Acceleration of Cyber Conflict Artificial intelligence is accelerating both physical and digital dimensions of modern conflict. Reports from The Guardian indicate that AI-enabled targeting systems are influencing military operations by accelerating decision cycles in the physical battlespace. The news source illuminates AI-powered bombing that is quicker than "speed of thought." Similar acceleration is occurring within the cyber domain. Threat intelligence research indicates that attacks involving AI-assisted adversaries have increased significantly in recent years. CrowdStrike reports an 89% increase in activity associated with AI-enabled threat actors. Are drone strikes a thing of the past with new AI powered bombing? Automated reconnaissance tools can now scan public repositories, identify vulnerable workflows, and generate exploitation scripts with minimal human intervention. Autonomous agents capable of discovering and exploiting vulnerabilities are beginning to appear such as a n autonomous security research agent powered by claude-opus-4-5 reportedly which scanned GitHub for exploitable actions and solicited cryptocurrency donations. These capabilities shorten the time required to move from vulnerability discovery to exploitation. Combined with rapid breakout times, the effect is a compression of the defensive response window that many organizations have not fully accounted for. Threat Actor Ecosystems in Hybrid Conflict Cyber activity during geopolitical crises rarely involves a single category of adversary. Several actor groups typically operate simultaneously with different objectives. Hacktivist groups often appear first. Their operations include visible attacks such as distributed denial of service (DDoS) campaigns and website defacements intended to influence public perception and signal political alignment. Criminal organizations frequently exploit the uncertainty surrounding geopolitical events to conduct financially motivated operations. Ransomware campaigns, credential theft, and financial fraud often increase during periods of instability. State-aligned actors pursue different objectives. Their campaigns tend to focus on persistence and intelligence gathering. Targets frequently include energy infrastructure, telecommunications providers, and defense contractors. In many cases the goal is long-term access rather than immediate disruption. Threat intelligence reporting also suggests that some nations use regional conflicts as environments in which to test new techniques. China-linked threat actors have increasingly focused on exploiting edge devices such as routers, firewalls, and VPN gateways. These systems often lack the telemetry and monitoring capabilities present on endpoint devices, making them attractive platforms for maintaining covert access. Implications for Global Organizations For most enterprises, the most important lesson from the current conflict is that geographic distance does not guarantee digital isolation. Organizations across North America, Europe, and Asia rely on digital infrastructure connected through global cloud providers, telecommunications networks, logistics platforms, and financial systems. These systems form a tightly coupled ecosystem in which disruptions can propagate rapidly. Public-facing applications represent one of the most immediate exposure points. APIs, authentication systems, customer portals, and e-commerce platforms act as critical operational interfaces. Their compromise can affect revenue, brand reputation, and customer trust within minutes. Identity infrastructure has become equally important. Credential-based attacks now represent a significant portion of successful breaches, which means authentication monitoring and identity protection must play a central role in modern defense strategies. Enterprises must also evaluate the physical dependencies underlying their digital services. Data center locations, cloud regions, network routing paths, and energy availability all influence operational resilience. Events that disrupt physical infrastructure can produce immediate digital consequences. The Emerging Definition of Resilience The lessons from the current conflict environment extend well beyond the Middle East. Hybrid conflict environments challenge traditional assumptions about cybersecurity. Cybersecurity can no longer be treated as an isolated technical function. It intersects with geopolitical risk, economic stability, and the resilience of global infrastructure. Organizations must assume that periods of geopolitical instability will produce both physical disruptions and digital attacks. Public-facing applications, identity systems, and cloud infrastructure represent the most immediate exposure points. Resilience in this environment requires understanding how physical and digital disruptions interact within global technology ecosystems.

A year ago when we started recording our weekly cybersecurity podcast - Cyber Sidekicks - guests on the show didn’t often mention AI agents. Security practitioners mentioned AI in generally positive ways, mostly with regard to the benefits of automation, threat identification, and its potential as an efficient way to process lower-level detection and response tasks. One year later, the topic of Agentic AI is core to almost all discussions with our guests. It is the most mentioned issue when we ask “what keeps you up at night?”. Something has changed: aspects of AI agents are considered beneficial, but they are also seen as something of a curse, reflecting the capabilities of the technology, while acknowledging the complexities of dealing with AI-armed attackers. The prospect of having semi-autonomous agents perform tasks at a speed and scale that would require many hundreds (or thousands) of security analysts is compelling. Used as a complement to a SOC’s existing capabilities, agents can already improve core detection and response rates, strengthening defensive perimeters and time-to-response commitments. A New Identity? But it is those very capabilities - the ability to perform actions independently, to participate in and drive workflow tasks like a fellow team-member would - that magnify potential vulnerabilities for organisations, their security service providers, and customers. Prior to AI agents being used, identity management was already a complex task. With policies in place and multi-factor authentication (MFA) enforced however, human and non-human (e.g. services) identities were somewhat better defined. With AI agents increasingly becoming the dominant non-human identity, it becomes much more difficult to separate their functions from those that require a degree of context to accurately establish their identity permissions. Some in the security community believe that the old structure has to change from a binary model to a more abstract and contextual one. For complex and tricky threat intelligence triage, there may be a certain amount of risk that SOC analysts must assume on an ongoing basis in order to gain the productivity of their AI agents: treat agents as if they were human, with all the complexity, nuance and unpredictability that goes along with it. The Agentic Risk There is no denying the advantages of speed and scale that AI agents can potentially bring to conventional cybersecurity. But does this mean that the “Agentic SoC” is inevitable and something that CISOs should embrace? While AI agents are increasingly being used to bolster defensive capabilities, bad actors are using the same tools to enhance their offensive powers: Agents are sent to harvest exposed credentials in a fraction of the time that conventional means can. LLMs are leveraged to automate network/note reconnaissance using malicious code - a form of “LLMJacking”. Prompt injection attacks are mounted to exfiltrate sensitive or personal information. MCP servers are tapped at the point where agents are communicating confidential data. Most recently, OpenClaw’s MoltBook - effectively a social network for AI agents - has been shown to be vulnerable to bot-to-bot prompt injection and data leaks via an exposed API key (amongst other things). If AI agent use is as pervasive as it appears to be, the interactions between them will accelerate exponentially. It could be argued that the assumed risk that human operators will have to accept in order to continue to benefit in terms of AI agent productivity will also increase. Offense vs. Defense If bad actors are using the same AI tools as SOC analysts, we can expect faster, more numerous and increasingly complex attacks. At the same time, we are already benefiting from faster, more accurate and extensive threat take-downs. Using a medieval analogy, does this mean that defenders should build their castle walls higher and thicker, or put in more traps and deadly weapons to repel attackers? Both are important. Threat intelligence activities are becoming more offensive in nature: taking a proactive approach to activities such as threat hunting, red teaming and dark web monitoring should be an even more important part of everyone’s security strategy when faced with AI agents used for ill gain. All levels of the technology ‘stack’ are vulnerable - from the cloud, through apps, browsers, APIs, MCP servers, all the way down to the code level. AI tools and agentic AI use means that all points of entry into our digital infrastructures are potentially now open to attack. The Gist The debate around the use of AI agents in the context of maintaining robust security is again highlighting the cyclical nature of technology adoption. The same challenges presented themselves when firms migrated workloads to cloud infrastructure, when they started using SaaS apps, and developers interacted with API's. Today however, the challenges are more complex with the adoption of AI and AI agents. As part of a modern cybersecurity strategy, autonomous AI agents can bring significant operational efficiencies, but magnify the risk of vulnerabilities if they are given access permissions that are closer to a human identity. At the same time, new forms of cyber attacks are targeting such agentic behaviour, but restricting agents’ access limits their productivity. A more context-based model for AI agent identity is required - an approach that we already have with human identities. The reality is that bad actors are already using AI agents offensively. It is inevitable that security teams need to use them too - not just defensively but in a much more proactive way - to combat the growing, insidious threat of AI-armed attackers. You might also be interested in: Stealth AI, Defensive Agents & Quantum Resilience: The 2026 Cybersecurity Battle Lines are Drawn

Global security vendor Sophos has announced its intention to purchase cyber assurance specialist Arco Cyber in a move it says will help companies strengthen their cybersecurity strategy and overall governance. Sophos has positioned the acquisition as a key part of its “Sophos CISO Advantage” proposition, a set of capabilities it says will equip customers with security operations management using agentic AI, integrated platforms, and trusted human expertise delivered via its channel partner network. Assuming the acquisition closes, Sophos believes that agentic and AI-assisted systems now make it possible to deliver what it calls “real-time insight into control performance”, while retaining human oversight. The planned purchase of Arco Cyber will mark Sophos’ first acquisition of 2026, but the company has completed more than 20 acquisitions since its foundation – most notably SecureWorks in Feb 2025 for $859 million, bolstering its MDR and XDR offerings. Other acquisitions prior to SecureWorks have been relatively small, although in 2008, Sophos bought Utimaco for $314 million and snapped up Rook Security in 2019, effectively making Sophos a player in the MDR market. Financial details of the proposed purchase of Arco Cyber have not been announced. Why Arco Cyber? UK-based Arco Cyber is a provider of cybersecurity assurance tools, with skills in compliance, advisory and consulting services. Founded in 2022 by former Softcat executives Matt Helling and Adam Louca alongside Datamango CEO Graham Sawell, Arco is a small vendor but says it has “more than 800 customers” . The company’s core offering is an agentless SaaS platform that Arco says provides real-time, data-driven insights to help CISOs and security teams measure, manage and reduce cyber risks. The company offers a “Free” version of its platform that has relatively limited functionality, as well as three additional paid tiers: “Core”, “Advanced” and “Enterprise”. Arco Cyber’s “Origin Story” is rooted in what the founders observed as a need to tackle the increase in cyber risk facing companies. The management team points out the challenge of addressing real-time security issues, and the overload of data from multiple security dashboards. The problem as they see it has been the lack of an overarching context to advise on the questions of “what should we do?”, “how is my cybersecurity operation working?” and “where are the gaps?”. Sophos: a legacy of security innovation One of the big names in security globally, Sophos is a UK-based firm that has been around since the mid-1980s, initially developing and selling encryption and anti-virus tools. Today, Sophos has a broad range of products and services – particularly for MDR/XDR, incident response and endpoint security. Sophos has a channel-led sales model with a sizable partner program, and is well-known by MSPs, MSSPs and VARs in the cybersecurity industry. In 2015 the company was floated on the UK’s FTSE but became a private company again in 2020 when it was bought by Thoma Bravo for $3.9 billion. The return to private ownership seems to have suited the firm. Thoma Bravo has a strong interest in identity security - it also owns Darktrace, Proofpoint, Sailpoint, Ping and others - and more recently AI-driven security. The Gist Although it is only mid-February (at time of writing), acquisition activity in the cybersecurity market is already apace. With industry publication SecurityWeek cataloging thirty-four M&A deals in January 2026 - versus the forty-five reported in January 2025 - the year has started slightly slower, but indications are that the 400+ deals made in 2025 could be equaled or even exceeded. Unlike its purchase of SecureWorks, the addition of Arco Cyber brings a much smaller but more strategic approach to Sophos’ portfolio of assurance, governance and risk offerings. As regulatory pressures increase, and reporting requirements become more complex, Sophos’ channel partners will benefit from an expanded platform of services it can bring to the table when strategic security discussions take place with customers. In particular, this addresses many of the challenges facing mid-market and sub-large enterprise firms: the relative rarity of the CISO role, with the majority of companies reliant on a non-C-level, IT management function. As such, the ‘virtual CISO’ role plays well with a partner-based route to market - taking the value proposition that MSPs and MSSPs can offer to a much higher level. If the deal closes, and the integration of Arco Cyber works out as planned, Sophos has the potential to show that small can also be mighty.

For over a decade, Zscaler was defined by one foundational idea: eliminate implicit trust from the network. Its Zero Trust Exchange became the architectural blueprint for cloud-era security, shifting enforcement away from firewalls and onto identity, device posture, and application context. Do we implicitly trust or block? But between 2025 and 2026, Zscaler embarked on a consequential shift. It stopped simply securing access to applications and began moving toward securing the systems making decisions inside them. Through three acquisition moves— Red Canary , SplxAI , and SquareX —Zscaler has signaled a strategic evolution from a network-centric Zero Trust provider into a platform attempting to secure what might be called the logic layer: the behavioral, operational, and increasingly autonomous layer where humans and AI agents interact, reason, and act. These moves align with two parallel transformations occurring across enterprise security: the transition toward MDR 3.0 and the emergence of Agentic AI as both a force multiplier and a new attack surface. The critical question, however, is not whether this shift is strategically logical. It is whether it is executable—and whether controlling access can naturally extend into controlling behavior, reasoning, and autonomous action. These acquisitions suggest Zscaler is positioning itself not just to enforce Zero Trust, but to participate in—and potentially secure—autonomous trust. Whether this becomes a durable competitive advantage remains to be seen. Move 1: From Prevention to MDR 3.0 Red Canary and the Attempt to Move Up the Detection Stack Zscaler’s acquisition of Red Canary in 2025 marked its most visible expansion beyond prevention and into full lifecycle security operations. Historically, Zscaler’s role ended at access control and threat prevention. Detection and response remained the domain of endpoint vendors, SIEM platforms, and managed service providers. Red Canary changes that boundary and places Zscaler squarely into one of the most crowded and consolidating segments of cybersecurity. But an important nuance is that Red Canary does not provide its own endpoint detection and response (EDR) agent. Instead, it operates as an aggregation and operational layer, integrating telemetry from third-party EDR, identity, cloud, and SaaS platforms—including many of Zscaler’s direct competitors. At first glance, this might appear to be a limitation. But in the context of MDR 3.0, it may actually be the point. Red Canary fits MDR 3.0 precisely because MDR 3.0 is less about owning the telemetry source and more about: Correlating telemetry across identity, network, endpoint, SaaS, and cloud layers Interpreting behavior across those layers rather than within any single one Understanding business risk context—not just technical compromise indicators Driving response actions across tools, systems, and workflows MDR has matured from 1.0 - 2.0 and now 3.0 Earlier MDR models, MDR 1.0 and MDR 2.0, were closely tied to endpoint telemetry dominance. The underlying assumption was that the endpoint or infrastructure agent provided the most complete and authoritative view of attacker behavior. But enterprise architecture has shifted. Critical workflows now occur across SaaS applications, identity systems, APIs, and browser sessions, often without traditional endpoint visibility. In parallel, AI agents are beginning to interact with enterprise systems independently of endpoints altogether. As a result, MDR 3.0 focuses less on owning the telemetry source and more on owning the correlation and decision layer—the layer that interprets signals across fragmented systems and translates them into operational decisions. From this perspective, Red Canary provides Zscaler with something arguably more valuable than telemetry: the operational capability to interpret and act on signals across heterogeneous environments. This aligns naturally with Zscaler’s own architectural position. Zscaler already observes identity and traffic behavior inline. Red Canary adds the ability to operationalize and respond to those signals in coordination with endpoint, identity, and cloud platforms. The strategic bet then implicit in this acquisition is that the long-term control point in security will not be the telemetry sensor itself, but the system that interprets and acts on telemetry across all sensors. Whether that layer can remain independent—or will ultimately collapse back into vertically integrated platform vendors—remains an open question. The Gist: Detection Is Moving Closer to the Decision Layer But That Layer Is Fragmented The integration of detection into Zscaler’s inline enforcement fabric reflects a broader shift in security operations. Security is no longer about collecting more telemetry. It is about understanding behavior at the point where decisions are made. This becomes especially important as enterprise environments become more fragmented. Users operate from unmanaged devices. Applications reside in SaaS environments. AI agents interact with enterprise systems autonomously. And, the traditional endpoint is no longer the primary source of truth. Instead, the interaction layer—where identity, application, and data intersect—becomes the most reliable observation point. The interaction layer becomes critical. Zscaler’s architecture gives it a natural vantage point here. It can observe activity regardless of endpoint ownership, device management status, or infrastructure location. But whether this vantage point is sufficient to fully rival endpoint-native detection platforms remains uncertain. Infrastructure telemetry still provides system-level context that access-layer visibility alone may not capture. Zscaler is betting that instead of telemetry ownership, correlation and interpretation will ultimately define MDR platform leadership. That bet is directionally sound, but its defensibility is still unfolding. Move 2: Agentic AI Requires Securing Reasoning, Not Just Access SplxAI and the Attempt to Secure Autonomous Actors While Red Canary enables behavioral detection, SplxAI addresses a new and rapidly expanding risk surface: AI agents themselves. The emergence of Agentic AI represents a structural shift in enterprise computing. AI systems are no longer passive tools responding to user input. They are becoming operational actors capable of initiating actions, accessing data, and executing workflows autonomously. This introduces a fundamentally new security challenge. Traditional security models assume actions originate from human users. AI agents blur that distinction. They operate with legitimate credentials, access authorized systems, and perform approved tasks. Yet their reasoning can be manipulated. Prompt injection, data poisoning, and reasoning manipulation attacks do not exploit infrastructure vulnerabilities. They exploit logic vulnerabilities. SplxAI enables Zscaler to monitor and potentially secure these reasoning processes. This moves security beyond protecting infrastructure into monitoring decision-making itself. But this also introduces an execution challenge. AI reasoning is probabilistic, opaque, and highly contextual. Securing it reliably, without disrupting legitimate workflows, is still an unsolved technical problem across the industry. The Gist: Agentic AI Is Both Security Multiplier and Security Risk Agentic AI is already transforming security operations. AI agents are increasingly used to triage alerts, investigate anomalies, and automate response workflows. This is a foundational component of the move from MDR 2.0 to MDR 3.0. Where do our AI friends live? How can we monitor them? Security operations can no longer scale through human analysts alone. AI agents must augment detection, investigation, and response. But this introduces a paradox. The same AI agents that improve detection efficiency also become potential targets themselves. If an attacker can manipulate an AI agent’s reasoning, they can influence security decisions. SplxAI represents an early attempt to address this risk by working to secure these agents as operational entities. This will become essential as AI transitions from assistant to autonomous participant. SplxAI positions Zscaler alongside vendors investing heavily in AI security, including Palo Alto Networks and Microsoft. But Zscaler’s advantage may lie in the integration because Zscaler already controls access and traffic flows. With this acquisition the goal is to enforce security policies across both human users and AI agents within a unified control fabric, which may, if done well, create a platform capable of securing both the actors and the decisions they make. Whether defenders can secure autonomous systems as quickly as attackers learn to manipulate them remains a critical open question. Move 3: The Browser Becomes the Operational Surface for Humans and Agents SquareX and Enforcement at the Interaction Layer SquareX and the Re-Emergence of the Browser as a Control Point Zscaler’s acquisition of SquareX in 2026 reflects another structural shift: the browser is becoming the primary execution environment for enterprise work. Yes, applications run in SaaS platforms, and Richmond Advisory Group contends that SaaS is still a relevant entity. However, AI agents operate through browser interfaces. Data access, manipulation, and decision-making increasingly occur within browser sessions making the browser an attractive target for attackers and serving as a relevant environment to monitor and defend. Concurrently, the traditional endpoint operating system is becoming less relevant as a security control point. SquareX allows Zscaler to enforce policy and observe behavior directly within the browser itself. This positions the browser as both an enforcement point and telemetry source, which is particularly relevant as AI agents interact with enterprise systems through browser-driven workflows. Securing the browser allows Zscaler to monitor these interactions at the exact point where actions originate. But endpoint vendors and browser providers themselves are also expanding native visibility and enforcement capabilities. Whether browser-layer security becomes an independent control plane, or remains subordinate to endpoint and identity platforms, is still unresolved. It seems Zscaler is betting that the browser will become a primary enforcement surface. That outcome appears increasingly plausible—but far from guaranteed. The Gist: Zscaler Is Expanding Up the Stack But So Are Competitors Taken together, these acquisitions form a coherent strategic direction. Zscaler is building a platform intended to: Observe behavior continuously (Red Canary) Secure AI reasoning processes (SplxAI) Enforce policy at the interaction layer (SquareX) This aligns closely with MDR 3.0, where detection, response, and prevention operate continuously across behavioral and decision layers. But Zscaler is not alone in pursuing this architecture. CrowdStrike is extending upward from the endpoint. Microsoft is extending outward from identity and operating systems. Palo Alto Networks is extending from network enforcement into behavioral and AI-driven SecOps. Each vendor is expanding toward the same logical destination: control of the decision layer. Zscaler’s architectural starting point in access control gives it a credible path forward, but it is not the only viable path. The Open Question: Can Zscaler Own the Logic Layer Without Owning the Telemetry Layer? Zscaler’s acquisitions in 2025 and 2026 represent a clear attempt to move upward in the security stack from controlling access to influencing detection, reasoning, and autonomous action. But this strategy introduces structural dependencies. Because Red Canary relies heavily on integrations with third-party telemetry providers, including endpoint, identity, and cloud vendors that compete directly with Zscaler, the long-term viability of this model depends on continued ecosystem cooperation. Competitors such as Microsoft, CrowdStrike, and Palo Alto Networks are increasingly pursuing vertically integrated platform strategies. Each has strong incentives to keep detection, response, and telemetry correlation within their own ecosystems. If those vendors begin restricting integration depth, limiting telemetry access, or steering customers toward native detection and response offerings, Red Canary’s, and by extension Zscaler’s, visibility could erode over time. Equally important is the customer dimension. Many Red Canary customers today rely on it as an independent, vendor-agnostic detection and response provider. Following the acquisition, some customers may question whether that neutrality persists—particularly if they are using endpoint, identity, or cloud platforms that compete directly with Zscaler. This introduces a real risk of customer attrition not because Red Canary’s technical capabilities diminish, but because its perceived independence may. In effect, Zscaler’s move into MDR 3.0 strengthens its position in the logic layer but also increases its dependence on telemetry sources and ecosystem relationships it does not control. The defining security question may no longer be who owns the endpoint, the network, or even the identity system. It may be who owns the interpretation layer—the system that translates signals into decisions. Zscaler is betting that layer can remain independent. Whether competitors and customers allow it to remain so will ultimately determine how successful that bet becomes. The Future of Security Lies in Controlling Autonomous Trust Zscaler’s acquisitions in 2025 and 2026 represent a strategic move in this direction Security is no longer defined solely by preventing access or detecting malware. Rather, it is defined by understanding behavior, both human and machine alike. As AI agents become operational participants in enterprise workflows, security platforms must monitor and secure decision-making itself. Will humans and machines merge? Zscaler’s expansion into detection, AI security, and browser enforcement reflects a recognition that the logic layer is becoming a necessary control surface. The defining security question is no longer who controls infrastructure. It is who secures autonomous action. Through Red Canary, SplxAI, and SquareX, Zscaler is positioning itself to answer that question.

In an ambitious start to the new year, CrowdStrike has kicked off its 2026 M&A activity with two  announcements in January. The global cybersecurity provider says that it intends to purchase identity security vendor SGNL, as well as browser runtime security vendor Seraphic Security. A move like this so early in the year has taken many by surprise: January is one of the quietest months in the tech industry, marking a post-holiday emergence replete with inbox-cleaning, budget discussions and newfound resolutions. CrowdStrike clearly felt however that the time was right to make these announcements, and in doing so set the bar for other vendors looking to expand their portfolios and platform capabilities. Why buy SGNL and Seraphic Security? CrowdStrike’s first announcement came on 8th January. In addition to a press release, Michael Sentonas – CrowdStrike’s President – wrote a detailed blog post  about the reasons for acquiring SGNL. It’s clear that a key factor in the decision is the plan to evolve its security platform to address the modern risks posed by an explosion of human, machine, and AI agent identities across cloud environments. CrowdStrike believes that the transition from what it calls the outdated, static security models toward continuous, context-aware authorization is required in order to evaluate risk signals in real time to grant or revoke access. This strategy focuses on achieving what Sentonas calls “zero standing privileges”, a scenario that ensures that users and autonomous bots only possess high-level permissions for the specific duration of a task. Ultimately, the objective of the integration is to create a unified identity fabric designed to proactively stop breaches by securing the entire lifecycle of digital identities in an increasingly complex, AI-driven landscape. A matter of days after the SGNL announcement, CrowdStrike outlined its intent to acquire Seraphic Security, citing plans to integrate the firm’s browser-native protection directly into its Falcon cybersecurity platform. CrowdStrike says it aims to eliminate security blind spots by securing the modern web browser, which it believes “has become the primary workspace for both human employees and AI agents” By combining Seraphic’s technology with real-time telemetry and identity authorization, CrowdStrike says it can enforce Zero Trust policies within any browser session without forcing users into restrictive, specialized software. Ultimately, this integration will allow for the dynamic monitoring of data flows and the prevention of sophisticated threats, such as session hijacking and unauthorized data exfiltration, across both managed and personal devices. A history of acquisitions CrowdStrike is no stranger to the purchase of other firms, falling into the “serial acquirer” category populated by the likes of Google, Palo Alto Networks and others. Should both acquisitions close, Seraphic will be CrowdStrike’s 12th purchase since Payload Security in 2017, and starting in 2020 the firm has accelerated these activities. This has included buying Israeli cloud security startups Flow Security (estimated $200 million) and Adaptive Shield (estimated $300 million) in 2024, followed by Spanish telemetry pipeline management firm Onum (estimated $290 million) in 2025. While the transaction values of the most recent deals have not been officially disclosed by CrowdStrike, it is being widely estimated that the Seraphic deal is worth $420 million and the SGNL deal $740 million should they close. This puts CrowdStrike’s spend on acquisitions at around $2 billion dollars since 2024 – a not insignificant number - but one dwarfed by the likes of Palo Alto Networks (purchasing CyberArk for $25 billion), Google (buying Wiz for $32 billion), and Cisco (acquiring Splunk for $28 billion). It seems odd that a spend of $2 billion is now seen as relatively modest, but the flow of capital offered by private equity and other investment - particularly where AI tools and technologies are involved - has accelerated since 2023. As if proof were needed, banking giant Goldman Sachs’ fourth quarter 2025 profits beat Wall Street expectations, with the bank saying it had advised on $1.48 trillion in total volume of deals and raking in $4.6 billion in fees during the year. Success and scrutiny As one of the industry’s “big boys”, CrowdStrike has a rich history of innovation and successful security protection of many thousands of customers – including government and public sector firms. Following its June 2019 IPO, total annual revenue grew significantly - from $481 million in FY 2020 to $3.95 billion in FY 2025. At the same time, the firm has seen some controversy: a significant outage in July 2024 was caused by a “defect found in a Falcon content update for Windows hosts”  resulting in widespread disruption for healthcare providers, emergency service operations and banking systems worldwide. While not unique to CrowdStrike, such outages highlight the dependency we have on a handful of firms such as CrowdStrike to operate our critical infrastructure, and the vulnerabilities when something like this happens. The episode also prompted a renewed discussion in the wider industry around the importance of resiliency – a timely and important debate given the increase in external attacks on critical infrastructure in general. The Gist CrowdStrike’s intent to acquire Seraphic Security and SGNL goes some way to addressing the risks posed by an increasingly agentic workforce. These acquisitions will help the firm integrate enterprise browser protection with continuous identity authorization, the result being a more effective way to eliminate standing privileges across cloud and endpoint environments - if integrated well. Global security service providers are racing to maintain their market lead since the advent of GenAI and the rapid increase in use of AI Agents by attackers and defenders alike. Acquisition has always been a key strategy for inorganic growth, but the accelerated nature of AI adoption means it has become essential for vendors to keep ahead of a threat actor’s ability to quickly generate and scale attacks using agents and advanced automation. Even those companies that focus on product and IP development – as opposed to managed services – find it essential to acquire point capabilities to add to their own platform’s offerings. CrowdStrike’s success and its prominence as a leading global provider is a benefit as well as a challenge. High-profile public outages may affect share prices in the short-term, but long-term confidence is what markets and prospective customers alike seek in today’s uncertain world. Beefing-up its Falcon platform with additional functionality that addresses AI-specific vulnerabilities is a good move for CrowdStrike, but the integration will take time – assuming both acquisitions close. Given the pace of adoption and planned use of AI agents globally, we believe this is unlikely to be the last AI-related acquisition that the company makes this year…

The AI Productivity Paradox The corporate gold rush to deploy autonomous AI agents is creating a cavernous and largely unacknowledged security vacuum. In the pursuit of frictionless productivity, organizations are quietly handing the keys to helpers that operate in a logic layer far beyond traditional security controls. This isn’t a theoretical concern. Looking ahead to 2026, Wendi Whitmore , Chief Security Intelligence Officer at Palo Alto Networks , has warned that autonomous agents are poised to become the new insider threat . Not because they are malicious, but because they are trusted, privileged, and increasingly autonomous. Just weeks after that warning gained traction, the ServiceNow “BodySnatcher” vulnerability turned prediction into proof. Non-human identities are the new insider threat. The incident demonstrated how an AI agent, operating entirely within expected permissions, could be exploited to impersonate users and trigger cascading access across enterprise systems, without passwords, without MFA, and without ever “logging in” as a human. The flaw didn’t live at the perimeter. It lived in the logic layer. As discussed in recent episodes of the Cyber Sidekicks  podcast, this is the AI productivity paradox in action: the more we trust agents to reason over our data, the more we expose ourselves to a form of insider risk that our existing controls were never designed to stop. The New Insider Threat: It’s Not Who You Think Looking ahead, the most significant risk to the enterprise won’t be a rogue employee or a sophisticated phishing ring. It will be the systems we explicitly trust. These agents are effectively privileged users that don’t know how to say “no.” They operate inside the firewall , using a human user’s permissions, but without human judgment, skepticism, or contextual restraint. They can transform data, move it across systems, summarize it, enrich it, or expose it without a single malicious command ever being issued. As Whitmore framed it, executives now face the challenge of securing an expected surge of autonomous agents that operate and reason over corporate data on behalf of users . This flips the security paradigm on its head. We are no longer just hunting bad actors but governing autonomous logic. And we'd better do it fast. The ServiceNow Vulnerability: A Masterclass in Integration Failure That abstract risk crystallized in late 2025, when ServiceNow  delivered what may become the canonical case study in agentic security failure. Researchers characterized the flaw—later tracked as CVE-2025-12420 —as one of the most severe AI-driven vulnerabilities uncovered to date. Not because the AI “thought wrong,” but because of how it was wired . Do we know where all our legacy systems reside and what they contain? ServiceNow had bolted its modern Now Assist  agentic AI onto a legacy virtual agent chatbot framework that was lightly guarded and broadly trusted. This is the danger of shadow legacy systems : building 2026-grade intelligence on 2016-era plumbing. When sophisticated agents are layered over old, under-secured backends, those legacy interfaces become high-speed backdoors into the enterprise orchestration layer. This wasn’t a model problem. It was an architectural one. This is the danger of shadow legacy systems: building 2026-grade intelligence on 2016-era plumbing. The exploit’s elegance is what makes it so unsettling. Attackers could impersonate a legitimate user—and in some cases seize full platform control—using nothing more than a valid email address. This is a strategic nightmare that renders traditional security staples like passwords and Multi-Factor Authentication (MFA), completely irrelevant. For more than a decade, security leaders have sold MFA to boards as the silver bullet. This vulnerability proves that when the flaw lives in the logic and integration layer, identity controls at the login screen become irrelevant. MFA protects authentication. It does not protect delegation. Once an agent is authorized to act, identity becomes an input variable , not a gate. The vulnerability didn’t break MFA, it simply bypassed the entire concept by operating above it. This is the true meaning of “MFA killer.” Not that MFA is useless, but that it was never designed to govern autonomous reasoning in the first place. The Domino Effect: From ServiceNow to the Enterprise In a modern SaaS environment, logic failures rarely stay contained. They propagate through the orchestration layer. An orchestration layer provides opportunity for the perfect domino effect. ServiceNow isn’t just another application—it’s a coordination hub. When an agent operating inside it is compromised or abused, the blast radius extends immediately outward into connected systems. In this case, researchers highlighted potential downstream exposure across: Salesforce environments Microsoft ecosystems (including identity, collaboration, and productivity services) This is why agent breaches are never “local incidents.” A single flaw in how an agent reasons, invokes tools, or chains actions can trigger a domino effect that compromises multiple pillars of the digital enterprise simultaneously. The agent doesn’t need to move laterally. The platform already has. Why This May Keep Happening: Agents Live Above Our Controls What the ServiceNow incident made painfully clear is that we are securing the wrong layer : Agents don’t behave like users. They don’t authenticate like applications. They don’t respect boundaries the way humans do. In December 2025, OWASP  formalized this shift with its Top 10 for Agentic Applications , naming risks like privilege abuse , tool misuse , and goal hijacking  as primary failure modes. That list reads less like a future warning and more like a post-incident report because, as OWASP contributors understand, this is happening now . The highest-impact agent failures aren’t model hallucinations—they are authorization without friction , capability without constraint , and reasoning without oversight . Securing the Autonomous Frontier We are entering a transition from traditional software breaches to agentic failures where damage occurs not because someone broke in, but because something (let's recall it is not a someone please) was allowed to act too freely . As autonomous agents become the default interface to corporate data, security programs must evolve from guarding doors to governing decisions. Is this identity human? Hard to tell. That means: Treating agents as non-human privileged identities , with explicit ownership, scoped permissions, and lifecycle management Enforcing supervised execution  for high-risk actions like data export, permission changes, or cross-platform orchestration Segmenting agent tools the way we segment networks—no universal toolbelts Instrumenting the orchestration layer to detect abnormal chaining, not just credential misuse Auditing “shadow legacy” interfaces that can invoke modern agent workflows This is not about slowing innovation. It’s about recognizing that autonomy is  authority. And, we should pay attention to shared ownership of AI tools and "shadow" relationships this broad ownership can engender. Just like the early days of SaaS where everyone and their pet monkey stood up new services, everyone is again standing up AI and agentic AI capabilities. The Insider Threat Has Changed Faces When Wendi Whitmore warned that autonomous agents could become the new insider threat, the implication was subtle but profound: the next major security failures wouldn’t come from compromised credentials or disgruntled employees—but from delegated intelligence operating exactly as designed . The ServiceNow breach confirmed that reality. Here was a privileged AI assistant, embedded inside the enterprise, capable of acting across systems, and vulnerable not because MFA failed but because MFA was never in scope. The exploit bypassed authentication entirely by abusing trust, delegation, and integration logic. Identity controls held. The reasoning layer did not. That is the uncomfortable truth security leaders must now confront. In 2026, the most dangerous “insider” may not be a person at all. It may be a well-intentioned agent with too much authority, too little supervision, and unfettered access to the orchestration layer that binds the enterprise together. The Question Boards Should Be Asking As you evaluate your organization’s roadmap for 2026, the critical question is no longer: “Do we have MFA?” It is: “Can one of our AI agents cause catastrophic damage without ever logging in?” The ServiceNow incident suggests the answer is already yes. And that means the insider threat has officially changed faces.

Managed detection and response (MDR) is a mature market. Buyers know what “good” looks like. Providers know what they must deliver. The industry has clearly entered a period of rapid consolidation and realignment. Against that backdrop, LevelBlue’s acquisition of Alert Logic’s MDR business from Fortra may look, at first glance, like another tuck-in in an increasingly crowded market, one where a larger company purchases a smaller company—often with similar products, services, or customer segments—and fully absorbs it into its existing operations, dismantling the target's brand and structure. And this may ultimately be the case, but “tuck-in” does not fully reflect the strategic reality of the deal. This deal (and others LevelBlue has recently crafted) is a deliberate separation of software and services, with a broader intent to find and put to better use technologies that don’t quite fit where they landed. This signals further maturation in this already-consolidating industry and a movement to grab good tech that might otherwise fail.  Rehoming Good Technology In cybersecurity, strong technologies do not always fail because they lack capability. More often, they struggle because they are placed inside organizations whose business rhythm does not match their operational needs. When that happens, otherwise viable technologies stop “breathing,” meaning research and development diminishes, attrition of good talent occurs, and revenue declines. LevelBlue’s approach to M&A resembles what might be described as a rehoming of good tech. LevelBlue appears to actively look for these assets that require some resuscitation, like Alert Logic and Cybereason, that retain strong DNA, proven teams, and market relevance, but perhaps lacked the right environment to thrive. The root cause of respiratory arrest is often business rhythm. Software-centric organizations optimize for product velocity, transactional sales, and channel scale. Managed services operate on a fundamentally different cadence, one which requires continuous operations, human expertise, and accountability for outcomes. When Alert Logic was folded into a software-first organization, in Richmond Advisory’s opinion, it became an orphaned asset. Inside LevelBlue, it becomes more core to its original services mission. MDR Has Matured and That Changes the M&A Equation Just a few years ago, providers defined MDR very differently, with inconsistent tooling assumptions and outcome promises that made consolidation far more difficult than it is today. Vendors differentiated themselves primarily by how detection and response were implemented, what technologies were used, and what “response” meant. Integration risk was high, customer expectations varied widely, and tuck-in acquisitions were often where tech went to die (e.g. Cylance within Blackberry). This rescue strategy is only possible because the MDR market itself has matured. That environment has changed. Buyers now expect a relatively standard set of outcomes: detection, investigation, response, reporting, and continuous improvement regardless of the underlying technology stack. That normalization has lowered integration risk and made acquisitions like Alert Logic not just viable, but logical. Alert Logic fits cleanly into this more mature MDR landscape as a part of an MSSP. Its service delivery model, operational rhythm, and customer expectations align well with LevelBlue’s existing platform. This is not a reinvention exercise; it is a reinvigorate and incorporate play. Scale Matters but Coverage and Continuity Matter More The acquisition undoubtedly strengthens LevelBlue’s position among the world’s largest MDR providers. But scale alone is not the most important takeaway. What matters more is coverage and continuity. Alert Logic extends LevelBlue’s reach into the mid-market and SME without forcing the company to dilute its enterprise-grade operating model. Historically, Alert Logic performed well in environments that needed reliable detection and response but were not ready for heavyweight enterprise complexity. Cloud-centric deployments, self-service-friendly models, and “SIEM-lite” approaches filled a real gap in the market. That capability complements LevelBlue’s enterprise footprint and creates a natural growth path. As customers mature, their needs increasingly map to deeper MDR services, consulting, and adjacent managed offerings. They don’t wish to replace one product with another but rather preserve continuity across the customer lifecycle. Software–Service Separation and a Mid-Market Opportunity With this news, Fortra intentionally pivots toward a pure-software, channel-first strategy under the “Fortra Protect” banner. LevelBlue, by contrast, commits fully to managed outcomes and service delivery. This separation is not a weakness; it is an acknowledgment that software and services scale differently. Nowhere is this more evident than in the mid-market. These buyers want outcomes, not toolchains. They want simplicity, not architectural sprawl. And they often prefer to buy through trusted channel partners rather than direct enterprise sales motions. Alert Logic’s channel ecosystem becomes a strategic asset in this model. Rather than a forced direct-sales expansion downstream, LevelBlue can enable channel-led service delivery as Fortra’s marquee channel partner. WAF, APIs, and the Shift Left While much of the market focus remains on MDR headcount and customer numbers, the quieter strategic sweetener in this deal is Alert Logic’s Web Application Firewall and its native API protection capabilities. In an era defined by AI-driven applications and API-centric architectures, APIs have become one of the most critical, but most vulnerable, attack surfaces. API protection as an afterthought is no longer a viable strategy. The Alert Logic WAF enables LevelBlue to advance a more credible shift-left strategy, which emphasizes prevention earlier in the attack chain rather than downstream detection and response. Just as importantly, it provides architectural flexibility. LevelBlue remains a close partner with Akamai, particularly for CDN-centric WAF and DDoS protection. But unlike those offerings, the Alert Logic WAF does not require a specific CDN to function. This allows LevelBlue to remain platform-agnostic and to sell managed outcomes rather than “managed Akamai” or “managed Fortra.” Combined with Alert Logic’s lighter-weight, SIEM-lite capabilities, this gives LevelBlue more room to serve down-market customers who find enterprise SIEM deployments overly complex or costly. Agentic AI: The SOC’s Newest Capability Layer Alongside platform expansion, LevelBlue is also investing heavily in agentic AI. Instead of AI as a replacement for analysts, the company will embed autonomous agents into specific operational workflows: investigations, enrichment, integration, and development acceleration. These are not chatbots. They are task-specific agents designed to increase speed and consistency inside the SOC. One notable capability discussed was the use of AI agents to detect unfamiliar data structures and automatically build integrations, normalize data, and make it usable in near real time. Internally, agents also accelerate product development and assist with product requirements documents and design mockups. At the same time, LevelBlue is deliberately cautious. Synthetic identities, agent sprawl, and governance failures are real risks. Human-in-the-loop controls remain central to the design and use AI functions as a force multiplier rather than an operational liability. Brand, Memory, and the Long Game Despite its scale, LevelBlue still faces a brand challenge. CISOs have long memories. Legacy associations with AT&T, Trustwave, or other prior identities do not disappear quickly. LevelBlue appears realistic about this reality and knows that rebranding is a journey, not a single event. The strategy is not to erase the past overnight, but to out-execute it through customer advisory boards, visible innovation, and consistent delivery. Over time, proof points replace perception. For risk-averse buyers, testimonials and outcomes will matter more than messaging. The Gist This is a classic tuck-in executed at the right moment, but with broader goals.  In its goal to become the largest MSSP, the ability to find and put to better use those technologies that don’t quite fit where they landed is a keen one.  LevelBlue is rehoming orphaned technologies.  This strategy targets assets with strong DNA that simply lacked the right operational environment. Coverage matters more than raw scale.  Alert Logic extends LevelBlue’s reach into the mid-market and SMB without diluting its enterprise platform. The software–services split is intentional.  Fortra’s software focus and LevelBlue’s services focus reflect necessary specialization, not fragmentation. WAF and API protection signal platform intent.  These capabilities enable shift-left security and platform-agnostic managed outcomes. Agentic AI is applied pragmatically.  Human-in-the-loop remains central, with agents focused on acceleration, not replacement. This is quiet portfolio construction.  The long-term direction points toward a cleaner, more coherent pure-play managed services platform.

How AI, post-quantum risk, and geopolitics are reshaping data’s role Richmond Advisory Group recently spoke with Jonathan Nguyen-Duy , CTO of Arqit , about the accelerating convergence of data management, post-quantum cryptography (PQC), AI, and geopolitical pressure. The conversation explored how data is shifting from a passive byproduct of digital systems into a strategic, regulated asset—one that underpins predictive security models, digital sovereignty, and trust in AI-driven outcomes. Why this matters: as organizations race to deploy AI and prepare for a post-quantum world, their ability to prove the origin, integrity, and trustworthiness of data will increasingly determine regulatory compliance, competitive advantage, and long-term resilience. The Future Importance of Data Management For decades, data was treated as a byproduct of digital systems—something to be stored cheaply, processed periodically, and protected primarily at rest. That era is ending. Data is rapidly evolving into a high-value strategic asset that shapes regulatory posture, competitive advantage, and even geopolitical alignment. As artificial intelligence and quantum technologies mature, the way organizations manage, secure, and authenticate data will determine not only operational success, but trust itself. This shift is not incremental. It represents a structural change in how data is created, inspected, governed, and monetized across borders. From Data Lakes to Unified Data Posture Management One of the most important changes underway is the move toward unified data posture management . Historically, data programs were fragmented: classification lived in one tool, compliance mapping in another, data loss prevention (DLP) in yet another, and encryption policies somewhere else entirely. This siloed approach made sense when data moved slowly and jurisdictions were loosely enforced. That world no longer exists. Today’s data flows continuously across SaaS platforms, clouds, APIs, devices, and partners. It crosses jurisdictions in milliseconds. In response, organizations are increasingly demanding a single, coherent view of their data posture—one that unifies: Data classification  (what the data is) Regulatory context  (which rules apply, and where) Risk exposure  (how it could be misused or exfiltrated) Cryptographic state  (how it is protected, now and in the future) Crucially, this unified posture cannot rely on static inventories or periodic scans. The industry is moving away from traditional “data lake” models—where data is dumped, stored, and analyzed after the fact—toward real-time inspection of data in transit. "Real-time inspection of data in transit not in static data lakes." Enterprises increasingly want to understand data as it moves : whether it contains regulated information, whether it violates policy, whether it is properly encrypted, and whether it can be trusted. Risk, data loss prevention (DLP), and cryptographic controls are converging around live data flows rather than post-ingestion analysis. In effect, data governance is shifting from a storage problem to a motion problem. Digital Sovereignty Meets Digital Trust As data becomes more valuable, it is also becoming more political. Different regions are articulating different philosophies. In the U.S., the conversation tends to center on digital trust —ensuring that systems, data, and outcomes can be relied upon. Elsewhere, particularly in Europe and across emerging economic blocs, the emphasis is increasingly on digital sovereignty —who controls data, where it originates, and which laws apply. This divergence matters because data is no longer neutral. Its origin, authenticity, and handling increasingly determine its economic value. Just as physical goods are taxed, regulated, and protected based on provenance, data is moving in the same direction. Organizations should expect data to be taxed, restricted, or privileged based on where it comes from, how it was created, and whether its authenticity can be proven. Taxation of data by provenance is the future. In this environment, managing data is no longer just an IT function. It becomes a core element of corporate strategy, compliance, and even diplomacy. The Shift from Reactive to Predictive Security This transformation in data management parallels a deeper shift in cybersecurity itself: the move from reactive defense to predictive security models. As industry leaders like Nguyen-Duy  have noted, cybersecurity has historically been reactive. Standards were often created only after attacks were observed in the wild. Controls evolved in response to failure. Post-quantum cryptography (PQC) represents a rare departure from that pattern. For one of the first times in modern security history, governments and enterprises are acting before  widespread exploitation occurs. The scale of investment being planned for cryptographic discovery, inventory, and migration reflects an acknowledgment that waiting is no longer an option. This predictive mindset extends beyond cryptography. As AI and quantum capabilities converge, entire sectors may shift from reactive to predictive outcomes. Healthcare is a common example: instead of diagnosing disease after symptoms appear, future systems could identify risk years in advance with high confidence, enabling preventive intervention rather than invasive treatment. The same principle applies to security operations. Organizations that can anticipate risk—based on trusted data, advanced analytics, and real-time insight—will outpace those still responding to alerts after damage is done. Automation and the Coming Disruption of MSSPs These changes place enormous pressure on traditional managed security service providers. Many MSSPs are still built on labor-intensive models: humans reviewing alerts, triaging incidents, and responding manually. That model does not scale in a world of machine-speed data flows and AI-driven threats. Over the next few years, MSSPs that fail to adopt automation and machine-to-machine security will face existential risk. AI-driven systems will increasingly handle detection, policy enforcement, key management, and response without human intervention. Human expertise will remain critical—but it will move up the stack, focusing on strategy, oversight, and exception handling rather than routine operations. Data management sits at the center of this shift. Without high-quality, trustworthy, and well-governed data, automation collapses. Bad data does not just reduce efficiency; it amplifies risk at machine speed. Why Quantum Accelerates AI Quantum technology is often described as the next industrial revolution not because it replaces classical computing, but because it expands what is possible. Classical systems operate on binaries—zeros and ones—forcing complex problems to be broken into sequential steps. Quantum systems, through superposition, can model many possible outcomes simultaneously. Even before fully universal quantum computers arrive, quantum-inspired architectures and specialized accelerators aligned with machine learning are beginning to reshape advanced analytics. For AI, this means deeper inference. Quantum-enhanced approaches promise better understanding of unstructured data—text, images, signals, and patterns that are difficult for classical systems to contextualize fully. They enable richer correlations, faster optimization, and more nuanced predictions. But none of this matters without trust. For quantum-accelerated AI to deliver value, the underlying data must be authentic. Volume and velocity are not enough. Veracity —confidence in origin, integrity, and meaning—becomes the gating factor. In near real time, systems must be able to answer not just “what does the data say?” but “should I believe it?” PQC, Data Provenance, and the Value of Authenticity This is where PQC intersects directly with data management. PQC is not only about future-proofing encryption; it is foundational to data provenance —the ability to verify where data came from, how it was handled, and whether it has been altered. A useful analogy is geographic authenticity. Certain products derive their value from origin. Data is heading in the same direction. Information that can prove its source, integrity, and chain of custody will command higher value and lower risk. Data that cannot will be discounted, restricted, or rejected entirely. Achieving this requires moving beyond traditional security models. Toward “Attested” Zero Trust, or AZT Many current architectures claim to implement zero trust, yet still implicitly trust server-side environments and data once it reaches a cloud service. This assumption becomes increasingly fragile as workloads move across shared infrastructure and geopolitical boundaries. By combining confidential computing*  with PQC, organizations can move toward attested zero trust . In this model, cryptographic attestation certificates verify not only user identity, but also the integrity of the application environment and the data being processed. Systems can prove—cryptographically—that they are running approved code on trusted hardware, and that data has not been tampered with. When paired with continuously rotated, quantum-safe symmetric keys, this architecture delivers end-to-end integrity for data both in transit and at rest. It enables enterprises to move even highly sensitive workloads into public cloud environments with demonstrable assurance that the data feeding AI models is authentic, uncompromised, and policy-compliant. This is not an abstract future vision. It is rapidly becoming a prerequisite for regulated industries and globally distributed organizations. The Interoperability Challenge Ahead One final challenge looms large: interoperability. As regions adopt different post-quantum standards and regulatory frameworks, organizations will need to operate across multiple cryptographic regimes simultaneously. Maintaining data provenance, trust, and compliance in this fragmented landscape will require sophisticated policy orchestration and adaptive architectures. Unified data posture management becomes even more critical in this context. Enterprises must be able to map data flows, cryptographic controls, and regulatory requirements dynamically—without breaking operations or sacrificing trust. Data as the Operating System of the Future The future importance of data management cannot be overstated. Data is no longer just fuel for applications; it is the operating system for trust, automation, and intelligence in a quantum-enabled world. Organizations that treat data as a strategic asset—governed in real time, authenticated end to end, and aligned with geopolitical reality—will be positioned to lead. Those that continue to rely on static inventories, reactive security, and implicit trust will struggle to keep up. In the next decade, competitive advantage will not belong to those with the most data, but to those who can prove their data is real, trustworthy, and fit for predictive outcomes.     *Confidential computing  is a security model that protects data while it is being processed by isolating workloads in hardware-based trusted execution environments (TEEs), ensuring that data remains encrypted and inaccessible to the operating system, cloud provider, or other privileged software—and can be cryptographically attested as trustworthy.

As the cybersecurity industry looks ahead to 2026, the challenge is not a lack of predictions, but an overabundance of them—many detached from operational reality or focused on singular technologies in isolation. This blog takes a more grounded view, examining how advances in artificial intelligence, defensive AI automation, and cryptographic resilience intersect with geopolitical instability and long-standing threat behaviors. Rather than treating 2026 as a sharp inflection point, what follows outlines how existing trends are likely to compound, creating new asymmetries between attackers and defenders and reshaping priorities across security operations, governance, and national infrastructure protection. Looking ahead, and to set the context for this blog, Richmond Advisory believes 2026 will be a combative year. While 2025 has seen the most physical conflict globally since the start of the 21st century, digital battlegrounds are increasingly reflecting this trend. Richmond Advisory believes 2026 will be a combative year. In Europe at least, cybersecurity is becoming a more of a national security concern, matching – or potentially exceeding - cyber criminals’ phishing and ransomware activities, as nation state actors infiltrate and compromise critical infrastructure. How will this happen, and what can we expect during the next 12 months? All of us have been exposed to many predictions about 2026, from numerous sources. Our recent blog  outlined why many predictions are poorly received, but also what we can do to make them relevant and valuable. This is our objective for the following predictions that outline what Richmond Advisory Group expects will happen in the cybersecurity market in 2026. Prediction #1 – Stealth AI We know that AI has taken the time and attention of security professionals in 2025 and is likely to overshadow 2026. However, our take is different: we see the focus on AI risks obscuring many of the ongoing, established, day-to-day threats that we all face. Ransomware has not taken a sabbatical, and the volume created and distributed is increasing via weaponized AI technology: AI itself  is becoming a growing threat actor. Specifically, while the more public attacks using AI will of course keep growing, the unknown, unseen and therefore more worrisome attacks will proliferate. Never mind Shadow AI, this is Stealth AI – the bad actor’s M.O. in 2026. There are two ways that Stealth AI will gain prominence in 2026: Indirect Prompt Injection (IPI) attacks Operating during the inference stage by hiding instructions within the data the LLM accesses, IPI attacks are not always detectable. The attacker does not need to gain access to the model itself to execute their plan. Attacks can occur via physical system hijacking: researchers demonstrated an IPI attack at Black Hat in 2025 by creating a poisoned Google calendar invitation containing invisible prompts. IPI attacks can also occur in software development tools. We saw that a remote prompt injection vulnerability related to IPI allowed an attacker to steal source code from private projects, manipulate code suggestions shown to other users and even exfiltrate confidential zero-day vulnerabilities. This type of attack is dangerous because it requires little-to-no technical knowledge from the attacker to perform malicious actions. Many people we talked with during 2025 indicated that security professionals are still trying to catch-up with the threats posed by IPI, but that defensive and mitigation measures will emerge during 2026. For example, Google DeepMind has unveiled additional defense mechanisms against IPI attacks, strengthening security capabilities within the Gemini model itself. Other model providers will follow suit, but to counter the threat, we recommend that organizations set up guardrails and implement policies - that are identity and data-specific to their organization - to cordon off critical knowledge and thus reduce risk. Autonomous attack capabilities, and self-governing malware In August 2025, internet security solutions vendor ESET detected the first AI-powered ransomware - “PromptLock”. Using predefined text prompts, PromptLock can decide on its own whether to encrypt, destroy data, or exfiltrate the data. Although the new malware was considered a novel approach, it points to more sophisticated attacks in the coming year. Studies have shown exponential increases in code and API vulnerabilities, and at a model level, threat actors will exploit common behaviors such as “plan drift” covertly. Autonomous attacks will be more common during 2026, as AI tools become more sophisticated in their ability to act on their own behalf. A report by Anthropic  in early 2025 revealed that their AI model is sometimes willing to pursue what it called “extremely harmful actions” to self-preserve, such as attempting to blackmail an engineer who instructed it to remove itself. Autonomy and self-governance are not inherently a bad thing unless they are uncontained and to the detriment of everything else. Nick Bostrom’s “paperclip problem” experiment in 2014 illustrated how the lack of alignment between humanity and AI’s goals can create existential risk. While not popular with those that believe legislation stifles innovation, in 2026 it is critical that we deploy stronger governance and policies around the use of AI. Prediction #2 – Defensive Agents, Agentic AI… and more agents If 2025 was the year of the AI Agent, 2026 will see a quagmire of Agentic AI capabilities used for defensive means to counter the less visible and potentially more worrisome attacks. Agents, agents everywhere! Security Operations Center (SOC) Agents The tip of the defensive spear starts with agents directly supporting the work of SOC analysts. Beyond automated and/or repetitive tasks, SOC Agents are evolving into the “right hand” for analysts, and will become increasingly able to adapt, problem-solve and operate without human intervention for extended periods. IBM’s Autonomous Threat Operations Machine (or A.T.O.M.), announced at RSAC in May 2025 is a good example of where such agentic support is headed. Alert investigation, triage, and proactive investigation will feature heavily in 2026. Threat Intel / Proactive Threat Hunting Agents More specialized agents are emerging to help analysts take a more aggressive defensive posture. Analysts will require additional proactive threat intelligence and threat hunting duties to be carried out by agents – over and above investigation and triage. Security vendors such as Deepwatch added such agentic capabilities to their NEXA platform during the year. Their Active Response Agent recommends and tracks containment actions collaboratively with security teams. We can expect more vendors to develop such functionality during 2026. Autonomous Investigation Agents While many of the emerging types of defensive AI agents are designed to reduce the volume of analysts’ workloads by triaging and investigating known (or partially known) threats, new threats are constantly emerging. In June 2025, Microsoft focused-MXDR provider Ontinue added an “autonomous investigator agent” to its ION SecOps platform. In conjunction with other agents, the investigator agent aggregates telemetry, forms and tests hypotheses, and can conduct investigations – reducing time and resource intensity. Ontinue says that the agent can do work that would typically require a Tier 2 or Tier 3 analyst.  Agents that demonstrate more advanced reasoning abilities will be more prevalent in 2026. Vulnerability Management Agents Some of the most common agents currently in use are those offering vulnerability management. Operating at endpoints (servers, laptops etc.), they offer automation of some of those basic hygiene tasks that humans traditionally haven't liked or wanted to do, such as vulnerability discovery, assessment and prioritization. In conjunction with scanners, vulnerability management agents are particularly useful for mobile devices – some of the most vulnerable endpoints. Hyperscale service providers – including Microsoft and Google – include some form of vulnerability management “under the hood”, but in 2026 we can expect to see greater variety. Firms such as ManageEngine, Fortra, Maze and others will drive greater functionality in AI agent deployment, moving from relatively simple monitoring and scanning capabilities to providing robust, autonomous response. Auto-Remediation Agents Perhaps the most advanced and controversial AI agents will be those with auto-remediation capabilities. Put simply, these are autonomous agents that press the “fix” button themselves without asking. Like other agents they operate using predefined rules and workflows, but their advantage is the speed and scale by which they can identify, diagnose and support resolution of security incidents with moderate human intervention today. While their autonomous remediation capabilities are potentially vast, so are the potential future risks when they might respond entirely on their own. Cybersecurity vendors and service providers such as Wiz (now part of Google), Algomox, Apiiro, Torq and others offer various types of auto-remediation agents (for security of code development, cloud infrastructure “healing” etc.). Recognizing the potential for autonomous chaos, the best solutions will use agents that monitor each other, and this “who watches the watchers” approach will be a key strategy for 2026. Who watches the watchers? In 2026, AI agents will not just be monitoring, they will be increasingly fixing. The challenge is that while a much larger volume of fixes is being addressed, the volume of potential vulnerabilities is increasing at the same time - whether in the code or in an operation or process. An arms race is a strong possibility. At the same time, the above assumes a continued exponential pace of development and adoption that we’ve seen during 2025. The likelihood increases that, during 2026, we could see a significant security incident involving a major AI model. This may or may not happen, but we are heading for increased regulatory friction. In 2026 it is likely we will see a more bifurcated adoption, with highly regulated industries moving cautiously while less-regulated sectors embrace the technology more rapidly, creating a patchwork of risk exposure. Prediction #3 – Quantum Resistance & Agility A key question that we are asked is: “Should we expect quantum computers to break all encryption in 2026?”. Our prediction? No, not in 2026 - and not even close. A black swan event may of course happen, but given what we know today, the likelihood is extremely low. Engineering limits, qubit instability, astronomical error correction overhead, and current decoherence rates mean that we are not hitting widespread, practical, fault-tolerant quantum systems capable of decryption at scale in 2026. So why are we including this in our list of predictions? During 2025 we saw how preparations for the above scenario are accelerating. CISOs are debating whether to adopt Post-Quantum Cryptography (PQC) standards and/or tools now or continue with a wait-and-see approach. Vendors are talking more openly about integration with AI tools/agents and firmer technology roadmaps. While many Quantum will not break all encryption in 2026. will simply slap a “quantum-resistant” sticker on their solution, there will also be a huge uptick in crypto-agility initiatives. Going into 2026, the mood music is that PQC is a defensive necessity, and while we won’t see our cryptography crumble quite yet, this is also potentially a unique opportunity to improve our crypto infrastructure overall. Crypto agility involves moving from static cryptography to a continuous posture management approach to ensure systems can adapt as encryption standards evolve. NIST has released standards for post-quantum algorithms, such as FIPS 203, 204, and 205, which cover both encryption and digital signatures. Software development also plays a critical role, as applications that handle these cryptographic objects must be made quantum safe. In the case of hardware, some vendors are already addressing these challenges. HP Inc is now shipping quantum resistant devices with the new NIST signatures built into the silicon . The challenge: should a significant flaw be discovered in one of the primary NIST-selected algorithms, it could delay standardization efforts and push back migration timelines. A similar bifurcation could also emerge: the cost and complexity of a full cryptographic migration may also lead many organizations - particularly small and medium-sized businesses - to delay action, creating a future scenario where a significant portion of digital infrastructure remains vulnerable long after PQC solutions are widely available. It is possible that PQC will accelerate the long-term consolidation of compute into centralized, cloud-managed environments. If cryptographic agility becomes a supply-chain problem rather than a software problem, enterprises are highly likely to favor architectures where crypto failures can be remediated upstream — i.e. in SaaS control planes, service meshes, and cloud workloads — rather than at the endpoint. There will for sure be large, enterprise level, in-house initiatives (there always is!), and there will be fully managed, Virtual Desktop Infrastructure (VDI) services, but for most companies, the future probably is not pure VDI, but more VDI-influenced, zero-trust computing: thin clients, ephemeral sessions, browser isolation, and SaaS-first consumption. Endpoint crypto hardening will continue, but the risk asymmetry will push organizations to minimize the amount of novel cryptography running on distributed devices. The message? Better to be prepared than decrypted. Prediction #4 – External Factors & the Hierarchy of Seriousness It would be naïve to think that the cybersecurity market in 2026 will not be affected by external factors. Over the coming 12 months, geopolitics – not AI - will be the biggest disruptor. The largest economy in the world – the United States – has become increasingly transactional in nature, taking an “America First” approach to trade, and pulling back from post-cold-war multilateralist policies.  Tom Standage, Deputy Editor, The Economist and Editor of “The World Ahead 2026” predicts that “the old global rules-based order will drift and decay further”. European re-armament and threats to its sovereignty, increasing cyberattacks at a nation-state level, and a re-drawing of intercontinental alliances creates a potential fortress mentality based on unilateralist objectives. Countries, trading blocs, and even States will struggle to find buy-in for legislative protections beyond their borders. None of which helps enhance global cybersecurity measures if an isolationist approach is inevitable. Against this backdrop, cyber criminals are increasingly organized and collaborative. Many are linked to nation state actors. In December 2025, Amazon Threat Intelligence published an update  regarding a years-long Russian state-sponsored campaign that they described as a “significant evolution in critical infrastructure targeting”. Groups associated with Russia’s Main Intelligence Directorate (GRU) exploited misconfigured customer network edge devices for over five years to harvest credentials and move laterally into victims’ online operations. Other nation state threat actors have been just as active, using LLMs as part of their AI-assisted attacks. Chris Hosking, AI & Security Evangelist at SentinelOne gave a webinar in July 2025 outlining the increasing threats:   Forest Blizzard (a Russian GRU unit); Emerald Sleet (aka. Kimsuky) a North Korean state-sponsored unit; Crimson Sandstorm, an Iranian threat actor connected to the Revolutionary Guard, and; Charcoal & Salmon Typhoon, Chinese backed actors. The 'hierarchy of seriousness' In 2026 we will see a gradual shift in what cyber defenders would call the “hierarchy of seriousness”. Cyber criminals will continue to phish and extort, but the frequency of attacks on critical infrastructure will become the most serious threat. That the public is learning more about the vulnerabilities of our nation states from cyber-attacks points to the wider societal threat – cybersecurity will be increasingly concerned with national security and have less to do with science and technology. Societal resiliency – highly-dependent on cyber resiliency - will be the objective, with preparedness being the watchword. Readers based in the US and elsewhere may think that the above sentiment is alarmist or only applicable to fringe theorists, but many European governments – including Norway , Sweden , Finland, the UK  and others – issue emergency preparedness guides for the civilian population that highlight “digital threats”, “disinformation” and specific “cyber-attacks”. Critical infrastructure is the anticipated target, and the threat is considered as serious as adverse weather events, terrorist attacks and armed conflict. If not already, in 2026 we should expect to be living in interesting times…. Taken together, these dynamics suggest that 2026 will be defined less by breakthrough moments than by sustained pressure across multiple fronts. Against a new “normal” geopolitical environment, stealth AI techniques, proliferating defensive agents, and accelerating preparation for post-quantum cryptography all point to a security environment that is more automated, more fragmented, and more tightly coupled to national and societal resilience. ...an increasingly volatile geopolitical backdrop shifts cybersecurity's center of gravity... Against an increasingly volatile geopolitical backdrop, cybersecurity’s center of gravity continues to shift away from isolated technical controls toward preparedness, adaptability, and coordination at scale. The practical task for organizations is not to anticipate a single dominant threat, but to operate under the assumption that complexity itself has become the enduring condition.

In the cybersecurity industry, 2025 was a notable year. At one end of the scale, startups emerged from stealth following multi-million-dollar equity injections by well-funded, private investment firms. At the other end, security product and services vendors continued to consolidate, following an uptick in acquisition activity, fueled by eye-watering levels of cash injections. Many purchasers were known serial acquirers – Google buying Wiz, Palo Alto Network’s purchasing of CyberArk and SentinelOne snapping up Prompt Security and Observo AI – but others flexed their M&A muscles for the first time following a restructure, rebrand – or both. Formed in May 2024, LevelBlue was created as a joint venture between the cybersecurity services business of US telco behemoth AT&T and Chicago-based private equity firm WillJam Ventures. With inherited clients, services and legacy products – such as AlienVault in managed cloud security (or Managed SASE) - LevelBlue began a multi-year task, re-envisioning itself as the world’s largest pure-play provider of managed security services with a unified integrated ecosystem under one umbrella. Its strategy would be to integrate these acquired companies to create a powerful, unified cybersecurity services provider, rather than just a collection of different businesses. It wasn’t until mid-2025 though that the initial vision started to become a reality when the company embarked on a five-month acquisition spree: June 2025 – Aon’s Cybersecurity and IP litigation consulting groups, Stroz Friedberg and Elysium Digital July 2025 – MDR provider Trustwave October 2025 – Endpoint protection and XDR provider Cybereason With the addition of Stroz Friedberg’s digital forensics and incident response expertise, and Elysium’s intellectual property and trade secrets disputes capabilities, Richmond Advisory Group saw at the time that the move marked a significant shift in the cybersecurity landscape   that could help LevelBlue become the largest independent pureplay Managed Security Services Provider (MSSP) globally. Our view was further strengthened following the  acquisition of Trustwave . The combination of LevelBlue’s AI-driven threat detection and orchestration capabilities with Trustwave’s mature threat intelligence (via SpiderLabs) and global incident response services is generally complementary, while the extended regional presence (including UK, Australia & Middle East) and public sector solutions (inc. FedRAMP and GovRAMP authorizations), builds out a portfolio with wider appeal.   Cybereason: the Surprise “Autumn Baby”? In October 2025, more than a few eyebrows were raised when LevelBlue announced its intention to acquire Cybereason. Although well-known for its capable security technology, the company had gone through an extended period of public "drama" and leadership changes. Prior to being bought by LevelBlue, Trustwave itself had planned a merger with Cybereason in November 2024, only for it to be called off in March 2025. But Cybereason represented a valuable opportunity, and a period of stability at the company appears to have reassured LevelBlue that it would not be inheriting a company at odds with itself. Cybereason’s underlying strengths - its technology, its market presence in key regions, and its expert teams - made it an ideal target for LevelBlue's "aircraft carrier" strategy, for three key reasons: market access, elite services, and integrated technology. Extended market access. The relationship with SoftBank is critical. As a strategic partner and investor LevelBlue says that SoftBank is Cybereason's largest channel partner in Japan – two-thirds of Cybereason’s revenue comes from the region. LevelBlue would have significant difficulty doing this on its own. Beyond Japan, the acquisition strengthens LevelBlue's presence in the Middle East and parts of mainland Europe, areas where the companies' footprints were complementary. Building out a world-class incident response team . With Stroz Friedberg, LevelBlue gained a highly respected practice with deep connections to top law firms and breach coaches, adding to the foundational credibility and expertise in threat research via LevelBlue’s own SpiderLabs. The purchase of Cybereason brings a team with significant experience in Digital Forensics & Incident Response (DFIR) along with access to dozens of cyber insurance panels. In combination with the Open Threat Exchange (OTX), LevelBlue can hope to create a multi-faceted intelligence asset that they can “weave” through the fabric of their platforms. Integrated technology and platforms. The purchase of Cybereason brings first-party owned technology, reducing the reliance on third-party vendors – although strategic partnerships remain key to offering options for customers. Given that former members of Trustwave’s senior team are now driving LevelBlue’s security strategy, this will help address integration challenges. Many have been working with Cybereason's technology for 6-7 years in its MDR practice, meaning they already have deep expertise with the acquired firm’s tools.   The Gist Fast-forward to post-Thanksgiving 2025, where the late-November completion of the Cybereason acquisition represents a key milestone in LevelBlue’s broader strategic roadmap. The company is actively positioning itself to be a major consolidator in the highly fragmented cybersecurity market. Incorporating its acquisitions, the company is placing larger significance on incident response and the “pull through” its combined capabilities will bring to its MDR, Managed Cloud Security and Consulting offerings. That the 18-month-old firm spent the first year of its formation establishing its business structure, operations and portfolio strategy is to be expected. Maintaining existing customer contracts and sustaining organic growth needs to be a priority. For LevelBlue, inorganic growth - e.g. via M&A - can follow if/once this first objective is secured. This approach also provides protection from competitive “poaching” - always a danger during a time of disruption. MDR competitors such as CrowdStrike, SentinelOne, Sophos, IBM and many other providers (and their partners) would happily welcome new logos to their own platforms. This is where LevelBlue’s strategy separates it from some MDR competitors, such as SentinelOne and Sophos, which are less vendor agnostic. It has built itself to be a vendor-agnostic, integration platform - a company designed not just to buy other companies, but to incorporate them in a way that creates synergistic value. This is reassuring for existing and new customers who fear potential lock-in or unplanned purchases. For LevelBlue, each acquisition appears to be additive, making the whole stronger than the sum of its parts, rather than creating a disconnected portfolio of brands. If the story of LevelBlue appeared to have already been written by the time its first anniversary came around, its acquisition spree in the second half of 2025 well and truly tore that up. The acquisition of Cybereason topped a year where the company gained significant regional market access, built a stronger global incident response team, and integrated valuable, proven technology to strengthen its core platform. Richmond Advisory Group believe that – if executed well - LevelBlue has put in place the components of a new market powerhouse, positioning itself to define and secure what's next in a consolidating cybersecurity industry.

Every year from November onwards, we start to receive press releases, “thought leadership” reports, LinkedIn posts and DMs about predictions around how the technology and cybersecurity markets will develop during the following year. This year the volume has increased, but the noticeable uniformity of the content points to the wider use of GenAI tools, producing a mass of generic predictions. So many people commenting on their experiences made us ask: should we just avoid making predictions for 2026? In early December, we created a poll on LinkedIn to gauge interest. Given the “predictions fatigue” that many followers and listeners had already talked about, we offered three variations on “No” for an answer, and one for “Yes”. After a week, the results were as follows: Q. As 2025 draws to a close, would you like to hear our predictions for the cybersecurity market in 2026? a.        Please, no more predictions… 9% b.        Honestly, stop already! 5% c.        Not listening, not listening!! 0% d.        Yes, but not AI-generated! 86% The topic of predictions clearly struck a nerve, but it is also clear that there is a strong appetite, albeit for those produced without  AI. Given the volume of slop arriving in our inboxes, we couldn’t agree more. Encouraged by the results of the poll, we decided to go ahead. So, with a morass of GenAI-produced content out there, how can analysts provide a forward-looking perspective that offers genuine insight and guidance? The ‘Art’ of Predictions Some believe that a scientific approach is best when making predictions. Careful analysis of trends; creating formulae that calculate future market or category values; looking at past performance to model future results etc. A scientific approach uses observation and recorded data to conclude a potential future state. While this is an extremely good way to predict, e.g. the orbit of a planet around the sun, on its own, a scientific approach works less well in fast-changing, evolving technology market. We believe that predictions are more of an artform. Why is that? Because – like it or not -making predictions in the technology sector involves gutfeel, combined with a creative approach to new or emerging ideas and trends, and the ability to articulate the story of the unknown or the yet-to-come. Making predictions requires an understanding of the “wisdom of the crowd”, given that this comes from a pool that is diverse, independent and informed. As analysts, we are in the somewhat unique position of building our understanding of the future from the collective judgements of those we have talked with during the year: technology vendors, service providers, security professionals and others, through briefings, presentations, interviews and chats over coffee (or something stronger). Synthesizing all that input, weeding out the hype and hyperbole, and coming up with insightful, thought-provoking predictions is the goal. Predictable vs. Unpredictable Predictions In cybersecurity, it’s easy to make predictions that are… predictable. For example, no-one will be surprised when M&A activity continues next year. Ransomware will  be important in 2026, but that has been the case for many years. AI is sure to continue to “disrupt” the market, but unless the world comes to a sudden end, that is a safe prediction to make. Likewise, robots will be able to do more complex physical tasks, and the capabilities of Artificial General Intelligence (AGI) will continue to improve, but humans are not going to be completely replaced any time soon – if at all. The challenge therefore is to look ahead at what is likely to be of immediate concern in the near term (12 months), but that has a realistic chance of shaping the market in the medium term (two to three years). Beyond that timeframe, we would argue that the value of predictions diminishes significantly, given the rapid rate of change in the cybersecurity market and the wider tech sphere. Looking ahead three to five years should involve a multitude of possibilities and outcomes. Directional indicators? Sure. Scenario modelling? Go for it. Sadly, the temptation to make predictions that follow past outcomes are likely to appear stale and/or repetitive. Taking a cookie-cutter approach - “In [insert year], [insert %] of companies will be [insert behavior] in order to [insert outcome]” – might gain some headlines but will probably result in ridicule 12 months later. Don’t Forget the Black Swan! The nemesis of those doing regular forecasting or predicting is a black swan event: those rare and unexpected happenings that have significant ramifications. The 2008 financial crisis and the COVID-19 pandemic were unforeseen, but highly consequential. In hindsight, some say that such events are inevitable, but at the time, virtually no-one was predicting their potential occurrence. The technology market is highly unpredictable. In March 2022, who could have predicted the significance of the launch of ChatGPT 4 in March 2023, let alone the effect it would have on global IT infrastructure spending, datacenter build-outs and promises of trillions of dollars of future investment? Perhaps it would it be easier to stop making predictions, given that the most consequential events are generally those that are the least foreseen? It is worth remembering however that black swan events are considered rare. One can still make reasonable predictions that also recognize the potential for the unpredictable. Subtlety and nuance can be included; best- and worst-case scenarios described; a range of probable outcomes outlined. This approach may seem like a predictions cop-out, i.e. introducing other possible outcomes, sowing uncertainty, being less prescriptive and definite. I learnt early in my analyst career however that the real value of predictions is to help inform the opinions of the recipient. They may not agree with you, but by offering perspectives that include other possibilities, it helps them make their own decisions. What About Our Own Predictions? We hope that this short piece helps readers understand the rationale behind our approach. Keep an eye out for Richmond Advisory Group’s own 2026 predictions for the cybersecurity market – coming soon to this blog!

(And It Says Something Important About Where Endpoint Security Is Headed)  HP, Inc doesn’t usually get mentioned in the same breath as the “cool kids” of cybersecurity. That’s partly because they’ve never really tried to play that role, and partly because the market still tends to think of HP as a hardware company with security features bolted on.  That framing isn’t wrong, exactly. But it’s incomplete.  After attending HP’s analyst event earlier this month and digging into HP’s security strategy and portfolio, the more accurate story isn’t that HP has suddenly become a security leader. It’s that they’re starting from a different place than most endpoint security vendors, one that’s increasingly relevant as attackers get faster, cheaper, and more automated.  At its core, this is a story about where trust actually begins, what happens when detection inevitably fails, and whether endpoint security needs to move further down the stack than many organizations have been willing to go.  A Lifecycle View of Device Security: Sensible, Familiar, and Hard to Execute Well  HP’s security strategy is anchored in a lifecycle view of the device, one that spans manufacturing, transit, daily use, and eventual retirement. The idea is that endpoints don’t suddenly become vulnerable when a user logs in. Risk exists long before first boot and long after the device leaves active service.  That framing won’t surprise anyone. “Protect, detect, recover” is now standard language across the industry. What’s different is how seriously HP has pushed that model into hardware and firmware layers, rather than treating them as background assumptions.  At the center of this approach is HP’s Endpoint Security Controller (ESC), a dedicated security chip that functions as a root of trust and operates independently of the OS. It remains active even when the system appears powered off, monitoring integrity and enabling recovery actions. HP backs this with third-party certifications that are still relatively uncommon in commercial endpoints.  The takeaway here isn’t that ESC magically solves endpoint security. It’s that HP is explicitly betting that resilience beats detection, especially in an environment where attacks are increasingly automated, time-to-exploitation is collapsing, and the cost of sophisticated techniques continues to fall.  That bet won’t matter to everyone. But it becomes harder to ignore as hardware-level threats move out of the “nation-state only” bucket.  Workforce Experience Platform (WXP): Ambitious, Operational, and Still an Open Question   HP’s Workforce Experience Platform (WXP) is a key part of how this strategy comes together, not because it is the single most important element, but because it reflects how HP thinks security should be operated.  WXP is designed to unify fleet management, Digital Employee Experience (DEX), and security across PCs, printers, and collaboration devices, including non-HP endpoints. Rather than positioning security as a standalone domain, it treats it as one dimension of overall device health, productivity, and resilience.  This is where HP’s strategy shifts from architectural theory to operational reality. Proactive remediation, predictive failure analysis, and smarter refresh decisions are not traditionally “security” conversations, but they increasingly shape security outcomes.  That said, several practical questions remain:  How do teams really consolidate tools?  Is it through a platform like WXP? Do IT and security teams have the autonomy and organizational alignment to centralize around a shared management plane?  How much trust will security teams place in an experience-centric platform?  Especially in organizations where tooling sprawl is already a point of friction.  How clean does multi-vendor management get in practice?  The promise is compelling. The execution is where platforms often stumble.  One important detail that does differentiate WXP is that HP’s Wolf Security Console is natively integrated, rather than loosely connected. Admins can move between fleet health, performance insights, and security configuration without jumping between disconnected tools. This is the kind of convergence many vendors talk about and then approximate through integrations.  Whether organizations embrace that convergence widely remains an open question. But the direction itself reflects a belief that security, operations, and employee experience are no longer separable disciplines.  Isolation Over Detection: A Useful Counterweight, not a Replacement Strategy  One of the more distinctive elements of HP’s portfolio comes from its Bromium heritage, now delivered through Sure Click and Sure Access .  T hese technologies don’t try to detect malicious behavior. Instead, they assume risk and isolate it at the hardware level using disposable micro-virtual machines. Click a risky link or open an untrusted attachment and the activity runs in its own micro-VM, disappearing when the session closes.  Sure Access extends this model to privileged and high-value workflows by creating isolated environments for sensitive applications and administrative sessions. Functionally, this acts like a Privileged Access Workstation (PAW), a hardened environment traditionally delivered via separate physical devices but implemented virtually on a single endpoint.  The relevance here ties directly to changes in attacker behavior. As HP’s threat research* notes, attackers are increasingly targeting session cookies rather than credentials, particularly as cloud administration moves almost entirely into browsers. Once an attacker steals an authenticated session cookie, MFA becomes irrelevant.  Isolating those sessions from a potentially compromised host OS is one of the few controls that meaningfully addresses that risk. This does not replace EDR, and HP does not seriously position it that way. It works best as a compensating control for scenarios where detection is already too slow.  Adoption will ultimately depend on workflow impact and administrative overhead, areas where even technically sound ideas often struggle.    Threat Reality Check: AI, Cookies, and $20 Hardware Hacks  HP’s threat research isn’t trying to be provocative, which is arguably part of its value.  Three trends stand out.  AI is now embedded across the entire attack lifecycle.  Not just in phishing content, but in reconnaissance, automation, lateral movement, and even malware that can query local AI agents for sensitive information. The practical impact is a dramatic compression of time between vulnerability disclosure and weaponization.  Session cookie hijacking has overtaken credential theft.  As administration shifts to browser-based cloud consoles, stealing authenticated sessions has become the fastest path to privilege. Info-stealer malware designed for this purpose is now among the most prevalent threat types.  Hardware attacks are no longer exotic.  Techniques like TPM bus sniffing, once expensive and specialized, can now be assembled for under $20. These attacks are no longer limited to nation-states. They are accessible to financially motivated criminals.  The common thread is that OS-level security assumptions are under increasing strain. When attacks are cheap, automated, and difficult to distinguish from normal behavior, controls that rely solely on detection and response are increasingly brittle.    Post-Quantum and Recovery: Preparing Early, Without Overhyping  HP’s work around post-quantum cryptography (PQC) is notable, not because quantum attacks are imminent, but because firmware trust mechanisms are among the hardest things to retrofit later.  HP has begun using quantum-resistant algorithms to protect BIOS digital signatures in commercial PCs and has announced similar protections for enterprise printers. This is a quiet, infrastructure-level move that will not matter to most buyers today but could matter a great deal over a decade-long device lifecycle.  Similarly, recovery capabilities like Sure Recover reflect a recognition that recovery is often the most neglected phase of security planning. These features do not prevent attacks. They reduce downtime and operational pain when things go wrong in ways detection tools cannot fix.  Neither of these areas will win deals on their own. But they reinforce HP’s broader emphasis on durability over theatrics.    The Real Test Is Execution, Not Architecture  If there’s a consistent tension in HP’s security story, it’s not technical ambition. It’s execution.  Selling layered security through historically hardware-centric channels is difficult. Portfolio naming and packaging still create unnecessary cognitive load. Messaging across PCs and Print has historically been fragmented, though there was good evidence of greater alignment at the event in December.  HP appears aware of these challenges and is moving toward simplified bundles, unified messaging, and stronger security incentives for sales teams. Whether those efforts translate into sustained traction remains to be seen.  The strategy is coherent. The market impact will depend on whether HP can make it understandable, repeatable, and easy to buy.    Bottom Line  HP’s security strategy isn’t flashy, and it isn’t trying to replace the broader security stack. What it does suggest is a meaningful shift in emphasis, from detection to resilience, from software-only controls to hardware roots of trust, and from isolated tools to operational platforms.  That approach won’t resonate with every organization. But as attacks get faster, cheaper, and harder to distinguish from normal activity, strategies that assume compromise and focus on containment and recovery deserve closer scrutiny.  Whether HP ultimately capitalizes on that insight is still an open question. But the direction itself reflects something the broader market is slowly being forced to confront. Endpoint security may need to move further down the stack than we’ve been comfortable admitting.    *We have HP’s Principal Threat Researcher, Alex Holland , on our Cyber Sidekicks podcast Episode 48 to discuss the newly minted Threat Insight Report .

Legacy telecommunications companies have a reputation problem. They are often perceived as slow-moving, debt-laden utilities, struggling to find relevance in an era dominated by cloud computing and artificial intelligence. Trapped by aging infrastructure and a commoditized business model, they seem more focused on managing decline than driving innovation. Legacy telco! Against this backdrop, Lumen Technologies is attempting a fundamental reboot. The company, burdened by the same historical challenges as its peers, has embarked on a radical transformation under a new leadership team. This wasn't just a course correction; it was, in the words of its leadership, a response to an "existential" threat where time was "running out." Behind the corporate announcements lies a fascinating story of strategic shifts and surprising tactics. A recent analyst forum provided a rare, unfiltered look under the hood of this high-stakes turnaround. A critical component of the transformation involved addressing the historical financial noise and establishing a "clear path to financial freedom." CFO Chris Stansbury highlighted that the company successfully executed the largest out-of-court restructuring in history. The company significantly reduced its debt and is guiding toward EBITDA growth in 2026, aiming to restore business segment revenue growth by 2028. This financial stability provides flexibility and optionality for investment in core development. This post distills the four most impactful and surprising takeaways from that forum, revealing a strategy that challenges every convention of the traditional telco playbook. 1. They’ve Ditched the Legacy Playbook for an “Underdog Mindset” The "Play to Win" Underdog For decades, the telecom industry has been stuck in a "terrible cycle," according to Stansbury. The playbook was simple and defensive: compete on price until services become commodities, then consolidate with rivals to find efficiencies. To appease shareholders, companies would leverage debt to preserve dividends, starving the innovation needed for future growth. CEO Kate Johnson feels it was a strategy of "playing not to lose"—managing a slow, inevitable decline. Lumen's new leadership, led by Johnson, is explicitly rejecting this model for a "play to win" approach. They are intentionally cultivating an "underdog mindset," recognizing that for any company attempting a transformation of this scale, the odds are stacked against them. As Ms. Johnson noted, industry data shows that "80% of transformations fail." This mindset is driven not by the glory of an easy win but by the passion to fundamentally transform an industry that has long resisted change. She captured this defiant spirit perfectly, offering a piece of advice that has become a company mantra: “When the world writes you off, don't write back,” implying an intentional disregard of naysayers. 2. In a Software-Obsessed World, Their Biggest Bet is on Physical Infrastructure In an age when value is increasingly found in software, AI models, and intangible assets, making a massive bet on physical infrastructure seems counterintuitive. Yet, that is precisely the cornerstone of Lumen's strategy. The company has launched an ambitious project called "The Big Build." This initiative involves laying 27,000 miles of new fiber, leveraging a strategic partnership with Corning to deploy a high count of cables, including a new 1728 fiber cable. The explicit goal is to create the physical "backbone for the AI economy," a foundational layer that the next wave of technology will be built upon. The stated plan is to have 47 million miles of intercity fiber by the end of 2028. Lumen views this physical network as its unique and defensible advantage—an asset that competitors cannot easily or quickly replicate. This massive undertaking is being executed by a newly built team, 65% of whom are new to Lumen, and is reportedly running ahead of schedule, signaling a sharp break from the slow execution often associated with legacy telcos. 3. They're Not Just Selling Connectivity; They're "Cloudifying" the Network Itself Lumen is moving beyond simply selling network access and is instead transforming the network itself into a dynamic, software-defined platform. This strategy, which they call "Cloudifying Telecom," marks a departure from the old model where the network was a static, point-to-point asset and "one board carries one service." Under the new Network-as-a-Service (NaaS) model, a single "fabric board can carry thousands of services," including not just Lumen's own products but also third-party services from a partner ecosystem. This shift fundamentally alters the business model. It breaks the "linear cost into revenue" problem that plagued old telcos and allows for "scaled revenue growth with declining marginal costs"—classic platform economics. The impact is enormous: it expands Lumen's addressable market from roughly 100,000 "on-net" buildings to over 11 million. As of the Q3 earnings announcement , Lumen says it has signed over 1,500 NaaS customers. This platform strategy also unlocks a potential strategic advantage in cybersecurity. By controlling the network layer of the OSI stack, Lumen's Black Lotus Labs, the company’s threat research arm, has visibility that software-only competitors operating "up above" cannot match. However, translating this technical advantage into a commercial one remains a key challenge. As one executive candidly admitted, the central question is, "How do we better monetize Black Lotus Labs?... How do we differentiate in that crowded market?" This transforms their network position from a simple asset into a high-stakes strategic puzzle to be solved. 4. The Company Seeks to Ground Its Vision Through Radical Accountability Many corporate transformations are long on vision and short on execution, failing because the strategy remains fancy words on PowerPoint. Lumen is attempting to avoid this pitfall by hardwiring its strategic vision directly into its operational and compensation structures. One such hardwiring places strategy executive, Aaron Darcy , in a five-function role that directly connects corporate strategy to go-to-market execution, pricing, operational metrics, and marketing operations. This structure is designed to ensure there are no gaps between the high-level plan and the day-to-day actions of the business. The most concrete and powerful example of this commitment to execution is how the company aligns incentives. The mechanism for this is brutally simple and was stated plainly by a key executive: "everybody's bonus is dependent on us meeting board level metrics." This ensures that the success of the strategy is not just the responsibility of the executive team, but a shared, company-wide imperative. Talk is easy. Execution isn’t. True credibility comes from structuring operations to match the message—something time inevitably reveals. Conclusion: A Revolution in the Making? Lumen's strategy is a radical departure from some industry norms and certainly from its legacy operations, and it’s built on four pillars: A complete shift from a defensive to an underdog mindset. A massive bet on physical infrastructure as a defensible moat and architecture for the AI era. A new platform-based business model that "cloudifies" the network. A system of relentless, financially-linked accountability. It is an audacious attempt to transform a legacy utility into a modern technology infrastructure company. Lumen is charting a bold new path, but the telco graveyard is large. The question now is, will this underdog's "play to win" strategy be enough to truly revolutionize an industry that has resisted innovation for decades? The Future of Telecommunications: What Lies Ahead? As we look to the future, it's essential to consider the broader implications of Lumen's transformation. The telecommunications landscape is evolving rapidly. With advancements in technology, customer expectations are shifting. Companies must adapt to remain relevant. Lumen's focus on infrastructure is not just about building a network; it's about creating a foundation for future innovations. The integration of AI and cloud technologies into their operations could redefine how services are delivered. This could lead to enhanced customer experiences and new revenue streams. Moreover, the emphasis on accountability within the organization is crucial. By aligning incentives across all levels, Lumen is fostering a culture of responsibility. This could lead to more agile decision-making and quicker responses to market changes. In conclusion, Lumen Technologies is not just attempting to survive; they are striving to thrive in a challenging environment. Their approach may serve as a blueprint for other legacy companies facing similar challenges. As they navigate this transformation, the industry will be watching closely. The outcome could very well shape the future of telecommunications for years to come.

Hot on the heels of Palo Alto Networks’ announcement that it plans to buy CyberArk, SentinelOne (aka S1) has flexed its own M&A muscles to snap up Prompt Security, the Israeli AI security startup. S1 says that the acquisition will advance its GenAI security and agent security strategy, providing the foundation for secure AI adoption at scale. Details of the acquisition Before too many comparisons are made, it’s important to put the two purchases in perspective. While Palo Alto Network’s acquisition of CyberArk is a huge, $25 billion deal – in the same order of magnitude as Google’s $32 billion purchase of Wiz, for example – S1 is buying Prompt Security for relative pocket change. Although undisclosed, the value of the stock and cash transaction is likely to be between $250-$300 million, according to Israeli business news outlet Globes . This would represent a healthy multiplier vs. Prompt’s value. Since Prompt Security’s founding in 2023, the firm has raised around $23 million in capital. S1 is clearly expecting to see the return on such an investment. Why Prompt Security? The reason why S1 may consider this to be a good deal is what S1 is acquiring: the IP that Prompt Security has developed, and that is increasingly pertinent for firms looking to scale their cybersecurity defences as GenAI and AI agents are increasingly deployed in the enterprise. S1 is leaning heavily on the case for protecting against the risks associated with AI. This will be music to the ears of countless security practitioners who have been flagging the cyber threats associated with “shadow AI”. With AI-related data leakage, misuse, ungoverned access and LLM-specific risks such as prompt injection attacks on the increase, Prompt Security’s capabilities will be a significant enhancement to S1’s portfolio and Singularity Platform. Describing itself as “The Platform for AI Security”, Prompt Security can boast strong credentials, especially via its founders, who have over 15 years’ experience in the AI security space. The company is a member of the OWASP research team and has an array of enterprise customers – including The New York Times, Royal Caribbean, Amdocs and others. It also provides specific solutions for the healthcare and financial services industries. How will this acquisition benefit S1’s profile and market position? Publicly owned S1 has a market cap of $5.5-$6 billion as of mid-2025. The firm has faced significant pressure on its stock: in mid-July it was trading down 21% on the year and is down around 60% over the past 4 years since its IPO in June 2021. The acquisition announcement might have been expected to change that, but between market open on 4th August and market close on 8th August S1’s stock dropped around 11%. During the same period, several of S1’s publicly-traded competitors – including CrowdStrike, Palo Alto Networks and Rapid7 – saw share price drops, but only between 4.2%-7.4%. S1’s announcement of the acquisition of PingSafe in 2024 resulted in a 5.1% share price drop on the day, while the news of its planned purchase of Attivo Networks in March 2022 saw a boost to its share value for around two months before dropping back below $30 dollars in May 2022. It is still too early to tell, but does this purchase change any of the fundamentals underlying S1’s business? Pessimists would say probably not. Previous acquisitions have not obviously boosted its share price or increased the perception of S1’s value directly over the long term. There is also the question of why Prompt Security? When it comes to LLM and GenAI governance, there are firms such as Securiti, Prisma, Blueteam AI, Unbound Security, Lasso and others. Prompt Security appears to be staking a claim to being the leader in Agentic AI threat protection at the Model Context Protocol (MCP) level – its MCP Gateway is designed to monitor, control, and protect MCP interactions “in real time” i.e. as they are happening between AI agents and MCP hosts and servers, as opposed to identity and/or access management aspects when the AI agents interact with other applications, data sources or tools. Nevertheless, startups including Straiker, Splx.ai , Noma and others offer similar forms of governance capability and are listed by OWASP in their Agentic AI Security Landscape – Q2/3 2025 “Cheat Sheet” report. At the same time, Prompt Security represents a potentially smaller investment than other options and may just be a better ‘fit’ for S1. Its small size means it will likely be quicker and easier to integrate, and its focus has been squarely on AI security from day one. Perhaps the best indication has come from Itamar Golan, Co-founder and CEO of Prompt Security, confirming the potential synergy with S1 in his blog. He describes the discussions around joining forces with S1, enthusing: “It was clear from our first conversation:  this is home ” The Gist The purchase of Prompt Security is important for S1’s platform-led approach to integrating functions across endpoint, networking, cloud and identity functions. GenAI tools and AI agents are already being used by many enterprises, and the expectation is that their adoption will rapidly increase. While the security risks are still emerging, they need to be addressed by specialist solutions such as those offered by Prompt Security and others that drill-down to the level of MCP interactions. The ability to discover, identify, and act against both ungoverned internal use as well as external threats is key to providing the reassurance enterprises need to adopt GenAI and agentic AI technologies.

TL;DR Bigger Together:  With a stated $1B in combined revenue and 30,000+ customers, LevelBlue and Trustwave say they’re forming the world’s largest pure-play MSSP. Complementary Strengths:  AI-driven threat detection (LevelBlue) meets elite threat intel and incident response (Trustwave’s SpiderLabs), with global reach extending into the UK, Australia, and Japan. Government Inroads:  Trustwave’s FedRAMP and StateRAMP authorizations could open doors in public sector markets. Platform-Minded:  The move echoes broader trends in cybersecurity—away from collections of loosely connected point solutions and toward fully integrated platforms with managed security services at the core. EDR with Options:  Instead of owning the endpoint outright, both firms emphasize managing third-party EDR solutions while maintaining platform flexibility. The Strategic Announcement LevelBlue’s acquisition of Trustwave marks a significant step in the evolution of the managed security services market. The companies aim to form a global pure-play MSSP powerhouse, with over $1 billion in annual revenue, 2,000+ employees, and a customer base exceeding 30,000 organizations. While scale alone doesn’t guarantee leadership, the deal goes beyond numbers. The company's plan is to combine LevelBlue’s AI-driven threat detection and orchestration capabilities with Trustwave’s mature threat intelligence (via SpiderLabs) and global incident response services. Execution will determine whether this integration delivers on promised improvements in detection speed, visibility, and security outcomes. LevelBlue’s Genesis LevelBlue came onto the scene in 2024 as a carve-out from AT&T’s cybersecurity business, backed by WillJam Ventures . The spinout gave the new entity room to operate with greater agility, free from the shadow of a telecom parent—and with a clear focus on growing as a cybersecurity specialist.  Robert McCullen’s Return to Trustwave Roots At the helm is Bob McCullen, managing partner at WillJam Ventures and former CEO of Trustwave. McCullen led Trustwave through rapid growth in the 2000s, culminating in its $770 million sale to Singtel in 2015. The story didn’t end there—under Singtel, Trustwave lost significant value and was ultimately sold in 2023 for $205 million. That arc offers important lessons about scaling cybersecurity companies and sustaining momentum in a fast-changing market. McCullen’s earlier ventures—VikingCloud and GoSecure—highlight both his ability to drive growth and the operational complexities that come with it. With LevelBlue, he’s taking a more integrated, services-first approach that may reflect those earlier experiences. The Cybereason Deal That Wasn’t Earlier in 2025, Trustwave appeared set to merge with Cybereason, but the deal collapsed amid leadership turnover and investor misalignment. The experience underscored how difficult cybersecurity M&A can be when governance and strategic clarity aren’t fully aligned. For so many reasons, the acquisition by LevelBlue is a much better fit, with Trustwave arguably avoiding a messy and disruptive pairing with Cybereason. MDR Strategy: Flexibility Over Full Stack Ownership One key differentiator in this deal is the companies’ shared approach to endpoint detection and response (EDR). Rather than owning the full endpoint stack, LevelBlue and Trustwave both emphasize strong integration with third-party tools. This approach enhances the combined companies' appeal to channel partners who look to provide value-add products and services to a strong EDR 'core'. LevelBlue’s Unified Security Management (USM) platform—originally built by AlienVault—includes native detection capabilities and can manage third-party tools like SentinelOne. Trustwave’s Fusion Platform focuses more on 24/7 MDR, threat intelligence, and response services, powered by SpiderLabs’ research. This flexible approach stands in contrast to vendors investing heavily in proprietary EDR (e.g., Arctic Wolf acquiring Cylance). It’s closer to models used by firms like Expel, which deliver strong MDR outcomes without owning the entire endpoint technology stack. Complementary Strengths and Market Reach This acquisition brings together assets that are well-aligned: AI + Intel:  LevelBlue’s orchestration and detection stack pairs with Trustwave’s elite threat research and incident response team. Geographic Reach:  LevelBlue is anchored in North America, while Trustwave adds established presence in Asia-Pacific and the UK. Public Sector Entry Points:  Trustwave’s FedRAMP and StateRAMP credentials create new opportunities in government markets where regulatory certification is a major barrier to entry. Broader Portfolio:  Trustwave’s email and database security offerings fill gaps in LevelBlue’s suite, while LevelBlue’s pending acquisition of Aon’s cyber consulting business adds further depth to incident response. The Broader Market Context Managed security services are at an inflection point. The market is expected to grow at 12–15% CAGR, driven by rising threat complexity, growing compliance burdens, and a global cybersecurity talent shortage. Customers are overwhelmed by alert volume, tool sprawl, and resource gaps—fueling demand for scalable, outcome-focused managed services. But competition is fierce, with global consultancies like Accenture and IBM, as well as next-gen players like CrowdStrike and Arctic Wolf all expanding their managed offerings. LevelBlue and Trustwave are betting that size, expertise, and flexibility will allow them to stand out in this increasingly crowded space. Execution Matters: Integration, Talent, and Trust With two established security platforms and global SOC operations, technology integration will be a heavy lift. With M&A especially, the bigger the gain the bigger the pain. Tech history has shown the dangers of prolonged integration, particularly the disruption to existing business deals and product roadmaps. Aligning Trustwave’s Fusion Platform with LevelBlue’s USM will require careful planning to maintain service quality and avoid disruptions. A transparent, forward-looking strategy is also essential. Customer retention during the transition will be critical, especially with enterprise and government clients that expect stability and measurable outcomes. Talent retention is another key success factor. Even though the technology industry has seen post-pandemic layoffs as a valid way to increase efficiency and reduce costs, fear of losing one's job is a significant incentive to look at alternatives. Given that both firms have experienced recent workforce reductions, it is especially important to create strong career pathways and a unified culture that supports long-term employee engagement. Public Sector Momentum and Zero Trust Alignment Trustwave’s FedRAMP Moderate and StateRAMP authorizations position the combined entity to serve both federal and state agencies, which increasingly demand Zero Trust architectures and NIST-aligned controls. Integration with Microsoft Azure Government and alignment with CISA’s evolving guidance may further enhance the combined offering. These credentials take years to earn and create meaningful barriers to entry for competitors. Looking Ahead: Industry Implications This deal highlights three important trends in the cybersecurity market: Consolidation is accelerating . Scale is becoming table stakes. Platform strategies are winning . Customers want true integration and simplicity. Channel partnerships matter . LevelBlue and Trustwave both emphasize partner-first models—especially important for reaching mid-sized customers and regional markets. How this deal plays out will help shape how other MSSPs, MDR providers, and private equity firms think about scaling and differentiating in a rapidly maturing space. Final Word: A Strategic Bet Worth Watching The LevelBlue–Trustwave deal is a calculated move to build a global MSSP platform with breadth, depth, and government readiness. It brings together complementary capabilities, veteran leadership, and timely certifications. But the challenges ahead are real: integrating complex technologies, retaining key talent, articulating a clear roadmap and strategy, preserving customer trust, and staying ahead in an intensely competitive market. If the execution holds, this new entity could emerge as a model for modern managed security—agile, integrated, and built for both commercial and public sector missions. This is one to watch—not just for the outcome, but for what it signals about where managed security – especially MDR/XDR– is headed next.

At the InfoSecurity Europe 2025 show in June, Richmond Advisory Group met with cybersecurity practitioners, vendors and service providers to learn about their latest products and services and get their views on the cybersecurity market. Note that all published content was reviewed and fact-checked by the profiled company. We are very grateful for the time each company spent with us.   At the show I had the chance to sit down with Martin Zugec, EMEA Director, Technical Marketing and Andra Cazacu, Director of Industry Analyst Relations at Bitdefender. We talked about some new security incident research the firm has just completed and followed up on the launch of the Bitdefender GravityZone Proactive Hardening and Attack Surface Reduction  (aka PHASR) platform for unified security, compliance, and risk analytics launched in April this year. PHASR Update Zugec shared some initial results from the company's recent survey , including some surprising findings: of the 700,000 security incidents examined, 84% of the identified high-severity attacks used "living off the land" techniques, where legitimate, installed tools and technologies (as opposed to injected malware for example) are highjacked by the attackers. It's a trend that Bitdefender has seen over the last five years or so, and the challenge has been to identify where the potential overlap is. Tools commonly used by attackers are also popular with systems administrators, meaning that in most cases the tools cannot simply be disabled. PHASR seeks to address this challenge by building profiles for each user and device combination to determine if a user needs to use a specific tool on a specific device. If they do, then one solution is to disable only part of the tool's functionality for that user. An example Zugec gave was that of an application that uses Microsoft PowerShell. Perhaps the application only requires partial functionality of the automation and configuration management capabilities. PHASR can enable the parts of PowerShell that are required for functionality and disable the other parts. The objective for this approach is not to identify every single anomalous behaviour (there would be too many to track), but rather take the known malicious behaviour, and compare it with each individual user's behaviour to determine what action to take. Bitdefender has been using AI tools for the last 15+ years to develop its capabilities across its portfolio, including their use in adversarial networks, where they say they are building the "good" AI to challenge the "bad". In terms of the effectiveness of threats created by AI - for example malware - Zugec considers such attacks not to be very sophisticated, explaining that they have seen slightly modified, mediocre malware for years. Instead, the investigations that prompt the utilisation of Bitdefender's tools are all too familiar: missing Multi-Factor Authentication (MFA), flat networks, and open appliances that IT teams are unaware of. It tends to validate Zugec's focus on the importance of cybersecurity education and awareness, the reinforcement of security hygiene, and the critical nature of human-to-human triage. Acquisition of Mesh Security Bitdefender has just announced its intention to acquire email security specialist Mesh Security. Bitdefender says that the five-year-old company's technologies will be integrated into the GravityZone platform and its managed detection and response (MDR) services offerings. Email remains a critical technology and while Bitdefender does have security offerings in this area, it probably felt that Mesh could strengthen its capabilities. What is different is that Mesh has a dual-layered approach, providing perimeter-based protection but also with mailbox-level defence through API deployments. While this approach is not new, it is still considered to be an effective combination. Integrating Mesh will expand visibility for Bitdefender as well as better telemetry in this area. Financial details of the planned acquisition were not disclosed, but it appears that the addition of Mesh will be complementary to Bitdefender's portfolio as well as its channel strategy and MSP partnerships. We will monitor progress and provide an update once we know more. The Gist Bitdefender offers an extensive range of managed services but also has its own IP. This allows for differentiation in a crowded market as well as a level of solution development that services-only players lack. Bitdefender was recognised as A Customers’ Choice in the 2025 Gartner Peer Insights Voice of the Customer for Endpoint Protection Platforms (EPP) report, alongside rivals CrowdStrike, Fortinet, Palo Alto Networks and Sophos. If the Mesh acquisition is successful, and its products can be quickly integrated, Bitdefender stands to further distinguish itself as a leading endpoint protection services provider, especially with the channel and MSP community.

LevelBlue, a global leader in cloud-based, AI-driven managed security services, has signed a definitive agreement to acquire Aon's Cybersecurity and Intellectual Property (IP) Litigation consulting groups, which include recognized cybersecurity firm Stroz Friedberg, and Elysium Digital. This announcement marks a significant shift in the cybersecurity landscape, bringing together approximately 300 technology professionals with strong relationships across Fortune 500 enterprises, 80 percent of the Am Law 100 and a majority of Top 20 law firms in the UK under LevelBlue's expanding portfolio. The deal, while undisclosed financially, could position LevelBlue to become the largest independent pureplay Managed Security Services Provider (MSSP) globally by combining its carved-out AT&T services and ex-AlienVault AI-driven platform capabilities with Stroz Friedberg's digital forensics and incident response expertise and Elysium's intellectual property and trade secrets disputes capabilities. Nine Years of Growth and Integration at Aon Since Aon acquired Stroz Friedberg in 2016, the cybersecurity consulting firm has undergone significant transformation and expansion. The nine years under Aon's ownership were focused on building out proactive capabilities and integrating them with reactive incident response services. When Aon first acquired Stroz Friedberg, the strategy to combine proactive "readiness" services with reactive "response" was quite new. Stroz understood cyber is not just a technology problem, but a business risk problem which includes considering balance sheet risk transfer as an augmentation to that. This vision led to substantial integration efforts between Aon's brokerage capabilities and Stroz Friedberg's consulting services. The team worked to create a holistic approach where clients could address cybersecurity not just through technical controls, but through risk transfer mechanisms like cyber insurance. During this period, Stroz Friedberg significantly expanded its proactive services, acquiring companies like Gotham Digital for testing capabilities and building out advisory practices with former Big Four professionals. The integration wasn't just about adding services—it was about creating synergies. The two solutions—proactive and reactive—were integrated and feed each other and build off each other. As an example, the incident response teams share real-world threat actor tactics with the testing teams, who then incorporate these techniques into penetration testing scenarios for other clients. Under Aon's ownership, Stroz Friedberg also developed what they call "resilience retainers"—comprehensive service packages that go beyond traditional incident response retainers to include threat intelligence, testing services, and even technology procurement through strategic partnerships. This evolution represented a move toward more recurring revenue models and deeper client relationships. Why Aon is Ready to Let Go In my estimation, the decision for Aon to divest Stroz Friedberg wasn't driven by poor performance, but rather by strategic misalignment and market realities. From my analysis, I believe several factors contributed to this decision. First, there was a fundamental market evolution challenge. In 2016, the CISO and the risk manager were much further apart than they are today. Selling the integrated services took more time than first planned. And during this decade with Aon, cyber insurance has successfully created guardrails for incident response that are quite helpful for buyers, but challenging to a market that had hockey stick growth. Hourly rates once in the $400 an hour range, plummeted. Again, good for the buyer; not so much for the provider. Second, Aon's strategic focus has shifted back to its core competencies. The consulting business, while profitable, didn't meet the recurring revenue and EBITDA thresholds that Aon's other businesses achieve. Perhaps most significantly, the Aon ownership had become a competitive disadvantage rather than an asset. Insurance brokers limit which DFIR firms buyers can engage with and the fact that Stroz Friedberg was owned by Aon detracted from the overall consulting opportunity. This conflict-of-interest perception was limiting Stroz Friedberg's addressable market to essentially only Aon-brokered clients. Finally, there was the platform challenge. The cybersecurity market has increasingly moved toward platform-based solutions, with companies like CrowdStrike and Palo Alto Networks offering "platformization" where they get their technology in place and then build services around it. Aon was never going to make the investments needed to compete in this technology-driven market. The Strategic Value for LevelBlue The acquisition brings together two complementary companies in ways that create significant strategic advantages for LevelBlue. Stroz Friedberg's capabilities span four key practice areas that perfectly complement LevelBlue's existing platform: Security Advisory Excellence : Stroz Friedberg's advisory team brings deep expertise in cybersecurity strategy, governance, risk assessments, and emerging areas like AI security. This practical expertise in applying existing security frameworks to new technologies will be invaluable as LevelBlue's clients navigate emerging risks. Strong Testing and Red Team Capabilities : The acquisition includes a red team which has uncovered devastating vulnerabilities in a broad range of industries from finance and retail to critical infrastructure. This technical depth, combined with the ability to emulate real threat actor tactics, brings a level of sophistication that will differentiate LevelBlue's offerings. Threat Intelligence and Executive Risk Services : Stroz Friedberg's threat intelligence practice goes beyond traditional threat feeds to provide "managed intelligence" services. Their executive vulnerability assessments have helped clients prevent multi-million-dollar business email compromise attacks by identifying risks before they're exploited. This human-centric approach to threat intelligence will complement LevelBlue's AI-driven threat detection capabilities. Digital Forensics and IP Litigation : Perhaps most uniquely, the acquisition includes Elysium Digital's intellectual property litigation capabilities. This creates opportunities for LevelBlue to serve clients through the entire lifecycle of a cyber incident, from initial response through potential litigation. The timing is particularly strategic given market trends toward continuous threat exposure management (CTEM). Combining the operational side with both firms' technical expertise, proactive incident readiness and DFIR with digital risk management and IP litigation is a virtuous cycle both from a business standpoint and benefiting clients. With this acquisition LevelBlue can now offer this complete cycle of services. The acquisition also solves the platform challenge that Stroz Friedberg faced under Aon. LevelBlue brings the technology platform that can serve as an anchor for client relationships, while Stroz Friedberg brings the high-end consulting capabilities that create stickiness and differentiation. Furthermore, the continued strategic relationship with Aon means LevelBlue gains access to Aon's cyber insurance expertise and client relationships without the conflicts that limited Stroz Friedberg's market reach. This creates a unique competitive position where LevelBlue can serve both Aon clients and the broader market that was previously inaccessible. A Strong Strategic Move with Execution Ahead This acquisition represents a well-considered strategic move for LevelBlue. The company needed an infusion of additional capabilities and talent to compete with the platform-based approaches of companies like CrowdStrike and Palo Alto Networks. By acquiring Stroz Friedberg and Elysium Digital, LevelBlue gains not just significant incident response capabilities, but a complete suite of proactive and reactive cybersecurity services backed by deep technical expertise and prestigious client relationships. The strategic logic is compelling: combine LevelBlue's AI-driven managed detection and response platform with Stroz Friedberg's consulting excellence to create a unified cybersecurity services platform. This positions LevelBlue to offer everything from 24/7 monitoring and threat detection to strategic advisory services, penetration testing, incident response, and even IP litigation support. The success of this acquisition will depend on LevelBlue's ability to maintain the high-caliber talent that makes Stroz Friedberg special while successfully integrating their methodologies and client relationships into a unified service delivery model. Both organizations bring strong cultures and established ways of working that will need to be thoughtfully combined. If executed well, this acquisition could establish LevelBlue as a strong independent alternative to the platform vendors, offering clients the deep expertise of a boutique consultancy with the scale and technology capabilities of a global managed services provider. This positions the combined organization well for the evolving cybersecurity landscape, where clients increasingly seek comprehensive solutions that span prevention, detection, response, and recovery.

By Rory Duncan and Christina Richmond APIs are the backbone of modern digital infrastructure, connecting applications, services, and systems across the internet. As people and organizations increasingly rely on APIs to power nearly everything in our digital experience, security challenges haven’t stayed still but have evolved dramatically. What began as a gap in traditional web application firewall (WAF) coverage has grown into a comprehensive security discipline that now intersects with artificial intelligence and machine learning technologies. The Growing API Threat Landscape Recent data reveals a concerning trend in the cybersecurity landscape. Analysis of the CISA Known Exploited Vulnerabilities (KEV) catalog shows that API-related vulnerabilities jumped from 20% of all exploited vulnerabilities in 2023 to 50% in 2024. This dramatic increase reflects both the growing prevalence of APIs in modern applications and their attractiveness as attack targets. The intersection of API security with artificial intelligence presents an even more compelling picture. AI-related vulnerabilities in the CVE database increased from 39 in 2023 to 439 in 2024 – more than a ten-fold increase – according to a report by Wallarm . Perhaps most striking is that 98.9% of AI-related vulnerabilities are API vulnerabilities, with 77.4% being directly API-related and 22% indirectly related through third-party components. This overlap isn't coincidental. AI applications, particularly AI agents, are fundamentally built on API architectures. Every interaction with an AI system – whether submitting a prompt, receiving a response, or executing an action – involves API communications. As AI agents become more sophisticated and autonomous, they require access to numerous APIs to perform their functions, creating an exponential increase in API attack surface. Core Challenges in API Security Gaps in traditional WAF coverage are architectural, operational, and contextual. WAFs are optimized for HTTP traffic tied to web forms, URLs, and user sessions. APIs, by contrast, are machine-to-machine and stateless, with very different patterns: JSON/XML payloads, REST/GraphQL/gRPC protocols and custom business logic in payloads, not just URLs or headers. WAFs can miss malicious intent buried in complex API requests (e.g., logic abuse, injection in nested JSON). APIs lack a UI so WAFs miss business logic abuse. They expose direct access to functions like money transfer, password reset, or data export without front-end guardrails. WAFs can't understand API business logic deeply enough to detect misuse such as broken rate limits, privilege escalation, mass enumeration or data scraping. APIs change frequently and are often undocumented. Dev teams push new APIs rapidly, often without security teams in the loop. WAFs rely on static rule sets or signatures — not ideal for environments where API endpoints change often or there is little or no schema (OpenAPI) visibility. Authentication and authorization risks are out of scope for WAFs and they can't enforce fine-grained access control across users, roles, or tenants. API attacks often exploit Broken Object Level Authorization (BOLA), Broken Function Level Authorization (BFLA) and use token theft or manipulation. WAFs don't understand user roles or context from identity providers. Finally, traditional WAFs struggle with API discovery and shadow APIs which means that many APIs go unmonitored and are "shadow" or become "zombie" APIs. WAFs don’t have native capabilities for API inventory and version tracking or schema validation (e.g., OpenAPI contract enforcement). Hence, three primary challenges exist when implementing API security: Discovery and Visibility The "unknown unknowns" problem remains one of the most significant challenges in API security. Organizations struggle to maintain complete inventories of their APIs, often discovering shadow APIs – endpoints that exist in production but aren't documented in specifications. The challenge extends beyond simple discovery to understanding what sensitive data these APIs expose and what risks they present to the organization. Runtime Protection Traditional security approaches often fall short when applied to APIs. Unlike web applications where human users interact through browsers, APIs handle programmatic traffic where every interaction is essentially automated. This fundamental difference requires security solutions that can detect and block attacks in real-time while understanding the nuanced behaviors that distinguish legitimate API usage from malicious activity. 3. Resource Constraints Many organizations lack either the personnel or the specialized knowledge required to effectively secure their API infrastructure. API security requires understanding not just traditional web security concepts but also API-specific attack vectors, authentication mechanisms, and architectural patterns. Modern API Security Approaches Effective API security requires a comprehensive approach that addresses discovery, protection, response, and testing: Discovery and Attack Surface Management Modern API security begins with understanding what exists in your environment. This includes both internal discovery through traffic analysis and external assessment through scanning publicly accessible domains. Advanced solutions can identify not just REST APIs but also GraphQL endpoints, gRPC services, WebSockets, and other API protocols. External attack surface management has become particularly valuable, allowing organizations to discover APIs associated with their domains without requiring internal deployment. These tools can identify API gateways, assess existing security controls, and even test the effectiveness of web application firewalls against API-specific attacks. Real-Time Protection Unlike most web application and API protection (WAAP) tools that collect data for later analysis, modern API security platforms operate inline, making protection decisions in real-time. This approach offers several advantages: Immediate threat response : Attacks are blocked as they occur rather than being detected after the fact Privacy preservation : Sensitive data doesn't need to be stored in external systems for analysis Reduced latency : Security decisions are made without round-trips to external analysis systems The challenge lies in accurately distinguishing between legitimate and malicious behavior. Single-request attacks like SQL injection are relatively straightforward to detect and block. However, behavioral attacks that span multiple requests – such as account takeover attempts or data scraping – require more sophisticated analysis. Behavioral Analysis and Anomaly Detection Modern API security platforms employ multiple detection engines that analyze different aspects of API behavior. These might include: Rate limiting and velocity analysis : Detecting unusually high request rates that might indicate automated attacks Authentication pattern analysis : Identifying credential stuffing or brute force attacks Data access pattern analysis : Detecting systematic data extraction attempts Session behavior analysis : Understanding normal user journeys versus suspicious navigation patterns The combination of these detection mechanisms helps identify complex attack patterns that might evade simpler rule-based systems. The API Security Architecture Evolution API security solutions have evolved through several architectural approaches: Cloud-Native Security Software-as-a-Service (SaaS) API security platforms offer the fastest deployment and lowest maintenance overhead. Organizations simply redirect DNS traffic through the security platform, which then analyzes and forwards legitimate traffic to the actual APIs. This approach works well for external-facing APIs and offers immediate protection with minimal infrastructure changes. Hybrid Deployments For organizations requiring more control, hybrid architectures allow the security control plane to remain in the cloud while filtering components are deployed within the organization's infrastructure. This approach provides flexibility in deployment location while maintaining centralized management and threat intelligence. On-Premises Solutions Organizations with strict data sovereignty requirements can deploy API security platforms entirely within their own infrastructure. While this requires more operational overhead, it provides complete control over data handling and processing. AI-Driven Threats and Defenses The emergence of AI agents has introduced new categories of API threats: Indirect Prompt Injection AI agents that interact with external APIs may be susceptible to prompt injection attacks delivered through API responses. An attacker might compromise a third-party API to return responses containing malicious prompts, potentially causing the AI agent to take unintended actions. Agentic API Abuse AI agents typically require access to multiple APIs to accomplish their tasks. A single agent might connect to dozens of APIs for functions like calendar management, email sending, payment processing, and data retrieval. This creates a multiplication effect where the compromise of one agent can lead to widespread API abuse across multiple services. Adaptive Attack Patterns AI-powered attacks can learn from defensive responses and adapt their behavior in real-time. This creates a cat-and-mouse game where static security rules become less effective over time. To counter these emerging threats, security platforms are beginning to incorporate AI-driven defense mechanisms. These systems use machine learning models specifically trained to detect malicious prompts and API abuse patterns, creating an "AI versus AI" defensive scenario. The Business Impact of API Security As APIs become more central to business operations, API security is evolving from a technical concern to a business-critical function. Organizations are beginning to understand the direct connection between API availability and revenue protection. API security platforms may, in future, develop capabilities to map API endpoints to business functions and quantify the financial impact of API attacks. This business-focused approach may help organizations prioritize their security investments and demonstrate the value of API protection programs. Future Directions The API security landscape continues to evolve rapidly. Several trends are shaping the future of the field: Protocol Diversity While REST APIs remain dominant, organizations are increasingly adopting GraphQL, gRPC, WebSockets, and other API protocols. Security solutions must evolve to provide comprehensive protection across this diverse protocol landscape. Integration with Development Workflows API security is moving left in the development lifecycle, with security testing integrated into CI/CD pipelines and development tools. This shift helps identify vulnerabilities before APIs reach production. Business Process Integration As APIs become more tightly coupled with business processes, security platforms are developing capabilities to understand and protect entire business workflows rather than just individual API endpoints. Zero Trust Architecture API security is becoming a key component of zero trust security models, where every API request is authenticated, authorized, and verified regardless of its source. Conclusion APIs are at the center of our digital world. API security has evolved from a niche concern to a critical foundational element of cybersecurity strategy. The convergence of API proliferation, AI adoption, and increasingly sophisticated attack techniques creates both challenges and opportunities for security professionals. Success in API security requires a comprehensive approach that combines discovery, real-time protection, behavioral analysis, and business alignment. As the field continues to mature, organizations that invest in robust API security capabilities will be better positioned to safely leverage the power of APIs and AI while protecting their critical business functions. The future of API security lies not just in better detection and protection mechanisms, but in deeper integration with business processes and development workflows. As APIs continue to power digital transformation, their security will remain a critical enabler of business success.

Fresh off the RSA Conference 2025, Richmond Advisory Group shares quick profiles of each of the companies we met with in our "RSA-May series". Note that some of the content may been generated by an AI note transcriber but that all published content was reviewed and fact-checked by the profiled company. We are very grateful for the time each company spent with us. Netcraft, based in the United Kingdom and founded in 1994, is a GRC cybersecurity vendor specializing in digital risk protection. The company offers a comprehensive platform that includes services such as cybercrime detection, threat intelligence, phishing detection and disruption, brand protection, domain protection, and cyber threat feeds. Netcraft's solutions are designed to protect organizations from various cyber threats, including phishing, malware, fraudulent profiles, fake shops, and brand infringement. Their platform integrates with external threat intelligence and enterprise systems, providing rapid detection, disruption, and takedown of cyber threats to safeguard critical infrastructure and maintain customer trust. ( IT-Harvest ) Offerings : Mobile Device Protection, Social Media Protection, Phishing Detection & Disruption, Domain Protection, Conversational Scam Intelligence, Browser Extension, Cyber Threat Feeds, Domain & Website Takedown, Brand Protection. ( IT-Harvest ) Richmond Advisory Group met with: Dal Billings , VP of Marketing and Rob Duncan , Product Strategy. Core Business Operations : Engages in detecting malicious activity and takedowns, covering 100+ attack types. Processes 23 billion datapoints annually, with a focus on fully automated threat detection and response with near-zero minimizing false positives. Major threats include phishing, social engineering, and fake online stores. Detection & Takedown Efficiency : Take down of 1/3 of all phishing sites globally . Achieved hundreds of millions of takedowns in March, averaging 2.6 hours per takedown. Critical response time highlighted, as 93% of phishing views happen within 19 hours. Strong API ties with key infrastructure providers enhance operational speed. Business Evolution : Evolved to a structured organization post private equity investment from Spectrum Equity; focus on U.S. market expansion. Currently profitable with growth; key customers include financial institutions, governments, and retailers. Competitive Advantage : Differentiators include high automation (99%+), rapid response times, and trusted provider relationships. Many clients authorize autonomous threat detection and takedowns.

Fresh off the RSA Conference 2025, Richmond Advisory Group shares quick summaries of the discussions we had with each of the companies we met with in our "RSA series". Note that some of the content may have been generated by an AI note transcriber but that all published content was reviewed and fact-checked by the profiled company. We are very grateful for the time each company spent with us. We had several interesting conversations with IBM across various teams: Executives, product managers and marketers brought us up to speed on Guardium (data security), Verify (identity security), X-Force, Cyber Threat Management Services, and the Palo Alto Networks partnership. In our chat with Vishal Kamat we discussed crypto agility solutions and customer understanding of encryption / quantum challenges. Crypto agility solutions focus on developing strategies that allow organizations to adapt their encryption methods quickly in response to evolving threats and regulatory requirements. Post Quantum Cryptography (PQC) is a less tangible discussion because of the unclear timing of cryptographically relevant quantum computers. However, IBM is seeing significant growth in its Quantum Safe software and consulting services which means that the highly regulated and/or very large enterprises are beginning to earmark budget to discuss evolving their security programs to meet the PQC requirements. We also discussed how IBM is evolving its Guardium portfolio to continue its focus on product capabilities for emerging threats. There is a strategic shift toward bringing identity and data security together as 'the new perimeter' which resonates with the market. We discussed how data and identity integration will evolve with AI agents and non-human identities perpetuate.  Moving on to our chat with the Threat Management team, we met with Dave McGinnis, John Velisaris and Matt Shriner, including the RSAC announcement of the Autonomous Threat Operations Machine (A.T.O.M.). This "SOC robot" is an agentic digital labor AI solution that works across 200+ IBM clients today. It handles L1 and L2 security operations while humans remain involved at L3 and above which addresses the longstanding issues of alert fatigue and overwhelm. We were given a demo and we have to say it produced a full investigation of a complex incident in 80 seconds in front of our eyes. A similar investigation+report would take humans many days, if not weeks. IBM's Predictive Threat Intelligence (PTI) is fully integrated with A.T.O.M. to enable autonomous threat hunts. PTI uses algorithms that analyze attack surface and malicious attacker activity, leverages asset inventories, and processes both structured and unstructured intelligence feeds. The agentic technology uses Kestrel for autonomous distributed threat hunting, can work with data in AWS S3 buckets and Azure data lakes using the Kestrel connectors. As an output, the tool shows all its work for threat hunters alongside a full report of findings. It provides recommendations for threat hunt queries relevant to the client environment, or, within the highest SOC analyst tier, can also execute hunting queries.  The IBM Verify portfolio overview was next up with Bob Slocum, Patrick Wardrop and John Nielsen. The portfolio includes customer-managed/self-managed identity products competing with key identity competitors. The traditional on-premises and modernized SaaS platform with API-first architecture provides identity security posture management (ISPM) with and identity threat detection and response (ITDR) capabilities identifying and remediating both human and non-human (NHI) identities. Credential management status tracking and compliance assist organizations in maintaining regulatory control and data sovereignty. The solution supports integration with third-party identity solutions and deployment flexibility across various platforms. Finally we checked in on the Palo Alto Networks/IBM partnership meeting with Sheryl Chamberlain and Tim Van den Heede on the last day of the conference. The partnership has seen growth with targets exceeded by 400% compared to pre-partnership levels and significant pipeline year-over-year. Both companies are committed to the migration of QRadar SaaS (QROC) to Cortex and assisting companies with their overall security posture together where the deals make sense. Palo Alto sales teams are learning different sales motions involved in consulting engagements and both SMEs stated that there are educational efforts in progress to continue that evolution. To learn about the combined offerings, clients are benefiting through engagements with the IBM X-Force Cyber Range, which creates immersive simulations through realistic breach scenarios. Both executives highlighted IBM's A.T.O.M. Sheryl is impressed by the value clients are getting through the integration of A.T.O.M. and IBM’s managed service for Cortex XSIAM. Richmond Advisory Group was thrilled to host Mark Hughes and Jake Paulson on our Cyber Sidekicks podcast which aired Tuesday May 6th. We discuss A.T.O.M. and IBM's Threat Intelligence Index.

Fresh off the RSA Conference 2025, Richmond Advisory Group shares quick profiles of each of the companies we met with as an "RSA Series”. Note that some of the content may have been generated by an AI note transcriber but that all published content was reviewed and approved by the profiled company. We are very grateful for the time each company spent with us.   RedSeal Founded in 2004, RedSeal offers proactive exposure management, helping companies reduce their potential attack surface and manage security risk across their hybrid environments. It is known for its ability to analyse attack paths, validate threats, and prioritize remediation. RedSeal’s platform provides an integrated approach, offering a comprehensive baseline for implementing programmatic Continuous Threat Exposure Management (CTEM). RedSeal's dynamic network mapping and compliance framework integration covers both cloud and on-premises operations and is used in complex networks in sectors such as energy, financial services, healthcare, US Government agencies and the military.   Offerings : Full network mapping and visualization, compliance, risk prioritization, 150+ integrations with enterprise networking and security products; CTEM framework support via the RedSeal platform; The RedSeal Fusion Program combines best-of-breed cloud and network solutions with RedSeal partner benefits.   Richmond Advisory Group met with: Jane Paolucci , Senior Vice President of Marketing   Core Business Operations : Headquartered in Menlo Park, CA, RedSeal has a small office in India. It has around 150 employees and annual revenue of $50-$100 million. It has hundreds of customers across multiple industry sectors and is keen to grow its large enterprise business.   Business Evolution : RedSeal is privately owned and has seen multiple investment rounds from the likes of Venrock, Icon Ventures, Sutter Hill Ventures, Math Venture Partners and Runway Growth Capital. In 2019 it was bought by Symphony Technology Group (STG).   Competitive Advantage : In May, RedSeal won the 2025 SC Award for Best Continuous Threat Exposure Management (CTEM) Solution. In October 2024 it was named “Zero Trust Network Access Solution of the Year” in the 8th annual CyberSecurity Breakthrough Awards program.

Fresh off the RSA Conference 2025, Richmond Advisory Group shares quick profiles of each of the companies we met with as an "RSA Series”. Note that some of the content may have been generated by an AI note transcriber but that all published content was reviewed and approved by the profiled company. We are very grateful for the time each company spent with us.   Background Founded in Israel 2014 and focused on proactive threat exposure management, SafeBreach launched one of the first continuous security validation platforms that encompasses threat assessment, security control validation and cloud security assessment. The company is known for its enterprise-grade exposure validation and attack path validation capabilities. The SafeBreach platform encompasses breach and attack simulation (BAS) capabilities. SafeBreach Validate tests the how well a customer’s deployed security controls fare against real-world threats, while SafeBreach Propagate is an automated attack-path validation tool for measuring the extent and impact of security breaches. The company offers 65+ integrations for enterprise security.   Offerings: Platform-based Break and Attack Simulation (BAS), No-code Red Teaming, SafeBreach-as-a-Service (fully managed service), and RansomwareRX. A partnership with ServiceNow brings capabilities in asset management and discovery, as well as strengthening its Continuous Threat Exposure Management (CTEM) framework strategy.   Richmond Advisory Group met with: Koby Bar , VP of Product Core Business Operations : Headquartered in California, SafeBreach maintains its R&D facilities and Research Labs in Tel Aviv, a key resource for global CVE Discoveries as well as generating insights for its Hacker’s Playbook. Since 2014 the company has raised over $240 million in multiple investment rounds and is estimated by to have an ARR of between $30-$40 million according to multiple sources. Business Evolution : Privately-owned, SafeBreach has grown its large enterprise presence to include the global top 5 or top 10 firms in the healthcare/pharmaceutical, financial services/banking, telecoms and transportation (airlines) sectors. It also expanded its channel partner program in March 2025 to include Managed Security Service Providers (MSSPs).   Competitive Advantage : SafeBreach is considered a key innovator in the BAS sector.  It was awarded the Most Innovative in the Adversarial Exposure Validation (AEV) category of the 13th Annual Global InfoSec Awards from Cyber Defense Magazine (CDM) at RSAC 2025.

Fresh off the RSA Conference 2025, Richmond Advisory Group shares quick profiles of each of the companies we met with as an "RSA Series”. Note that some of the content may have been generated by an AI note transcriber but that all published content was reviewed and approved by the profiled company. We are very grateful for the time each company spent with us.   Background Founded in Denmark in 2013, Cobalt provides offensive security services and is best known for its Penetration Testing-as-a-Service (PTaaS) offerings, covering web applications, APIs, networks etc. The Cobalt Offensive Security Platform integrates Attack Surface Management, Automated Scanning, and OffSec engagements with its pen testing services. Cobalt’s pen tester are contractors (not employees) and this “crowd sourced” model provides for quicker scheduling and flexible engagement times. Focused on the mid-market and enterprise sector, Cobalt has a global footprint and a “remote first” policy, with offices in Berlin and San Francisco. Offerings : Application, API and Cloud Network pentesting, Device security (device hardening & IoT testing), Red Teaming with tabletop exercises, Compliance and Secure DLC, Digital Risk Assessment, Secure Code Review services. All delivered through a PTaaS platform.   Richmond Advisory Group met with: Anne Nielson , Senior Director, Product Marketing.   Core Business Operations : Cobalt has 450 pen testers who average 11 years of experience each. The company conducts around 5000 pen tests annually. Customers encompass SaaS providers as well as the healthcare, education and finance sectors. Business Evolution : Privately-owned, Cobalt has been featured in Inc 5000’s fastest-growing American companies for the past 4 years and has over 1,400 customers. The company has an established partner ecosystem, working with VARs, MSPs and MSSPs, to service its SMB, mid-market and enterprise customers. Competitive Advantage : Cobalt is recognised as an innovator in PTaaS, with a methodical, programmatic approach that distinguishes it from bug bounty services. Cobalt’s contract pen tester model provides flexible and rapid scalability and is unique to Cobalt.

Although it's now a month ago, RSA Conference 2025, seems like yesterday. Richmond Advisory Group shares quick profiles of each of the companies we met with in our "RSA series". Note that some of the content may have been generated by an AI note transcriber but that all published content was reviewed and fact-checked by the profiled company. We are very grateful for the time each company spent with us.  Background Expel is a managed detection and response (MDR) provider founded in 2016, headquartered in Herndon, Virginia. Richmond Advisory Group met with David Merkel (“merk” CEO) and Yonni Shelmerdine (CPO). Core Business Operations Expel operates in two distinct market segments: Enterprise (3,000+ employees) representing 60% of revenue and Commercial (<3,000 employees) at 40% of company revenue. The company differentiates from competitors like Arctic Wolf by focusing on customers who already have their own security products in place rather than requiring technology purchases or replacement of security tools. Expel has achieved exceptional gross margins - significantly above the industry standard of ~60% - through their automation-first approach. All revenue is recurring with no professional services component. Key operational metrics show increasing ARR per analyst and alerts per analyst year-over-year are staying flat, demonstrating scalability across their increasing customer base. Richmond Advisory Group was skeptical at first and pressed for details, which were provided, and which confirm the claim. MDR Offering The core service provides 24x7 security monitoring with comprehensive coverage across multiple attack surfaces such as cloud, endpoints, networks, email, and identity platforms. Recent additions include email threat protection expanding beyond their traditional reactive approach. The company leverages 130+ technology integrations and emphasizes their "bring your own technology" model, allowing customers to maximize existing security investments. Expel's proprietary platform, Expel Workbench™, provides automation and full transparency into SOC operations, with customers able to follow live investigations. The company maintains an industry-leading 17-minute MTTR on high/critical incidents. Business Evolution Recent strategic changes include new leadership appointments: Scott Fuselier as CRO (CrowdStrike background) and Yonni Shelmerdine as CPO (SentinelOne background). The company is investing heavily in thought leadership content and threat intelligence to drive brand awareness. This effort has resulted in significant website traffic increases. AI integration has expanded beyond existing ML capabilities to include LLM applications for automated findings report generation and enhanced SOC analyst efficiency, while maintaining human oversight that enterprise customers specifically value. Competitive Advantage Expel competes primarily with standalone MDR providers (ReliaQuest, Red Canary) and product-backed solutions (CrowdStrike Falcon Complete). The company's key differentiators include: ●      SOC Efficiency : MTTR of 17 minutes or less on high/critical incidents ●      Technology Integration : Superior ability to ingest diverse data sources and remediate back to source systems compared to competitors ●      Transparency : Unique full-visibility approach to SOC operations, customers see what Expel analysts see and can communicate directly with their assigned analysts ●      Customer Satisfaction : 99% customer trust rating with 80+ Net Promoter Score Finally, we discussed market consolidation and Expel believes it is well-positioned given their proven business model and strong margins. However, the management team does expect challenging economic conditions to impact buyer behavior in Q2, requiring stronger business value justification for security purchases.

By Rory Duncan and Christina Richmond as a Richmond Advisory Group Point of View April 7, 2025 Google’s announcement of its intention to acquire cloud cybersecurity specialist Wiz was a surprise, but for reasons other than the obvious. Wiz had already rejected a previous offer from Google in 2024, so it was reasonable to expect that Google might come back with a better offer. Even the fact that Wiz had agreed to be acquired – instead of going for a much-heralded IPO – was perhaps inevitable, given the current macroeconomic climate and market uncertainty. What raised eyebrows was the size of the transaction - $32 billion, equal to the GDP of Iceland, and the largest acquisition Google has made by a margin of over $20 billion. Oh, and did we say it was an all-cash deal? We’re unlikely to hear further public statements about the acquisition until due diligence has been done, the relevant legislative authorities have been consulted, etc. However, a deal of this magnitude generates a lot of questions that when unanswered, creates speculation. We have attempted to answer some of them below. Wiz’s Meteoric Rise For a barely five-year-old company, Wiz’s journey has been nothing short of remarkable: • January 2020: Founded by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded Cloud Access Security Broker (CASB) firm Adallom. • May 2024: Raised $1 billion to be valued at $12 billion. • July 2024: Rejected Google's purchase offer of $23 billion, telling employees it would seek an IPO. • January 2025:  Appoints a new CFO who publicly talked up the impending IPO. • March 2025: Announces that it is being acquired by Google for $32 billion. In just 10 months, Wiz saw its valuation skyrocket 2.7x. Not bad for a five-year-old startup. IPO Dreams Deferred: Why Sell Now? Was this “A tale of IPO caution? A reaction to the current market conditions? An opportunity to cash-in?" With Wiz recently hiring a new CFO and openly discussing IPO plans, what changed? Several factors might explain the pivot: The IPO market has been sluggish, with Investor's Business Daily reporting on February 28, 2025, that technology "unicorns" have been slow to go public since the 2021 bull market faded. However, AI cloud firm CoreWeave filed for its IPO in early March 2025, seeking a $35 billion valuation—not far from Wiz's acquisition price. And as of March 28, 2025, it began selling on the NASDAQ. In May last year Wiz stated it wanted to reach $1B in annual recurring revenue (ARR) before it launched its initial public offering. At this time, the company was likely already in talks with Google on the $23B deal that ultimately failed in July. In January, the CNAPP company announced the appointment of the retired ex-DreamWorks CFO, Fazal Merchant. He supported and reiterated the belief that Wiz was going to seek IPO. However, a lot changed in the waning moments between his appointment and the announcement of the $32B acquisition in March: the new U.S. administration entered the White House and with it the new FTC Chair, Andrew Ferguson. The previous FTC chair, Lina Khan, was known for her aggressive stance on Big Tech and her tenure was marked by a focus on antitrust enforcement against large technology companies, including Amazon, Meta, and others. While Ferguson is not yet a known quantity, the administration is clearly supportive of the tech industry. Add to this that all investors (including those on the Wiz board and its venture capital partners) have been watching to see if Trump 2.0 would boost the stock market. Rhetoric on tariffs came to fruition last week with “Liberation Day,” in the U.S. and the global tariff battle has sent the NASDAQ, Dow and S&P reeling. We can’t know what was going through the minds of Mr. Merchant and the Wiz founders nor what Andrew Ferguson will make of the $32B Google acquisition, but it is fair to say that it’s harder to get to $1B in ARR in a shifting global economy than it is to take the $32B in cash today. Some analysts believe that Ferguson is good news for Big Tech. We’ll leave that with them and go with the “bird in the hand” theory. Google's Acquisition History: Breaking the Pattern This deal represents a significant departure from Google's typical acquisition strategy. According to Tracxn, Google has completed 262 acquisitions with an average amount of $704 million—making Wiz over 45 times larger than their average deal.   Google's acquisition activity has slowed in recent years, averaging just one per year over the past three. Their most recent cybersecurity purchases for Google Cloud came in 2022 when they acquired Mandiant, Forseeti, and Siemplify.   We’ve seen Google’s acquisitions integrated well from an engineering standpoint but not always from a go-to-market angle. Searching for Siemplify leads one clearly to Google Security Operations (formerly Google Chronicle), while Mandiant is still very much its own brand though it lives within Google SecOps as well. What Does Wiz Bring to Google? Wiz offers a comprehensive Cloud-Native Application Protection Platform (CNAPP) with three key components: • Wiz Code:  Unified security across code, CI/CD, and cloud environments with code-to-cloud mapping that traces risks back to source code. • Wiz Cloud:  Agentless visibility and risk prioritization to proactively reduce attack surfaces across cloud environments. • Wiz Defend: Cloud-focused detection and response with real-time visibility for SecOps teams.   Probably the most exciting capability Wiz offers Google is the ability to remediate multicloud configurations. What makes Wiz stand out in the crowded CNAPP market? • Agentless Architecture: Simplified deployment without performance impacts • Graph-Based Security: Mapping cloud resources and relationships to identify complex attack paths • Unified Platform: Integration of multiple security functions in one solution • Ruthless Risk Prioritization: Focus on addressing critical risks first • AI Integration: First CNAPP to incorporate AI Security Posture Management Understanding CNAPP: The Evolution of Cloud Security A Cloud-Native Application Protection Platform combines multiple security functionalities into a single unified solution designed to protect cloud-native applications throughout their lifecycle.   Key features include: • Centralized Security: Integrates Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), Cloud Infrastructure Entitlement Management (CIEM), and Kubernetes Security Posture Management (KSPM) • Lifecycle Protection: Secures applications from development through runtime • Automation and Monitoring: Provides continuous monitoring and real-time threat detection • Team Collaboration: Bridges gaps between DevOps, DevSecOps, and SecOps teams CNAPPs typically consist of four key functions in two categories: • Application Protection: Cloud Infrastructure Entitlements Manager (CIEM) and Cloud Workload Protection Platform (CWPP) • Network-Level Protection: Cloud Access Security Broker (CASB) and Cloud Security Posture Manager (CASM) According to David Strom's "CNAPP Buyers Guide" (CSO Online, September 2022), vendors approach CNAPP from either a DevSecOps perspective (focusing on CIEM and CWPP) or a traditional IT security perspective (emphasizing CASB and CASM). Wiz approaches CNAPP from the traditional IT security angle, with its standout feature being "risk prioritization queue with graph visualization." Wiz’s Competition There are many vendors – big and small – that offer partial or substantial parts of a CNAPP platform:   The largest firms – such as Microsoft, CrowdStrike, Check Point and Trend Micro – already have comprehensive platform-based offerings for protecting cloud-based assets. They also offer cloud native support (to a greater or lesser degree). They may not provide the level of functionality that a dedicated CNAPP provider does, but they are an attractive option for those companies already using products from those providers. Integration may be relatively easy and considerations such as existing licencing and support come into play.   Smaller vendors and service providers can offer more discreet CNAPP functionality and focus that may be more applicable to certain industries or niche use cases. They can often boast many years of experience in this sector. Firms such as Lacework, Orca Security, Prisma Cloud, Sysdig, Aqua Security, Singularity Cloud and many others may not have as comprehensive a platform as the larger vendors, but they have strong CNAPP credentials.   The challenge for Google will be how to position Wiz within its portfolio given the competitive environment: integrate it with the Google Cloud platform to enhance its “complete” positioning, or retain its “best at CNAPP” position and go to market as a specialist product for a subset of clients and retain the Wiz brand? Our two cents, since you’ve asked, is to go with the “complete” positioning, integrate Wiz substantially while working to retain clients and partnerships AND tout its best at CNAPP reputation. The reason is simple: Google is Google. It is a long-standing, solid brand seeking to cement its role in cybersecurity across multiple cloud environments. This is not a quick or easy thing to do, however.   Partnership Complications Wiz boasts an impressive 157 integrations with various services, including Google's cloud competitors Microsoft Azure and AWS. The acquisition raises questions about the future of these partnerships. Will Microsoft and AWS continue their relationships with Wiz once it becomes part of Google Cloud? This competitive dynamic could potentially impact Wiz's client reach and integration ecosystem.   Regulatory Hurdles Ahead While the acquisition is real and a definitive agreement has been signed, several regulatory challenges lie ahead: • Antitrust Concerns: Regulators in the U.S., EU, and other markets will scrutinize potential anti-competitive effects, particularly given Google's ongoing antitrust lawsuits. • Patent Litigation: Wiz faces a patent infringement lawsuit from competitor Orca Security, which could complicate the acquisition. • Uncertain Regulatory Climate: Under the Trump administration, regulatory policies remain in flux, though the FTC under Andrew Ferguson has emphasized strict merger guidelines though he also has stated the FTC will “get out of the way” if a merger isn’t likely to “hurt Americans economically.” • Integration Challenges: Google's mixed track record with major acquisitions (Motorola Mobility, Nest) raises questions about successful integration. • Global Regulatory Scrutiny: International regulators increasingly cautious about Big Tech consolidation. Due to these challenges, the deal is expected to close in 2026 rather than sooner.   The Strategic Vision Looking beyond the regulatory and potential partnership hurdles, the strategic rationale for the acquisition appears compelling: • Create a leading multicloud security platform with tighter integration between Wiz and Google services and better protect customers' multicloud environments • Combine Google's AI capabilities with Wiz's graph technology to potentially drive new security innovations • Enable developers to move faster while maintaining security • Unlock enterprise data to enhance AI capabilities and provide greater customer insights • Bring world-class threat intelligence to the Wiz platform to combat sophisticated threats A continuing trend by many vendors and service providers has been to "platformize" their offerings. This is said to provide convenience – a "one throat to choke" – with simplified administration and licencing etc. The counter viewpoint is that buyers want to exercise their right to choose "best of breed" solutions, reducing vendor "lock-in" and giving them more control over potential integration, and flexibility in deployment. The issue with positioning a "Complete" Platform is that it doesn't really exist. It's "complete" at a point in time relevant to the requirements of the task(s). As existing requirements change, or new requirements emerge, the platform needs to add those features/functions to maintain its 'complete' status. The more requirements a platform needs to satisfy, the more it needs to be updated to maintain its status of being "complete". Best of breed solutions also need to be updated as requirements change, but the nature of their focused functionality means that this should be easier and less often (maybe?). The cloud security landscape continues to evolve rapidly, and with this acquisition, Google is making a bold statement about its commitment to enterprise security. Whether this blockbuster deal will clear regulatory hurdles and deliver on its promise remains to be seen, but one thing is certain: the cloud security market will never be the same.

A quick conversation with Blackwire  Lab’s Joshua Ray and Richmond Advisory Group .     On this week’s Cyber Sidekicks , Rory and I chatted about an article  he found in Security Week titled “Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses.”  We reached out to several AI-focused companies and had a great conversation with Josh. Thanks Josh!  I give them kudos for stepping out. Doing this type of research in this environment is really hard, it's like trying to analyze weather patterns while sitting on top of a plane going 500mph then having folks say, ‘how come you didn't use Helvetica font. ~Joshua Ray, Founder, CEO of Blackwire Labs . Before chatting, Josh read the entire report, which reads a lot like a scientific lab paper! Hats off to him!   Here’s a breakdown of key findings, novel approaches, and potential gaps we discussed.    The document  “A Framework for Evaluating Emerging Cyberattack Capabilities of AI” was written by six researchers at DeepMind: Mikel Rodriguez, Raluca Ada Popa, Four Flynn, Lihao Liang, Allan Dafoe and Anna Wang. It outlines a comprehensive framework for evaluating the potential of AI to enable cyberattacks, focusing on systematic analysis and defense prioritization. They “analyzed over 12,000 real-world instances of AI use in cyberattacks catalogued by Google’s Threat Intelligence Group. Based on this analysis, [they] curated seven representative cyberattack chain archetypes and conducted a bottleneck analysis to pinpoint potential AI-driven cost disruptions. [The] benchmark comprises 50 new challenges spanning various cyberattack phases. Using this benchmark, [they] devised targeted cybersecurity model evaluations, report on AI’s potential to amplify offensive capabilities across specific attack phases, and offer recommendations for prioritizing defenses.”    Net-net, both we give Google’s DeepMind researchers our appreciation for starting the effort to classify, quantify, analyze and prioritize AI cyberattacks. Any new technology creates defensive challenges; AI goes beyond the usual "new tech" challenges with its speed to create attacks, complexity of its own architecture in addition to the adversary’s use of it, and the potential for obfuscation through bias, hallucination and desire to find an answer at all costs.   Interesting Novel Approaches  Integration of AI-Specific Threats   The framework adapts traditional cyberattack models like the “Cyberattack Kill Chain ( Lockheed Martin ) and MITRE ATT&CK  to account for AI's unique capabilities, such as automating complex tasks and reducing barriers for malicious actors. We agree with Josh that creating a cyberattack model specific to AI attacks is an important and necessary step.  Dynamic "Basket of Cyber Goods"  We thought this was a creative concept inspired by economic inflation measurement. The idea is to track AI-driven cost changes across attack phases, enabling defenders to anticipate shifts in attack economics.  The DeepMind researchers “suggest using an evolving ‘basket of cyber goods’ representing typical attack patterns based on real-world threat intelligence by systematically measuring potential AI-driven cost changes across attack chain stages and patterns…” With this, one could “develop a robust framework for evaluating AI model risk.”   It's a great idea but needs development. The researchers don’t offer insight into how the basket of goods would be defined or what would be included. We must agree with Josh when he said, “he’d be interested to see how this can be measured over time and in an operational environment.”    Targeted Model Evaluations   Josh believes this is “plausible but offensive ops are hard and highly variable - these evaluations simulate real-world conditions, incorporating constraints like noisy data and adversarial defenses. Metrics include time-to-completion, success rates, and scalability.”  Focus on Under-Researched Phases  Time zero-day discovery to weaponization: “While vulnerability exploitation is well-studied, the framework highlights AI's potential in under-researched areas like reconnaissance, evasion, and persistence." Josh’s opinion is that “this is where most of the current table stakes are today.” It seems to us that this is where there is already a lot of focus on legacy cybersecurity defense. Christina’s sense is that there are unknown unknowns in this study: the research team has access to terrific intelligence – both human and signal – at Google. They availed themselves of some of it but didn’t reach outside the mind meld of the Google community. This isn’t bad in and of itself and we have already stated that beginning this effort is laudable. Next steps will be to identify where else AI can be useful in cybersecurity defense. The framework is a starting point.   Some Gaps to Consider  Translation to Actionable Defenses   While the framework identifies risks, it lacks detailed guidance on translating findings into specific defensive actions. For example, how should organizations prioritize investments in anti-reconnaissance or malware evasion detection?  Measurements are great but the report stops short of suggesting how to effectively operationalize actions to show tangible risk reduction for a business. This is an important next step. Blackwire Lab’s human curated/practitioner vetted model, Blackwire.ai , provides actionable defensive recommendations. Primary focus on Offensive Capabilities  It’s early days and the thrust of this research is primarily on AI's offensive potential. It’s critical to not let this overshadow the development of its defensive applications. Josh and I agreed that this study would no doubt be followed by additional research and perhaps even new tools. Just a few days later the announcement  of “Sec-Gemini” surfaced. We expected and hoped that Google would create something like this and will look for future entries in this arena.      Real-World Validation  The benchmark relies on simulated environments and expert surveys, which may not fully capture the complexity of real-world attacks.  Josh likes “how they tried to introduce multiple environmental elements in the study, though, having seen firsthand the very best in the world (full transparency, Josh used to work with FusionX) the adversary simulation team at Accenture Security, offensive operations is very hard, and so many things can go sideways.”      Can a framework keep pace?    The benefit of a framework is the ability to structure and make sense of things that are often disparate or lacking cohesion. For readily repeatable processes and relatively stable technology areas, frameworks are helpful. The challenge when using AI is that things are moving rapidly.  There is a danger that any framework will quickly become out-of-date and/or will require constant revision.    A Thematic Alternative   While the framework provides a starting point and reference, thematic analysis might provide an alternative, but complementary approach. For example, while this framework acknowledges the dynamic nature of AI-enabled threats it does not detail mechanisms for continuously updating attack chains and bottleneck analyses. Being less structured, thematic analysis could provide a more versatile approach, bringing the human aspect back in - for the identification of context-sensitive patterns, awareness of the subtleties in results, the benefit of intuition and ethical judgement.

By Christina Richmond The Announcement The cybersecurity landscape continues to evolve with an increasing focus on proactive security measures. In response, NetSPI announced significant advancements to The NetSPI Platform. These enhancements represent a forward development in the continuous threat exposure management (CTEM) space, an approach that has gained traction among organizations seeking more comprehensive security postures. This consolidation of security functions addresses a key challenge faced by many security teams: tool sprawl and integration complexity. The platform now includes: Cyber Asset Attack Surface Management (CAASM): This feature provides real-time visibility into assets and security controls - addressing the fundamental challenge of maintaining accurate internal asset inventory in complex environments. Digital Risk Protection Services: The enhanced dark web monitoring and threat intelligence capabilities represent the growing recognition that external threat landscapes must be continuously monitored alongside internal vulnerabilities. Breach and Attack Simulation as a Service: The shift to an as-a-service model reflects industry trends toward operational flexibility and expands Azure simulation scenarios indicating recognition of the hybrid cloud reality most enterprises face. LLM Testing: The expansion of testing capabilities for large language models acknowledges the rapid adoption of generative AI technologies and the unique security challenges they present. M&A Cybersecurity Testing: This specialized assessment package addresses the often-overlooked security aspects of mergers and acquisitions - a critical area where security gaps frequently emerge during business transitions. Post-Incident Response Services: The expansion of these services highlights the industry recognition that incident response cannot be viewed as a standalone function but must feed back into proactive security measures. What It Means In The Market As organizations struggle with fragmented security tools and limited resources, platforms that integrate capabilities from asset and exposure discovery to security operations represent a natural maturation of the cybersecurity market. This platformization trend addresses the reality that discrete point solutions, while powerful individually, often create operational silos and leave visibility gaps that sophisticated attackers can exploit. The market implications extend beyond technical consolidation. As CTEM becomes a strategic framework rather than a tactical approach, platforms that enable continuous visibility, validation, and remediation will reshape security team structures and workflows. Organizations will increasingly evaluate security vendors based on their ability to support the entire security lifecycle while providing meaningful context across all attack surfaces. Today, not all vendors that provide products and services within the CTEM framework offer internal discovery (CAASM). The shift toward greater lifecycle platformization and inclusion of CAASM may accelerate market consolidation as vendors race to build or acquire capabilities that complete their CTEM offerings, potentially leaving specialized tools without integration capabilities at a competitive disadvantage. The integration of these capabilities within a single platform potentially addresses the operational inefficiencies that have plagued cybersecurity teams. However, the effectiveness will ultimately depend on seamless integration, usability, and the ability to provide actionable intelligence rather than simply more security data. Additionally, CTEM as a framework can only go so far toward this goal. Many offerings in the CTEM arena do not easily port data from discovery findings to the operational side of the house. If platforms are to simplify practitioner overwhelm, the industry must make use of asset exposure, criticality and remediation suggestions and seamlessly operationalize them. Our Opinion Hats off to NetSPI for continuing to expand and improve its CTEM framework offerings. The company has done much post-pandemic to reframe its offerings into the CTEM philosophy, has inorganically grown its capabilities with the smart acquisition of Hubble last year, and is consistent in its messaging. As the CTEM market develops further, NetSPI's focused approach and commitment to platform consolidation positions it well among larger competitors that may struggle with legacy product integration and messaging cohesion. This strategic clarity should resonate with organizations seeking practical implementations of CTEM frameworks rather than disconnected point solutions relabeled to fit market trends.

We’re excited to announce that Rory Duncan , a renowned technologist, analyst, and writer, is bringing his expertise to Richmond Advisory Group . With a stellar career focused on cybersecurity, cloud infrastructure, AI, service providers, and digital infrastructure, Rory has built a reputation for delivering actionable insights that empower business leaders.   Extensive Experience and Proven Leadership Rory’s career highlights include: Running Quick Tech Take, his boutique consultancy in Edinburgh, where he analyzed key trends in cloud, AI, and service provider ecosystems through concise reports, videos, and speaking engagements. Serving five years with IDC as Research Vice President, specializing in cloud providers, AI, security, and digital strategies, and shaping investments for leading organizations. Leading the European Services program at 451 Research, where he delivered deep insights on hosting, cloud, and datacenter services in EMEA.   Why Rory Stands Out An accomplished author, presenter, and technology evangelist, Rory is celebrated for turning complexity into clarity. His passion for exploring cutting-edge trends and his ability to inspire confidence make him a trusted advisor in navigating today’s dynamic tech landscape.   We look forward to seeing Rory’s impactful contributions as he helps businesses seize the opportunities of tomorrow.