Ian Barker

While AI continues to dominate discussions around the future of IT it’s still not a major part of most operations. A new IT trends report from Auvik looks at the gap between the ambition of IT departments and actual AI adoption.

Almost 70 percent of respondents say they are ‘optimistic’ or ‘very optimistic’ about AI’s near term impact on IT. Yet only five percent say AI is currently core to their IT operations today.

Continue reading →

Last year MySQL marked its 30th birthday, but with end of life for the current version (8.0) coming up next month and moves towards a community edition what does the future hold for the platform?

We spoke to Peter Zaitsev, founder of database support specialist Percona, to discuss what MySQL users should be doing now and whether there’s still life in the old database yet.

Continue reading →

A new threat report from SentinelOne shows threat actors are no longer simply focused on gaining access. They are moving beyond initial breaches to systematically abuse the trusted identity systems, infrastructure, and automation systems that power the modern enterprise.

This leaves security teams inundated with vast amounts of telemetry but often lacking the context required to distinguish a genuine intrusion from a harmless anomaly. While organizations have more access to detailed threat intelligence than ever before, the challenge lies in translating those high-level insights into the specific, grounded posture needed to manage a local environment.

Continue reading →

Last year saw a surge in DDoS attacks, driven by new automated attack capabilities along with increased scale and frequency according to a new report from Gcore. Attack volumes surged to 12 Tbps in Q4 of 2025, representing a sixfold increase and highlighting unprecedented growth in attack capabilities.

The study shows that 75 percent of network-layer attacks lasted less than a minute, while application-layer attacks showed a shift toward longer durations. Only two percent of attacks extended beyond ten minutes, indicating a continued shift toward highly intense, short-lived bursts designed to overwhelm targets quickly before mitigation measures fully engage.

Continue reading →

LLMs are getting less wrong when analyzing open source code, but they’re becoming more hesitant. That hesitation quietly preserves risks, creating a false sense of safety in which ‘playing it safe’ leaves exploitable (and often Critical or High severity) software in place.

Research from Sonatype looks at how AI agents handle open source software based on a study of 37,000 dependency upgrade recommendations. It uncovers a structural trade-off, when models reduce hallucinations without real data, they default to inaction -- hallucination vs. ‘do nothing’ are two failure modes of ungrounded AI.

Continue reading →

A new report finds that 99.4 percent of 500 US CISOs surveyed experienced at least one SaaS or AI ecosystem security incident in 2025, with only three of the 500 reporting zero incidents. At the same time, 89.2 percent claim strong or comprehensive OAuth token governance, while 77 percent report comprehensive behavioral monitoring.

The study, from security platform Vorlon, finds that organizations deploy an average of 13 dedicated security tools across their SaaS and AI environments.

Continue reading →

A new report from Forescout shows a surge in newly identified high-risk device types, with 11 appearing on the riskiest list for the first time. Network infrastructure devices now represent the highest risk overall, surpassing traditional endpoints across several categories.

The study, based on analysis of millions of devices in Forescout’s Device Cloud, finds 75 percent of the riskiest device types were not on the list just two years ago, and 40 percent are new to the list this year. These include serial-to-IP converters and workstations, printers, time clocks, and RFID readers, power distribution units (PDUs), I/O Modules, and BACnet routers. Medication dispensing systems, medical image printers, and DICOM gateways also make the list.

Continue reading →

According to new research, 90 percent of enterprises say they have visibility into their AI footprint, yet 59 percent have confirmed or suspect the presence of shadow AI within their environments, suggesting that employees are operating unsanctioned AI tools or deploying agentic AI systems outside established monitoring and governance processes.

The survey from ArmorCode, in partnership with the Purple Book Community, of over 650 cybersecurity decision-makers also finds that 70 percent of organizations have confirmed or suspected vulnerabilities introduced by AI-generated code in their production systems. This highlights how the speed of AI-assisted development is outpacing traditional security review cycles.

Continue reading →

New research from cloud security platform Upwind and NVIDIA demonstrates how malicious LLM prompts can be detected with approximately 95 percent precision, while maintaining sub-millisecond inference for real-time traffic.

As Gartner predicts that more than 80 percent of enterprises will use generative AI APIs, models, or deployed enabled applications in production this year, application security is undergoing a fundamental shift. The interface itself, natural language, has become the attack surface.

Continue reading →

The volume of security vulnerabilities continues to soar, leaving overwhelmed security teams struggling to separate genuine threats from background noise.

Hackuity’s latest Vulnerability Management Report highlights how this rising pressure is contributing to vulnerability overload with missed alerts, delayed responses and, in many cases, costly breaches.

Continue reading →

While 95 percent of organizations say they rank pentesting as a top priority, they are currently testing only 32 percent of their global attack surface on average according to a new study.

The report from Synack with research by Omida surveyed 200 US security leaders to understand how organizations are adopting agentic AI to overcome the scalability limits of traditional, manual pentesting.

Continue reading →

Fraudulent advertising has been around for a long time. Of course, the internet has made it easier, but now with AI browsers and tools reshaping ad traffic, it’s becoming harder to tell the difference between bots and buyers and determine what engagement is even worth anything anymore.

We talked to Mike Schrobo, CEO of Fraud Blocker, to discuss how this shift is disrupting digital marketing and ad fraud and what businesses can do about it.

Continue reading →

SpyCloud has today released its 2026 Identity Exposure Report, a comprehensive analysis of the stolen credentials and identity exposure data circulating in the criminal underground. It highlights a sharp expansion in non-human identity (NHI) exposure.

Last year, SpyCloud saw a 23 percent increase in its recaptured identity datalake, which now totals 65.7 billion distinct identity records. The report shows attackers are increasingly targeting machine identities and authenticated session artifacts in addition to traditional username and password combinations and personally identifiable information (PII).

Continue reading →

Android malware-driven financial transactions have increased 67 percent year-on-year according to Zimperium zLabs which tracked 34 active malware families targeting 1,243 financial brands across 90 countries in 2025.

These were not isolated incidents but rather sophisticated, scalable campaigns, continuously evolving to bypass app security controls and exploit the institutions and customers that depend on them. Modern banking trojans are able to intercept authentication codes, monitor sessions, and impersonate legitimate app activity to allow them to conduct fraud undetected.

Continue reading →

A new study finds that corporate workers leave 96 percent of their application access dormant, leading to a systemic risk of assigning existing and unused permissions and profiles to AI agents, which operate continuously, at machine speed, and without judgment.

The research from Oso, an agent permissions posture company, and AI Security Platform Cyera, analyzed permission usage across 2.4 million workers and 3.6 billion application permissions.

Continue reading →