And why most of the arguments do not hold up under scrutiny Over the past 18 to 24 months, venture capital has flowed into a fresh wave of SIEM challengers including Vega (which raised $65M in seed and Series A at a ~$400M valuation), Perpetual Systems, RunReveal, Iceguard, Sekoia, Cybersift, Ziggiz, and Abstract Security, all […]
For years, artificial intelligence sat at the edges of cybersecurity conversations. It appeared in product roadmaps, marketing claims, and isolated detection use cases, but rarely altered the fundamental dynamics between attackers and defenders. That changed in 2025. This year marked a clear inflection point where AI became operational on both sides of the threat landscape.
A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit them immediately. Unlike large-scale volumetric attacks that announce themselves through disruption, zero-day exploitation operates quietly.
The Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help.
Key takeaways:
High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory technology risk and cloud security guidelines and document compliance. Non-compliance can lead to severe financial penalties and business restrictions. Any third-party providers used by Singapore financial institutions must also comply with the standards.
The proactive mandate: Compliance requires a shift from static compliance checks to a continuous, proactive approach to managing exposure. This approach is essential for securing the key cloud risk areas mandated by MAS: identity and access management (IAM) and securing applications in the public cloud.
How to get there: Effective risk mitigation means breaking the most dangerous attack paths. Tenable Cloud Security, available in the Tenable One Exposure Management Platform, provides continuous monitoring, eliminates over-privileged permissions, and addresses misconfiguration risk.
Complying with government cybersecurity regulations can lull organizations into a false sense of security and lead to an over-reliance on point-in-time assessments conducted at irregular intervals. While such compliance efforts are essential to pass audits, they may do very little to actually reduce an organization’s risk. On the other hand, government efforts like the robust framework provided by the Monetary Authority of Singapore (MAS), Singapore’s central bank and integrated financial regulator, offer valuable guidance for organizations worldwide to consider as they look to reduce cyber risk.
The cloud advisory highlights key risks and control measures that Singapore’s financial institutions should consider before adopting public cloud services, including:
Developing a public cloud risk management strategy that takes into consideration the unique characteristics of public cloud services
Implementing strong controls in areas such as identity and access management (IAM), cybersecurity, data protection, and cryptographic key management
Expanding cybersecurity operations to include the security of public cloud workloads
Managing cloud resilience, outsourcing, vendor lock-in, and concentration risks
Ensuring the financial institution’s staff have the adequate skillsets to manage public cloud workloads and their risks.
The advisory recommends avoiding a siloed approach when performing security monitoring of on-premises apps or infrastructure and public cloud workloads. Instead, it advises financial institutions to “feed cyber-related information on public cloud workloads into their respective enterprise-wide IT security monitoring services to facilitate continuous monitoring and analysis of cyber events.”
Who must comply with MAS TRM and the cloud advisory?
While the MAS TRM guidelines and cloud advisory do not specifically state penalties for compliance failures, they are legally binding. They apply to all financial institutions operating under the authority’s regulation in Singapore, including banks, insurers, fintech firms, payment service providers, and venture capital managers. A financial institution in Singapore that leverages the services of a firm based outside the country must ensure that its service providers also meet the TRM requirements. MAS also factors adherence to the framework into its overall risk assessment of an organization; failure to comply can damage an organization's standing and reputation.
In short, the scope of accountability to the MAS TRM guidelines and cloud advisory is broad.
Complying with the MAS cloud advisory: How Tenable can help
We evaluated how the Tenable One Exposure Management Platform with Tenable Cloud Security can assist organizations in achieving and maintaining compliance with the MAS cloud advisory. Read on to understand two of the cloud advisory’s key focus areas and how to address them effectively with Tenable One — preventing dangerous attack path vectors from compromising sensitive cloud assets.
1. Identity and access management: Enforcing least privilege access
The MAS cloud advisory calls for financial institutions to “enforce the principle of least privilege stringently” when granting access to assets in the public cloud. It further advises firms to consider adopting zero trust principles in the architecture design of applications, where “access to public cloud services and resources is evaluated and granted on a per-request and need-to basis.”
At Tenable, we believe applying least privilege in Identity Access Management (IAM) is the cornerstone for effective cloud security. In the cloud, excessive permissions on accounts that can access sensitive data are a direct route to a breach.
How Tenable can help: CIEM and sensitive data protection
The Tenable Cloud Security domain within Tenable One offers integrated cloud infrastructure entitlement management (CIEM) that enforces strict least privilege across human and machine identities in Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Oracle Cloud Infrastructure (OCI), and Kubernetes environments.
Eliminate lateral movement: CIEM analyzes policies to identify privilege escalation risks and lateral movement paths, effectively closing dangerous attack vectors.
Data-driven prioritization: Tenable provides automated data classification and correlates sensitive data exposure with overly permissive identities. This ensures remediation focuses on the exposures that threaten your most critical regulated data.
Mandatory controls: The platform automatically monitors for privileged users who lack multi-factor authentication (MFA) and checks for regular access key rotation.
Cutting-edge identity intelligence correlates overprivileged IAM identities with vulnerabilities, misconfigurations, and sensitive data to see where privilege misuse could have the greatest impact. Guided, least-privilege remediation closes these identity exposure gaps. Source: Tenable, December 2025
Here’s a detailed look at how Tenable can help with three of the cloud advisory’s IAM provisions:
MAS cloud advisory item
How Tenable helps
10. As IAM is the cornerstone of effective cloud security risk management, FIs should enforce the principle of “least privilege” stringently when granting access to information assets in the public cloud.
Tenable provides easy visualization of effective permissions through identity intelligence and permission mapping. By querying permissions across identities, you can quickly surface problems and revoke excessive permissions with automatically generated least privilege policies.
11. Financial institutions should implement multi-factor authentication (MFA) for staff with privileges to configure public cloud services through the CSPs’ metastructure, especially staff with top-level account privileges (e.g. known as the “root user” or “subscription owner” for some CSPs).
Tenable offers detailed monitoring for privileged users, including IAM users who don't have multi-factor authentication (MFA) enabled.
12. Credentials used by system/application services for authentication in the public cloud, such as “access keys,” should be changed regularly. If the credentials are not used, they should be deleted immediately.
Tenable's audits check for this specific condition. They can identify IAM users whose access keys have not been rotated within a specified time frame (e.g., 90 days). This helps you to quickly identify and address this security vulnerability
Source: Tenable, December 2025
2. Securing applications in the public cloud: Minimizing risk exposure
For financial institutions using microservices and containers, the MAS cloud advisory advises that, to reduce the attack surface, each container includes only the core software components needed by the application. The cloud advisory also notes that security tools made for traditional on-premises IT infrastructure (e.g. vulnerability scanners) may not run effectively on containers, and advises financial institutions to adopt container-specific security solutions for preventing, detecting, and responding to container-specific threats. For firms using IaC to provision or manage public cloud workloads, it further calls for implementing controls to minimize the risk of misconfigurations.
At Tenable, we believe this explicit mandate for specialized cloud and container security solutions underscores the need for continuous, accurate risk assessment. Tenable Cloud Security is purpose-built to meet these requirements with full Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP) capabilities across your cloud footprint. This ability to see and protect every cloud asset — from code to container — is crucial for enabling contextual prioritization of risk. We also believe that relying solely on static vulnerability scoring systems, like the Common Vulnerability Scoring System (CVSS) is insufficient because it fails to reflect real-world exploitability. To ensure financial institutions focus remediation efforts where they matter most, Tenable Exposure Management, including Tenable Cloud Security, incorporates the Tenable Vulnerability Priority Rating (VPR) — dynamic, predictive risk scoring that allows teams to address the most immediate and exploitable threats first.
How Tenable can help: Container security and cloud-to-code traceability
Tenable unifies cloud workload protection (CWP) with cloud security posture management (CSPM) to provide continuous, contextual risk assessment.
Workload and container security: Tenable provides solutions tailored to your security domain:
For the cloud security professional: Tenable offers robust, agentless cloud workload protection capabilities that continuously scan for, detect and visualize critical risks such as vulnerabilities, sensitive data exposure, malware and misconfigurations across virtual machines, containers and serverless environments.
For the vulnerability management owner: Tenable offers a streamlined solution with unified visibility for hybrid environments, providing the core capabilities to extend vulnerability management best practices to cloud workloads: Tenable Cloud Vulnerability Management, ensures agentless multi-cloud coverage, scanning containers in registries (shift-left) and runtime to prevent the deployment of vulnerable images and detect drift in production.
Cloud-to-code traceability: This unique feature links runtime findings (e.g., an exposed workload) directly back to its IaC source code, allowing for rapid remediation and automated pull requests, minimizing misconfiguration risk as mandated by MAS.
Embed security and compliance throughout the development lifecycle, in DevOps workflows like HashiCorp Terraform and CloudFormation, to minimize risks. Detect issues in the cloud and suggest the fix in code. Source: Tenable, December 2025
Here’s a detailed look at how Tenable can help with two of the cloud advisory’s provisions related to securing applications in the public cloud:
MAS cloud advisory item
How Tenable helps
19. Applications that run in a public cloud environment may be packaged in containers, especially for applications adopting a microservices architecture. Financial institutions should ensure that each container includes only the core software components needed by the application to reduce the attack surface. As containers typically share a host operating system, financial institutions should run containers with a similar risk profile together (e.g., based on the criticality of the service or the data that are processed) to minimize risk exposure. As security tools made for traditional on-premise[s] IT infrastructure (e.g. vulnerability scanners) may not run effectively on containers, financial institutions should adopt [a] container-specific security solution for preventing, detecting, and responding to container-specific threats.
Tenable integrates with your CI/CD pipelines and container registries to provide visibility and control throughout the container lifecycle. Here's how it works:
Tenable scans container images for vulnerabilities, misconfigurations, and malware as they're being built and stored in registries. This is a "shift-left" approach, which means it helps you find and fix security issues early in the development process.
You can create and enforce security policies based on vulnerability scores, the presence of specific malware, or other security criteria.
Tenable's admission controllers act as runtime guardrails, ensuring that the policies you've defined are enforced at the point of deployment. This prevents deployment of images that failed initial scans or have since been found vulnerable, even if a developer tries to bypass the standard process.
20. Financial institutions should ensure stringent control over the granting of access to container orchestrators (e.g. Kubernetes), especially the use of the orchestrator administrative account, and the orchestrators’ access to container images. To ensure that only secure container images are used, a container registry could be established to facilitate tracking of container images that have met the financial institution’s security requirements.
Tenable's Kubernetes Security Posture Management (KSPM) component continuously scans your Kubernetes resources (like pods, deployments, and namespaces) to identify misconfigurations and policy violations. This allows you to:
Discover and remediate vulnerabilities and misconfigurations before they can be exploited.
Continuously audit your environment against industry standards, like the Center for Internet Security (CIS) benchmarks for Kubernetes.
Get a single, centralized view of your security posture across multiple Kubernetes clusters.
Tenable’s admission controllers act as gatekeepers to your Kubernetes cluster. When a user or a system attempts to deploy a new container image, the admission controller intercepts the request before it's fully scheduled. It then checks the image against your defined security policies. Your policies can be based on factors such as:
Vulnerability scores (e.g., block any image with a critical vulnerability)
Compliance violations (e.g., block images that don't meet a specific security standard)
The presence of malicious software or exposed secrets
If the image violates any of these policies, the admission controller denies the deployment, preventing the vulnerable container from ever reaching production.
Source: Tenable, December 2025
Gaining the upper hand on MAS compliance through a unified ecosystem view
Tenable One is the market-leading exposure management platform, normalizing, contextualizing, and correlating security signals from all domains, including cloud — across vulnerabilities, misconfigurations, and identities spanning your hybrid estate. Exposure management enables cross-functional alignment between SecOps, DevOps, and governance, risk and compliance (GRC) teams with a shared, unified view of risk.
Tenable Cloud Security, part of Tenable One, unifies vision, insight, and action to support continuous adherence to the MAS cloud advisory across multi-cloud and hybrid environments. Source: Tenable, December 2025
Tenable Cloud Security, part of the Tenable One Exposure Management platform, supports continuous adherence to the MAS cloud advisory and enables risk-based decision-making by eliminating the toxic combinations that attackers exploit. The platform unifies security insight, transforming the effort to achieve compliance from a necessary burden into a strategic advantage.
Raise your hand if you’ve fallen victim to a vendor-led conversation around their latest AI-driven platform over the past calendar year. Keep it up if the pitch leaned on “next-gen,” “market-shaping,” or “best-in-class” while they nudged another product into your stack. If your hand is still up, you are not alone. MSPs are the target because you sit between shrinking budgets and rising risk.
A Chrome browser extension with 6 million users, as well as seven other Chrome and Edge extensions, for months have been silently collecting data from every AI chatbot conversion, packaging it, and then selling it to third parties like advertisers and data brokers, according to Koi Security.
As holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.”
But for security teams, it was something more specific – the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep up.
At Salt Security, we spent 2025 focused on one thing: defending the API action layer where AI, applications, and data intersect. And we did it with a steady drumbeat of innovation, a new “gift” for security teams almost every month.
So in the spirit of the season, here’s a look back at Salt’s 12 Months of Innovation – a year-long series of product launches, partnerships, and research milestones designed to help organizations stay ahead of fast-moving threats.
We kicked off the year by shining a harsh light on what many teams already suspected:
APIs now sit at the center of almost every digital initiative.
Zombie and unmanaged APIs still live in production.
Software supply chain dependencies are quietly multiplying risk.
Early 2025 research and thought leadership from Salt Labs showed just how dangerous it is to run modern AI and automation on top of APIs you don’t fully understand or control.
Takeaway: January set the tone – defending tomorrow’s API fabric with yesterday’s tools is no longer an option.
February – A Spotlight on API Reality
In February, we went from “we think we have a problem” to “here are the numbers.”
With the latest State of API Security Report and key industry recognitions such as inclusion in top security lists, Salt brought hard data to boardroom and CISO conversations.
The message was clear:
API traffic is exploding.
Attackers are targeting APIs at scale.
Traditional perimeter and app security are missing critical context.
Takeaway: API security is no longer a niche concern. It’s a business risk that demands strategy, budget, and board-level attention.
March – Gold Medals & Rising Shadows
March blended validation and urgency.
On one side, industry bodies recognized Salt’s leadership with awards like a Gold Globee, underscoring the maturity and impact of our platform.
On the other, new blogs and research highlighted reality on the ground:
Compliance and data privacy pressure are rising.
AI-driven attacks are accelerating, not slowing.
Takeaway: Excellence in API security isn’t just about winning awards, it’s about staying ahead of adversaries who are constantly adapting.
April – A Season of Partnerships & Paradigm Shifts
High-profile AI mishaps, including incidents like the McDonald’s chatbot breach, made one thing painfully obvious: conversational AI and digital experiences are only as safe as the APIs behind them.
Salt responded with:
Deep-dive blogs on AI agent risk and API blind spots.
The launch of Salt Surface, designed to map and prioritize exposed API risk.
Takeaway: 2025 was the year CISOs started asking not just “What APIs do we have?” but “Which of these are exposed, exploitable, and business-critical?”
August – Autonomous Everything
By August, “autonomous” wasn’t just a buzzword, it was a roadmap theme.
Organizations leaned hard into:
Autonomous workflows
AI-driven decisioning
Automated threat detection and response
Salt’s innovation in this space emphasized a key reality: AI, autonomy, and APIs are inseparable.
We advanced protections for autonomous threat hunting and AI-driven security use cases, reinforcing that if APIs are compromised, autonomous systems are too.
Takeaway: You can’t secure autonomous operations if you’re not securing the API action layer that powers them.
Salt introduced the industry’s first solution to secure AI agent actions across APIs and MCP servers, bringing real controls to a problem that had mostly been theoretical.
This meant:
Protection against prompt injection and misuse.
Guardrails around what AI agents can access or execute.
Enforceable policy where it matters: at the API and action level.
Takeaway: The AI agent revolution doesn’t have to be a security nightmare — if you secure the actions, not just the model.
In October, new data from Salt and customer environments revealed how deep the AI + API blind spots really go.
We broke down:
Misconfigurations in AI-driven workflows.
Risky patterns in agentic and MCP deployments.
Common mistakes teams make when bolting AI onto existing architectures.
Through detailed analysis and practical guidance, we helped teams turn confusion into a roadmap for modernizing their security posture.
Takeaway: Education is as important as technology. You can’t fix what you don’t fully understand.
November – Security Starts in Code
November brought a massive step forward in shifting API security left and right at the same time.
We launched:
GitHub Connect - to scan code repositories for shadow APIs, spec mismatches, and insecure patterns before they ship.
MCP Finder - to identify risky MCP configurations and AI-integrated workflows early in the development lifecycle.
Combined with runtime intelligence from the Salt platform, customers could now connect:
What’s being written → What’s being deployed → What’s being exploited
Takeaway: Real API security covers the full lifecycle, from design and code to production traffic and AI-agent actions.
December – Hello, Pepper
We closed the year with a new kind of experience: Ask Pepper AI.
Ask Pepper AI turns Salt’s platform into a conversational partner, letting users:
Ask natural-language questions about APIs, risks, and threats.
Accelerate investigation and incident response.
Bring complex insights to teams who don’t live inside dashboards.
Alongside MCP protection for AWS WAF, December marked the next stage in our vision: API security that’s not just powerful, but accessible and intuitive.
Takeaway: When security teams can simply ask questions and get meaningful, contextual answers, they move faster, and so does the business.
Looking Ahead: Building on a Year of Innovation
If 2025 was the year APIs fully merged with AI agents, automation, and MCP servers, 2026 will be the year organizations either embrace the API action layer or fall behind those that do.
At Salt Security, our focus remains the same:
See everything - every API, every action, every blind spot.
Understand the context - who’s calling what, from where, and why.
Stop attacks - before they turn into outages, data loss, or brand damage.
The 12 Months of Innovation were just the beginning. The threats are evolving, and so are we.
It’s not always immediately clear why your IP has been listed or how to fix it. To help, we’ve added a new “troubleshooting” step to the IP & Domain Reputation Checker, specifically for those whose IPs have been listed on the Combined Spam Sources (CSS) Blocklist - IPs associated with low-reputation email. Learn how you can diagnose the issue using this new feature.
In an era marked by escalating cyber threats and evolving risk landscapes, organisations face mounting pressure to strengthen their security posture whilst maintaining seamless user experiences. At Thales, we recognise that robust security must be foundational – embedded into products and services by design, not bolted on as an afterthought. This principle underpins our commitment […]
As Artificial Intelligence technology rapidly advances, Large Language Models (LLMs) are being widely adopted across countless domains. However, with this growth comes a critical challenge: LLM security issues are becoming increasingly prominent, posing a major constraint on further development. Governments and regulatory bodies are responding with policies and regulations to ensure the safety and compliance […]
For a long time, DDoS attacks were easy to recognize. They were loud, messy, and built on raw throughput. Attackers controlled massive botnets and flooded targets until bandwidth or infrastructure collapsed. It was mostly a scale problem, not an engineering one. That era is ending. A quieter and far more refined threat has taken its […]
Discover how homomorphic encryption (HE) enhances privacy-preserving model context sharing in AI, ensuring secure data handling and compliance for MCP deployments.
Explore the differences between LDAP and Single Sign-On (SSO) for user authentication. Understand their use cases, benefits, and how they fit into your enterprise security strategy.
Learn how to configure users without OTP login in your applications. This guide covers conditional authentication, account settings, and fallback mechanisms for seamless access.
FOR IMMEDIATE RELEASE Richmond, VA — December 11, 2025 — Assura is proud to announce that it has been named to the MSSP Alert and CyberRisk Alliance partnership’s prestigious Top 250 MSSPs list for 2025, securing the #94 position among the world’s leading Managed Security Service Providers. “Making The Top 100 is an incredible milestone and testament to the… Continue reading Assura Named to MSSP Alert and Cyber Alliance’s 2025 “Top 250 MSSPs,” Ranking at Number 94
Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers.
Ambiguity isn't just a challenge. It's a leadership test - and most fail it.
I want to start with something that feels true but gets ignored way too often.
Most of us in leadership roles have a love hate relationship with ambiguity. We say we embrace it... until it shows up for real. Then we freeze, hedge our words, or pretend we have a plan. Cybersecurity teams deal with ambiguity all the time. Its in threat intel you cant quite trust, in stakeholder demands that swing faster than markets, in patch rollouts that go sideways. But ambiguity isnt a bug to be fixed. Its a condition to be led through.
[Image: A leader facing a foggy maze of digital paths - ambiguity as environment.]
Lets break this down the way I see it, without jazz hands or buzzwords.
Ambiguity isn't uncertainty. Its broader.
Uncertainty is when you lack enough data to decide. Ambiguity is when even the terms of the problem are in dispute. Its not just what we don't know. Its what we cant define yet. In leadership terms, that feels like being handed a puzzle where some pieces aren't even shaped yet. This is classic VUCA territory - volatility, uncertainty, complexity and ambiguity make up the modern landscape leaders sit in every day.
[Image: The dual nature of ambiguity - logic on one side, uncertainty on the other.]
Here is the blunt truth. Great leaders don't eliminate ambiguity. They engage with it. They treat ambiguity like a partner you've gotta dance with, not a foe to crush.
Ambiguity is a leadership signal
When a situation is ambiguous, its telling you something. Its saying your models are incomplete, or your language isn't shared, or your team has gaps in context. Stanford researchers and communication experts have been talking about this recently: ambiguity often reflects a gap in the shared mental model across the team. If you're confused, your team probably is too.
A lot of leadership texts treat ambiguity like an enemy of clarity. But thats backward. Ambiguity is the condition that demands sensemaking. Sensemaking is the real work. Its the pattern of dialogue and iteration that leads to shared understanding amid chaos. That means asking the hard questions out loud, not silently wishing for clarity.
If your team seems paralyzed, unclear, or checked out - it might not be them. It might be you.
Leaders model calm confusion
Think about that phrase. Calm confusion. Leaders rarely say, "I don't know." Instead they hedge, hide, or overcommit. But leaders who effectively navigate ambiguity do speak up about what they don't know. Not to sound vulnerable in a soft way, but to anchor the discussion in reality. That model gives permission for others to explore unknowns without fear.
I once watched a director hold a 45-minute meeting to "gain alignment" without once stating the problem. Everyone left more confused than when they walked in. That’s not leadership. That's cover.
There is a delicate balance here. You don't turn every ambiguous situation into a therapy session. Instead, you create boundaries around confusion so the team knows where exploration stops and action begins. Good leaders hold this tension.
Move through ambiguity with frameworks, not polish
Here is a practical bit. One common way to get stuck is treating decisions as if they're singular. But ambiguous situations usually contain clusters of decisions wrapped together. A good framework is to break the big, foggy problem into smaller, more combinable decisions. Clarify what is known, identify the assumptions you are making, and make provisional calls on the rest. Treat them like hypotheses to test, not laws of motion.
In cybersecurity, this looks like mapping your threat intel to scenarios where you know the facts, then isolating the areas of guesswork where your team can experiment or prepare contingencies. Its not clean. But it beats paralysis.
Teams learn differently under ambiguity
If you have ever noticed that your best team members step up in times of clear crises, but shut down when the goals are vague, you're observing humans responding to ambiguity differently. Some thirst for structure. Others thrive in gray zones. As a leader, you want both. You shape the context so self starters can self start, and then you steward alignment so the whole group isnt pulling in four directions.
Theres a counterintuitive finding in team research: under certain conditions, ambiguity enables better collaborative decision making because the absence of a single voice forces people to share and integrate knowledge more deeply. But this only works when there is a shared understanding of the task and a culture of open exchange.
Lead ambiguity, don't manage it
Managing ambiguity sounds like you're trying to tighten it up, reduce it, or push it into a box. Leading ambiguity is different. It's about moving with the uncertainty. Encouraging experiments. Turning unknowns into learning loops. Recognizing iterative decision processes rather than linear ones.
And yes, that approach feels messy. Good. Leadership is messy. The only thing worse than ambiguity is false certainty. I've been in too many rooms where leaders pretended to know the answer, only to cost time, credibility, or talent. You can be confident without being certain. That's leadership.
But there's a flip side no one talks about.
Sometimes leaders use ambiguity as a shield. They stay vague, push decisions down the org, and let someone else take the hit if it goes sideways. I've seen this pattern more than once. Leaders who pass the fog downstream and call it empowerment. Except it's not. It's evasion. And it sets people up to fail.
Real leaders see ambiguity for what it is: a moment to step up and mentor. To frame the unknowns, offer scaffolding, and help others think through it with some air cover. The fog is a chance to teach — not disappear.
But the hard truth? Some leaders can't handle the ambiguity themselves. So they deflect. They repackage their own discomfort as a test of independence, when really they're just dodging responsibility. And sometimes, yeah, it feels intentional. They act like ambiguity builds character... but only because they're too insecure or inexperienced to lead through it.
The result is the same: good people get whiplash. Goals shift. Ownership blurs. Trust erodes. And the fog thickens.
There's research on this, too. It's called role ambiguity — when you're not clear on what's expected, what your job even is, or how success gets measured. People in those situations don't just get frustrated. They burn out. They overcompensate for silence. They stop trusting. And productivity tanks. It's not about needing a five-year plan. It's about needing a shared frame to work from. Leadership sets that tone.
Leading ambiguity means owning the fog, not outsourcing it.
Ambiguity isn't a one-off problem. It's a perpetual condition, especially in cybersecurity and executive realms where signals are weak and stakes are high. The real skill isn't clarity. It's resilience. The real job isn't prediction. It's navigation.
Lead through ambiguity by embracing the fog, not burying it. And definitely not dumping it on someone else.
When the fog rolls in, what kind of leader are you really?
PAPER
LeakLess: Selective Data Protection against Memory Leakage Attacks for Serverless Platforms
As the use of language-level sandboxing for running untrusted code grows, the risks associated with memory disclosure vulnerabilities and transient execution attacks become increasingly significant. Besides the execution of untrusted JavaScript or WebAssembly code in web browsers, serverless environments have also started relying on language-level isolation to improve scalability by running multiple functions from different customers within a single process. Web browsers have adopted process-level sandboxing to mitigate memory leakage attacks, but this solution is not applicable in serverless environments, as running each function as a separate process would negate the performance benefits of language-level isolation. In this paper we present LeakLess, a selective data protection approach for serverless computing platforms. LeakLess alleviates the limitations of previous selective data protection techniques by combining in-memory encryption with a separate I/O module to enable the safe transmission of the protected data between serverless functions and external hosts. We implemented LeakLess on top of the Spin serverless platform, and evaluated it with real-world serverless applications. Our results demonstrate that LeakLess offers robust protection while incurring a minor throughput decrease under stress-testing conditions of up to 2.8% when the I/O module runs on a different host than the Spin runtime, and up to 8.5% when it runs on the same host.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Frankfurt, Dec. 16, 2025, CyberNewswire — Link11, a European provider of web infrastructure security solutions, has released new insights outlining five key cybersecurity developments expected to influence how organizations across Europe prepare for and respond to threats in 2026.… (more…)
After our research on Cursor, in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and networks. Executive Summary We identified a new way external Jupyter notebooks could […]
Veza has added a platform to its portfolio that is specifically designed to secure and govern artificial intelligence (AI) agents that might soon be strewn across the enterprise. Currently in the process of being acquired by ServiceNow, the platform is based on an Access Graph the company previously developed to provide cybersecurity teams with a..
Zero Trust has become the strategic anchor for modern cybersecurity. Every board is asking for it, every vendor claims to support it, and every CISO is under pressure to make...
Over the past week, enterprise security teams observed a combination of covert malware communication attempts and aggressive probing of publicly exposed infrastructure. These incidents, detected across firewall and endpoint security layers, demonstrate how modern cyber attackers operate simultaneously. While quietly activating compromised internal systems, they also relentlessly scan external services for exploitable weaknesses. Although the
As cyber threats against regulated industries continue to escalate in scale, sophistication, and financial impact, organizations are under immense pressure to modernize security operations while meeting strict compliance requirements. Addressing this urgent need, Seceon has announced a strategic partnership with InterSources Inc., expanding the delivery of AI-driven cybersecurity solutions across some of the world’s most
Whether you’re generating data from scratch or transforming sensitive production data, performant test data generators are critical tools for achieving compliance in development workflows.
Identity systems hold modern life together, yet we barely notice them until they fail. Every time someone starts a new job, crosses a border, or walks into a secure building, an official must answer one deceptively simple question: Is this person really who they claim to be? That single moment—matching a living, breathing human to..
Over the past week, enterprise security teams observed a combination of covert malware communication attempts and aggressive probing of publicly exposed infrastructure. These incidents, detected across firewall and endpoint security layers, demonstrate how modern cyber attackers operate simultaneously. While quietly activating compromised internal systems, they also relentlessly scan external services for exploitable weaknesses. Although the
Labeling adversary activity with ATT&CK techniques is a tried-and-true method for classifying behavior. But it rarely tells defenders how those behaviors are executed in real environments.
As organizations accelerate the adoption of Artificial Intelligence, from deploying Large Language Models (LLMs) to integrating autonomous agents and Model Context Protocol (MCP) servers, risk management has transitioned from a theoretical exercise to a critical business imperative. The NIST AI Risk Management Framework (AI RMF 1.0) has emerged as the standard for managing these risks, offering a structured approach to designing, developing, and deploying trustworthy AI systems.
However, AI systems do not operate in isolation. They rely heavily on Application Programming Interfaces (APIs) to ingest training data, serve model inferences, and facilitate communication between agents and servers. Consequently, the API attack surface effectively becomes the AI attack surface. Securing these API pathways is fundamental to achieving the "Secure and Resilient" and "Privacy-Enhanced" characteristics mandated by the framework.
Understanding the NIST AI RMF Core
The NIST AI RMF is organized around four core functions that provide a structure for managing risk throughout the AI lifecycle:
GOVERN: Cultivates a culture of risk management and outlines processes, documents, and organizational schemes.
MAP: Establishes context to frame risks, identifying interdependencies and visibility gaps.
MEASURE: Employs tools and methodologies to analyze, assess, and monitor AI risk and related impacts.
MANAGE: Prioritizes and acts upon risks, allocating resources to respond to and recover from incidents.
The Critical Role of API Posture Governance
While the "GOVERN" function in the NIST framework focuses on organizational culture and policies, API Posture Governance serves as the technical enforcement mechanism for these policies in operational environments.
Without robust API posture governance, organizations struggle to effectively Manage or Govern their AI risks. Unvetted AI models may be deployed via shadow APIs, and sensitive training data can be exposed through misconfigurations. Automating posture governance ensures that every API connected to an AI system adheres to security standards, preventing the deployment of insecure models and ensuring your AI infrastructure remains compliant by design.
How Salt Security Safeguards AI Systems
Salt Security provides a tailored solution that aligns directly with the NIST AI RMF. By securing the API layer (Agentic AI Action Layer), Salt Security helps organizations maintain the integrity of their AI systems and safeguard sensitive data. The key features, along with their direct correlations to NIST AI RMF functions, include:
Alignment: Supports the MAP function by establishing context and recognizing risk visibility gaps.
Outcome: Guarantees a complete inventory of all APIs, including shadow APIs used for AI training or inference, ensuring no part of the AI ecosystem is unmanaged.
Alignment: Operationalizes the GOVERN and MANAGE functions by enabling organizational risk culture and prioritizing risk treatment.
Outcome: Preserves secure APIs throughout their lifecycle, enforcing policies that prevent the deployment of insecure models and ensuring ongoing compliance with NIST standards.
Alignment: Assists in the MEASURE function by assessing system trustworthiness and testing for failure modes.
Outcome: Identifies logic flaws and misconfigurations in AI-connected APIs before they can be exploited by adversaries.
Conclusion
Trustworthy AI requires secure APIs. By implementing API Posture Governance and comprehensive security controls, organizations can confidently adopt the NIST AI RMF and innovate safely. Salt Security provides the visibility and protection needed to secure the critical infrastructure powering your AI. For a more in-depth understanding of API security compliance across multiple regulations, please refer to our comprehensive API Compliance Whitepaper.
Breaking Free from Security Silos in the Modern Enterprise Today’s organizations face an unprecedented challenge: securing increasingly complex IT environments that span on-premises data centers, multiple cloud platforms, and hybrid architectures. Traditional security approaches that rely on disparate point solutions are failing to keep pace with sophisticated threats, leaving critical gaps in visibility and response
SoundCloud confirmed today that it experienced a security incident involving unauthorized access to a supporting internal system, resulting in the exposure of certain user data. The company said the incident affected approximately 20 percent of its users and involved email addresses along with information already visible on public SoundCloud profiles. Passwords and financial information were […]
This article was originally published in T.H.E. Journal on 12/10/25 by Charlie Sander. Device-based learning is no longer “new,” but many schools still lack a coherent playbook for managing it. Many school districts dashed to adopt 1:1 computing during the pandemic, spending $48 million on new devices to ensure every child had a platform to take classes ...
The coming shift to Post-Quantum Cryptography (PQC) is not a distant, abstract threat—it is the single largest, most complex cryptographic migration in the history of cybersecurity. Major breakthroughs are being made with the technology. Google announced on October 22nd, “research that shows, for the first time in history, that a quantum computer can successfully run a verifiable algorithm on hardware, surpassing even the fastest classical supercomputers (13,000x faster).” It has the potential to disrupt every industry. Organizations must be ready to prepare now or pay later.
Why fixing every vulnerability is impossible—and unnecessary. Learn how risk-based vulnerability management prioritizes what to patch, what to defer, and why context matters more than CVSS.
In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security researchers probing the fixes for the previous week’s critical RSC vulnerability, known as “React2Shell”. While these newly discovered bugs do not enable Remote Code Execution, meaning […]
You’ve spent weeks, maybe months, crafting your dream Electron app. The UI looks clean, the features work flawlessly, and you finally hit that Build button. Excited, you send the installer to your friend for testing. You’re expecting a “Wow, this is awesome!” Instead, you get: Windows protected your PC. Unknown Publisher.” That bright blue SmartScreen… Read More How to Sign a Windows App with Electron Builder?
Explore how AI-driven threat detection can secure Model Context Protocol (MCP) deployments from data manipulation attempts, with a focus on post-quantum security.
There's a strange thing that happens when a person you once knew as your child seems, over years, to forget the sound of your voice, the feel of your laugh, or the way your presence once grounded them. It isnt just loss - it's an internal inversion: your love becomes a shadow. Something haunting, familiar, yet painful to face.
I know this because I lived it - decade after decade - as the father of two sons, now ages 28 and 26. What has stayed with me isn't just the external stripping away of connection, but the internal fracture it caused in myself.
Some days I felt like the person I was before alienation didn't exist anymore. Not because I lost my identity, but because I was forced to confront parts of myself I never knew were there - deep fears, hidden hopes, unexamined beliefs about love, worth, and attachment.
This isn't a story of blame. It's a story of honesty with the inner terrain - the emotional geography that alienation carved into my heart.
The Silent Pull: Love and Loss Intertwined
Love doesn't disappear when a child's affection is withdrawn. Instead, it changes shape. It becomes more subtle, less spoken, but no less alive.
When your kids are little, love shows up in bedtime stories, laughter, scraped knees, and easy smiles. When they're adults and distant, love shows up in the quiet hurt - the way you notice an empty chair, or a text that never came, or the echo of a memory that still makes your heart ache.
This kind of love doesn't vanish. It becomes a quiet force pulling you inward - toward reflection instead of reaction, toward steadiness instead of collapse.
Unmasking Attachment: What the Mind Holds Onto
There's a psychological reality at play here that goes beyond custody schedules, angry words, or fractured holidays. When a person - especially a young person - bonds with one attachment figure and rejects another, something profound is happening in the architecture of their emotional brain.
In some dynamics of parental influence, children form a hyper‑focused attachment to one caregiver and turn away from the other. That pattern isn't about rational choice but emotional survival. Attachment drives us to protect what feels safe and to fear what feels unsafe - even when the fear isn't grounded in reality. High Conflict Institute
When my sons leaned with all their emotional weight toward their mother - even to the point of believing impossible things about me - it was never just "obedience." It was attachment in overdrive: a neural pull toward what felt like safety, acceptance, or approval. And when that sense of safety was threatened by even a hint of disapproval, the defensive system in their psyche kicked into high gear.
This isn't a moral judgment. It's the brain trying to survive.
The Paradox of Love: Holding Two Realities at Once
Here's the part no one talks about in polite conversation:
You can love someone deeply and grieve their absence just as deeply - at the same time.
It's one of the paradoxes that stays with you long after the world expects you to "move on."
You can hope that the door will open someday
and you can also acknowledge it may never open in this lifetime.
You can forgive the emotional wounds that were inflicted
and also mourn the lost years that you'll never get back.
You can love someone unconditionally
and still refuse to let that love turn into self‑erosion.
This tension - this bittersweet coexistence - becomes a part of your inner life.
This is where the real work lives.
When Attachment Becomes Overcorrection
When children grow up in an environment where one caregiver's approval feels like survival, the attachment system can begin to over‑regulate itself. Instead of trust being distributed across relationships, it narrows. The safe figure becomes everything. The other becomes threatening by association, even when there's no rational basis for fear. Men and Families
For my sons, that meant years of believing narratives that didn't fit reality - like refusing to consider documented proof of child support, or assigning malicious intent to benign situations. When confronted with facts, they didn't question the narrative - they rationalized it to preserve the internal emotional logic they had built around attachment and fear.
That's not weakness. That's how emotional survival systems work.
The Inner Terrain: Learning to Live With Ambivalence
One of the hardest lessons is learning to hold ambivalence without distortion. In healthy relational development, people can feel both love and disappointment, both closeness and distance, both gratitude and grief - all without collapsing into one extreme or the other.
But in severe attachment distortion, the emotional brain tries to eliminate complexity - because complexity feels dangerous. It feels unstable. It feels like uncertainty. And the emotional brain prefers certainty, even if that certainty is painful. Karen Woodall
Learning to tolerate ambiguity - that strange space where love and loss coexist - becomes a form of inner strength.
What I've Learned - Without Naming Names
I write this not to indict, accuse, or vilify anyone. The human psyche is far more complicated than simple cause‑and‑effect. What I've learned - through years of quiet reflection - is that:
Attachment wounds run deep, and they can overshadow logic and memory.
People don't reject love lightly. They reject fear and threat.
Healing isn't an event. It's a series of small acts of awareness and presence.
Your internal world is the only place you can truly govern. External reality is negotiable - inner life is not.
Hope Without Guarantee
I have a quiet hope - not a loud demand - that one day my sons will look back and see the patterns that were invisible to them before. Not to blame. Not to re‑assign guilt. But to understand.
Hope isn't a promise. It's a stance of openness - a willingness to stay emotionally available without collapsing into desperation.
Living With the Shadow - and the Light
Healing isn't about winning back what was lost. It's about cultivating a life that holds the loss with compassion and still knows how to turn toward joy when it appears - quietly, softly, unexpectedly.
Your heart doesn't have to choose between love and grief. It can carry both.
And in that carrying, something deeper begins to grow.
#
Sources & Resources
Parental Alienation & Emotional Impact
International Society for the New Definition of Abuse & Family Violence - overview on parental alienation as child abuse: https://isnaf.info/our-mission-2/
In cybersecurity, being “always on” is often treated like a badge of honor.
We celebrate the leaders who respond at all hours, who jump into every incident, who never seem to unplug. Availability gets confused with commitment. Urgency gets mistaken for effectiveness. And somewhere along the way, exhaustion becomes normalized—if not quietly admired.
But here’s the uncomfortable truth:
Always-on leadership doesn’t scale. And over time, it becomes a liability.
I’ve seen it firsthand, and if you’ve spent any real time in high-pressure security environments, you probably have too.
The Myth of Constant Availability
Cybersecurity is unforgiving. Threats don’t wait for business hours. Incidents don’t respect calendars. That reality creates a subtle but dangerous expectation: real leaders are always reachable.
The problem isn’t short-term intensity. The problem is when intensity becomes an identity.
When leaders feel compelled to be everywhere, all the time, a few things start to happen:
Decision quality quietly degrades
Teams become dependent instead of empowered
Strategic thinking gets crowded out by reactive work
From the outside, it can look like dedication. From the inside, it often feels like survival mode.
And survival mode is a terrible place to lead from.
What Burnout Actually Costs
Burnout isn’t just about being tired. It’s about losing margin—mental, emotional, and strategic margin.
Leaders without margin:
Default to familiar solutions instead of better ones
React instead of anticipate
Solve today’s problem at the expense of tomorrow’s resilience
In cybersecurity, that’s especially dangerous. This field demands clarity under pressure, judgment amid noise, and the ability to zoom out when everything is screaming “zoom in.”
When leaders are depleted, those skills are the first to go.
Strong Leaders Don’t Do Everything—They Design Systems
One of the biggest mindset shifts I’ve seen in effective leaders is this:
They stop trying to be the system and start building one.
That means:
Creating clear decision boundaries so teams don’t need constant escalation
Trusting people with ownership, not just tasks
Designing escalation paths that protect focus instead of destroying it
This isn’t about disengaging. It’s about leading intentionally.
Ironically, the leaders who are least available at all times are often the ones whose teams perform best—because the system works even when they step away.
Presence Beats Availability
There’s a difference between being reachable and being present.
Presence is about:
Showing up fully when it matters
Making thoughtful decisions instead of fast ones
Modeling sustainable behavior for teams that are already under pressure
When leaders never disconnect, they send a message—even if unintentionally—that rest is optional and boundaries are weakness. Over time, that culture burns people out long before the threat landscape does.
Good leaders protect their teams.
Great leaders also protect their own capacity to lead.
A Different Measure of Leadership
In a field obsessed with uptime, response times, and coverage, it’s worth asking a harder question:
If I stepped away for a week, would things fall apart—or function as designed?
If the answer is “fall apart,” that’s not a personal failure. It’s a leadership signal. One that points to opportunity, not inadequacy.
The strongest leaders I know aren’t always on.
They’re intentional. They’re disciplined. And they understand that long-term effectiveness requires more than endurance—it requires self-mastery.
In cybersecurity especially, that might be the most underrated leadership skill of all.
#
References & Resources
World Health Organization (WHO) — Burn-out an “occupational phenomenon” (ICD-11 overview)
How Do Non-Human Identities Transform Cloud Security Management? Could your cloud security management strategy be missing a vital component? With cybersecurity evolves, the focus has expanded beyond traditional human operatives to encompass Non-Human Identities (NHIs). Understanding NHIs and their role in modern cloud environments is crucial for industries ranging from financial services to healthcare. This […]
How Do Non-Human Identities Impact Cybersecurity? What role do Non-Human Identities (NHIs) play cybersecurity risks? Where machine-to-machine interactions are burgeoning, understanding NHIs becomes critical for any organization aiming to secure its cloud environments effectively. Decoding Non-Human Identities in the Cybersecurity Sphere Non-Human Identities are the machine identities that enable vast numbers of applications, services, and […]
Is Your Organization Prepared for the Evolving Landscape of Non-Human Identities? Managing non-human identities (NHIs) has become a critical focal point for organizations, especially for those using cloud-based platforms. But how can businesses ensure they are adequately protected against the evolving threats targeting machine identities? The answer lies in adopting a strategic and comprehensive approach […]
Login
