Research, threat analysis, and security thinking from our team.
How harmful skills can weaponize enterprise automation, and what security teams should do about it.
What every business leader needs to know about the industrialized threat landscape in 2026.
Inside the skill-reading exploit and why current safety guardrails aren't enough.
Can AI police the metaverse? Embodied cyber threats in social VR and the double-edged sword of generative AI moderation.
Why no vendor can solve the supply chain zero-day problem alone, and what your organization should do about it.
Closing the gap between findings and fixes, and why most pentest deliverables fail to produce actual security improvement.
Why new smart contract languages need new auditing approaches, and what the shift from Solidity means for security.
How to get audit-ready without building a compliance team, and why SOC 2 is a revenue enabler, not a cost center.
Why your second factor isn't as safe as you think, and how adversary-in-the-middle attacks are changing the authentication landscape.
The Log4j vulnerability exposed the fragility of open source dependencies, and why startups are uniquely exposed.
The wave of DeFi exploits in 2021 proves that on-chain security auditing is no longer optional for any protocol handling user funds.
Why startups need a negotiation playbook, and how the ransomware surge of 2021 changed the calculus of incident response.
What the supply chain attack means for startups, and why vendor trust is a liability you need to manage.
Early-stage companies should think differently about security hiring, and why finding problems beats building policy.
The sudden shift to remote work exposed security gaps that most startups didn't know they had. Here's what to fix first.
We write about what we see in the field. If there's a topic you want covered, let us know.
Get in Touch