Ransomware Detection Isn’t the Problem – Evasion Still Is
Academic look at malware evasion.
RSA next year – what comes after AI saturation?
We found a single booth at RSA that didn’t feature AI. Just one. There may have been others, but it seemed almost like a requirement to get a booth presence. What stood out wasn’t just the presence of AI—it was the lack of specificity. Many vendors could perhaps explain what their AI does, but far […]
RSA 2026 – AI Oozing Out of Every Pore
Here at RSA, the hype is on “high”, including dune buggies driving the streets wrapped in high-tech banners claiming to have solved all things AI. Even before you get downtown you are greeted at the airport with big budget AI splashed all over the walls with outsized claims. But what is real? We here at […]
ACFW firewall test prologue – still failing at the basics
The results of our soon-to-be-published Advanced Cloud Firewall (ACFW) test are hard to ignore. Some vendors are failing badly at the basics like SQL injection, command injection, Server-Side Request Forgery (SSRF) and API abuse with block percentages under 20%, sometimes way under. Those are just the application-based threats, never mind the vulnerability-based attacks. While it’s […]
More AI security noise – chatbots going rogue
People rush to AI bots for their most sensitive tasks these days without security leading the way. The Moltbot frenzy reminds us we just wrote about this recently – the difference between AI security noise and high-impact threats. AI Security Lessons from the MoltBot Incident For folks who jumped in early and got the Github […]
Signature-based firewalls are dead
Advanced evasion firewalls are here to stay Firewalls of yesterday were largely static devices: routing rules, security zones, and databases of known-bad signatures. That model worked when threats were noisy, predictable, and exploit-driven—teardrop attacks, ping-of-death, and similar patterns that could be matched and dropped. Modern attacks no longer cooperate with that model. Modern threats, however, […]
AI Security Testing — Most AI Attacks Are Noise, a Few Leave Craters
Some AI attacks are noise, others can change your organization.
AVAR 2025: Asia’s Digital Velocity vs. the Reality of AI Security
AVAR 2025 velocity vs security
The Missing Layer: Why Observability Needs Validation
Observability needs validation
“Secure-by-Design” and “Secure-by-Default” Badges from SecureIQLab — and Why They Matter in WAAP
What do the Secure-by-Design and “Secure-by-Default” badges really mean?