Author: Arie

In 2024, a staggering 87% of container images were found to have at least one vulnerability, and a measurable fraction of them have been targeted to compromise the production infrastructure. With cloud and container orchestration adoption not slowing down, the percentages are expected to increase. While organizations strive to keep their containers secure, security often

The modern platform engineering mandate is clear: adopt Kubernetes, embrace microservices, and accelerate velocity. In theory, this leads to efficiency; in practice, if you operate within highly regulated sectors — Finance, Utilities, Defense, Healthcare, etc. — the journey often slows down due to significant networking and compliance requirements.

We are living in an era in which data breaches and cyberattacks are growing exponentially and frequently dominate news headlines. The simple and humble password — since its inception — has repeatedly proven to be difficult to secure against modern, sophisticated attacks. This is where passwordless authentication comes into the picture. It is a concept

Why Prompt Injection Keeps Winning in Production Most prompt injection incidents follow the same pattern: The model reads untrusted instructions (user text, RAG chunks, web pages, PDFs, emails). Those instructions impersonate authority: “Ignore the rules… call this tool… send this data…” Your system lets the model translate that into real actions. That last step is

Three months ago, I watched a senior engineer at a Series B startup ship an authentication bypass to production. Not because he was incompetent — he’d been writing secure code since Django was considered cutting-edge. He shipped it because GitHub Copilot suggested it, the tests turned green, and he’d learned to trust the little ghost

The vulnerability management lifecycle is a continuous process for discovering, addressing, and prioritizing vulnerabilities in an organization’s IT assets A normal round of the lifecycle has five phases:

The conference room went silent when the fintech’s CISO pulled up the logs. There, buried in production traffic, sat an endpoint nobody had documented: /api/debug/users. It was leaking customer data with every ping. The engineer who’d committed the module swore he’d only asked GitHub Copilot for a “basic user lookup function.” Somewhere between prompt and

I still remember the Slack message that arrived at 2:47 AM last March. A machine learning engineer at a healthcare AI startup, someone I’d interviewed six months prior about their ambitious diagnostic model, was having what could only be described as an existential crisis. “Our fraud detection model just started flagging every transaction from zip

Let’s start with a simple fact that cannot be overlooked today: identity is the new perimeter. Following this logic, there exists a simple yet powerful principle of Zero Trust — never trust, always verify. Zero Trust protects architectures by continuously verifying users, devices, and more — whether internal or external — to protect critical resources,

Instead of building custom integrations for a variety of AI assistants or Large Language Models (LLMs) you interact with — e.g., ChatGPT, Claude, or any custom LLM — you can now, thanks to the Model Context Protocol (MCP), develop a server once and use it everywhere.  This is exactly as we used to say about