Welcome to The Cybersecurity Pulse (TCP)! I’m Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security innovation and industry news. Subscribe to receive weekly updates! 📧

Subscribe now

Share

Midmarket Security Is Quietly Overconfident — And the Numbers Prove It

94% of midmarket security leaders say they can catch critical risks before attackers do. But 51% admit a zero-day would take a week to assess. Something doesn’t add up. Intruder surveyed 500+ security decision-makers at companies with 400–6,000 employees to get the real picture of how teams are coping with growing digital estates, shrinking exploitation windows, and tooling built for enterprise budgets.

Get the full report

Howdy 👋 - hope you’re having a stellar week. I’ll spare you from the personal BSidesSF/RSAC updates as I have something else coming on that front.

Aside from that, this past week was jampacked with launches + fundraising. Some of which have a truly novel or differentiated approach to their problem space. Good research in this week’s issue as well.

That said, let’s get into it!

TL;DR 🗞️

• 🏖️ AWS Bedrock Sandbox Escape via DNS — BeyondTrust’s Kinnaird McQuade built a full C2 channel through “isolated” AgentCore using DNS queries alone

• 🏄 Surf AI Launches with $57M — Accel-led round for agentic platform tackling the last mile of security remediation at enterprise scale

• ☁️ Google Closes $32B Wiz Acquisition — Largest VC-backed exit ever is officially done after US and EU antitrust clearance

• 🚔 Interpol Sinkholes 45,000 IPs in Operation Synergia III — 94 arrests across 72 countries targeting phishing, malware, and fraud infrastructure

• 🐍 Microsoft Publishes Prompt Abuse Playbook — Practical detection and response guide for direct, extractive, and indirect prompt injection

Plus: Okta's new AI agent identity framework, CrowdStrike x NVIDIA's agent security blueprint, Bold Security's $40M stealth exit, and 10 more stories below 👇

⚒️ Picks of the Week ⚒️

Researcher Break Out of AWS Bedrock AgentCore’s “Sandbox” Using DNS Queries

Our friend Kinnaird McQuade, cloud security legend and chief architect at BeyondTrust’s Phantom Labs, dropped a banger this week. He and the team demonstrated a full sandbox escape from AWS Bedrock AgentCore’s Interpreter using nothing more exotic than DNS queries.

Sandbox mode blocks most outbound traffic but still permits DNS A record lookups which I learned is enough to build a fully functional bidirectional C2 channel. Kinnaird will be walking through this exact exploit at BSides SF this Sunday. Definitely a must attend if you’re in town.

From the C2 channel, he demonstrated running commands (whoami) inside the sandbox, listing and reading S3 bucket contents, and exfiltrating credentials, PII, and financial data. All while the env happily reported that network access was disabled. The default AgentCore role ships with permissions broad enough to turn that DNS covert channel into a full reverse shell 😬

AWS’s response was pretty wild tbh. In September 2025, AWS reproduced the issue but classified it as “intended functionality.” The fix: updated docs of what ‘sandbox’ mode is. Kinnaird then received a $100 AWS Gear Shop gift card. A hundred dollars for a CVSS score 7.5 vuln in tooling that F500s use is interesting.

This is one of the best vuln disclosure reports I’ve read all year. Educational and fully walks you through the attack flow on a novel-ish cloud service. Kudos to Kinnaird on this!

AI Agents Don't Need Your Permission. They're Already Inside.

No approvals. No oversight. No visibility. AI agents act autonomously with permissions across your entire SaaS stack—and your security tools can't see them. When the breach happens, will you explain to your CISO that you didn't even know they existed? Reco AI Agent Security ends the blindness.

Discover your hidden agents

Surf AI Exits Stealth with $57M

Surf AI launched out of stealth yesterday with $57 million in combined seed and Series A funding led by Accel, with participation from Cyberstarts and Boldstart Ventures. It’s not another AI SOC or AI security tool but the way I’d describe is that the focus on the last mile of reducing risk, remediation, using AI.

What the platform does: Surf AI ingests signals from identity, cloud, security, HR, and IT systems to build what it calls a “living context graph” mapping assets, owners, permissions, and dependencies. Domain-specific AI agents (i.e., identity, cloud etc) then prioritize risk by context and coordinate remediation workflows under human oversight.

Automated remediation has almost always been a tough sell. The potential downside of remediation-induced downtime on critical systems often outweighs the perceived risk of the vulnerability itself. There’s sometimes sooooo much back and forth in remediating a vuln, implementing a compensating control, or just accepting the risk.

Up until like 5 years ago, humans held all the institutional knowledge about what touches what, and what would break if we patched a system or closed a port on a cluster. I saw this firsthand doing cloud security engagements at J&J and Accenture: the bigger the org, the worse this problem gets. I think the way Surf is tackling it makes sense. Build a context graph of what a cloud asset touches and what it means to the business before you close a port or harden a config. Present multiple remediation options with a human in the loop. That approach meaningfully reduces the risk of inadvertently breaking something.

The other thing to highlight is that most of the security debt sitting in enterprise backlogs wouldn’t introduce breaking changes if remediated. Clearing stale accounts from decommissioned employees, revoking orphaned permissions, fixing known misconfigs that nobody owns. That’s the long tail, and I think that’s where agentic execution can absorb work that humans would never get to.

Huge shout out to the Surf crew, especially their CISO, Yonesy Nuñez. Excited to watch this team and product help solve that painful last mile for teams.

The security data lake built for AI agents

We've been watching Scanner evolve for a while now and the progress has been unlike anything else in the SecOps space. It indexes logs directly in S3 and makes years of data searchable in seconds through native MCP support or old school querying.

It hooks up to Claude Code, Cursor, or any MCP client and lets AI agents hunt threats, triage alerts, and run investigations across years full log history. Queries cost pennies meaning agents can explore freely without blowing your budget. Honestly their approach is the most sensible path forward to security analytics and storage.

Highly recommend checking them out if you’re struggling w/ massive SIEM bills and tired of visibility and budget trade-offs.

See Scanner in Action

Google Closes $32B Wiz Acquisition, Largest VC-Backed Exit Ever

Last week, Google officially completed its $32 billion all-cash acquisition of Wiz. The largest deal in Google’s history and the biggest acquisition of a venture-backed startup ever.

The deal closed after clearing antitrust review in both the US (November 2025) and EU (February 2026).

What a run by the Wiz team. Will be fun to see what they get up to w/ unlimited compute, Gemini models, Mandiant, VirusTotal and the Chronicle/Google SecOps SIEM at their fingertips. That probably deserves a blog somewhere down the road.

Tech Giants Invest $12.5M in Open Source Security Through Linux Foundation

Anthropic, AWS, Google, Google DeepMind, GitHub, Microsoft, and OpenAI collectively granted $12.5 million to the Linux Foundation’s Alpha-Omega and OpenSSF initiatives to strengthen the security of the open source ecosystem. Alpha-Omega has already issued 70+ grants totaling over $20 million across ecosystems including Rust, Node.js, and PyPI. Cool.

Interpol Sinkholes 45,000 IPs, Arrests 94 in Operation Synergia III

Interpol’s third iteration of Operation Synergia ran from July 2025 through January 2026 across 72 countries, resulting in 94 arrests, 212 devices seized, and over 45,000 malicious IP addresses sinkholed.

The operation targeted phishing, malware distribution, ransomware infrastructure, romance scams, and credit card fraud. Bad guys in jail = good.

Most arrests in the takedowns have taken place in Macau, Bngladesh, and Togo. These level of takedowns remind of the Beekeeper movie. Great film that covers these fraud farms + stars Jason Statham. Highly recommend.

🔮 The Future of Security 🔮

AI Security

Microsoft Publishes Prompt Abuse Detection Playbook for AI Tools

Microsoft Incident Response released a practical detection and response playbook for prompt abuse in enterprise AI tools, covering direct prompt overrides, extractive abuse against sensitive inputs, and indirect prompt injection.

The blog gives a good overview of detection and hardening opportunities. Great primer.

More AI Security news ⬇️

• Okta unveils new framework to manage AI agents and upcoming Okta for AI Agents platform

• CrowdStrike Unveils Secure-by-Design AI Blueprint for AI Agents Built with NVIDIA

• Netskope Launches AI Security Platform with AI Ecosystem Protection

Data Security

Varonis Launches Atlas, an End-to-End AI Security Platform

If you’re a long time reader of TCP then you already know I’m fond of their approach to data security. I wrote a report on why their context graph approach is the way to go for securing sensitive data in the age of AI. Since then, they’ve acquired SlashNext (email security) and AllTrue.ai (AI security). The latter which has led to their recent Atlas product which covers the most pressing AI security areas:

• shadow AI discovery

• posture management

• pen testing

• runtime guardrails

• compliance reporting

• third-party AI risk management

Big W and quick execution by Varonis on this. Here’s a video of Atlas in action:

Endpoint Security

Bold Security Exits Stealth with $40M for Edge AI Endpoint Protection

Bold Security emerged from stealth with $40 million from Bessemer Venture Partners, Picture Capital, and Red Dot Capital Partners. Bold runs small language models on endpoints rather than in the cloud, turning devices into local AI agents that monitor user behavior and AI tool interactions.

The edge-first approach sidesteps the latency, cost, and privacy concerns of cloud-based AI security. Cool.

More Endpoint Security news ⬇️

• Huntress adds tools to its Agentic Security Platform to detect, fix, and prevent endpoint and identity risks

• Cato Networks rolls out Neural Edge and AI Security to protect enterprise AI workloads

Governance, Risk, and Compliance

Knox Systems Raises $25M to Accelerate 90-Day FedRAMP Authorization

Knox Systems raised $25 million in Series A funding led by B Capital, with participation from M12 (Microsoft’s venture fund), Okta Ventures, MongoDB Ventures, Hearst Ventures, and previous investors Felicis and Ridgeline.

Knox operates the largest multi-cloud federal boundary across AWS, Azure, and GCP, and claims to deliver FedRAMP authorization in 90 days at 90% lower cost than the traditional process. FedRAMP is the final boss of compliance frameworks.

With fewer than 500 FedRAMP-authorized SaaS apps available to the US government commercially, the bottleneck is real and also means that fed services may not be getting the best of breed.

Security Operations

Tracebit Raises $20M to Scale Cloud-Native Deception Technology

Tracebit closed a $20 million Series A led by FirstMark, with Accel, MMC Ventures, Tapestry VC, and CCL participating, bringing total funding to $25 million. Tracebit deploys canaries (decoy assets) across AWS, Azure, Kubernetes, CI/CD pipelines, and identity providers to detect post-breach lateral movement.

Deception is one of the highest-signal detection methods available, because canaries have a near-zero legitimate-touch rate; if something interacts with them, it’s an attacker, insider threat or a disoriented employee/intern. Most teams don’t have the bandwidth to deploy and monitor canaries. Seems like Tracebit is tackling that problem. Cool.

Vulnerability Management

NinjaOne Adds AI-Driven Vulnerability Management to Its Endpoint Platform

NinjaOne launched NinjaOne Vulnerability Management, built natively into its unified endpoint management platform. The offering uses AI to identify vulnerabilities.

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of 20,000+ CISOs, practitioners, founders, and investors across 135+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!