Welcome to The Cybersecurity Pulse (TCP)! I’m Darwin Salazar, Head of Growth at Monad and former detection engineer at Datadog. Each week, I bring you the latest security innovation and industry news. Subscribe to receive weekly updates! 📧

Subscribe now

Share

Hi 👋 - Hope you’re having a great week wherever you’re reading from!

It’s Identiverse week which means a ton of developments on the IAM front. Key pieces in the NHI race being pulled off the board, new ones emerging w/ mega rounds of funding etc. Aside from that, Anthropic’s latest model remains in the spotlight after being pulled from the public due to a ‘security flaw’ found by Amazon researchers. Whitehats are angry. It’s been a whirlwind of a week and it’s not even over yet.

On the personal front, I got to celebrate my good friend Day this weekend, a former Datadog colleague, elite cyber operator, and now a married man. It was pretty dope experiencing the traditional Nigerian wedding ceremony and being there for one of his biggest moments in life!

Now, onto the news!

TL;DR ✏️

• 🧨 Anthropic’s export fight gets ugly: Fable gets repealed. Security leaders want Fable and Mythos access restored for defenders.

• 🦾 Ent raises $100 million: Decibel led, with Sequoia, Crosspoint, Craft, Shield, Felicis, and In-Q-Tel. Endpoint security. Former RiskIQ founders.

• 🕳️ Varonis SearchLeak hits Copilot: One click could leak emails, files, calendar details, and MFA codes.

• 🧾 Microsoft walks from Oracle deal: Reported FedRAMP concerns stalled more than $3 billion in cloud capacity.

• 🚓 Flock keeps getting abused: Police allegedly used ALPR searches to stalk romantic partners and exes.

• 🧱 Databricks buys Panther: Lakewatch gets detection-as-code, 100+ integrations, and a real SOC core.

• 🪪 Identity vendors buy agents: SailPoint/Entro (~$200M) and 1Password/Apono ($250-300M) push agent security into IAM.

• 🧬 NewCore raises $66 million: Cyberstarts, Index, and Evolution back another agent identity swing.

Plus: Rubrik launches Claude security controls, identity standards get their weekly acronym workout, and more.

⚒️ Picks of the Week ⚒️

Anthropic’s AI export fight gets ugly

Dozens of security leaders are urging the U.S. government to roll back export restrictions on Anthropic’s Claude Fable 5 and Mythos 5, after Anthropic disabled both models for all customers to comply with a foreign-national access ban. Signers include Alex Stamos, Katie Moussouris, Casey Ellis, Bruce Schneier, Joe Levy, Chris Wysopal, Dan Lorenc, and Rachel Tobac, among others.

The Amazon part makes this even stranger: Amazon researchers got a Mythos-class model to produce restricted cyberattack information, then Andy Jassy (CEO) raised concerns with senior U.S. officials. Anthropic says the issue was narrow, not unique to Fable, and not enough to justify cutting off defenders. Fair, but Anthropic also spent months telling everyone its frontier models were cyber dynamite with an API, so the shocked Pikachu act is not exactly compelling.

The ban is still bad policy because serious adversaries don’t give 2 fcks probably jailbroke Fable/Mythos on Day 0 so barring defenders from having access is not smart. but it exposed the bigger problem sitting underneath the AI security boom. If security teams, companies, and countries are building critical workflows on frontier models they do not control, they are not just renting intelligence, they are renting someone else’s off switch.

Ent comes out swinging with a $100M seed

This one earned the second slot as it’s got all the makings of a generational company with focusing on a hard problem, strong founding team, backers and significant seed size.

Ent emerged from stealth with $100 million in seed funding led by Decibel, with Sequoia, Crosspoint Capital Partners, Craft Ventures, Shield Capital, Felicis, and In-Q-Tel participating.

The company is building an intent-aware workspace security platform that runs at the endpoint and intervenes before risky human or AI-agent actions turn into incidents. The founding team, Elias Manousos and Brandon Dixon, previously co-founded RiskIQ and helped launch Microsoft Security Copilot.

The category overlap is significant. Ent sits near endpoint, DLP, insider risk, AI governance, and agent security, which means the execution bar is high from day one.

SearchLeak flaw turns Copilot into a one-click exfil path

Varonis disclosed SearchLeak, a Microsoft 365 Copilot Enterprise flaw chain that could leak emails, calendar details, indexed files, and MFA codes after one click on a trusted Microsoft link.

The chain abused Copilot Search’s q parameter as an instruction prompt, raced Microsoft’s HTML sanitizer during streaming, then used Bing’s image search endpoint as an SSRF-powered exfil proxy. Microsoft remediated the issue as CVE-2026-42824, and Varonis says it was a proof-of-concept, not observed exploitation.

The weird part is not prompt injection by itself. It is prompt injection making old web bugs that thought went away, reachable again. The question for teams is not “is Copilot secure,” it is “what damage can compromised Copilot cause to my business?” and then reversing security measures from there.

Microsoft reportedly walked from $3B Oracle cloud deal over compliance concerns

Microsoft reportedly walked away from talks to lease more than $3B in Oracle Cloud Infrastructure capacity after raising security and compliance concerns, according to Business Insider. The sticking point was reportedly FedRAMP: Oracle’s government cloud is authorized, but the public OCI environment Microsoft wanted to use was not. Oracle called the report inaccurate, Microsoft declined to comment, and Reuters could not independently verify the report.

In summary, compliance still matters even in a compute bottlenecked world.

Police keep using Flock to stalk people

404 Media found more than a dozen cases where police allegedly used Flock automated license plate readers to stalk people, often romantic partners or exes. One Florida officer ran his ex-girlfriend’s plate at least 69 times, her mother’s plate 24 times, and her father’s plate 15 times. Flock’s ALPR network logs where cars travel, then lets police search historical plate data to reconstruct a person’s movements.

This is the boring failure mode of surveillance tech. The pitch is always “find stolen cars faster,” and the operational reality is that someone eventually uses the same database to track their ex or much, much worse.

Databricks buys Panther to scale security lakehouse

Databricks agreed to acquire Panther, giving Lakewatch a real security operations core instead of just a better data architecture story. Panther brings 100+ integrations, detection-as-code, and agentic SOC workflows into Databricks’ push to replace legacy SIEM with a security lakehouse.

Terms were not disclosed, and the deal is still subject to customary closing conditions. This is Databricks’ third security acquisition, following Antimatter and SiftD.ai.

🔮 The Future of Security 🔮

AI Security

Identity vendors buy into agent security

SailPoint plans to acquire Entro, while 1Password acquired Apono, giving two identity platforms a faster path into AI-agent and non-human identity security.

Identiverse is this week in Las Vegas, so the timing is not random. Non-human identity and agent security are becoming the next identity market fight, and SailPoint and 1Password clearly do not want to watch it from the sidelines.

SailPoint did not disclose terms, but Calcalist reported the Entro deal at about $200 million. 1Password also did not disclose terms, while Calcalist reported the Apono deal at $250 million to $300 million.

Entro brings discovery for secrets, tokens, certificates, and machine identities. Apono brings just-in-time access controls for humans, machines, and agents.

Agents are mostly an identity, access, and credential problem once you strip away the AI confetti. The NHI space has seen a lot of consolidation lately, with Astrix, Entro, and Apono now off the table. Much-needed consolidation

More AI Security News

• Rubrik Launches Agent Cloud for Anthropic Claude Code & Claude Cowork to Secure AI Agents

• Okta expands Google Cloud partnership to secure AI agents and the browser

Identity Security

NewCore launches with $66 million for agent identity

NewCore emerged from stealth with $66 million from Cyberstarts, Index Ventures, and Evolution Equity Partners to secure identities across humans, machines, and AI agents.

The team has some real founder-market fit: CEO Zohar Alon previously co-founded Dome9, the cloud security company Check Point acquired in 2018. He’s an experienced builder and advisor/mentor to much of the Israeli cyber ecosystem.

The space is already crowded, with identity vendors, NHI startups, and agent-security companies all circling the same budget. But the funding, timing, and leadership team make this one more credible than the average “agents are coming for your IAM” launch.

More IAM Security News

• Opal adds AI-guided access reviews

• CrowdStrike Expands Identity Leadership with OpenID and IDPro

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of 20,000+ CISOs, practitioners, founders, and investors across 135+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!