Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security product innovation and industry news. Subscribe to receive weekly updates!

Subscribe now

Share

5 Minutes to a More Secure Google Workspace

Stop guessing about Google Workspace risk. Get a clear, five-minute readout with Material’s free Security Scorecard. Receive a risk score, domain-specific analysis across email, files, accounts, and global configurations, plus a prioritized to-do list. No integrations or permissions required. Built from real-world incidents protecting hundreds of orgs.

Built for lean teams, IT owners, and CISOs. Benchmark your Google Workspace security posture and fix your most critical security gaps.

Evaluate your Google Workspace security

Want to sponsor the TCP newsletter? Learn more here.

What’s up gang,

Hope you’re having a great week! Lots of fundraising announced with over $500M in funding across the likes of Chainguard, Sublime, and ConductorOne. Also, some good news on the ransomware front.

Before diving in, just a heads up that this is our last TCP until November 19th. I’ll be traveling somewhere very special with the family 🌄

Don’t worry. I’ll make sure to cover all the major events that transpire while I’m away!

Now, let’s cover this week’s biggest headlines!

TL;DR 📰

• 🧠 AI browsers face inevitable prompt injection flaws – Prompt injections remain unsolved, per OpenAI CISO Dane Stuckey

• 💰 Ransomware payments hit record low – Coveware reports just 23% of victims paid in Q3 2025 — the lowest in 6 years.

• 🎙️ Inside the Network × SentinelOne CEO – Tomer Weingarten shares lessons from building S1 to $1B ARR.

• 🎭 Fake LastPass death scam targets users – CryptoChameleon phishers impersonate inheritance requests to steal passkeys, not just passwords.

• 🇦🇺 Microsoft sued over Copilot M365 subscriptions – Australia’s ACCC accuses Microsoft of misleading 2.7M users into paid Copilot plans.

• 🤖 Palo Alto Networks launches Prisma AIRS 2.0 + Cortex AgentiX – AI all the things.

• 🔗 Chainguard raises $280M from General Catalyst – Software supply chain security co. hits $40M ARR (7× YoY).

• 📧 Sublime raises $150M Series C – Email security leader 4× customer base in FY 2025. Round led by Georgian, Index, IVP, and Nicole Perlroth.

• 🪪 ConductorOne raises $79M Series B – Unified IGA/IAM/PAM platform. Round led by Greycroft + CrowdStrike Falcon Fund.

• 🕸️ RunZero open-sources RunZeroHound – BloodHound-based tool that turns asset inventories into attack graphs

⚒️ Picks of the Week ⚒️

AI browsers face a security flaw as inevitable as death and taxes

OpenAI released their Agentic browser, Atlas, last week and it caused a stir of security concerns. Like most AI, these browsers are susceptible to prompt injection attacks. The scary part about it is that the browser is where your email lives, where your credentials pass through, and where your web history lives.

The image above is from the OpenAI CISO, Dane Stuckey.

He literally says “…prompt injection remains a frontier, unsolved security problem, and our adversaries will spend significant time and resources to find ways to make ChatGPT agent fall for these attacks.”

Also, a couple of months ago, Brave Browser researchers discovered a few prompt injection vulns in the Perplexity Comet AI browser + the Fellou browser.

So should you be using agentic browsers? I’ll let you answer that one :)

Ransomware payments hit record low: only 23% Pay in Q3 2025

Ransomware payment rates have gone down for the 6th year in a row with only 23% of breached organizations paying a ransom in Q3 2025, according to Coveware.

Coveware also found that the average ransom payment dropped 66% (to $376.941) from the previous quarter. Both of these stats + trends are fairly positive for our industry.

Inside the Network w/ SentinelOne CEO, Tomer Weingarten

The ITN crew recently sat down w/ Co-Founder and CEO of SentinelOne to discuss his personal journey + S1’s journey to being a public company and nearing $1B ARR.

Two things that stood out to me most from the entire conversation:

• Wartime CEO mindset: “Every day is war” against sophisticated nation-state actors and crime groups. Argues security requires semi-military operational tempo unlike other software categories.

• Deep technical focus: Spent 2 years building product before first revenue. He wrote code, designed early UI, S1 holds 100+ patents so deep IP.

Founders need to be deep in the details until its not scalable anymore. Also, +1 on wartime mindset. Not only is the security biz extremely competitive, but also, you have bad guys trying to reverse and break your tech to breach your customers. Gotta stay paranoid and proactive.

Another stellar pod from the ITN crew.

Fake LastPass death claims used to breach password vaults

CryptoChameleon has been observed targeting LastPass users with a phishing campaign. What’s unique and sophisticated about the campaign is that it leverages LastPass’ legacy inheritance capabilities as a front, and it targets passkeys, not just email + password. Mentioning death of a relative is a very slick way to get people to put their guard down.

Microsoft sued for allegedly tricking millions into Copilot M365 subscriptions

Microsoft is being sued by the Australian Competition and Consumer Commission (ACCC) for allegedly misleading 2,7M Australians into paying for Microsoft Copilot. The ACCC lawsuit claims that Microsoft used deceptive practices to lure consumers into paying for the service and in doing so, violated several Australian Consumer Laws.

Why am I covering this here, in a cybersecurity newsletter? Multiple reasons.. How many unsanctioned AI apps are deployed in enterprise environments without the user(s) knowing the implications or staying power of the solution? If Microsoft is being accused of these practices, can you imagine what startups are doing? Also, this hints at “stat padding”. Aside from # of active users, what other stats and metrics that we come across may be being distorted?

Huge, if true.

🔮 The Future of Security 🔮

🟢 Your Application Security Agents 🟢

The DryRun Security Codebase Insight agent helps you track risk trends, vulnerability velocity and policy compliance across teams. Ask questions in chat to see what to fix first and prove security ROI to your board. One view, answers in seconds.

View DryRun Code Insights

AI Security

Palo Alto Networks unveils Prisma AIRS 2.0 and Cortex Agentix

As part of their Ignite virtual event, Palo Alto Networks recently launched Prisma AIRS 2.0 which integrates many of the capabilities from their recent Protect AI acquisition. The solution provides posture + runtime defense for agents and MCP. It also provides AI model red teaming + vuln hunting (from Protect AI Huntr). AIRS also provides fairly comprehensive security coverage for the lifecycle and usage of open-source AI models.

Aside from the AIRS announcements, they also launched Cortex AgentiX which provides a variety of use case-specific AI Agents including for threat intel, endpoint investigations, and email investigations.

They’re calling AgentiX the next generation of Cortex XSOAR which further validates that SOC agents are pretty much next-gen SOARs.

More AI Security news ⬇️

• Securing AI Agents with Dave Lewis, Enterprise News, and interviews from Oktane 2025 - Dave Lewis, Mike Poole, Conor Mulherin - ESW #430

• Rubrik Agent Cloud speeds enterprise AI with built-in security and guardrails

Application Security

Chainguard raises $280M from General Catalyst

Chainguard recently raised $280M from General Catalyst’s Customer Value Fund, six months after $356 million Series D. Chainguard 7x’d their ARR in the 2025 fiscal year to $40M.

Note: Chainguard is technically a software supply chain security co. but I categorize it under AppSec to avoid micro-categorization.

More AppSec news ⬇️

• Cycode’s New AI and ML Inventory, AIBOM Solutions Target Shadow AI

Attack Surface Management

RunZero open sources RunZeroHound

RunZero released RunZeroHound which is an open-source tool built on BloodHound’s OpenGraph. The tool exports asset inventory data and build a graph the visualizes attack paths. Pretty neat tool for network mapping and finding segmentation gaps.

Email Security

Sublime raises $150M Series C to arm defenders for the post-LLM world

Sublime has been on a very impressive run over the past few years. Their fundraise blog highlights that they 4x’d their customer base in fiscal 2025.

Their Series C fundraising was led by Georgian, with participation from new investors Avenir, 01A, Jon Oberheide, and Nicole Perlroth, and existing investors Index Ventures, IVP, Citi Ventures, and Slow Ventures.

Identity and Access Management

ConductorOne Raises $79M Series B

ConductorOne raised $79 million Series B led by Greycroft with participation from CrowdStrike Falcon Fund, Accel, Felicis, others. C1 provides IGA, IAM and PAM under a unified experience. Its customers include Zscaler, Instacart, Brex, and Ramp.

Kudos to the C1 team. They’ve taken the IAM world by storm.

More IAM news ⬇️

• Incode Launches Agentic Identity

Network Security

Darktrace Expands ActiveAI Platform with NEXT Agent

Darktrace launched NEXT (Network Endpoint eXtended Telemetry). It’s an agent that combines network packet data with endpoint process data using self-learning AI.

Security Operations

Arctic Wolf Partners with AWS for AI-Driven Security Operations

Arctic Wolf signed strategic collaboration agreement with AWS to scale Aurora Platform and AI-powered SOC

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~7,500 CISOs, practitioners, founders, and investors across 125+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!