📡 TCP #71: AI Red Teaming; NHI Top 10; Snyk Hot Water; and Product News
Security Product News | Jan. 7th - Jan. 15th, 2025
Welcome to Issue 71 of The Cybersecurity Pulse! I'm Darwin Salazar, PM at Monad and former Detection Engineer. Each week, I explore the latest security product innovation and industry news. Stay ahead of security trends and themes by subscribing below to receive weekly digests directly to your inbox. Share with a friend if already sub’d! 📩
Let’s Grow Together 🫱🏽🫲🏻
Interested in sponsoring The Cybersecurity Pulse and connecting with over 4,600 security professionals across 100+ countries? 🌎
Picks of the Week🎯
OWASP NHI Top 10 Deep Dive from Resilient Cyber
What was previously a meme and a product feature, has now become an OWASP Top 10 list signaling that the problem is only growing. Of course, VCs have poured into it, but in my opinion, this news is a stronger signal as it comes from practitioners and security leaders. Continued adoption of cloud, API economy + AI have caused a sharp increase in NHIs. Agentic AI, for better or for worse, will only add fuel to the fire.
from has a great write-up covering the new list here.
The team over at SlashID has a write-up on NHI implication for PCI compliance here.
Did Snyk deploy malicious packages targeting Cursor? Seems like it.
Snyk is at the center of drama indicating that they purposely deployed malicious packages targeting Cursor, the popular AI code editor. While I'm not fully cued in yet, this LinkedIn post by the researcher who discovered the malicious packages has all the details including Snyk's response.
Lessons Learned from Red Teaming 100 AI Apps - Microsoft
Microsoft’s AI red team is at the forefront of AI security due to their early partnership with OpenAI + the sheer number of Azure cloud customers building AI apps. They recently released a 21pg white paper covering lessons learned and I can’t wait to dig in fully over the weekend.
Trump and others want to ramp up cyber offense, but there’s plenty of doubt about the idea
It's 2025. Cyber warfare has been a thing for at least 2 decades now (i.e., APT 1). It's said that Chinese state-backed actors are behind "Salt Typhoon" and the recent attacks on large telecoms including many household US names. With this + the incoming US political transition, there have been increasing calls for the US to "hack back".
For one, I'd imagine we're already doing this. Secondly, it's a cat and mouse game with no end. Third… idk, this is an old topic that is typically dealt with behind the scenes.
In any case, this CyberScoop report has the latest details on what's going on this front in Washington D.C. and hints at what's to come under the Trump Administration.
Fun read.
Product News 📰
Product News. My favorite kind of news.
Cloud Security
CrowdStrike Adds Registry Scanning for Hybrid Clouds
CrowdStrike now offers a private cloud registry scanner which allows DevOps and Security teams scan container images locally without relying on cloud dependencies. With the pendulum swinging a bit back towards on-prem, this is a great addition to CrowdStrike's cloud security portfolio.
Digital Forensics + Incident Response (DFIR)
Darktrace to acquire Cado Security
Darktrace, which was recently acquired themselves by Thoma Bravo for $5.3 billion, has now acquired Cado Security for an undisclosed amount. Cado Security is a cloud forensics and IR startup founded in 2020 and had raised $31.5 million through 3 rounds.
Historically, there have been mixed feelings about Darktrace in the security community due to shady marketing + sales tactics, but I think they’ll be able to turn it around now that smart private equity is involved.
Identity Security
Orchid Security Emerges from Stealth with a $36M seed
Orchid Security will be tackling the identity security space using LLMs to attempt to detect all of a customer’s apps, evaluate identity flow, identify security risks and vulnerabilities.
Fitting a continued trend we’ve been seeing, Orchid had been in stealth for quite a while and raised a thick seed round ($36 million) signaling that investors are super bullish on their team + tech + problem space. Orchid is already working with F500 companies like Costco and Repsol and is backed by prominent founders and investors like Team8, Intel Capital, and Zohar Alon (co-founder of first CSPM - Dome9).
Will be fun to see what their team will create. Anticipation is high and identity is still a largely unsolved problem.
Offensive Security
Horizon3 Launches NodeZero, A Kubernetes Pentesting Product
Horizon3 is an emerging leader in the offensive security product + services space and they recently released their Kubernetes (K8s) pentesting solution focusing on continuous testing. It's a breath of fresh air to see this given the complexity of K8s and the fact that not many offensive security practitioners know the ins and outs well yet.
Security Operations
CrowdStrike Achieves FedRAMP Authorization for New Modules
CrowdStrike recently received FedRAMP authorization for their SIEM, IT, and Data Protection modules. This is huge news as it now means U.S. government agencies can procure these solutions while they previously could not.
The solutions will be available via Crowdstrike's GovCloud offerings.
More SecOps product news ⬇️
Interested in sponsoring TCP?
Let's Grow Together!🫱🏽🫲🏻
Sponsoring TCP not only helps us continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of over 4,600 CISOs, practitioners, founders, and investors across 100+ countries 🌎
Bye For Now!
That’s all for this week… ¡Nos vemos la próxima semana! 👋🏽