⚡ TCP #72: Humanless SOCs; DeepSeek; Opengrep; and Product News
Security Product News | Jan. 15th - Jan. 28th, 2025
Welcome to Issue 72 of The Cybersecurity Pulse! I'm Darwin Salazar, PM at Monad and former Detection Engineer. Each week, I explore the latest security product innovation and industry news. Stay ahead of security trends and themes by subscribing below to receive weekly digests directly to your inbox. Share with a friend if already sub’d! 📩
Howdy! Hope you are doing well wherever you’re reading this from! This week’s TCP rolls up the past two weeks which have been a bit of a roller coaster globally 🎢.
Before diving into this week’s news, check out the Monad Product Release Notes to see what we’ve been up to in the new year. Thrilled for whats to come in 2025!
Now, let’s cyber 🪩🕺🏽
What Developers Think About Security in 2025 💭
What are the most effective strategies for AppSec teams to support developers in shipping secure code? We surveyed 150 developers to gather their perspectives on AppSec to help security teams:
- Drive developer engagement and buy-in for their AppSec program
- Invest in impactful resources to help developers improve code security
- Evaluate strategies for making security a core pillar of engineering cultures
⚒️ Picks of the Week ⚒️
Humanless SOCs and Agentic SIEMs
Two of my favorite people to follow in security, Anton Chuvakin and , recently posted pieces that look at future of AI for SecOps and address the ongoing dialogue around autonomous SOC stuff.
Jack makes a case for Agentic SIEM being a new analytical layer for SecOps as an augmenter and not a human replacer.
Anton takes a rather cynical approach by giving those who believe in a fully autonomous, humanless SOC, a verbal ass whoopin’.
Anton works closely with Google Cloud SecOps suite which has been a pioneer in bringing AI to the SOC. So of course, he’s not against AI in the SOC, he just thinks it’s WAY too early for fully autonomous anything in security.
My thoughts:
They’re saying the same thing, but differently.
Anyone who has written detections, investigation playbooks, investigated alerts, or gone through any SecOps motions, understands the level of nuance required for the craft. Every environment is different. Context is king. It’ll be a long time before security leaders take the concept of “fully” autonomous anything seriously.
You should follow Anton and Jack as they’re deep in the SecOps trenches and have a much better pulse than most people yelling loudly on LinkedIn or X about the future of security.
Go deeper:
DeepSeek. DeepSeek. DeepSeek. SeekDeep. 🧙🏻
If you've been too locked in or hiding under a rock, I'll spare you the DeepSeek rabbit hole and give you the tl;dr:
Chinese quant firm, High-Flyer, launched an AI model (DeepSeek-R1) which outperforms all other publicly available models incl. OpenAI's latest o1.
High-Flyer says they did it w/ $6m training budget and small fraction of the NVIDIA GPUs that other foundational model shops (i.e., Anthropic, Meta) use.
On Jan. 27th, NVDA lost $590B in mkt. cap due to this news as it investors believe this will cause AI builders to look to squeeze much more efficiency out of the chips and compute that they already have. Many other chip stocks were impacted as well.
DeepSeek becomes #1 on Apple AppStore. DeepSeek stops allowing registrations due "large cyber attack". DeepSeek launches multi-modal model.
My thoughts:
LLMs + GenAI are a commodity and are nearing max capabilities. What's built with AI is the true moat.
Data privacy nightmare + trojan horse. Non-Chinese companies should stay away.
The caused material financial impact to US stock market will not be taken lightly. AI arms race is heating up.
Go deeper:
DeepSeek hit by cyberattack as users flock to Chinese AI startup
Big AWS Customers Hound Cloud Giant for Access to DeepSeek AI
Opengrep.. Like OpenTofu but for AppSec
Last week, you probably saw the blitz of AppSec vendors coming together to announce Opengrep. Apparently Semgrep changed the licensing structure to their previously open-sourced, and heavily relied upon static code analysis tool. This caused many vendors, most of whom rely on the tool, to create a fork called "Opengrep" to continue maintaining and building the tool. Opensource is the future and Opengrep, Opentofu, Llama, and Deepseek confirm this.
I have no hot take on this, but my friend does here.
Official announcement here.
AI Mistakes Are Very Different from Human Mistakes
Part of our hesitation as an industry to adapt security tools heavily dependent on AI is that they make mistakes. Sure, human make mistakes as well, but they're predictable + easy to identify. AI, on the other hand, not so much. Depending on the model, it's purpose and how well it's been trained, AI still hallucinates and passes off generated responses confidently. If humans take everything AI generates as true, then we'd be in deep shit.
This essay by the legendary Bruce Schneier dives into why AI mistakes can be more costly than human mistakes in the security context.
Side note: Apple Plans to Disable A.I. Summaries of News Notification Due to Erroneous Outputs
Removal of Cyber Safety Review Board (CSRB) members sparks alarm from cyber pros, key lawmaker
There's been a cosmic shift across many industries this past week and security is no exception. The new U.S. administration, the CSRB + the DHS CISA's Cybersecurity Advisory Committee have both been flushed of its members.
While I agree that US govt. needs much more accountability + efficiency + less bureaucracy, I don't think that cutting CSRB, or any govt. security agency for that matter is a good idea. CSRB was currently investigating the breadth + impacts of attacks by Salt Typhoon on US Telcos and most notably, they were responsible for holding Microsoft's feet to the fire on their many security lapses in recent years.
AI agent identity: it's just OAuth
Over the years, many speculators have said “X technological advancement is going to entirely change the way Y and Z are done”. While sure, our space has continually evolved for the better, many of the fundamentals still remain the same. AI agent authentication is no exception.
In this post, Maya Kaczorowski walks us through how handling AI agent authentication with your existing environment with a well-known authN framework called … 🥁… OAuth.
📰 Product News 📰
Product News. My favorite kind of news.
AI Security
Cisco launches AI Defense tool
Capabilities:
Discover AI use across the org
Continuous "AI-driven algorithmic red teaming" to test models for safety and security issues.
Runtime security
Integration w/ Splunk
More AI security product news ⬇️
Application Security
DryRun Raises $8.7 Million in Seed Funding
DryRun has been an early pioneer in leveraging AI for AppSec. Their solution takes a very context-focused approach by analyzing not just code syntax + vulns but also dependencies, code change history, and environmental context.
With the funding news, they also launched their Natural Language Code Policies (NLCP) tool which allows users to define security policies in plain language vs. complex security syntax language.
Exciting to see another Austin-based company disrupting the AppSec domain. Kudos to James, Ken and the rest of the team on the funding!
Ghost Security is another Austin-based startup you should keep your eyes on.
Data Security
NinjaOne acquires DropSuite for $252M
The endpoint security company has acquired DropSuite, a cloud data backup and recovery provider. NinjaOne CEO says the acquisition will enable them to extend their data protection capabilities to cloud + SaaS.
More data security product news ⬇️
Identity and Access Management (IAM) Security
Wultra Raises €3 Million Seed+ for Post-Quantum Authentication
Wultra is unique for a couple of reasons:
Founded in 2014 in Czech Republic. We don’t often see much innovation in EU.
Focusing on a very hard problem. Post-quantum authentication.
Main ICP is financial institutions
More IAM security product news ⬇️
Supply Chain Security
Eclypsium secures $45M Series C
Eclypsium is a unique vendor in that they focus on very hard security problems like firmware and hardware security. Their backers include a16z, Qualcomm, Ten Eleven and several other notable VC firms. They'll use the additional funding to expand their global reach + R&D in the AI hardware space.
Offensive Security
SpecterOps releases BloodHound CLI
Title says it all. Written in Go. IYKYK.
Security Operations
Tenex comes out of stealth with a next-gen MDR service
Managed Detection & Response startup backed by a16z (Zane Lackey), Shield Capital and a few angel investors. Co-founded by former president of Cyderes, Robert Herjavec’s security co.
Tenex starts out with support for only Google Cloud and will soon expand to more environments.
Funding amount undisclosed.
Interested in sponsoring TCP?
Let's Grow Together!🫱🏽🫲🏻
Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of over 5,100 CISOs, practitioners, founders, and investors across 100+ countries 🌎
Bye For Now!
That’s all for this week… ¡Nos vemos la próxima semana! 👋🏽