Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Growth Marketing at Monad and former detection engineer in big tech. Each week, I dig through all the major headlines to bring you the latest security product innovation and industry news. Subscribe below for weekly updates! 📧

Security Teams Need Outcomes, Not More Alerts

Varonis gives you outcomes, not alert fatigue. We detect real risks, automate prevention, and accelerate remediation across cloud, on-prem, SaaS, and third-party apps. Get a free data risk assessment with clear, actionable results in under 24 hours.

Request a free assessment

👋🏼 Hello! Feels like the entire security space is taking a collective breath and pause after the BSidesSF and RSAC marathon last week. A ton and I mean A TON, took place.

$1.7 billion in funding was announced in the weeks leading up to RSAC, PANW 0.00%↑ announced their intent to acquire Protect AI for up to $700 million, and I tracked 125+ announcements which I’ll highlight in this post.

For everything that we'll cover in this issue that is public info, there's about 2-3x more that occurred behind closed doors and on paper napkins in dimly lit cocktail bars. That said, I'll try to approach this week's newsletter in rapid fire style to ensure we cover a lot of ground.

Note: This is Part I of our RSAC recap. Part II will be out tomorrow covering top startups to watch, venture news, favorite booths, swag, choreography, and events/parties.

Tl;dr

• 😲 North Korean corporate infiltration of Fortune 500 takes center stage.

• 🥤Don’t drink the AI kool-aid. Ask hard questions. Prioritize transparency.

• 🤖 Enterprise adoption of AI has led to an explosion of data privacy/security and IAM concerns.

• 💰 Vendors who invested early in platformization and data acquisition are reaping major rewards

• 🕸️ More vendors launching use case specific MCP servers

• 🏜️125+ announcements across 19 product categories

Needless to say, this week’s issue will be a long one so if you’re reading from email, make sure to hop over to our Substack to ensure you don’t get cut off.

Now, let’s cyber 🕺🏽

Spying on North Korean hackers in real-time: an npm malware saga

At 1 p.m., our malware analysis engine alerted us to a potential malicious package that had been added to NPM. The first indications suggested this would be a clear-cut case; however, when we started peeling back the layers, things weren’t quite as they seemed…

Here is a story about how sophisticated nation-state actors can hide malware within packages.

Watch the Breakdown

📈 Key Themes and Trends

1. North Korean corporate infiltration

It's a real, ongoing thing. “Literally every Fortune 500 company has at least dozens, if not hundreds, of applications for North Korean IT workers,” Mandiant Consulting CTO Charles Carmakal said. “Nearly every CISO that I’ve spoken to about the North Korean IT worker problem has admitted they’ve hired at least one .., if not a dozen or a few dozen.” This reminds me of APT1, but on a much larger scale amplified by new deepfake tech.

This has led to startups racing to build deepfake detection tech. Last year's RSAC Innovation Sandbox winner was Reality Defender which focuses on this space and more recently, 4 startups announced funding or deepfake detection products at this year's RSAC (covered in Deepfake section way below). Safe to say that nobody is immune to this and security teams should include this in their threat model.

2. More advanced AI in security products

Vendors have been implementing AI/ML in some form or fashion since the early 2010s and ChatGPT super charged adoption in early 2023 by democratizing access to GenAI and Large Language Models (LLMs) via APIs.

The gap between ‘AI-powered/enabled’ and ‘Agentic AI’ is wide, yet this year we saw many vendors touting ‘agentic’ solutions. To be clear, both ‘AI-enabled’ and ‘agentic’ solutions are a net positive, but only if vendors are transparent about how their systems work and avoid cutting corners that create downstream risks/toil for security teams. Trust is the foundation of every vendor-buyer relationship in security.

AI-powered v. Agentic AI Scenario

An AI-powered solution typically uses LLMs to parse logs and alerts to pull in additional context related to that activity and can generate timelines, summaries, etc.

An Agentic AI solution, on the other hand, may actively investigates alerts by querying multiple data sources, correlating indicators of compromise (IOCs), and autonomously initiating or recommending next steps (e.g., quarantining endpoints, blocking malicious IPs).

Key distinctions

The agentic AI can reason, act, and self-tune toward predefined security goals. There’s a certain level of autonomy here. AI-powered solutions are more assistive than in nature. In this context, agentic AI pushes investigations forward as far as safely possible before handing over to a human, while AI-powered tools function more like sidekicks/copilots.

If you're a security leader assessing these types solutions, it’s key to be informed and understand what you’re signing up for. Here are some questions you can ask to better understand what the product is actually doing under the hood and whether you can trust it/the vendor:

1. What kind of domain-specific fine-tuning have you done for your AI models, and what security datasets were used in this process?

2. What specific steps have you taken to make your AI’s decisions transparent and explainable, especially in cases of autonomous action or incident response?

3. Can you describe a scenario where your AI made an incorrect decision, how it was addressed, and what measures were put in place to prevent recurrence?

4. What safeguards do you have in place to prevent your AI from inadvertently learning, memorizing, or mishandling sensitive or proprietary customer data? Do you provide on-prem/self-hosted deployment options?

5. Can you provide details on the total cost of ownership (TCO) beyond upfront pricing? Think ongoing fine-tuning, retraining, data ingestion, and infrastructure requirements

If the vendor can answer these questions to your satisfaction, without having their feathers ruffled, then it’s probably worth a demo/PoC.

3. Accelerated enterprise adoption of AI

This is leading to serious data privacy and security concerns for CISOs. Think Copilot's having access to sensitive SharePoint, Excel, HR systems etc. Can and has gotten messy. Also, the use of AI outside of the security team's purview (Shadow AI) can lead to data leaks, vendors training on sensitive or proprietary data, and more risks. These are real concerns which data and SaaS security startups and incumbents are increasingly focusing on.

Identity and access management (IAM) for AI is also an emerging concern hence all the new Non-human Identity (NHI) startups and funding flowing into the space. While most of traditional IAM security principles still apply, AI agents, MCP servers etc. do scale and behave differently. One example is the Copilot example mentioned above. In this scenario, a user (or attacker) using a Copilot with SuperAdmin privileges may be able to access sensitive company data at unprecedented speeds and scale. Getting IAM right for AI requires a bit of different approach, varying learning curves for each solution, and a lot of attention to detail.

4. Model Context Protocol (MCP) adoption

MCP servers make it super easy for LLMs and agents to call on external data sources. At RSAC and leading up to it, we saw an influx of vendors (Wiz, CloudFlare, AppOmni, Salt, RunReveal, CrowdStrike, Google Cloud) releasing MCP servers. I'm still figuring out what it would mean if all vendors have MCP servers that could securely 'talk' to each other or the real-world impact it is having today, but it is something I saw and wanted to call out.

5. Platformization and AI

Vendors who have access to massive amounts of data from diverse sources are in the lead in the AI and platformization race. CrowdStrike, Palo Alto Networks, Varonis, Zscaler, Google Security, Microsoft, Cisco, and SentinelOne are all doing pretty cool things by deeply engraining AI into their strategy. While hyperscalers and incumbents have an advantage, so do startups and point solutions as they can innovate faster and often have very deep expertise + product coverage in niche areas. One example is SilentPush which we cover in the next section.

Anyhow, we're already seeing huge return on investment for vendors who prioritized data acquisition early in the AI race and consolidated multiple point solutions into platforms.

Examples below:

• Palo Alto Networks Cortex XSIAM announcements

  

• Cisco Splunk and Foundation AI announcements

• CrowdStrike AI-driven user and entity behavior analytics (UEBA)

🔮 The Future of Security 🔮

Build Your Security Champions Program

Join Snyk on Thursday, May 15th at 11AM ET for a free virtual session on building and scaling an effective Security Champions program. Learn how to bridge security and dev teams and foster a strong security culture.

👉 Register Now

AI security

1. Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code

2. Prompt Security launches Vulnerable Code Scanner for AI-generated code

3. Palo Alto Networks to Acquire AI Security Firm Protect AI

4. CrowdStrike Partners with Google Cloud to Advance AI-Native Integration with MCP

5. Cribl and Palo Alto Networks partner to secure agentic AI across multicloud environments

6. Qualys announced updates to its TotalAI solution

7. EQTY Lab launches AI Guardian

8. NVIDIA enhances cybersecurity AI platform

9. Palo Alto Networks announces new AI security, network security, and security operations capabilities

10. DataDome unveils intent-based AI models for AI agent protection

Application Security

1. Legit leverages AI in ASPM platform to find, fix, and prevent vulnerabilities

2. Lineaje Leverages AI Agents to Secure Open Source Packages and Images

3. ArmorCode Anya accelerates critical security decisions

4. Apiiro debuts dynamic software mapping to streamline vulnerability management

5. Wallarm Agentic AI Protection blocks attacks against AI agents

6. NetRise ZeroLens identifies undisclosed software weaknesses

7. CyCognito partners with Wiz

8. Salt Security launches MCP server for API security

9. Sonatype enhances predictive malware protection

10. Binarly releases Transparency Platform v3.0

11. F5 Application Delivery and Security Platform enhancements

12. Backslash Security LLM vibe coding research and new capabilities

13. Checkmarx releases application security posture management solution

Browser Security

1. LayerX Raises $11 Million for Browser Security Solution

2. Menlo Security launches new visibility and forensics capabilities

Cloud Security

1. Upwind Launches Runtime-Powered CNAPP 2.0 for Cloud Security Posture

2. Resourcely launches Fix for streamlined remediation

3. Aqua Security unveils Secure AI for protecting workloads from code to cloud

4. Aryon Security launches Cloud Security Enforcement Platform

5. Orca Security agentless static reachability analysis for production workloads

6. Skyhawk expands AI-powered Purple Team

7. ZEST Security unveils Multi-Agent AI System for cloud risk remediation

Data security

1. Varonis AI Shield helps employees use AI without putting data at risk

2. Metomic AI Data Protection prevents data leakage in AI tools

3. Sentra Data Security for AI Agents protects AI-powered assistants

4. BigID AI Data Lineage delivers transparency and control for AI

5. Trellix DLP Endpoint Complete prevents data leaks in Windows and macOS

6. CrowdStrike Expands Cloud and Data Protection with Unified Security Innovations

7. Cy4Data Labs Launches Cy4Secure to Protect Data In-Use, In-Flight, and At-Rest

8. Cyberhaven launches AI visibility and protection capabilities

9. Forcepoint launched Data Security Cloud

10. LightBeam launches risk scoring for DSPM

Deepfake detection

1. Is that really your boss calling? Jericho Security raises $15M to stop deepfake fraud that’s cost businesses $200M in 2025 alone

2. IRONSCALES unveils Deepfake Protection

3. X-PHY unveils real-time deepfake detection tool

4. Netarx unveils deepfake detection offering

Endpoint security

1. NinjaOne Unifies Patch and Vulnerability Management to Reduce Risk and Response Time

Email security

1. Abnormal AI launches autonomous agents for employee training

Identity Security

1. Push Security raises $30M to expand browser-based identity threat detection

2. Entro launches gen-AI engine for NHI security and secrets scanning

3. GuidePoint Security Adds Veza Identity Security to Expand Access Protection Offerings

4. Rubrik Identity Resilience protects vulnerable authentication infrastructure

5. Amplifier Security Raises $5.6M in Seed Funding

6. AuthMind Raises $19.3 Million in Seed Funding

7. Delinea Expands Identity Security Platform to Govern AI at Enterprise Scale

8. Veza reels in $108M for its identity security platform

9. The Future of Cloud Access Management: How Tenable Cloud Security Redefines Just-in-Time Access

10. Saviynt ISPM provides insights into an organization’s identity and access posture

11. How SailPoint is taming the ‘wild west’ of agentic AI in identity security

12. Silverfort Extends NHI Security to the Cloud, Unifying Identity Protection

13. World partners with Tinder, Visa to bring its ID-verifying tech to more places

14. Oasis NHI Provisioning automates the provisioning of NHIs and their credentials

15. RSA announces new ISPM capabilities

16. Anetac extends identity vulnerability management platform

17. BeyondTrust launches free identity security service

18. Huntress unveils enhanced Managed ITDR solution

19. CryptoLab unveils Encrypted Facial Recognition (EFR) solution

Miscellaneous

1. Cynomi cinches $37M for its AI-based ‘virtual CISO’ for SMB cybersecurity

2. SecLytics Rebrands as Augur Security, Raises $7M in Seed Funding

3. Vectra AI and CrowdStrike Expand Partnership to Support SMB and Midmarket Security Needs

4. Netskope One enhancements cover a broad range of AI security use cases

5. Blackpoint Cyber addresses security tool fragmentation

Mobile Security

1. Imprivata unveils new capabilities for Mobile Access Management

2. iVerify launches new mobile security product for travel

3. Appknox releases post-launch app security solution

Offensive security

1. Bugcrowd Unveils Crowdsourced Red Team-as-a-Service Offering at RSA

Network Security

1. NetFoundry Raises $12 Million for Network Security Solutions

2. ExtraHop strenghtens network detection and response

3. Palo Alto Networks announces new AI security, network security, and security operations capabilities

4. Fortinet outlines new cyber threats and AI-powered defenses to match

Threat Intelligence

1. RIP IOCs: Silent Push Gives MSSPs a Look at Future Attacks

2. Recorded Future launches Malware Intelligence to automate malware detection and response

3. SecAI debut and platform update

Security Training

1. Pistachio Raises $7 Million for Cybersecurity Training Platform

Governance, Risk, and Compliance

1. Vanta AI Security Assessment evaluates AI risk

2. AuditBoard AI governance solution mitigates risks associated with AI systems

3. Cloud Security Alliance launches Compliance Automation Revolution (CAR)

4. LogicGate adds automated control gap analysis feature to GRC platform

5. SAFE launches autonomous Third-Party Risk Management Platform

6. Swimlane unveils Compliance Audit Readiness Solution

SaaS Security

1. Reco unveils two AI agents for alerts and identity-related investigations

2. AppOmni unveils SaaS security MCP server

SecOps

1. M-Trends 2025: State-Sponsored IT Workers Emerge as Global Threat

2. Monad launches Basic tier with up to 1TB/month free

3. Arctic Wolf, Anthropic Partner to Advance Autonomous SOCs, Launch Cipher

4. Veeam Threat Hunter ushers in a new era of proactive cybersecurity and resilience

5. Zscaler champions AI-powered threat detection in the context of fighting fire with fire

6. Securonix brings autonomous decision-making to security operations

7. Huntress Launches Managed SIEM to Simplify and Expand Cybersecurity Access

8. Arctic Wolf launches Cipher to enhance security investigations with AI insights

9. Sumo Logic unveils innovations across AI, automation, and threat intelligence

10. SOCRadar Introduces Copilot to Streamline Cybersecurity Operations with AI

11. CrowdStrike Advances Next-Gen SIEM with Threat Hunting Across Data Sources, AI-Driven UEBA

12. Elastic launches Automatic Migration feature

13. Rapid7 enhances Command Platform

14. Vectra AI launches new AI agents

15. BrandShield launches external threat detection platform

16. Cisco unveils major security capabilities

17. Intel 471 announces threat hunt enhancements

18. Lumu introduces SecOps Platform

19. Palo Alto Networks announces new AI security, network security, and security operations capabilities

20. AiStrike launches AI Agents for Detection Optimization

Vulnerability Management

1. Armis expands vulnerability exposure and assessment capabilities

2. Ridge Security Launches RidgeSphere for Scalable RidgeBot® Security Management

3. Cymulate and SentinelOne Integrate to Advance Continuous Exposure Validation

4. Black Kite introduces Vulnerability Intelligence Brief

5. Silent Push unveils threat intelligence management module enhancements

6. Axonius releases risk-based vulnerability management product

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~6,000 CISOs, practitioners, founders, and investors across 100+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!

🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀🍀