Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, GTM lead at Monad and former product detection engineer at DataDog. Each week, I bring you the latest security product innovation and industry news. Subscribe below for weekly updates!

🥇 Chainguard Containers: 98% fewer CVEs compared to OSS alternatives🥇

The status quo in open-source software (OSS) delivery has led to high profile security breaches, compliance failures, and constantly growing CVE backlogs. Security teams need more visibility into the OSS used by dev teams.

Enter Chainguard: Minimal, hardened containers rebuilt daily, so your teams can ship quickly and confidently.

👉 See Chainguard in action!

What’s up! 👋🏽 I hope you’re well wherever you’re reading this from! I’m currently in the Dominican Republic (home🇩🇴) and on my last day before some time off (no TCP next week!).

While most people, especially in our industry, like to shrug off burnout, it’s a real thing to be mindful of. We all operate at 10x when we’re well-rested compared to when we’re burnt out.

Here’s quote I recently came across which reminded me to go touch grass (and sand):

That said, we had another jam-packed week as summer kicks of and below is the tl;dr:

• 🤖 Software 3.0 - Andrej Karpathy's outlines how AI has changed software development.. many security implications here.

• 🕷️ Scattered Spider linked to M&S and Co-Op breaches (~$1B impact) and now targeting insurance companies like Aflac

• 🤝 An inside look at how Wiz built their partnership program from 0 to 300 in 2 years

• 📊 Forrester's new report shows traditional SIEMs battling (and beating) XDR vendors in the ‘security analytics’ market

• 🛡️ Snyk acquires Invariant Labs for AI agent security

• 🤖🤝🤖 Agent-to-Agent collab from Intezer and Torq

• 🥝 Okta launches Cross App Access to secure AI-to-app interactions

• 🔐 AWS re:Inforce announcements

Let’s cyber 🕺🏽

⚒️ Picks of the Week ⚒️

Software 3.0 and What It Means For Security

This was probably the best talk from YC's recent AI Startup School event. Andrej Karpathy is Tesla's former director of AI and laid out what he thinks the world of software will look like moving forward.

There are some interesting and applicable concepts for us in security including:

• The autonomy slider (very relevant for security product builders)

  • Low autonomy: AI suggests code snippets

  • Medium autonomy: AI does things, human reviews (Sweet spot for security for the next 3-5 years at least)

  • High autonomy: AI builds entire features with minimal oversight

• The many shared similarities between LLMs and Operating Systems

• LLMs democratize software creation.. Now anyone can whip up an MVP app (even a 91yr old)

  • This means more vulnerable code and apps

• On the evolving role of programmers - Will shift from writing code to writing great prompts, managing complex systems, and refining AI behavior.

• "Keeping AI on a Leash" Principle

  • Never give AI unchecked access to production systems

  • Human-in-the-loop for sensitive operations

The security implications of Software 3.0 will impact just about every security domain and introduces new threat vectors. That's a whole blog post that I'll probably never have the time to write, but worth digging into if you care about the future of security.

Ultimately, this is a great ~40min watch and highly recommend for anyone in security.

Stop breaches before they start.

Most teams don’t have big security budgets or dedicated squads. Intruder delivers continuous attack surface monitoring, risk-based prioritization, and proactive cloud defense—without the noise of false positives.

Get a single platform for vulnerability scanning and cloud security, with clear findings and faster resolution so you can focus on what matters and stay ahead of threats.

👉 Start your free trial today!

Announcing The Forrester Wave™: Security Analytics Platforms, Q2 2025 — The SIEM Vs. XDR Fight Intensifies

Forrester recently published their analysis on the 'Security Analytics Platform' space and it highlights a major shift. Pure play SIEM vendors (MSFT Sentinel, Splunk, Google Chronicle) are battling it out with XDR upstarts (Palo Alto, CrowdStrike) who want to completely redefine what SIEM means. Microsoft, Splunk and Elastic still emerged as Leaders.

The Forrester Wave evaluated 10 vendors total and here are the 3 biggest takeaways:

• Flexibility vs. Specialization is the new trade-off - Traditional SIEMs (Microsoft, Splunk, Google) excel at complex use cases that need customization (ie., Large enterprise deployments, log normalization across N number of data sources etc.). XDR vendors chose a different path - they limit data collectors to focus specifically on detection and response with better out-of-the-box analytics.

• "Platformization. Platformization. Platformization." - Some vendors are betting that Security analytics platforms become the central hub for all security operations. Vendors are bundling native tools (CDR, SOAR, ASM etc) and some XDR players are even waiving ingestion fees for their own EDR data to encourage consolidation. The platform shift continues to play out.

• AI differentiation is stark - most vendors are behind - While every vendor talked about AI in their vision, the actual implementations vary dramatically. Most vendors offer expected features like incident summaries and chatbots, but the leaders are shipping AI agents, automated parsing, etc.

Kudos to Forrester for the great report!

Scattered Spider May be Behind M&S + Co-Op Breaches + Now Targeting Insurance Industry

Seems like the Scattered Spider group, which is responsible for the MGM, Caesars and several other breaches, has been linked to the M&S and Co-Op attacks which combined will have a financial impact of ~$1B. They also seem to have recently been on a spree targeting the insurance sector with Aflac, Philadelphia Insurance, and Erie Marine being hit.

As we've seen, Scattered Spider is sophisticated, moves fast and loves to leverage social engineering for initial access. If you're a blue teamer, this is a great write-up by the crew at Silent Push and another from Push Security on their TTPs, IoCs, and, behaviors.

Building the Wiz WIN Program with Oron Noah

Wiz has built something truly special with their partnerships program, Wiz Integration Network (WIN). They've grown it to 300+ partners across 150+ integrations in two years. To me, there are a couple of things that set their program apart from others:

• They prioritize bi-directional integrations. This means that customers can often export Wiz data to a partner tool and import data from said tool into Wiz which unlocks a ton of value + visibility.

• Their partnerships team is part of the Product org. rather than Sales/Alliances.

• Their API docs + sandbox + developer support community are really good.

As a WIN partner myself via Monad, I can say for certain that Wiz is rewriting what partnership programs should look like for ISVs. This post by their VP of Product Partnerships, Oron Noah, provides an in-depth look at how they're doing it.

🔮 The Future of Security 🔮

AI Security

Snyk acquires Invariant Labs to expand AI agent security capabilities

Snyk recently acquired Invariant Labs which specializes in securing AI agents. Their suite includes runtime observability (Explorer), security policy enforcement (Gateway), and threat detection (MCP-Scan).

Great acquisition by Snyk that further validates the convergence of AppSec and AI security.. Software 3.0

Deal terms undisclosed.

More AI Security news ⬇️

• Gigamon launches AI Traffic Intelligence and Copilot assistant

Application Security

Salt Security Unveils Agentless API Security with AWS Cloud Connect

Salt Security launched "Cloud Connect for AWS," an agentless API security solution that discovers all APIs across AWS infrastructure in minutes instead of the traditional weeks or months required by agent-based approaches. The platform works by directly querying AWS services like API Gateway with read-only access to build a real-time map of your entire API ecosystem - including shadow, zombie, and unknown APIs - while identifying risk exposures and misconfigurations before attackers can exploit them.

More AppSec news ⬇️

• AWS Extends Cloud Security Reach to Include DevSecOps Tools to Scan Code

• Imperva Application Security Integrates API Detection and Response

Cloud Security

AWS re:Inforce announcements

AWS recently hosted their annual security conference and it came with a ton of announcements across AWS and their partner ecosystem. My top 3 favs or what I thought was most impactful:

• AWS IAM now enforces MFA for root users across all account types

• Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clusters

• AWS Backup adds new Multi-party approval for logically air-gapped vaults

Full list of announcements here.

More Cloud Security news ⬇️

• Fortinet Expands Cloud-Native Security with Enhanced CNAPP and MSSP-Ready Capabilities

• 1Password and AWS Partner for Agentic AI, Cloud Security

Identity and Access Management

Okta debuts Cross App Access to secure AI agent interactions

Okta recently had their launch week with a slew of updates for the Okta and Auth0 platforms. What caught my eye the most is their Cross App Access offering/protocol which enforces AI tools to request access to other apps through Okta as opposed to having unfettered direct access.

This is key because enterprises have adopted MCP, AI agents, and so much more AI infrastructure which inherently need to have access to sensitive enterprise data in order to bring most value. This launch aims to helps bring IAM guardrails for AI-to-app and AI-to-AI access.

Reminder: Okta has 18K+ customers including many Fortune 500s so this launch is great leap forward for securing AI adoption.

Capabilities are in private preview at the moment. GA in Q3 FY26 (August 2025+).

Security Operations

Agent-to-Agent Collaboration: Intezer and Torq Partner to Help SOC Teams

Intezer and Torq have integrated their AI agents to work together autonomously for mutual customers. Intezer's agents handle initial alert triage and forensic investigation, then pass relevant findings to Torq's Socrates AI for case management and remediation. This is a pretty cool partnership that I think represents the next generation of vendors collabs: Agent-to-Agent collabs.

Some ppl may ask, "why doesn't Intezer just build a SOAR or Case Management agent?", and in my opinion, building an agent is easy… maintaining it is an entirely different thing and requires significant expertise and investment.

Cloudflare Log Explorer is Now GA

Cloudflare recently GA'd Log Explorer which consists of three components:

• Ingestors - responsible for writing logs from Cloudflare's data pipeline to R2.

• Compactors - optimize storage files, so they can be queried more efficiently

• Queriers - execute SQL queries from users by fetching, transforming, and aggregating matching logs from R2

The new offering also includes custom alerting, pre-built dashboards and queries, and natural language interface for creating dashboards.

This is a huge win for Cloudflare customers. Not only can they now bring over Cloudflare SIEM detections + workflows over, but they also benefit from cost savings as their Cloudflare logs no longer need to be sent out or stored elsewhere. #cool

More SecOps news ⬇️

• CrowdStrike Launches AI-Powered Incident Response on AWS Marketplace

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~6,000 CISOs, practitioners, founders, and investors across 100+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!