Welcome to The Cybersecurity Pulse (TCP)! I’m Darwin Salazar, Head of Growth at Monad and former detection engineer in big tech. Each week, I bring you the latest security innovation and industry news. Subscribe to receive weekly updates! 📧

Subscribe now

Share

Hi 👋 - Hope you’re having a great week wherever you’re reading from!

I’m in Boston this week for their first ever TechWeek which surprisingly has quite a few security events. Last night, I hosted my first Darwin & Friends Dinner Club and it was a fun time with great operators. Shoutout to Monad and Fable Security for sponsoring it! One of our attendees even pulled up in their yacht so that was cool ¯\_(ツ)_/¯ (jk)

Tonight, I’ll be speaking on a panel with security leaders from Citizens Bank, DigitalOcean, Jiffy Labs and Scrut Automation, where we’ll cover how AI has changed security. Hosted at an art gallery with cocktail reception before 🎨. Come hang out if you’re in the area! You can RSVP here.

Now, let’s get into the news!

AI Agents Are Multiplying Faster Than Security Teams Can Track

AI agents are spreading across SaaS environments through ChatGPT integrations, Salesforce Agentforce, n8n workflows, custom tools, and embedded assistants. They act autonomously, keep persistent permissions, and connect to sensitive systems that security teams often can’t fully see.

Reco helps security teams discover AI agents, map their connections, and reduce the risk of data exposure before it happens.

Watch the Full Demo

TL;DR ✏️

• 🐳 Wiz’s 2026 report puts numbers on supply chain risk— Code, dev tools, automation, and AI are turning software delivery into one big trust problem. Shai-Hulud, TeamPCP, Megalodon, and poisoned packages make the timing feel very real.

• 📉 Zscaler gets punished after a strong quarter — Zscaler posted $850.5M in Q3 revenue, up 25% YoY, and $3.525B in ARR, also up 25% YoY, but the stock sold off after softer forward guidance.

• 🦈 Megalodon hits GitHub — 5,500+ repos were infected via fake automated commits that injected GitHub Actions workflows to steal CI secrets, keys, tokens, and credentials.

• 🔌 Socket raises $60M — Supply chain security startup hits a $1B valuation as the category expands from bad packages to IDE extensions, browser extensions, AI tools, and MCP servers.

• 🤖 Zscaler buys Symmetry — Zscaler adds data discovery and AI agent governance in an acquisition with undisclosed terms.

• 🧞 Cyera buys Genie Security — Cyera acquires a six-month-old Israeli startup for about $50M, adding endpoint-focused DLP for sensitive data leakage across employee devices, AI tools, and autonomous agents.

• 🧑‍🚒 7AI launches agentic MDR — Autonomous investigations with 7AI security engineers, pushing MDR from analyst assist toward agent-led SecOps.

• 🔐 AWS automates AD response — New Directory Service APIs let teams automate Microsoft AD user and group actions, including GuardDuty-to-Step Functions workflows that disable risky users.

⚒️ Picks of the Week ⚒️

Wiz's 2026 report puts numbers on supply chain risk

The software supply chain security space has been on fire this year, and not in a good way. Wiz’s 2026 SDLC security report gives a clear look at why. Supply chain attacks keep showing up in the same places: dependencies, developer machines, build systems, CI/CD, identity, and cloud credentials.

Shai-Hulud, Mini Shai-Hulud, TeamPCP, malicious npm packages, poisoned developer tooling, and stolen secrets all point in the same direction. The path from dev to prod is now one of the most useful routes for attackers, and teams are being forced to treat SDLC security as a core part of enterprise defense, not just an AppSec checklist.

That’s why the Wiz report hit. SDLC security is not just about finding vulnerable code anymore. It is about whether you can trust the packages, tools, workflows, agents, credentials, and people involved in shipping software. The question is no longer just “is this code vulnerable?” It is “can we trust how this code got here?” If you’ve been dealing with SDLC security in any capacity, this report is a must read as it puts empirical data to what we’ve all been experiencing.

Zscaler gets punished after a strong quarter

Zscaler reported a strong Q3, with revenue up 25% YoY to $850.5M, ARR up 25% YoY to $3.525B, and $100M+ in AI Protect bookings over the last 12 months, but the stock still sold off after softer forward guidance. The reaction says more about the current cyber tape than the quarter itself. Security stocks have been ripping, with names like CrowdStrike and Palo Alto trading near highs, so investors are punishing anything that looks like deceleration. The market moves fast. Just a bit ago, the SaaSpocalypse triggered by Anthropic had claimed a few “casualties,” and now we’re back near ATHs. Fun times.

This isn’t news but the earnings call transcript highlighted that security leaders are worried about AI-driven exposure: which users, apps, agents, and workloads can reach sensitive systems, under which identity, with what logging, and with what blast radius. Winning AI security products will need to show the graph: data, identity, apps, agents, and controls in one place.

Megalodon hits 5,500+ GitHub repos

Megalodon is the week’s clearest proof point for why SDLC security is top of mind. More than 5,500 GitHub repositories were reportedly infected through fake automated commits that injected malicious GitHub Actions workflows. The payloads were built to steal credentials, CI secrets, keys, tokens, and other sensitive data from developer and build environments.

The important part is that the attackers went after the pipeline. That is the same pattern behind Shai-Hulud, TeamPCP, poisoned packages, and malicious dev tooling. If attackers can compromise what builds the software, they can get access before anything ever reaches runtime.

Socket raises $60M as supply chain security heats up

Socket raised $60M at a $1B valuation, and the timing makes sense. The company started around open source dependency risk, but the category is getting bigger fast. Malicious packages, hijacked maintainer accounts, compromised release pipelines, IDE extensions, browser extensions, AI coding tools, and MCP servers are all becoming part of the same problem.

While Socket has had a great product and customer base for a while, the raise feels directly tied to what we are seeing in the wild. Attackers are moving earlier in the build process, and companies are realizing that runtime defense is too late if poisoned code already made it into the product.

AWS adds more automation for Managed Microsoft AD

AWS published a walkthrough for using its newer Directory Service Data APIs to automate identity lifecycle work in AWS Managed Microsoft AD. The APIs support user and group operations like listing users, retrieving details, disabling and enabling accounts, resetting passwords, and managing group membership through the AWS CLI, APIs, and console.

🔮 The Future of Security 🔮

AI Security

Zscaler buys Symmetry Systems for AI data security

Zscaler is acquiring Symmetry Systems, a data security startup focused on finding and monitoring data across cloud, on-prem, and air-gapped environments. The AI angle is the useful part: Symmetry can scan training datasets and monitor data ingested by AI agents, which gives Zscaler a stronger story around what agents can access, touch, and potentially leak.

This fits the broader AI security acquisition wave. The market is moving past “secure the chatbot” and into the harder problem of governing the data, identities, applications, and agents underneath it. Zscaler’s bet is that AI security will need an access graph that shows how identities, apps, agents, and data sources connect across the enterprise.

Data Security

Cyera buys six-month-old Genie Security

Cyera acquired Genie Security, a six-month-old Israeli startup, in a deal reportedly worth about $50M. Genie was building endpoint-focused DLP technology for detecting sensitive data leakage from employee devices, including leakage caused by generative AI tools and autonomous agents.

The fit is pretty obvious. Cyera already owns the data security layer, and Genie helps extend that control closer to laptops, phones, servers, and the messy places where employees and AI tools actually touch sensitive data.

Offensive Security

Terra adds continuous network exploitation validation

Terra added public preview support for continuous exploitation validation across network infrastructure, expanding its platform beyond web apps and AI systems. The pitch is agentic offensive security with human oversight across the full attack surface: web apps, AI, and network environments. Findings are verified for real exploitability, prioritized by business impact, and shown in one connected view so teams can see chained paths instead of juggling separate pentest, red team, and vulnerability reports.

More OffSec News

• Bugcrowd launches RL environments for AI vuln hunting

Security Operations

7AI launches agentic MDR

7AI launched PLAID ELITE, a fully managed agentic security operations service that pairs autonomous investigations with human oversight from 7AI security engineers. The service is positioned as AI-native MDR: agents handle alert ingestion, enrichment, triage, investigation, and response, while humans stay in the loop for review, escalation, and customer-specific context.

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of 20,000+ CISOs, practitioners, founders, and investors across 135+ countries 🌎

👉 Learn more here!

Bye for now 👋🏽

That’s all for this week… ¡Nos vemos la próxima semana!