When an AI tool recommends an action and an employee carries it out, audit logs capture a legitimate human decision. The AI's role disappears. Addressing that blind spot takes more than awareness training. https://zeltser.com/ai-influence-awareness-training
A security product becomes harder to displace when each persona finds value in their own view, from SOC analysts to execs to AI agents. Designing for all of them is a stronger advantage than a longer feature list. https://zeltser.com/designing-for-humans-and-ai
We invest hours analyzing a security risk, and that effort makes us overvalue the recommendation. An executive who hasn't shared that analysis weighs the same risk differently, and they might be right. https://zeltser.com/rejected-security-recommendations
Are we winning the fight against cyber attackers? It's the wrong question. Framing the attacker-defender dynamic as a war fuels hype and leads to the wrong investments.
We scope security assessments along organizational lines, but attackers don't stop where one team's budget ends. Following attack logic instead of org charts closes the gaps.
Ooh, that would be an interesting one, thanks for the idea.
Love them or hate them, SOC 2 reports have become table stakes for SaaS deals. But the framework leaves the vendor in control of the system boundary and auditor selection, which means the reports vary drastically in rigor.
Is a security product company building a true platform or a suite? The distinction clarifies where to invest, how to measure progress, and what competitive advantage to pursue. Here's my guidance for deciding which approach is best, including a look at CrowdStrike, Okta, and Palo Alto Networks.
The profiles came from my product strategy frameworks and MCP server, not generic AI. You can stress-test your own security product strategy the same way:
Who'll win this year's RSAC Innovation Sandbox? I used my custom AI framework to score each finalist's market readiness across 8 dimensions and built detailed profiles. 4 companies clustered clearly ahead. See if you agree:
My guide for endpoint security startups is out now. The path between competing against entrenched platforms and becoming a feature they bundle is narrow.
I got to know this space at Minerva Labs (now part of Rapid7), but much has changed since then.
My new guide on building security products for SMBs. The go-to-market has shifted heavily toward MSPs and VARs, channel concentration creates real dependency risk, and AI readiness among MSPs is lower than the hype suggests.
I published a 4-point approach for succeeding as a CISO, based on my experiences building and leading a security program at a high-growth company. It shows how to focus on the defender's advantage and escape the unending cycle of reacting to vulnerabilities and responding to attackers' advances:
Good tech alone doesn't make a successful security product. I created a guide covering the strategic questions founders and product managers should answer early, drawing on my experience as both a CISO and a product manager.
Security leaders are often trapped in endless assessments and opinion-giving without driving actual change. Staying busy with spreadsheets, dashboards, and emails doesn't move the organization forward.
Here's how we can break out of the "Chief Opinion Officer" mode:
REMnux v8 brings AI integration to the Linux malware analysis toolkit
📖 Read more: www.helpnetsecurity.com/2026/02/17/r...
#cybersecurity #cybersecuritynews #Linux #malwareanalysis #opensource @lennyzeltser.com
Which malware analysis toolkits and frameworks should you consider including in your workflow? Here's my overview:
The new REMnux MCP server connects AI agents to 200+ malware analysis tools on REMnux. I was surprised at the depth of investigation it delivers. Most of my time went into capturing how I approach the analysis and providing guidance to AI at the right time, so it can think and adapt as it works.
What if the CISO's real job is calibrating the right amount of insecurity? Frame the role around that and you become an enabler, not an obstacle. The acronym still works.
I released a free tool to generate animated, annotated replays of text conversations, so you can embed them in articles, training, and docs. For example, it's a nice way to explain influence tactics of a social engineering scam. See it in action:
How to give AI raw incident notes and get a solid draft of an IR report? Now you can point your AI tool at my MCP server for guidance based on proven writing principles. Your data isn't shared with my server; it only provides guidance.
I released a tool for making your website or docs easily available to AI assistants via an MCP server. This helps ensure people's AI tooling can access the latest details at the right time. For instance, this is how REMnux users now can get info about its malware analysis tools.
And here's our video on this topic from the RSA Conference: www.youtube.com/watch?v=Y3Vl...
While cybersecurity and data privacy leaders have distinct expertise, their goals are aligned. Edy Glozman and I discussed how these functions can support each other based on our collaboration at Axonius:
zeltser.com/security-pri...
It was just a typo
😀
Terrible news today about the loss of Amit Yoran. He was a larger than life figure in cybersecurity and we will be lesser without him. May his family and friends find peace.
Happy birthday to the unusual number of my cybersecurity friends who all have January 1st birthdays on Facebook! 🧐🧐🧐
For those going home to visit family this weekend:
• Samsung calls it Auto Motion Plus
• LG calls it TruMotion
• Sony calls it Motionflow
• Roku calls it Action Smoothing
• Google TV calls it Motion Enhancement
• Vizio calls it Smooth Motion Effect.
