AI’s impact in security and its application are not always aligned - blog.451alliance.com/ais-impact-i...

Multi-Cloud Security Is Straining CISO Teams Cloud security and gen AI governance are stretching security teams thin, warned Daniel Kennedy, principal research analyst at 451 Research, S&P Global Market

For the past three years, one of the highlights of my week at #RSAC2026 has been joining Matthew Schwartz in the ISMG News studio to talk about the intersection of my research and the security themes we’re seeing emerge at the conference: www.bankinfosecurity.com/multi-cloud-...

Agentic AI Uncertainty Dominates Dialog at RSAC Conference Reflecting the current state of cybersecurity, uncertainty dominated at this year's annual RSAC Conference in San Francisco, as advances in artificial intelligence, including agentic artificial intelligence, now pose risks experts never saw coming. It's a disorientating state of affairs for all involved.

"It's going to get much worse. Just look at generated code, right? I mean, pull requests are getting bigger. The vulnerability mix is changing. It's not going down. How do we deal with that? How do we let people safely generate code from prompts?"

www.databreachtoday.com/blogs/agenti...

𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗳𝗼𝗿 𝗔𝗜 𝗶𝘀 𝗰𝗿𝗲𝗮𝘁𝗶𝗻𝗴 𝗮𝗻 𝗲𝘅𝗽𝗲𝗿𝘁𝗶𝘀𝗲 𝗽𝗮𝗿𝗮𝗱𝗼𝘅 - blog.451alliance.com/security-for...

Next in Tech | Ep. 259: The RSAC Conference – Agents on The Loose.

www.spglobal.com/market-intel...

I'm sorry to hear that. I felt they made a big mistake 16 years ago when they pulled this with Brian Krebs, and I feel that way again reading this. Cybersecurity is too important a topic not to have respected tenured reporters at a newspaper of record.

Transition from isolation to exposure brings evolving threats to IoT and OT systems - blog.451alliance.com/transition-f...

Any SecOps capabilities that can be automated or simplified represent opportunities for security services providers to dramatically streamline and improve MSS delivery. blog.451alliance.com/genai-is-str...

"Automating aspects of detection, analysis or response, including outside tool coordination and data retrieval, can streamline repeatable incident response tasks in chronically understaffed security operations centers (SOCs)." blog.451alliance.com/organization...

Recent attacks amplify the need for software supply chain security The 451 Alliance shares recent survey findings on all things application security, including pain points cited by security professionals.

Recent attacks amplify the need for software supply chain security - blog.451alliance.com/recent-attac...

Agentic AI complicates the picture around non-human identities What are the specific pain points around identity security facing Security leader’s today? The 451 Alliance shares recent survey findings.

blog.451alliance.com/agentic-ai-c...

Black Hat and DefCon Next in Tech · Episode

The annual “security summer camp” that is made up of the Black Hat and DefCon conferences is just past and the security analyst team, Scott Crawford, Dan Kennedy, Justin Lam & Mark Ehr, join host Eric Hanselman to examine what they saw and discuss the implications.

open.spotify.com/episode/1itd...

Reflections from Black Hat USA 2025 Our team’s #BlackHat2025 recap is up on the latest Next in Tech podcast, where Scott Crawford, Mark Ehr, Justin Lam, and I join Eric Hanselman to provide our impressions of the conference. We encourag...

Reflections from Black Hat USA 2025 - www.linkedin.com/pulse/reflec... #BlackHat

Use of GenAI security solutions has spiked, continued uptake projected: blog.451alliance.com/use-of-genai...

Turns out it’s not the company clothing store…

Webinar Recap: Reimagining Application Security Posture Management In a timely discussion hosted by S&P Global Market Intelligence, Principal Research Analyst Daniel Kennedy sat down with Idan Plotnik (Founder of Apiiro) and Jason Espone (Global Head of Application S...

apiiro.com/blog/webinar...

AI Delivers AppSec Gains, but Ransomware Overconfidence Persists Cybersecurity leaders are embracing generative AI for its practical value in security operations and application security. But as ransomware tactics evolve, S&P's

I had the opportunity again this year at #RSAC to discuss my latest end user security research with @mathewjschwartz.bsky.social at the ISMG studio.

Full interview: www.databreachtoday.com/ai-delivers-...

RSA Conference Preview YouTube video by S&P Global Market Intelligence

#RSAC 2025 - www.youtube.com/watch?v=F7GX...

Thank you to all who joined our 451 #RSAC breakfast this year, it was great catching up, however briefly.

As the RSA Conference kicks off this week, listen to our conference preview on the Next in Tech podcast: www.spglobal.com/market-intel... #rsac2025

I recently had the opportunity to sit down with a couple of folks who have spent significant time working out real world challenges in enterprise application security programs, catch the replay here: event.on24.com/wcc/r/490723...

Security talent gap cannot be expressed in job numbers alone The 451 Alliance shares key findings from a recent information security study. The topic? Organizational behavior.

How important are information security certifications?

Almost half (47%) of respondents to our recent survey note certifications are very important, and they require job candidates to have them. Another 43% note they are somewhat important - blog.451alliance.com/security-tal...

Meta just fired about 20 employees for leaks The Facebook parent company fired the workers for sharing confidential information

From an old hand, step 1 in the 'finding leakers' handbook is...don't announce you're looking for or have found leakers. I know you think it has a deterrence effect, it doesn't. You want folks to make mistakes and leave bread trails, not get better at leaking information.

qz.com/meta-fires-2...

a man in a black shirt and tie is writing on a notebook with a pen . ALT: a man in a black shirt and tie is writing on a notebook with a pen .

Let's see, from what I'm reading you're making some demands here, somewhat impolitely, I just need to check a couple things...

- Yup, not in my chain of command, ok, next thing...

- You don't add value, either now or project to in the future...

And there you go, right on the 'pay no mind' list.

"We have a new guideline in place, if you could just sign the form..."

Gotcha, well I apologize, I have a process where I'm not allowed to 'just sign' anything I don't understand or agree with or that lacks the force of law, you understand, can't be upsetting the folks upstairs here at Kennedy Inc.

"SecOps managers said they were aware of but unable to investigate 43% of alerts they received through security operations center (SOC) tools.It's a number that has remained consistent over the years..."

www.techtarget.com/searchitoper...

TikTok replaced Vine, and if it’s banned something will replace it (YouTube shorts and Instagram reels among the options). All of these ‘it will be healthy’ takes…20 million kids aren’t going to walk outside and rub their eyes in the sun, and then ‘play until the street lights come on’.

Explosive use of GenAI in 2023 results in need to secure it What's in store for 2024? The 451 Alliance asks security professionals about their planned spending for the new year.

Explosive use of GenAI in 2023 results in predictable need to secure it - blog.451alliance.com/explosive-us...