Key Takeaways Anthropic’s Mythos model has been called a cybersecurity watershed and a marketing stunt in the same week. Both camps have a point. Mythos appears to represent a real capability gain, and Anthropic deserves credit for releasing it through Project Glasswing rather than dropping it in the wild. At the same time, independent replication […]

The AI security industry is calling 2025 the new 1990s. The uncomfortable truth is that we predicted every mistake we’re making right now — and made them anyway. TL;DR: AI security in 2025 is repeating the same structural mistakes that made the early internet a golden age for hackers — not because the industry forgot […]

Cloud security teams are expected to move fast. They need to investigate issues quickly, answer leadership questions clearly, and stay ahead of risk across environments that keep growing more complex. But in many organizations, too much time is still spent on work that does not reduce risk. Before a team can investigate an issue, they […]

There’s increased friction happening inside security teams right now. It’s not a new vulnerability or an active breach. It’s the weight of context-switching, the hours spent translating raw logs, JSON payloads, detection logic, and technical alert data into something a human can actually act on. Leaders already know this problem. The answer isn’t more dashboards […]

Cloud environments don’t care about your org chart, and neither do attackers. Whether your workloads run on AWS, Azure, or GCP, your security team needs to investigate threats, query inventory, and understand risk without mentally translating between three different provider schemas. That translation work is slow, error-prone, and reduces time to remediation. Today, we’re excited […]

If you’re running workloads in Azure, chances are your security team has a solid handle on what’s configured. Resource settings, network rules, identity policies it’s all there in your posture management dashboard. But here’s the question that keeps security leaders up at night: do you know what’s actually happening? Configuration snapshots are great at telling […]

Last year, we launched full security support for Google Cloud Run bringing posture management, real-time threat detection, vulnerability management, inventory discovery, and topology mapping to serverless container workloads. Teams using Cloud Run got the same Upwind coverage they already relied on for VMs and containers. Now we’re making that experience even simpler. With direct tracer […]

RSAC 2026 drew 43,500 attendees, 600+ exhibitors, and enough AI announcements to fill a small data lake. But the conversations that mattered most didn’t happen on the main stage. They happened in hallway pull-asides, over bad coffee, at HH and during blunt one-on-ones with security leaders who are done being marketed to and ready to […]

You’ve invested in security tools and surfaced thousands of findings. Yet, when the board asks if the organization’s cloud risk is improving, the answer is a number without a story. When you need engineering to prioritize fixing issues, your request competes with every other item in an already-strained backlog. Finding issues isn’t the problem. The […]

The industry has a “shift left” problem. We’ve become excellent at scanning images and generating massive spreadsheets of vulnerabilities. But for most security teams, a scan result is just the start of a forensic investigation. You find a critical CVE, but then the real work begins:  Is this in the base image?  Did a developer […]