5 min readA developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.
The post API Keys vs. JWTs: Choosing the Right Auth Method for Your API appeared first on Aembit.
The post API Keys vs. JWTs: Choosing the Right Auth Method for Your API appeared first on Security Boulevard.
6 min readAI agents are no longer just chatbots. They're executing multistep workflows across tools and data sources, and the Model Context Protocol (MCP) standardizes these interactions.
The post MCP Threat Modeling: Understanding the Attack Surface appeared first on Aembit.
The post MCP Threat Modeling: Understanding the Attack Surface appeared first on Security Boulevard.
6 min readZero trust has reshaped how organizations secure user access. Multifactor authentication, single sign-on and continuous posture checks are now standard for human identities. But the same rigor rarely extends to the nonhuman side of the house.
The post Zero Trust for Nonhuman Workload Access: A Primer appeared first on Aembit.
The post Zero Trust for Nonhuman Workload Access: A Primer appeared first on Security Boulevard.
The post Aligning security investment to achieve favorable insurance terms appeared first on Resilience.
The post Aligning security investment to achieve favorable insurance terms appeared first on Security Boulevard.
SANTA CLARA, Calif., Apr 15, 2026 – Recently, Forrester, an international authoritative research firm, officially released The Operational Technology Security Solutions Landscape, Q1 2026[1]. NSFOCUS was successfully selected for the OT/industrial security field with its technical strength, product system and industry practice, becoming one of the representative manufacturers in the Asia-Pacific region’s OT security field among […]
The post NSFOCUS Received International Recognition among Representative Vendors of OT Security with Geographic Focus in Asia Pacific appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post NSFOCUS Received International Recognition among Representative Vendors of OT Security with Geographic Focus in Asia Pacific appeared first on Security Boulevard.
ShinyHunters is claiming access to a large set of CRM data tied to Cisco, including Salesforce records, AWS assets, and GitHub repositories, and threatening to extort with it. Whether you’re a security analyst trying to understand what’s being alleged or a defender trying to quickly validate exposure, the practical question is the same: what evidence..
The post Cisco CRM “Salesforce Data Breach” Claims Tied to ShinyHunters: What Defenders Should Look For and How to Respond appeared first on Security Boulevard.
Learn how to secure Model Context Protocol proxies with post-quantum cryptographic agility. Protect AI infrastructure against future quantum threats with hybrid encryption.
The post Post-Quantum Cryptographic Agility in Model Context Protocol Proxies appeared first on Security Boulevard.
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.
The post Patch Tuesday, April 2026 Edition appeared first on Security Boulevard.
Can Non-Human Identities Enhance Competitive Advantage in Cybersecurity? The management of Non-Human Identities (NHIs) is critical to addressing security vulnerabilities that arise from the disconnect between security and R&D teams. Machine identities, or NHIs, play a pivotal role in creating a secure cloud environment, which is essential for organizations across diverse industries, including financial services, […]
The post How Agentic AI helps you stay ahead in market competition? appeared first on Entro.
The post How Agentic AI helps you stay ahead in market competition? appeared first on Security Boulevard.
How Can Non-Human Identities Revolutionize Cloud Security? Can the effective management of Non-Human Identities (NHIs) transform cloud security? When organizations increasingly pivot towards cloud infrastructures, safeguarding digital environments has become a pivotal concern across industries. With data breaches making headlines globally, it is imperative for businesses to adopt comprehensive cybersecurity strategies that shield every corner […]
The post What makes Agentic AI a smart choice for data security? appeared first on Entro.
The post What makes Agentic AI a smart choice for data security? appeared first on Security Boulevard.
With the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare.
Key takeawaysOn April 7, 2026, Anthropic unveiled Claude Mythos Preview, its most powerful frontier model to date and one that excels at cybersecurity tasks, specifically, vulnerability discovery in code. (I previously wrote about Claude Opus 4.6 and its impact on cybersecurity.)
I’ll spare you the details of the decades-old, zero-day vulnerabilities that Claude Mythos proved capable of finding and exploiting in internal testing, as I’m sure you’re already aware. But suffice it to say the model was so powerful, Anthropic thought it prudent to assemble a group of technology partners in an initiative called Project Glasswing to apply Mythos’ capabilities to defensive security.
And now, with Federal Reserve Chairman Jerome Powell meeting with leaders of the largest U.S. banks to discuss the cybersecurity implications of this mythic new model, you can bet that your board of directors and executive management team will have questions for you about Claude Mythos at the next quarterly meeting — or sooner.
We’re here to help you provide answers.
The question every board will ask about Claude MythosWhen it’s time for your 15-minute cyber update, your board of directors will inevitably ask you, “What are you doing about Claude Mythos? How are you preparing for a world in which AI-assisted attackers can find and exploit vulnerabilities in minutes?”
Essentially, your board-friendly answer needs to be, “We’re fighting fire with fire. We’re transforming our security operations with agentic AI so that we can autonomously and preemptively find and fix our exposures at machine speed.” You can then report on the number of security workflows you’ve automated with AI and the increases in efficiency and effectiveness that you’re achieving as a result.
Depending on your board’s security savvy, you may need to address how you’re evolving your vulnerability management function to handle this new reality of AI-driven vulnerability discovery.
One new approach that forward-leaning security leaders have begun implementing is exposure management, or CTEM.
What is exposure management?Exposure management is a strategic approach to preemptive security designed to reduce cyber risk. It continuously assesses, prioritizes, and remediates your organization’s most critical cyber exposures. Cyber exposures are toxic combinations of preventable cyber risks (such as vulnerabilities, misconfigurations, and excessive permissions) that give threat actors a path to your most sensitive systems and data.
By continually and agentically assessing, prioritizing, and remediating risks, exposure management provides the answer to the question of how to build a “Mythos-ready” security program. It offers the solution to the single biggest challenge associated with AI-vulnerability discovery: how security and remediation teams will address the massive backlog of findings that AI-assisted vulnerability discovery will create.
Exposure management is a “Mythos-ready” security programTo understand the role exposure management plays in a world flooded with AI-driven vulnerability discoveries, it’s important to understand the difference between frontier models and exposure management solutions.
What frontier models do: Claude Code Security and Mythos Preview read and reason about source code. They identify logic flaws, memory corruption vulnerabilities, injection weaknesses, and authentication bypasses by tracing data flows and understanding how software components interact. Mythos does this with extraordinary autonomy and can chain vulnerabilities into working exploits. Fundamentally, this is application security: static and dynamic analysis of codebases operating at the source-code layer.
What exposure management does: Exposure management allows you to discover every asset across your environment (IT, cloud, identity, AI, and OT); determine whether they’re vulnerable; prioritize exposures based on business and technical context; orchestrate staged remediation; and validate that fixes are closed. An individual vulnerability may not appear dangerous until it forms an attack chain leading to a critical system. Exposure management helps you see individual vulnerabilities in context and how they combine to create high-risk attack paths.
Bottom line: Frontier models and exposure management operate in categorically different domains and solve fundamentally different problems.
Exposure management and the preemptive security lifecycleTo put a finer point on the difference between frontier models and exposure management, let’s examine the complete preemptive security lifecycle that enterprises require. Frontier AI — even at Mythos-class capability — addresses only the first stage of this lifecycle. Exposure management addresses everything else.
Stage 1 — Software vulnerability discovery. Identifying that a flaw exists in software. This is where frontier models excel. Mythos has demonstrated extraordinary capability here, finding bugs that survived decades of human review and millions of automated test runs. This capability is genuine and consequential.
Stage 2 — Asset discovery. Employing multiple discovery methods, including scanners, agents, OT-specific sensors, and more, to identify every asset in an enterprise: endpoints, servers, cloud workloads, containers, network devices, OT/ICS assets, identity objects, AI applications, MCP servers. This is something Mythos can’t do.
Stage 3 — Assessment. Determining whether specific deployed assets are affected by specific vulnerabilities. This requires deep interrogation of the asset: connecting to live systems, parsing configurations, checking patch levels, inspecting running services across IT, cloud, OT, and identity environments at enterprise scale — and doing so without impairing the performance of the live asset. A model that found a Linux kernel vulnerability cannot determine which of an organization's 50,000 Linux hosts are running the affected version without sensor-level access.
Stage 4 — Prioritization. This stage becomes more critical, not less, in an AI-accelerated world. When frontier models can discover thousands of new vulnerabilities in weeks and generate working exploits on demand, the volume flowing into the remediation pipeline explodes, but the operational constraints don’t change. Enterprises still have finite maintenance windows, change management processes, compatibility dependencies, and business continuity requirements. Patching 40,000+ CVEs simultaneously across 100,000 assets is not operationally feasible. The math only works with the intelligent prioritization that exposure management provides.
4 steps to building a Mythos-ready security program: How Tenable can helpIn a recent blog, Anthropic offered several recommendations to prepare your security program for an AI-accelerated offense. Here’s how Tenable can help you strengthen your organization’s cybersecurity posture and reduce your risk in the age of AI-driven attacks:
1 - “Close your patch gap.” Anthropic says to patch everything in the CISA KEV immediately, use EPSS to prioritize the rest, and automate deployment. In theory, this advice makes sense. In practice, it’s a bit misguided.
For one thing, even if you patched everything in the CISA KEV immediately, you’d still have gaps. The CISA KEV catalog operates off of strict inclusion criteria, so just because a CVE hasn’t landed in the KEV doesn’t mean it’s less critical. On the contrary, Tenable Research is currently tracking 201 CVEs that are being actively exploited in the wild, yet that aren’t part of the KEV. The Critix Session Recording Vulnerability (CVE-2024-8069) provides an example of a CVE for which Tenable Research issued a watch designation nearly a full year (286 days) before it hit the KEV.
Then there’s the issue of prioritization. With the vulnerability discovery capabilities of Mythos falling into the wrong hands, the number of vulnerabilities could grow by 10X or more. As Tenable Co-CEO Steve Vintz pointed out in a recent LinkedIn post, “Prioritization is no longer optional. It’s survival.”
But prioritizing based on EPSS alone will leave you chasing your tail. EPSS prioritizes based only on probability of exploitation. In contrast, Tenable One provides much finer-grained prioritization than both EPSS and CVSS. Through the proprietary Vulnerability Priority Rating (VPR), Tenable uses machine learning to narrow the 60% of CVEs flagged as critical or high by CVSS to the 1.6% that create actual risk for your organization. Tenable One additionally factors other criteria into its prioritization engine, including reachability (is this asset actually exposed through the network topology?), identity context (what permissions does a compromised asset inherit? does it create a path to domain admin?), business criticality (is this a revenue-generating system or a development sandbox?), and attack path analysis. Answering those questions requires cross-domain telemetry at a scale and specificity that no external model possesses and that only Tenable One can provide.
Finally, more vulnerabilities means more to patch, even as your patching constraints remain the same: you still have to sort through compatibility dependencies and business continuity requirements, among other things. Tenable One gives you the speed, scale, automation, and control to manage your entire update lifecycle. You can deploy autonomous patching across 20,000+ products and 250,000+ unique patches spanning Windows, Linux, and macOS while using customizable controls to test patches and prevent deployment of problematic updates.
And our newly announced agentic AI engine, Tenable Hexa AI, will automate asset discovery, tagging, triage, prioritization, and remediation workflows so that your organization can keep pace as vulnerability discovery escalates.
2 - “Prepare for much higher vulnerability volume.” Tenable has a proven track record when it comes to developing and releasing plugins to identify new vulnerabilities. We deliver over 100 new plugins each week and, because we use AI to accelerate the speed and scale of plugin development, in general, we can deliver fully automated plugin coverage within 12 to 24 hours.
When a plugin assesses whether a server is missing a specific patch, it returns a clear, binary, deterministic answer (yes or no) with six-sigma accuracy (0.32 defects per million scans). This precision underpins every downstream decision: whether to open a remediation ticket, whether to take a production system offline, whether to report a finding to an auditor, whether to trigger a staged patch deployment.
In contrast, frontier AI models are probabilistic by design. Anthropic's own documentation for Mythos reveals the model occasionally attempts to conceal its methods, circumvent sandboxes, and produce inconsistent outputs. Running the same prompt twice can yield different results. For code-level security research, this variability is tolerable — a human researcher reviews and validates findings. But for operational vulnerability management at enterprise scale, where tens of thousands of assets are assessed continuously and findings flow directly into compliance reporting and remediation workflows, probabilistic output is not acceptable.
Compliance frameworks like SOC 2, FedRAMP, PCI-DSS, HIPAA, and FISMA require reproducible, auditable assessment results. Cyber insurance underwriters require them. Board-level risk reporting requires them.
The deterministic scanning foundation that Tenable has built over 24 years — with more than 318,000 plugins — is not a legacy artifact. It’s a structural requirement of the market Tenable serves.
3 - “Reduce and inventory what you expose.” Tenable One sensors — scanners, endpoint agents, passive network monitors, web application scanners, OT-specific sensors, identity directory connectors, and cloud API integrations — are designed to discover every asset across live enterprise environments and deterministically assess whether deployed systems are vulnerable. The Tenable One platform then prioritizes exposures based on runtime exploitability context, orchestrates staged remediation, and validates that fixes are closed. Tenable's sensors continuously discover assets across environments that are heterogeneous, distributed, and often air-gapped. We can even assess your shadow AI footprint. A model cannot discover what it cannot reach.
4 - “Design for breach.” The attack path analysis capabilities of Tenable One provide visibility into how threat actors chain together vulnerabilities, misconfigurations, and excessive permissions to reach your critical assets. This attack path mapping enables you to proactively close those gaps and preemptively disrupt the attacker’s journey.
Tenable One can also help you implement zero trust by mapping assets and identities across your environment, showing how they’re connected, and where trust boundaries are. It also adds governance for your fastest growing risk surface: AI agents with admin-level access.
Navigating the new era of AI-driven riskThe arrival of Claude Mythos marks a fundamental shift in the cyber landscape, where the speed of vulnerability discovery is now measured in minutes rather than months. While this “mythic” new model provides attackers with an unprecedented ability to find and chain exploits, it also serves as a catalyst for organizations to modernize their defense.
To stay ahead, security leaders must move beyond traditional methods and embrace exposure management. By integrating the deterministic precision of Tenable One with the automated power of Tenable Hexa AI, your organization will be able to transform its security operations into an agentic, preemptive force capable of moving at machine speed.
Don't let the coming flood of AI-generated vulnerabilities overwhelm your team. By focusing on intelligent prioritization, closing your patch gaps, and gaining full visibility into your attack paths, you can confidently answer your board’s toughest questions and build a truly “Mythos-ready” security program.
Forward-Looking Statements
This blog post contains "forward-looking statements" within the meaning of the federal securities laws, including statements regarding the potential impact of LLMs like Mythos on the cybersecurity landscape and our expectations for the future of Exposure Management. These statements involve risks and uncertainties that could cause actual results to differ materially, including the risks and uncertainties described in our most recent Annual Report on Form 10-K and other SEC filings from time to time. All forward-looking statements in this blog post are based on information available to Tenable as of the date of this post. Tenable assumes no obligation to update any forward-looking statements contained in this post.
Learn moreThe post Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic appeared first on Security Boulevard.
Author, Creator & Presenter: Mika Ayenson, Threat Research & Detection Engineer At Elastic
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Can You See What Your Al Saw? appeared first on Security Boulevard.
Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild.
Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second largest Patch Tuesday release, nearing the record set by the October 2025 Patch Tuesday release with 167 CVEs. Our counts omitted two non-Microsoft CVEs from this month's release.
This month’s update includes patches for:
Elevation of privilege (EoP) vulnerabilities accounted for 57.1% of the vulnerabilities patched this month, followed by information disclosure vulnerabilities and remote code execution (RCE) vulnerabilities at 12.3% each.
Important CVE-2026-20945 and CVE-2026-32201 | Microsoft SharePoint Server Spoofing VulnerabilityCVE-2026-20945 and CVE-2026-32201 are spoofing vulnerabilities affecting Microsoft SharePoint. CVE-2026-20945 received a CVSSv3 score of 4.6, while CVE-2026-32201 received a score of 6.5. According to Microsoft, CVE-2026-32201 was exploited in the wild as a zero-day. Microsoft has released updates for SharePoint 2016, 2019 and SharePoint Server Subscription Edition to address these flaws.
Important CVE-2026-33825 | Microsoft Defender Elevation of Privilege VulnerabilityCVE-2026-33825 is an EoP vulnerability in Microsoft Defender. It received a CVSSv3 score of 7.8 and was rated important. According to Microsoft, this flaw was publicly disclosed prior to a patch being made available. While Microsoft’s advisory made no mention of public exploit code, the description appears to match a zero-day exploit, known as BlueHammer, with code posted to GitHub on April 3rd. A researcher using the alias "Chaotic Eclipse" released the exploit and expressed concern about Microsoft’s handling of the vulnerability disclosure process.
Critical CVE-2026-33826 | Windows Active Directory Remote Code Execution VulnerabilityCVE-2026-33826 is a RCE vulnerability affecting Windows Active Directory. It received a CVSSv3 score of 8, was rated as critical and was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index. Successful exploitation requires an authenticated attacker to send a specially crafted RPC call to a vulnerable RPC host, resulting in code execution with the same permissions as the RPC host. Despite the exploitation assessment and severity, the Microsoft advisory does note that an attacker would need to be in the “same restricted Active Directory domain as the target system” in order to exploit this flaw.
Critical CVE-2026-33824 | Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution VulnerabilityCVE-2026-33824 is a RCE affecting Windows Internet Key Exchange (IKE) Service Extensions. It received a CVSSv3 score of 9.8 and was rated as critical. This vulnerability can be exploited by an unauthenticated attacker by sending crafted packets to a target with IKE version 2 enabled. Microsoft’s advisory includes some mitigations that can be applied in the event immediate patching cannot be performed. This includes firewall rules for UDP ports 500 and 4500.
Important CVE-2026-27913 | Windows BitLocker Security Feature Bypass VulnerabilityCVE-2026-27913 is a security feature bypass vulnerability affecting Windows BitLocker. It received a CVSSv3 score of 7.7 and was rated as important. Successful exploitation could allow an attacker to bypass Secure Boot, a UEFI firmware security feature used to allow only trusted and properly signed software runs during the startup process. While there’s no known exploitation of this vulnerability as of the time this blog was published, Microsoft assesses this vulnerability as “Exploitation More Likely.”
Important CVE-2026-26151 | Remote Desktop Spoofing VulnerabilityCVE-2026-26151 is a spoofing vulnerability in Remote Desktop. It was assigned a CVSS v3 score of 7.1 and rated important. Microsoft assesses this vulnerability as more likely to be exploited. An attacker could exploit this vulnerability by convincing a target to open a crafted file. This vulnerability was credited to the United Kingdom's National Cyber Security Centre (NCSC).
Previously, users would not receive any warning when attempting to open a Remote Desktop Protocol (RDP) file. However, starting with the April 2026 Security Update, users will now receive more sufficient warning dialogues when interacting with potentially malicious RDP files. For more information, visit this link.
Tenable SolutionsA list of all the plugins released for Microsoft’s April 2026 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.
For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.
Get more informationJoin Tenable's Research Special Operations (RSO) Team on Tenable Connect for further discussions on the latest cyber threats.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
The post Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201) appeared first on Security Boulevard.
The recent buzz around Anthropic’s Mythos model has been intense, and for good reason. Early reports suggest a model that significantly advances automated reasoning over large codebases, vulnerability discovery, and exploit generation. Some are already calling it a “game changer” for offensive security. But like most breakthroughs in AI, the reality is more nuanced. Let’s unpack what Mythos is, […]
The post Anthropic Mythos: Separating Signal from Hype appeared first on Blog.
The post Anthropic Mythos: Separating Signal from Hype appeared first on Security Boulevard.
Most ransomware discussions focus on encryption, downtime, and recovery. But the real story is what happens before any of that becomes visible. Recent reporting from Cyber Security News highlights how attackers are increasingly using “EDR killers” to quietly disable endpoint protection tools early in the attack chain. By the time ransomware is executed, the systems
The post Ransomware Groups Are Actively Disabling Your EDR Before You Even Know It appeared first on Seceon Inc.
The post Ransomware Groups Are Actively Disabling Your EDR Before You Even Know It appeared first on Security Boulevard.
Critical infrastructure was once considered too complex and isolated to be a primary cyber target. That assumption no longer holds. New reporting from Cyber Security News reveals that the Iran-linked CyberAv3ngers group is actively targeting water utilities, energy systems, and industrial controllers across the United States. What started as symbolic attacks has now evolved into
The post Hackers Are Targeting Critical Infrastructure to Cause Real-World Damage appeared first on Seceon Inc.
The post Hackers Are Targeting Critical Infrastructure to Cause Real-World Damage appeared first on Security Boulevard.
The modern enterprise runs on collaboration tools. Platforms like GitHub and Jira are deeply embedded in daily workflows, powering everything from development to project management. But that same trust is now being weaponized. New reporting from Cyber Security News reveals how attackers are exploiting notification systems within these platforms to deliver malicious payloads. Instead of
The post Hackers Are Using GitHub and Jira to Bypass Your Security appeared first on Seceon Inc.
The post Hackers Are Using GitHub and Jira to Bypass Your Security appeared first on Security Boulevard.
There is an almost reflexive habit in data engineering: whenever you instrument an event, you attach a user ID. It feels natural. User IDs are how you join tables, track behavior, and measure engagement. The problem is that most teams attach them without ever asking whether they actually need them. That habit is becoming expensive...
The post Privacy-Preserving Data Analytics: Stop Collecting What You Do Not Need appeared first on Security Boulevard.
How many browsers extensions do you have running? Most enterprise users have at least one and seven out of ten have seen an extension expand its permissions over the last 12 months—with AI extensions being the worst offenders…by sixfold.
The post Over Permissive and Proliferating, AI-Driven Browser Extensions Create Security Blindspots appeared first on Security Boulevard.
Explore the debate between "Cyber Nirvana" and the "Vulnpocalypse" as AI tools like Anthropic’s Mythos threaten to collapse the traditional security model in a "supernova" event.
The post The Treatment Was Successful. Unfortunately the Patient Died appeared first on Security Boulevard.
