Attack Surface Management stories

AI coding accelerates software delivery, but security teams struggle to keep up as more code, alerts and manual checks pile up.

ServiceNow bolsters cyber security push with Armis buyout, adding real-time asset visibility and deepening its platform after Veza.

HackerOne unveils h1 Validation as vulnerability reports surge 76% and AI tools speed up discovery, leaving firms struggling to triage real threats.

AI models that can hunt and chain software flaws are forcing boards to rethink cyber defences, while scrutiny grows over Anthropic's MCP design risks.

Anthropic is to give UK banks controlled access to its Mythos AI model, as financial firms brace for a new era of autonomous cyber threats.

Claroty boosts xDome with Visibility Orchestration to turn patchy cyber-physical asset data into prioritised security tasks across critical operations.

Tenable adds OT asset discovery to its exposure platform, giving security teams a single view of cyber-physical risk without extra hardware.

Tenable adds OT asset discovery to core security tools as Chief Product Officer Eric Doerr says it will expose hidden devices without extra hardware.

Tenable adds OT asset discovery to exposure management platform, helping IT teams spot hidden connected devices and cyber-physical risks.

Cloudflare and Wiz team up to map shadow AI risks across cloud estates and protect sensitive data as firms race to secure chatbot deployments.

Claroty adds orchestration to xDome to help security teams close cyber-physical asset visibility gaps and prioritise remediation.

Synack launches AI-driven assessment to expose overlooked attack surface gaps as offensive tools speed up vulnerability discovery.

Forrester warns Anthropic's Project Glasswing could overwhelm vulnerability management, as AI uncovers flaws faster than patching teams can respond.

Salt warns AI agents are widening the API security gap, with 92% of organisations still short of advanced defences and 47% delaying releases.

Intruder expands cloud security platform with registry-level container image scanning for AWS, Google Cloud and Azure users.

Qualys says attackers are exploiting flaws before disclosure as remediation backlogs swell, with edge devices facing the highest risk.

Cloud security specialists say organisations must rethink defences as control plane exposure, swelling telemetry and fragmented tools create fresh risks.

Experts warn firms must improve visibility and backup resilience as automated ransomware campaigns and hidden SaaS and AI assets widen exposure.

Bitdefender offers free 45-day internal security check to spot over-entitled staff access as attackers increasingly abuse trusted tools.

CrowdStrike and HCLTech deepen cybersecurity tie-up with a service to spot, prioritise and fix threats across cloud, identity and endpoints.