The ServiceNow 'BodySnatcher' vulnerability (CVE-2025-12420) shows why AI's race to market is a security disaster. Unauthenticated attackers hijacking AI agents to bypass MFA? This is what happens when we ship AI without proper security. My latest: https://securityboulevard.com/2026/01/were-moving-too-fast-why-ais-race-to-market-is-a-security-disaster/

Attackers see your network as a connected graph. You see disconnected alerts. That's why you're losing.

Microsoft Sentinel's AI librarian changes everything—from natural language queries to real-time attack disruption.

The SOC revolution: https://paradigmtechnica.com/2025/12/29/the-ai-librarian-how-microsoft-sentinel-transforms-chaos-into-clarity/

#cybersecurity #AI #SOC #TFDx

Attackers see your network as a web of opportunities. You see disconnected silos.

Microsoft Sentinel's Attack Graph finally gives defenders the same view hackers have always had.

New blog on why graph thinking changes everything 👇
https://paradigmtechnica.com/2025/12/22/hackers-think-in-graphs-your-security-team-should-too/

Identity fraudsters found the weak spot: attack the chip, disable digital verification, claim it got damaged in my pocket.
HINT's solution is almost too simple: make the chip visible. Attacks leave cracks, burns, blisters anyone can see.
Low-tech answer to high-tech threat. https://securityboulevard.com/2025/12/can-a-transparent-piece-of-plastic-win-the-invisible-war-on-your-identity/

Attackers exploit new vulnerabilities in 5 days. Your monthly patch cycle takes 30.
The math doesn't work anymore. Traditional vulnerability management is broken.
Continuous exposure management isn't optional—it's survival.
https://paradigmtechnica.com/2025/12/16/when-five-days-decides-everything-the-structural-reset-in-vulnerability-management/

New Op-Ed: The $10B Blind Spot—How OWASP's Top 10 Legitimizes Agent Insecurity
MCP's optional auth is quicksand for AI agents.
Attribution gaps? Token bombs? We need to burn it down & build mandatory Zero Trust identities

Read: https://paradigmtechnica.com/2025/12/11/the-10-billion-blind-spot-how-owasp-just-legitimized-agent-insecurity/
#AISecurity #OWASP #CyberSec

🚨 New Op-ed: Gartner's AI Browser Ban: Rearranging Deck Chairs on the Titanic
Banning AI browsers won't work—agentic AI is already in Microsoft 365, Slack & Zoom. The threat isn't the browser, it's the agents. You can't ban the future. Secure it.
https://securityboulevard.com/2025/12/gartners-ai-browser-ban-rearranging-deck-chairs-on-the-titanic

RE: https://floss.social/@gisgeek/115679063672736382

@gisgeek brings up some interesting and salient points about FOSS.

Check it out!

A brief post inspired by a recent @poller post, about FOSS at a dead end for security.

https://lovergine.com/too-many-eyes-or-too-few-efforts.html

#foss #security #governance #dev

AI safety ≠ AI security, and confusing them leaves you vulnerable on multiple fronts.
Safety = keeping your model ethical
Security = protecting systems from attackers
Your AI can be "safe" yet catastrophically insecure (or vice-versa).

Learn more: https://paradigmtechnica.com/2025/12/04/beyond-the-buzzwords-what-ai-safety-and-security-actually-mean-and-why-it-matters/

@Epic_Null Microsoft does bear some responsibility.

But recognize that NPM was born in 2010, capitalized in 2014, acquired by Github (Microsoft) in 2020.

So for the first 10 years of its life, it wasn't owned by Microsoft and it suffered from the all-too-common SOP of bolting security on as an afterthought.

And that's the major issue *I* am discussing: We -- as a community -- must focus on designing security from day 0.

@Epic_Null Yes, you're correct: NPM's core design is deeply flawed.

And that's my point. It's yet another open-source project built without any concern for security.

In the interest of space, I decided not to discuss the plethora of other open source compromises, such as the XZ / openSSH attack.

@McNeely unfortunately, you're probably right, which is depressing.

@greem fixed, thanks

@gisgeek should be fixed now.

Thanks for letting me know.

The "many eyes" myth is dead. Shai-Hulud, S1ngularity, and other attacks prove open source needs dedicated security teams, not just volunteers. AI-powered attackers are winning. Time to build something better.
Read my take here:
https://paradigmtechnica.com/2025/12/03/the-open-source-security-myth-why-many-eyes-arent-enough-anymore/
#opensource #security

🔐 In the AI Era, Resilience Determines Who Leads and Who Falls Behind

AI amplifies everything, including failure.

My latest article explores why AI resilience is different and what it takes to turn your greatest risk into sustainable advantage.

https://www.linkedin.com/pulse/building-ai-resilience-turning-your-greatest-risk-advantage-poller-odjwe

#CommvaultShift

Tycoon 2FA proves legacy MFA is dead!

The fix isn't harder passwords. It's hardware-backed cryptographic auth: no phishing or proxies.

Move beyond "something you know" to "something attackers can never steal."
🔐 Full analysis:
https://securityboulevard.com/2025/11/the-death-of-legacy-mfa-and-what-must-rise-in-its-place/
#Cybersecurity #MFA #FIDO2 #ZeroTrust #InfoSec

The central question for every enterprise leader in 2025:
How fast can you recover when (not if) a breach happens?

@Commvault Cloud Unity—announced at Commvault Shift—is redefining AI resilience.

My full breakdown 👇
https://www.linkedin.com/pulse/dawn-digital-fortitude-commvault-cloud-unity-defines-ai-jack-poller-xvfte

#commvaultshift

80% of production AI models fall to adversarial attacks. Traditional defenses can't keep up.

AI-orchestrated attacks—reconnaissance, exploit generation, credential harvesting, lateral movement, all at machine speed—are real and commercialized.

This changes everything: https://securityboulevard.com/2025/11/when-machines-attack-machines-the-new-reality-of-ai-security/