It’s been four weeks of conferences with everyone talking AI and its impact on security. When you drill down, however, the truth is different. There is a significant blurring of the truth when it comes to product capabilities and what they can really deliver.
ShinyHunters continue to hit the headlines, this time after an attack on the education technology vendor, Infrastructure (Canvas). 3.65TB of data was exfiltrated, which accounts for around 275 million records across 9,000 institutions. The company has declined to say what it paid and what verifiable assurances it got that all records, including messages, were deleted.
Congress finally released the Great American AI Act. At 269 pages, it is far from bedtime reading and contains a number of contentious clauses. Key among those is a 3-year preemption of state AI laws. With many states already delivering their legislation, this is either to protect AI companies or create a fair environment. It comes as the US Government considers taking stakes in major AI vendors.
Anthropic filed a draft S-1 registration document with the US SEC on June 1st. This allows the SEC to review it before the share price and number of shares are made public. How long that review will take is unknown. The company also completed a Series-H funding round that valued it at $965 billion, just a few days before the filing. The expectation is that the IPO will make it just the 13th trillion-dollar company.
Microsoft has integrated Anthropic’s Claude Opus 4.8, Sonnet 4.5, and Haiku 4.5 into the Microsoft Foundry catalogue. Among the details is a new “Claude in Excel Agent Mode”, which allows users to invoke Claude from within spreadsheets.
23andMe has been sued for failing to protect customers’ genetic and personal information following its 2023 breach. It will be watched by many in the biometric space as to the arguments made for how such data is viewed. It will also set an initial bar as to the penalties for losing such data, which is increasingly used to secure systems.
Anthropic has widened the number of companies with access to Project Glasswing. Power, water, communications, healthcare and even hardware manufacturers now have access to the Claude Mythos Preview. The expectation is that this will deliver a huge volume of additional security vulnerabilities that will need to be patched.
AI coding is the next battleground for the big vendors. SpaceX signed an agreement with Cursor last month. Meanwhile, OpenAI has been pushing its Codex tool for enterprise developers. Now, Google has announced Gemini 3.5 Flash as its tool for writing code, and Microsoft is pushing GitHub Copilot. They all want to overhaul Anthropic’s Claude Code and Cursor in this space.
In an Enterprise Times podcast. Torkel Odegaard, co-founder of Grafana Labs, talked with Enterprise Times about where the company is and its future. One of the big news items was that Google is adopting Grafana for its systems. As exciting as that is, it raises questions over the licence and whether Google will become a contributor to the project.
The ICO fined South Staffordshire Water £963,900 for leaking the data of 633,000 people. The company submitted its case for mitigation and said it will not appeal against the fine. As a result, the initial fine was reduced by 40% with the ICO saying this was, “in recognition of the efficiencies that South Staffordshire’s early admission brought to the investigation.”
WSO2 Founder and CEO Dr Sanjiva Weerawarana is stepping down from the role of CEO. Chief Revenue Officer Devaka Randeniya will become the acting Chief Executive Officer in June. He will lead the firm until the Board complete the search for a new CEO. Randeniya joined the firm in November 2006 as its first sales rep and will lead the transition period.
A new Replica Cyber report shows that IT environments have normalised the use of exceptions. Kristopher Schroeder, CEO at Replica Cyber, talked about the findings in this interview and why organisations need to rethink their strategies.
In a podcast, Amit Sinha, CEO at DigiCert, talked to Enterprise Times about the trust crisis in content. He believes that as we move to shorter times for digital certificates to improve trust in websites, we can go further. That means using digital certificates to provide trust and authenticity for content.
Ericsson is deploying SAP Business Data Cloud and the Joule AI copilot across its global organisation. This will replace the fragmented AI experiments with a unified data architecture designed to scale. SAP announced the partnership at SAP Sapphire 2026.
Epicor held its Insights conference in Nashville last month. With around 4,000 attendees, it is the largest conference it has held to date. There are around 1,000 more attendees than last year’s event, which was held in Las Vegas. What was interesting to most delegates was the company’s approach to agentic AI.
CIQ has announced a strategic partnership with Binarly to deliver binary and firmware security for Enterprise Linux. Within the partnership, Binarly has committed to extending its binary-level analysis and firmware vulnerability detection into the Rock Linux platform.
Zero Networks has announced it has achieved 80% growth in OT customers for its zero-trust security solutions. It has seen several top 20 global manufacturing companies adopt its solutions over the last year. However, as with other security companies, it has not named them. The firm has seen growth in other sectors and now has companies across the manufacturing, energy, utilities, and transportation sectors.
Enterprise Times caught up with Garrett Hamilton, CEO and co-founder at Reach Security, to talk about the Security Debt trap. That is the finding from a recent Reach Security report entitled, Configure, Drift, Breach, Repeat (registration required). The report pulls no punches. Organisations have continued to accrue technical debt in their coding.
At Gainsight Pulse, the retention-as-a-service firm announced the next step of its evolution. On the first day of the event, it announced AINS, its new business service offering outsourced retention services using a combination of agentic and human services. It has now launched a complete Agentic stack to underpin its software offering.
Shana Simmons, Chief Legal Officer at Zendesk, appeared on the Enterprise Times podcast and talked about her changing role. She is shattering the stereotype of lawyers in ivory towers and getting front and centre to support customers, the CEO, and security teams while driving product design from the start. This active stance transforms her role from a passive guardian into a strategic growth partner.
Workday has launched Agent Passport, a solution which tests and verifies every AI agent, Workday-built or third-party, before it goes into production. The solution continuously monitors it after. Each attestation links to a recognised industry standard, such as the OWASP LLM Top 10, NIST AI RMF, or MITRE ATLAS. This gives security teams a signed, auditable record of what each agent was tested for and who performed the testing.
DigiCert has released the findings from a new global survey conducted by independent research firm Omdia. The research revealed that only 34% of organisations have a complete and current view of their digital certificates. That means two-thirds of organisations have only a partial inventory, no inventory, or no certainty as to their certificate landscape. Most enterprises operate thousands of certificates.
Walk around any cybersecurity show, and you are assailed by vendors touting AI as the panacea to save the SOC. As we know, with all marketing cycles, there is incredible hype before we finally get to a solution. In a candid discussion, Martin Jakobsen, Managing Director of Cybanetix, cuts through the hype in this podcast, arguing that the autonomous SOC is a myth.
CyberSentriq has announced the appointment of Myles Bray as Chief Executive Officer. Bray takes over the role from James Griffin who has led the firm since the company was created a year ago following the acquisitions of TitanHQ and Redstor by Bregal Milestone.
Fingerprint has launched the preview of its AI Assistant Detection and Automation Intelligence API. It is calling it “the market’s most comprehensive identification layer for AI traffic.” It wants to address a blind spot in understanding web traffic that has implications for visitor numbers and security. To complicate things further, AI traffic does not come through the browser.
Dragos Inc. has announced a public–private partnership with the UAE Cyber Security Council (CSC). It will establish an OT Cybersecurity Centre of Excellence (CoE) in the UAE, under the nation’s “Make it in Emirates” Forum. This represents a significant milestone in advancing the UAE’s national cyber resilience and digital sovereignty.
Dragos has acquired Phosphorus, extending the Dragos Platform to protect the billions of connected devices embedded across critical infrastructure and other operational networks.
Corelight, Dropzone AI, SCYTHE, SimSpace and Sondera have announced the formation of the AI Proving Grounds Consortium (AIPGC), a coalition of cybersecurity experts that helps C-level, SOC, and AI / Innovation leaders quickly and safely move from a proactive cyber defense posture to preemptive cyber resilience by rigorously training, testing, and proving their AI defenses before deploying them to production.
eSentire has announced new preempt, detect, and respond capabilities within the Atlas Platform, a unified agentic AI platform with purpose-built AI Operatives that work together in a continuous security lifecycle. The company also announced the addition of a new officer, Ilan Mindel, as Chief Cyber Officer.
A VPN service used by cybercriminals to conceal ransomware attacks, data theft, and other serious offences has been dismantled in an international operation led by France and the Netherlands, with support from Europol and Eurojust. ‘First VPN’, was promoted on Russian-speaking cybercrime forums as a trusted tool for remaining beyond the reach of law enforcement.
The FBI IC3 issued a Flash warning over the targeting of law firms by the Silent Ransom Group. Using social engineering techniques, the malicious actors were posing as IT support to gain access to victims’ computers and exfiltrate data.
ManageEngine has announced the rollout of Zia Agents, the company’s proprietary AI-powered autonomous agent, across its digital enterprise management suite. Built within a secure and privacy-compliant framework, these agents can orchestrate and execute tasks without the need for intervention. This marks a milestone in the company’s vision of enabling truly autonomous IT environments.
ManageEngine has announced a core architecture upgrade in Log360, its unified security platform, introducing native SOAR capabilities, seven new integrations with some of the industry’s leading security vendors, and cross-domain orchestration capabilities that place detection, AI investigation, and automated response in a single data model.
The NCSC has issued two blogs that should be read by all IT security teams. The first warns of the continued use of software supply chain attacks and tells organisations to check their dependencies. The second says that organisations need to think carefully before they adopt agentic AI. It warns that the technology can introduce new risks if used without care.
Qualys, Inc. announced that its TotalCloud solution has achieved FedRAMP High Authorization, sponsored by the U.S. Drug Enforcement Agency (DEA). This milestone extends the FedRAMP High status of the Qualys Government Platform to include Cloud-Native Application Protection Platform (CNAPP).
Quantexa has been awarded a £175 million, 10-year partnership by HM Revenue and Customs (HMRC) to modernise its data foundation and enable sovereign, governed AI at national scale in one of the public sector’s largest Decision Intelligence deployments. The initiative will drive efficiency across key workflows, protect public funds, and enhance the customer experience for the UK taxpayer.
WSO2 has announced the expansion of its Agent Fabric platform, the introduction of a Forward Deployed Engineering model, and the scaling of its delivery partner ecosystem to accelerate the adoption of the agentic enterprise. Announced at the WSO2Con North America 2026, these initiatives strengthen WSO2’s position as the infrastructure layer for the emerging agentic enterprise.
Security and AI news from the week beginning 4 May 2026
Enterprise Times – technology for your enterprise today and tomorrow.
© 2015 – 2023 Synonym Ltd
About | Meet the Team| Terms | Privacy | Copyright | Cookies | Contact | Newsletter
Cookie Settings