Archive for December 9, 2025

Newer Entries »

Outpost24 Acquires Infinipoint

Posted in Commentary with tags on December 9, 2025 by itnerd

Outpost24 today announced the acquisition of Infinipoint, a specialist in device identity, posture validation, and secure workforce access. The acquisition marks Outpost24’s entry into the Zero Trust Workforce Access market and enhances its identity security division, Specops, by laying the foundation for a unified approach that evaluates both the user and the device before access is granted.

As organizations advance their Zero Trust strategies, authentication alone is no longer enough. MFA and SSO confirm who the user is, but they do not validate the security of the device being used. In hybrid environments where employees, contractors, and partners rely on a mix of corporate and unmanaged devices, this gap has become a significant source of risk. Ensuring that only secure, compliant devices can access critical systems is now essential to reducing credential misuse, preventing lateral movement, and maintaining regulatory assurance.

Organizations will benefit from the combined strengths of Specops’ unrivalled authentication and Infinipoint’s device identity and posture expertise, gaining a unified, context-aware approach to workforce access. This will allow organizations to evaluate both user and device trust at the moment of access, strengthening Zero Trust adoption while improving compliance and operational efficiencies by leveraging Infinipoint’s unique self-service and auto remediation capabilities – across any device and any identity provider.

The acquisition underscores the Outpost24’s commitment to advancing its exposure management and identity security capabilities and strengthens its role in delivering end-to-end visibility and control across identities, devices, and the external attack surface.

Leave a comment »

Black Kite Introduces Product Analysis Module

Posted in Commentary with tags on December 9, 2025 by itnerd

Black Kite today announced the release of its new Product Analysis module, which allows security teams to evaluate the risks of third-party software products at a granular level. As the first TPRM platform to offer this capability, Black Kite delivers a more detailed view of exposure and supports better decision-making around specific products and vendor outreach. The new module delivers intelligence on software supply chain risk through deep downloadable software analysis (CPE), SaaS subdomain analysis, and SBOM analysis.

With Black Kite’s Product Analysis, teams can go one step beyond vendor analysis by assessing individual products to gain deeper insight into supply chain risks associated with third-party software, improving both the speed and accuracy of product evaluations.

The new module combines multiple intelligence sources and analysis methods to deliver clear, product-level insight into vulnerabilities, exploitability, and risk posture:

  • Downloadable Software Analysis (CPE): Maps software products to their producing vendors and calculates risk levels (low, medium, high) based on CVEs, exploits, certifications, and end-of-life status.
  • SaaS Subdomain Analysis: Identifies SaaS subdomains, associates them with the correct company, and evaluates vulnerabilities and potential exploits for each.
  • SBOM Analysis & Mapping: Analyzes open-source components and dependencies within third-party software to uncover hidden vulnerabilities and nested dependencies.

The Product Analysis module gives TPRM teams and security leaders a clear, accurate understanding of product-level risk exposure. Key benefits include:

  • More confident decisions during software evaluation and onboarding.
  • Stronger ongoing monitoring through precise insights that drive mitigation actions such as upgrades or configuration changes.
  • Compliance support for federal and regulated industries that must perform SBOM analysis and broader risk assessments in alignment with EO 14028.

Product Analysis enables TPRM teams to seamlessly evaluate the risks associated with both the software they use and the software used by their third parties, helping them prioritize mitigation actions and vendor outreach to reduce potential exposure and impact from software vulnerabilities and other risks.

To learn more, visit https://blackkite.com/solution-briefs/product-analysis-with-black-kite

Leave a comment »

TrojAI Launches Free AI Red Team Report Card to Help Organizations Identify and Mitigate AI Risks

Posted in Commentary with tags on December 9, 2025 by itnerd

TrojAI today announced the launch of its new TrojAI Red Team Report Card, a free AI security assessment designed to help organizations understand and mitigate risks in frontier and custom AI models.

As enterprises accelerate adoption of AI-powered applications and agents, the pressure to identify and reduce behavioral vulnerabilities has never been greater. The TrojAI Red Team Report Card empowers security teams to evaluate their AI model’s exposure to real-world attacks before adversaries are able to exploit weaknesses.

The free assessment leverages TrojAI Detect, an automated single-turn and multi-turn AI red teaming engine, to uncover weaknesses such as prompt injection, data leakage, jailbreaks and more. Participants receive a comprehensive, personalized report card with success rates across major AI risk categories, including jailbreak resilience, adversarial robustness and informational harms like PII exposure, insecure code generation and misinformation. Each assessment includes a one-on-one review session with TrojAI’s security team to help organizations interpret results and prioritize mitigation strategies.

The TrojAI Red Team Report Card is available today at no cost.

Leave a comment »

Newer Entries »