Archive for May 5, 2026

Newer Entries »

McClure Taps Peer Software to Transform Multi-Office Storage Infrastructure for High Performance Collaboration

Posted in Commentary with tags on May 5, 2026 by itnerd

Peer Software today announced that McClure, a multidisciplinary engineering firm serving public‑ and private‑sector clients nationwide, has deployed Peer Global File Service (PeerGFS) to enhance its distributed storage infrastructure. With PeerGFS in place, McClure’s growing multi‑office organization now benefits from reliable, high‑performance access to large design files, enabling faster collaboration and improved productivity across its engineering teams.

McClure supports collaboration-heavy engineering projects spanning aviation, bridge, development, structural, transportation, survey, water/wastewater, and landscape architecture disciplines. With more than 250 employees and 15 offices nationwide, the firm depends on fast, consistent access to large CAD and engineering project files created with Autodesk, Bentley, Trimble, Rhino, and specialized structural analysis tools. As McClure expanded with growth through new offices and acquisitions, its existing file-sharing environment hosted and managed by a regional Managed Services Provider (MSP) became increasingly unstable, leading to synchronization failures, network disruptions, and frequent version conflicts that impacted daily operations.

The firm explored cloud‑based storage services as a potential fix; however, the approach quickly fell short. Performance was inconsistent across critical applications, and the solution failed to meet their teams’ needs enterprise‑wide.

To resolve these challenges, McClure selected PeerGFS as the foundation of its distributed file infrastructure, working closely with Peer Software’s technical team to stabilize and optimize the environment. The deployment features PeerGFS running on Windows-based file servers, 9 edge locations equipped with local storage infrastructure for fast access, real-time file synchronization between offices, and centralized management of data across thousands of synchronized folders.

A critical factor in the project’s success was Peer Software’s hands-on technical support. Peer engineers worked directly with McClure’s IT team to optimize PeerGFS for their unique environment by addressing network considerations and implementing best practices. This white-glove engagement ensured the solution performed as designed and could scale with the organization.

Since deploying PeerGFS, McClure has benefited from improved performance and productivity, as well as reduced operational burden on its IT staff. Local edge deployments minimize latency for remote offices, while the platform supports the firm’s full range of engineering and design tools.

Leave a comment »

Zoho Survey Highlights Canada’s False Comfort Zone Amid a Security Position that Beats the Global Average, but Vulnerabilities Still Exist

Posted in Commentary with tags on May 5, 2026 by itnerd

Zoho Corporation today released the State of Workforce Password Security 2026, a global research study of 3,322 verified respondents across nine regions, six industries, and twelve roles. Conducted by Tigon Advisory Corp. on behalf of Zoho Vault, Zoho’s password management platform, the report documents a widening disconnect between how organizations assess credential risk and how they have invested to address it. Findings from 174 Canadian respondents indicate that Canada’s relative position is better than the global average, but it is still vulnerable.

The report, released ahead of World Password Day, arrives at what the authors describe as a critical inflection point. Across the global sample, one-in-three businesses reported a confirmed cyberattack in the past year, and a further 7% were unable to confirm whether they had been attacked at all. In Canada, the attack rate dipped to 30%, three points below the global average, and four points below the U.S.

The State of Security in Canada

There is a consistent theme across the Canadian data: cautious maturity based on better-than-average spending intent, awareness and deployment metrics. Among Canadian respondents:

  • 30% experienced a confirmed cyberattack in the past year, compared with 32% globally.
  • 73% lack complete identity visibility across their workforce, including orphaned accounts and undocumented access, one point below the global average.
  • 71% plan to increase security spending in 2026: one point below the global average.
  • 60% of employees use 15 or more business applications, one point above the global average.
  • 63% have not deployed a Zero Trust strategy, with most non-adopters expecting to implement within one to three years.

The AI Belief-to-Deployment Gap

The starkest finding for Canada concerns artificial intelligence in workforce security. 89% of respondents believe AI will strengthen their security posture — one point below the global average — yet only 46% report being ready to deploy AI-powered security today.

The report identifies legacy infrastructure (cited by 52% of global respondents) and migration complexity (48%) as the primary blockers. Cost ranks third at 41%, reinforcing a recurring theme across the data: the constraint on security maturity is not budget but architecture.

The Third-Party Problem

The report highlights that third-party access is a distinctly Canadian risk. The majority of organizations (73%) cannot fully account for who can access their systems. Canada’s heavily integrated North American supply chain creates identity visibility gaps and reveals that Canada and the US are more alike than different: which matters for organizations operating across both countries.

Additionally, Canada and the U.S. share the same top two threats (phishing at 67%/71%, weak passwords at 61%/63%), nearly Identical Zero Trust gaps (63%/62%), and similar Identity visibility failures (73%/76%). The two markets are more alike than different – which matters for organizations operating across both, and for vendors whose North American strategy treats them as distinct.

What the Data Recommends

The report concludes with six imperatives for 2026, prioritized by deployment urgency: deploy a centralized password manager, close the identity visibility gap, pair password management with multi-factor authentication, build a Zero Trust roadmap, treat integration as a security requirement, and pilot AI-powered credential security within the next twelve months.

Methodology

The State of Workforce Password Security 2026 was conducted by Tigon Advisory Corp. and sponsored by Zoho Corporation. The study is based on 3,322 verified responses across nine regions (United States, Canada, United Kingdom, European Union, India, Middle East and Africa, Australia and New Zealand, Japan, and China), six industries, and twelve workforce roles. Data was collected in early 2026. The full report, including all regional snapshots and methodology notes, is available at https://www.zoho.com/vault/state-of-workforce-password-security-report.html.

Leave a comment »

Causal Dynamics Lab outperforms Anthropic & OpenAI in multiple coding tests

Posted in Commentary with tags on May 5, 2026 by itnerd

AI coding tools are now producing code faster than teams can check what it will do in real use. Today, Causal Dynamics Lab (CDL) announced new research explaining why this happens, along with a new product called Cielara Code. This product achieved the highest accuracy in code localization among AI coding tools, outperforming both Claude Code (Opus-4.6) and OpenAI Codex (GPT-5.4) across three independent tests.

CDL studied how coding agents operate by tracking their actions across thousands of coding sessions. They found 56.8% of agents’ actions involved reading files, and 24.2% involved using grep. Less than 1% of their actions were actual code edits. The problem was not that agents couldn’t write code; they had difficulty finding the correct code to edit. The situation worsened with more complex tasks: when a correct fix involved more than six files, the agents’ ability to recall the necessary information dropped significantly, and the computing power used in failed attempts increased by a factor of 4 compared to successful ones.

The 2025 DORA report showed the use of AI coding tools led to a 7.2% drop in deployment stability. AWS CTO Werner Vogels called this problem “dynamic verification debt.” A well-known issue with Claude Code (GitHub issue #42796) illustrates the same problem on a larger scale: current agents treat code as flat text without showing how files connect, how functions call each other, or how changes affect the overall system.

How Cielara Code works

Cielara Code uses a model to represent a customer’s production environment in a 6-layer causal graph. This graph includes information on what the code does, why it was created, who owns it, its limitations, where it runs, and what happens at runtime. If there is a failure, it can be linked back to the specific code change, the developer who approved it, and the reason for that change. Before an agent begins to explore, Cielara Code builds a Code Dependency Causal Graph. This graph tracks four types of relationships, allowing the agent to navigate the structure rather than just look through files one by one.

Benchmark results

Across three independent benchmarks, Cielara Code beat both Claude Code (Opus-4.6) and OpenAI Codex (GPT-5.4) at the hardest part of agent work: finding the right place to make a change. Overall localization accuracy hit 0.774, versus 0.738 for Claude Code and 0.707 for Codex. On MULocBench (1,033 issues across 46 repositories), Cielara reached 0.752 recall@5 versus 0.727 for Claude Code, and cut mean task time from 141.84 to 128.62 seconds. The result: fewer wrong-file edits, fewer failed runs, and 30 to 40 percent lower compute cost per task.

REASONARA: causal memory at enterprise scale

Cielara Code makes this practical through REASONARA, a graph-structured causal memory layer that stores 125M+ tokens of effective context but retrieves only what matters for each query. A typical lookup uses 1,000–2,500 tokens, compared with 23,000–115,000 for full-context approaches — a reduction of up to 98%. On independent benchmarks, REASONARA scores 94% on UltraDomain, 92% on LoCoMo, 73% on LoCoMo-plus, and 87.4% on LongMemEval, and runs 5–8× faster than Codex high-reasoning mode. The roadmap targets a one-billion-token context window.

Cielara Code is a safety layer for AI coding agents. It aims to enhance the safety of their output rather than replace them. Currently, 11 Fortune 100 and over 40 Fortune 500 companies use Cielara Code on their codebase.

The team

The team has strong skills based on the problem they are addressing. CEO Hasibul Haque led platform engineering at Uber during its rapid growth. CTO Ryan Turner was a Staff Engineer at Uber and helped maintain the SPIRE Project within the Cloud Native Computing Foundation (CNCF). R&D is led by Dr. Xuchao Zhang, who worked at Microsoft Research, and Dr. Liang Zhao from Emory University, who has 200+publications and is ranked among the top 2% of scientists by Stanford University. CDL has a formal research partnership with Emory’s AI Lab.

What’s next

The Production World Model serves as a foundation. Cielara Code and REASONARA are the first products to use this foundation. In the future, Causal Dynamics Lab will fully simulate the effects of changes in code, infrastructure, policy, and operation. This will create a permanent reasoning layer in the enterprise system that any AI agent can access before making changes that affect production.

Leave a comment »

U.S. considers slashing patch deadlines from weeks to 3 days

Posted in Commentary with tags on May 5, 2026 by itnerd

U.S. cybersecurity officials are considering significantly shortening deadlines for fixing critical vulnerabilities in federal systems, reducing the standard remediation window from two to three weeks down to as little as three days, according to Reuters. 

The move follows concerns that advanced AI models, including Anthropic’s Mythos and OpenAI’s GPT-5.4-Cyber, can rapidly identify and exploit vulnerabilities, compressing the time between disclosure and active exploitation from weeks or days to potentially hours.

The proposal is being discussed by leaders at CISA and the Office of the National Cyber Director.

Doc McConnell, Head of Policy and Compliance, Finite State:

   “It makes sense that CISA wants to promote a greater sense of urgency in the patching process. Organizations with open vulnerabilities that have been exploited in the wild are carrying real risk, and they should patch with urgency. But it takes more than shorter deadlines to improve security, especially for OT and IoT devices.

   “Companies need real-time visibility into whether vulnerabilities are present in their products through continuous monitoring and detailed, verified software bills of materials. They also need tested, trustworthy, automated processes for applying security updates as soon as they’re available and keeping their customers up-to-date.

   “A three-day deadline is going to be too fast for many organizations that are still relying on manual, ad hoc processes, and it’s going to be plenty of time for attackers that are relying on modern, automated tooling to scale their attacks.”

Noelle Murata, Chief Operating Officer at Xcape, Inc.

   “The proposal to slash federal patch deadlines from weeks to just 72 hours represents a pivot to “Hyper-Accelerated Defense.” This policy shift, being weighed by CISA and the Office of the National Cyber Director, is a direct admission that the traditional 14-day remediation window has been rendered obsolete by the arrival of “Cyber-Permissive” AI models like OpenAI’s GPT-5.4-Cyber and Anthropic’s Mythos.

   “These advanced models have fundamentally compressed the “N-day” window – the gap between a patch release and its mass exploitation. Where human researchers once took days to reverse-engineer a patch and develop an exploit, these AI systems can now identify exploit primitives and generate proof-of-concept code in a matter of hours. For federal agencies and critical infrastructure, this means “Cyber Hygiene” is no longer a periodic administrative task; it is now a real-time race against automated adversaries.

   “The implications for leadership are clear: hitting a 3-day target is humanly impossible without Autonomic Security. Organizations must transition away from manual patch cycles and toward automated, AI-driven CI/CD pipelines that can test and deploy updates at machine speed. While the 72-hour mandate may currently focus on federal systems, it will rapidly become the de facto benchmark for any entity managing critical data. In the 2026 threat landscape, defense is no longer measured in weeks of policy, but in hours of automation.

   “Key Takeaways for the 72-Hour Window

  • AI-Driven Exploitation: Models like Mythos can autonomously perform binary analysis, shortening the time-to-exploit from days to hours.
  • Infrastructure Stress Test: Agencies must move from “manual review” to “automated testing” to meet a 3-day deadline without breaking legacy environments.
  • New Compliance Baseline: Expect the CISA Known Exploited Vulnerabilities (KEV) catalog to be the primary driver for these high-speed mandates.

   “Patching in three days sounds impossible until you realize that GPT-5.4 doesn’t take weekends, doesn’t need coffee, and already has a working exploit for the bug you just heard about ten minutes ago.”

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs:

   “Cutting the default KEV remediation window from two weeks to three days is the right move and not a second too late. The two-week window was built for a threat landscape where exploitation required time and large amounts of resources. That landscape no longer exists.

   “LiteLLM’s CVE-2026-42208 was exploited within 36 hours of advisory publication earlier this year. When the advisory itself becomes the exploit development kit and AI models can parse vulnerable code paths and generate working exploitation faster than most organizations can schedule a change window, three days is generous. Attackers are routinely inside systems before patches exist.

   “Three days is ambitious, but defenders are not operating with the same constraints they had even 12 months ago. The same AI capabilities compressing the offensive timeline are available to the defensive side. Documentation review, compatibility testing, compliance validation, and change management workflows that used to justify longer remediation windows can all be accelerated by the same technology driving the threat. Organizations that invest in AI assisted patching and deployment pipelines will find three days achievable. The remediation toolbox is expanding at the same rate as the threat.”

Sunil Gottumukkala, CEO, Averlon:

   “The intent is absolutely right. AI is compressing the time between vulnerability disclosure and exploitation, and defenders cannot operate on old remediation timelines forever. But moving from weeks to three days is aspirational unless agencies also get the operational maturity, automation, asset visibility, and change-management capacity needed to execute that quickly. Many agencies already struggle to meet today’s deadlines, so simply shortening the clock does not automatically reduce risk.

   “The more practical path is to combine urgency with exploitability-based prioritization. CISA should push agencies to determine whether a KEV vulnerability is actually reachable and credibly exploitable in their specific environment, and then require the fastest action on those systems. FedRAMP’s recent vulnerability management direction is a good model: it explicitly considers reachability, exploitability, criticality, potential impact, and mitigation when determining urgency. That is the kind of context defenders need.

   “The threat is real, and AI will make exploitation faster. But guidance has to be achievable. Otherwise, agencies will end up chasing deadlines on paper while the most exploitable paths in their environments remain exposed.”

Honestly, I do not think there is really a choice here. Things are moving so fast that unless you remediate vulnerabilities quickly, you simply expose yourself to getting pwned by any threat actor out there. And that is not a good place to be.

Leave a comment »

April Ransomware Report From Comparitech: Decline in Attacks, but Qilin Now Back on the Rise

Posted in Commentary with tags on May 5, 2026 by itnerd

This morning, Comparitech researchers published a study looking at all the ransomware attacks for April, finding that attacks actually dropped by nearly 22 percent, falling to the lowest level in six months. The only sector that did not see a decline in attacks, however, was the healthcare sector. 

Rebecca Moody, Head of Data Research at Comparitech, commented:

“While the dip in ransomware figures does make for positive reading, I don’t think we can pop the champagne cork just yet. As noted in the report, Qilin’s claims were down last month, which contributed significantly to the decline in attacks. But with 14 victims added to its site this month already, it looks like the small reprieve may be over. What the report also highlights is the ongoing focus on healthcare companies — both those providing direct care and those operating within the sector (e.g. medical billing providers). Some significant attacks were reported last month (namely Signature Healthcare and ChipSoft), which only served to remind us how extensive the impact these attacks can have on all types of healthcare companies.”

Key findings also included: 

  • 628 attacks in total — 43 confirmed attacks (confirmed by the entity involved)
  • Of the 43 confirmed attacks:
    • 27 were on businesses
    • 8 were on government entities
    • 4 were on healthcare companies
    • 4 were on educational institutions
  • Of the 585 unconfirmed attacks:
    • 524 were on businesses
    • 11 were on government entities
    • 41 were on healthcare companies
    • 9 were on educational institutions
  • The most prolific ransomware gangs were Qilin (105), The Gentlemen (67), and DragonForce (60)
  • INC had the most confirmed attacks (5), followed by Payload and The Gentlemen (4 each), and LockBit and DragonForce (3 each)
  • Nearly 125 TB of data was stolen across all of these attacks
  • The US saw the most attacks (260), followed by Canada (32), the United Kingdom (30), and Germany (29)

For full details, the study can be read here: https://www.comparitech.com/news/ransomware-roundup-april-2026/

Leave a comment »

Newer Entries »