Archive for June 10, 2026

Guest Post: Stop paying attention to failure metrics

Posted in Commentary on June 10, 2026 by itnerd

By Scott Pope, Value Advisory Director, Nexthink

There’s an old saying that IT is like plumbing. You only notice it when things have gone wrong when you turn on the shower and there’s no hot water, meaning that the experts are generally only called in after the problem has occurred. 

For decades, IT teams have tracked ticket volumes, mean time to resolution (MTTR) rates, and first-call resolution (FCR) percentages. Companies have endless dashboards, full of metrics showing how efficiently they handle these failures. I know many teams who work unbelievably hard and rightly pride themselves on these metrics.

The problem is that all this hard work isn’t making nearly as much difference as it should. By their very nature, IT tickets demonstrate failure because something that should be working now isn’t. What does a ticket actually represent? It means an employee has stopped doing their job because their tech has let them down. The ones who can be bothered then struggle with a portal or call IT for help, while the rest just suffer in silence. And one of the prime reasons is the use of the metrics above as a measure of success for IT teams.

You get what you incentivise

Most IT leaders don’t like to admit it, but the uncomfortable reality is that most of what IT has built; processes, portals, forms, and so on, have been designed to meet its own needs, not those of end users.  

Think about what happens when IT makes a change. If there is a business impact, the employee must stop working, find a portal, pick up the phone, describe the problem in IT’s language (a language most employees don’t speak), and then wait. Wait for triage, or a resolution, or even just a callback. No wonder most employees  (56%) find it easier to live with the problem instead.

Worse, the upshot of this is that IT’s metrics look better than ever. Calls to the helpdesk stagnate because people don’t want to wait on hold. Clunky portals and complex forms that make it difficult to log tickets? This results in unhappy employees, who  are reluctant to raise tickets or speak to IT. Consequently, IT can show brilliant numbers about how few complaints there have been because they are inadvertently filtering out vast amounts of real demand. In short, too many IT teams have performance metrics that incentivise them to hide friction and failure, rather than eliminating it. 

What’s the goal?

One key reason why IT teams default to metrics like MTTR and FCR is because there isn’t a clear directive about what the business is looking for from the department. Of course every CEO wants IT to provide better services and to improve productivity, while also reducing costs. But which of these takes precedence? 

Having a clear end goal is essential to setting useful metrics. For example, if the priority is cost reduction, then metrics need to be targeted around efficiency. In this scenario, the most important metrics might be the number of automated resolutions, the recovery of IT capacity, and reducing the number of vendors in the tech stack. Conversely, a company with a high employee churn rate should be looking at the role that tech plays in worker dissatisfaction and focusing on boosting Digital Employee Experience (DEX) and Net Promoter Score (NPS) scores. 

Thinking big

The role of IT is evolving rapidly. The days of installing / maintaining infrastructure and calling it a day are long gone. IT teams aren’t just expected to provide and maintain devices and applications; they’re being tasked with driving the key strategic goals of the enterprise. 

To do this, all IT professionals – especially leadership – need two core skills. They need to be able to listen to their colleagues and they need to be able to get creative around solutions. A good example is  the issue of employee dissatisfaction. In years gone by, this wouldn’t be seen as a problem for IT at all. Does the laptop work? Do they have access to the things they need? Then it was job done. 

Today, there is virtually nothing that isn’t an IT problem in some form. Consider travel as one of the key sources of discontent. Why? Perhaps the booking platform is terrible? Or maybe people are struggling to have meetings on the road because of connectivity issues. These are problems that IT needs to be aware of and that they have the ability to fix, thus addressing a tangible enterprise pain point.

Consequently, IT needs to focus on business-outcome metrics, such as amount of friction eliminated, productive time that has been freed up, or value-added by new digital rollouts or initiatives. Otherwise, if  success and failure are judged on ticket volumes and MTTR, IT will never get to the heart of what is actually being asked of it.  

Enterprises have been through decades of rapid, comprehensive digital transformation that has fundamentally reshaped everything from software development to compute capabilities. It’s time for IT to do the same with support and leave these failure metrics in the past where they belong. Metrics should be directly tied to business benefits, such as friction points eliminated, productivity increased, or tasks automated, enabling IT to clearly demonstrate the value it is providing for the enterprise as whole.

Scott Pope is a Value Advisory Director at Nexthink and an accomplished IT leader, with senior level experience spanning all areas of IT Infrastructure and Project Delivery.  

CISA to shift vulnerability program toward risk-based prioritization

Posted in Commentary with tags on June 10, 2026 by itnerd

The CISA’s Acting Director Nick Andersen announced Tuesday plans to overhaul how the agency evaluates and prioritizes software vulnerabilities, moving beyond severity scores alone to focus more heavily on real-world risk and operational impact. The agency said the changes are intended to help organizations better prioritize remediation efforts as the volume of disclosed vulnerabilities continues to grow.

Under the new approach, CISA plans to place greater emphasis on factors such as active exploitation, asset criticality, attack complexity, and the potential consequences of a successful attack. Agency officials said the goal is to help defenders focus resources on vulnerabilities that pose the greatest operational risk rather than relying solely on CVSS scores or the total number of disclosed flaws.

The initiative follows broader efforts by CISA to improve vulnerability management programs, including opening nominations for its KEV Catalog and expanding collaboration with security researchers and vendors. Officials said the updated framework is intended to provide organizations with more actionable guidance for addressing the vulnerabilities most likely to affect critical systems and infrastructure.

Denis Calderone, CTO, Suzu Labs:

   “A risk-based approach to vulnerability management makes a lot of sense to us, and how we approach vulnerability management with our own clients. CVSS alone has never been a reliable way to decide which vulnerabilities to prioritize. Just in the last two weeks we’ve seen a Palo Alto GlobalProtect vulnerability rated 7.8 that was operationally critical, a SolarWinds Serv-U DoS at 7.5 against a product with a documented history of nation-state and ransomware targeting, and a Check Point zero-day where CISA’s own three-day remediation deadline told a completely different story than the score. So, the policy direction here is right. Where we get skeptical is the execution. Risk-based prioritization is significantly harder than “patch everything as fast as you can.” It requires understanding what assets you have, what functions they support, how they’re exposed, and what the real-world consequences of compromise look like. Who is going to ensure that each entity is actually performing effective risk-based assessments and not just checking a compliance box?

   “That question gets harder to answer when you look at the resource picture. CISA has faced roughly half a billion dollars in proposed budget cuts and lost about a third of its workforce. Andersen is describing an approach where CISA engages directly with critical infrastructure entities to identify specific critical functions and the assets that support them. That kind of hands-on, entity-by-entity engagement requires more analytical capacity, not less. The 329 new hires are a good step forward and show the agency is serious about rebuilding operational capability, but risk-based prioritization at the scale of the federal government and critical infrastructure sectors is an enormous undertaking even for a fully staffed agency.

   “The other thing we’d like to see this framework to address is chainability. CVSS scores vulnerabilities in isolation and doesn’t model scenarios where an attacker combines a medium-severity information disclosure with a medium-severity privilege escalation and ends up with critical impact. Neither bug scores as urgent on its own, but together they give you full system compromise. If the goal is to prioritize based on real-world risk, the methodology has to account for how vulnerabilities interact in actual attack chains, not just how they score individually. 

   “Organizations shouldn’t wait for this directive to be fully operationalized. Start building your own prioritization stack now: KEV status, EPSS exploitation probability, and your own environmental context. That combination has been more reliable than CVSS alone for a while now.”

Ryan McCurdy, VP of Marketing, Liquibase:
 

   “CISA’s shift is the right move because severity scores alone do not tell defenders what actually puts the business at risk. A vulnerability on a low-impact system is very different from one affecting a production database, deployment pipeline, or system tied to customer data and critical operations.

   “The next step is connecting vulnerability prioritization to proof of control. Security teams need to know not only which issues are being exploited, but where they sit, what they can impact, who remediated them, and whether the fix moved through a controlled change process. Otherwise, teams can patch one risk while introducing another through rushed, manual, or poorly governed changes.”

Doc McConnell, Head of Policy and Compliance, Finite State:

   “The pace of vulnerability identification is accelerating thanks to AI, and the volume is outpacing response even for well-resourced teams. It makes sense that the federal government is moving from blanket timelines to more individualized, risk-based prioritization.

   “But this approach demands more sophistication from cyber defenders. In order to make an effective risk-based assessment, they need to understand what they’re protecting. For example, device manufacturers need a deep understanding of their own firmware, including third-party components, to know whether a new vulnerability is present and exploitable in their product.

   “Organizations need to ask themselves: do they have the context they need to make informed prioritization decisions about new vulnerabilities? If not, building that context has to be priority number one.”

Damon Small, Board of Directors, Xcape, Inc.:

   “The Cybersecurity and Infrastructure Security Agency (CISA) is shifting the federal vulnerability baseline from predictable, severity-based scoring to a risk-centric paradigm. While moving beyond Common Vulnerability Scoring System (CVSS) numbers helps manage patch fatigue, calculating real-world operational risk requires localized context that most organizations struggle to automate. This subjective approach demands greater effort from analysts to extract local context, but it shifts the metric from superficial scorekeeping to actionable, risk-aligned defense.

   “Security teams must integrate localized threat intelligence with strict asset discovery to ensure asset criticality tags match actual business functions. Chief Information Security Officers (CISOs) should audit their pipelines immediately to ingest CISA’s expanded Vulnrichment telemetry, prioritizing active exploitation data over static metrics to justify mitigation exceptions to auditors and business units.

   “Critical Takeaways

  •    “Context Over Score: Severity scores are officially deprecated as standalone metrics, forcing security leaders to justify patching decisions based on active exploitation and asset criticality.
  •    “Telemetry Upgrade Required: Security teams must immediately update vulnerability management pipelines to ingest and process CISA’s expanded context data, rather than relying on traditional automated scanner outputs.
  •    “Audit Local Asset Context: CISOs need to establish strict, defensible asset discovery and business-criticality tagging, as automated risk prioritizations are useless without precise local context.

   “It turns out that counting to ten over and over was a terrible way to run a security program, even if it did look nice on an executive dashboard.”

Sunil Gottumukkala, CEO, Averlon:

   “Glad to see CISA’s acting director focusing on real-world risk, this shift is overdue. Knowing a vulnerability is exploited in the wild, which the KEV catalog already delivers, answers only half the question. The other half is whether it matters in your environment. Do the specific conditions the exploit depends on, a particular configuration, an exposed or reachable service, actually exist in your fleet. 

   “This directive pushes agencies to answer that second half. Doing it well requires two things: knowing what assets you have and how they are deployed and configured, and understanding how a given CVE is being exploited to assess its real impact on your environment.”

My advice is to take risk and operational impact and make those operational now. Then tweak things based on what is finalized. That way there is forward movement in term of making environments safer for all.

Clarvos Expands Agentic Marketing Workflow With AI Governance, Computer Vision and Predictive Audience Intelligence 

Posted in Commentary with tags on June 10, 2026 by itnerd

Clarvos today announced expanded capabilities for the Clarvos Agentic Workflow, including AI governance, creative validation, computer vision, audience intelligence and AI-powered campaign recommendations. Clarvos will publicly showcase the expanded workflow at Small Business Expo Chicago on June 10, 2026, at Booth #608. 

As more businesses use AI to speed up marketing, many still face a critical challenge: knowing whether AI-generated campaigns, messages and creative assets are accurate, on-brand and ready to reach customers. The new Clarvos capabilities are designed to help marketers turn audience signals into campaign recommendations, review AI-generated work before launch and activate campaigns with greater confidence. 

Clarvos is building an intelligence layer for advertising workflows that coordinates specialized AI systems across campaign planning, creative generation, audience modeling, creative validation and performance reporting. By combining agentic AI, computer vision, deterministic validation engines, embedding models and AI-powered campaign recommendations into one workflow, Clarvos helps marketers move from insight to activation while maintaining governance, compliance and brand control before media spend begins. 

An Intelligent Growth System for Modern Marketing Teams 

The Clarvos Agentic Workflow coordinates the core steps of modern campaign development, from identifying growth opportunities and recommending audience segments to generating creative, reviewing outputs and preparing campaigns for activation. With this expansion, Clarvos is strengthening the intelligence and governance layer behind those workflows. 

The expanded platform enables businesses to: 

  • Review campaign outputs before launch: Clarvos evaluates campaign concepts, messaging, audience recommendations and creative assets against brand standards, compliance requirements, campaign objectives and approval rules before activation. 
  • Use computer vision for creative quality control: Clarvos uses computer vision and deterministic validation frameworks to assess product fidelity, brand colors, object detection, layout and visual compliance. 
  • Turn cultural signals into audience and campaign direction: TheTrending Topics Discovery feature identifies emerging consumer conversations, cultural moments and behavioral shifts across social media, while Brand Relevance Score ranks consumer segments based on alignment with a brand’s positioning, messaging, and consumer relevance. 
  • Test creative assets with predictive audience intelligence: Customer Simulator uses a synthetic audience response to provide qualitative feedback and 0–10 engagement scoring for uploaded and AI-generated creative assets before campaign launch. 
  • Generate AI-powered campaign recommendations: Clarvos translates trends, audience segments, brand inputs and creative signals into campaign strategy, target audience recommendations, channel guidance and creative direction. 
  • Centralize reporting and prepare for broader activation: The Performance Dashboard consolidates campaign metrics, media spend, ROI trends and audience insights across connected advertising channels, while the company’s expanding publisher ecosystem is designed to support future omnichannel distribution. 

Clarvos at Small Business Expo 

Clarvos will publicly showcase the Clarvos Agentic Workflow today at Small Business Expo Chicago, taking place from 9:30 a.m. to 5:00 p.m. at the Isadore & Sadie Dorin Forum at UIC. Attendees can see the platform demo at Booth #608. 

Katie Camacho-Smith, GTM Lead at Clarvos, will also lead a workshop titled “Smarter Growth with AI: No Guesswork, Just Results.” The session will explore how small businesses can use AI to identify the right customers, reduce guesswork, test what works and drive more repeatable growth. 

Availability 

The expanded capabilities are part of Clarvos’s 2026 platform roadmap as the company continues building governed AI advertising infrastructure for small and mid-sized businesses. 

Learn more about Clarvos at www.clarvos.com and join the Early Access Program to get exclusive access to the Agentic AI marketing platform. 

Anthropic’s Fable 5 release signals a new approach to AI safety

Posted in Commentary with tags on June 10, 2026 by itnerd

Anthropic’s release of Claude Fable 5 highlights a significant shift in how advanced AI systems are being deployed. Rather than limiting capability, the company is separating access and safety controls from the underlying model itself, making powerful AI available for general use while restricting higher-risk applications through additional safeguards and controlled access programs. The approach reflects a broader challenge facing the industry: how to balance increasingly capable AI systems with the governance, oversight, and usage controls needed to prevent misuse in sensitive areas such as cybersecurity.

Gidi Cohen, CEO & Co-founder, Bonfy.AI

“The most honest thing Anthropic has done here is ship one model as two products. Splitting Fable 5 and Mythos 5 is an acknowledgment that capability and safety are in genuine tension — and that pretending otherwise doesn’t serve anyone.

But the most important line in the entire announcement isn’t about the classifiers. It’s buried in the operational detail: a high-severity vulnerability found by the model takes about two weeks to patch on average. Meanwhile, Mythos Preview built working exploits from a disclosed CVE in under a day.

That gap is where risk lives. And no classifier closes it.

This makes concrete what the CSA data showed last week: enterprises aren’t failing because they can’t detect vulnerabilities. They’re failing because they can’t act on them fast enough. AI has collapsed the attacker’s timeline to hours. The defender’s timeline hasn’t moved.

Anthropic is right that the defensive head start only matters if the industry uses it. The harder truth is that most enterprises aren’t yet equipped to — not because the tools don’t exist, but because the governance architecture to deploy them safely hasn’t kept pace with the capability.

That’s the real race.”

Yagub Rahimov, CEO, Polygraf AI

“By splitting one model into two products, separated by a safety layer rather than by capability is a genius marketing and gtm strategy. With this approach Anthropic admits publicly that LLMs have dangerous capabilities, and frankly speaking every enterprise should therefor question who governs access to these LLMs. Every enterprise leader should have this sort of honesty as a base standard.

This admittance about AI risk also changes the conversation. Imagine that within just days of its launch a single model autonomously finds vulnerabilities that survived 27 years of every human review in a major operating system. The strategic question we should ask is no longer how powerful that model is. It is who controls the behavioral layer between the model and the mission. America has been leading the world in building frontier AI. Now, our next obligation is to lead in governing and securing how that AI behaves once it touches enterprise and government data. Capability won the first race. Governance and security wins the second.”

Organizations need to keep pace with security and the like so that releases such as Claud Fable 5 don’t overwhelm them. If they don’t, then you can expect that organizations will lose this battle.

UPDATE: I have additional commentary starting with Ryan McCurdy, VP of Marketing, Liquibase:

   “Anthropic’s release shows the industry is starting to separate model safety from deployment safety. That is the right conversation. A more capable coding model can be safer at the model layer and still create risk once it is connected to repositories, pipelines, cloud environments, and databases.

   “The enterprise question is not just whether the model has safeguards. It is whether the organization can prove control over the work the model produces. Who approved the change? What systems did it touch? Did it follow policy? Can it be traced and reversed if it breaks production? As models get better at long-running software tasks, governance has to move closer to the actual change, especially in the systems where code, data, and compliance meet.”

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs:

   “Anthropic filed for its IPO on June 1 and launched Fable 5 eight days later at double the Opus token rate. The benchmark gains are real but concentrated in frontier-hard tasks. SWE-bench Pro jumps 11 points, from 69.2% to 80.3%. On routine work the gap shrinks to near-parity, and cost-per-solve still favors Opus 4.8 at $1.45 vs $2.49 per solved task.

   “The token economics compound the pricing. Fable 5 burns tokens at twice the Opus rate. A BleepingComputer reviewer exhausted a $100 daily allocation in nine minutes running Anthropic’s workflow mode. At $10/$50 per million tokens, heavy agentic work can clear three figures a day.

   “I do complex offensive cybersecurity tasks on Opus 4.6. No cybersecurity classifier. No mandatory data retention. Fable 5 charges double, blocks those queries, and redirects them to Opus 4.8.

   “Anthropic needs to show public-market investors it can monetize a $965 billion valuation. Fable 5 doubles per-token revenue. The cybersecurity gains are locked behind Project Glasswing.

   “Everyone else pays double and gets Opus 4.8 responses on security queries.”

Noelle Murata, Chief Operating Officer at Xcape, Inc.

   “Anthropic’s broad commercial release of Claude Fable 5 represents a calculated pivot in the frontier AI landscape: attempting to monetize elite, long-horizon reasoning architecture while strictly walling off its most “hazardous” capabilities. By implementing an aggressive, real-time classifier system that automatically downgrades high-risk cybersecurity, biochemical, or model-distillation requests to the less powerful Claude Opus 4.8 framework, Anthropic is trying to fulfill its commercial obligations without turning a public LLM into an on-demand zero-day factory.

   “However, this bifurcated release strategy highlights a growing divergence in enterprise defense. While everyday enterprise customers gain access to Fable 5’s highly advanced software engineering and long-running autonomous logic, Claude Mythos 5 remains exclusively accessible to a tight cohort of government intelligence agencies and select critical infrastructure defenders under Project Glasswing. This means the actual “cybersecurity tier” of this technology remains behind sovereign closed doors, leaving commercial security teams to defend against an increasingly automated threat landscape without the same unrestricted analytical tools being deployed by nation-state actors.

   “Critical Takeaways

  •    “The Fallback Safety Loop: Fable 5 relies on active routing classifiers; roughly 5% of user prompts trigger a silent safety downgrade to Opus 4.8, creating an intentional, built-in performance ceiling on sensitive technical domains.
  •    “The Defensive Technology Asymmetry: By maintaining a fully un-guardrailed “Mythos 5” tier strictly for government and certified infrastructure partners, the gap between state-level cyber capabilities and commercial enterprise defense tools is widening.
  •    “Commercially Prohibitive Intelligence: At $10 per million input and $50 per million output tokens, Fable 5 is priced as a premium, specialized tool—making it twice as expensive as Opus 4.8 and reinforcing that frontier-level autonomous reasoning remains a luxury tier for enterprise workflows.

   “Anthropic built a brilliant system to prevent script kiddies from generating bioweapons, but blocking offensive cyber requests simply ensures that the good guys are the only ones playing with handcuffs on.”

John Strand, Owner, Black Hills Information Security, Inc.:

   “We need to remember that Mythos is not the end state. Mythos is a harbinger of what’s coming next. Too many people look at these demonstrations and assume they’re seeing the finished product. They’re not. They’re seeing the beginning.

   “Every major AI vendor on the planet is investing heavily in capabilities that will eventually compete in this space. At the same time, open-source models continue to improve at an astonishing pace. It won’t be long before anyone can download a model from an open-source repository, run it locally, and achieve exploit development, vulnerability research, and attack-path analysis capabilities that rival or exceed what we’re seeing from the most advanced systems today.

   “The real lesson isn’t that Mythos exists. The real lesson is that these capabilities are becoming democratized. What is currently available to a handful of well-funded organizations today will eventually be available to everyone. The barriers to sophisticated vulnerability discovery, exploit development, and attack-path chaining are falling rapidly, and defenders need to start planning for a world where advanced offensive capabilities are widely accessible.”

Sunil Gottumukkala, CEO, Averlon:

   “Fable 5 represents a meaningful shift in what’s possible for code generation at scale. Models at this capability level can compress months of engineering work into days, which changes the economics of vulnerability exposure and remediation significantly.

   “That makes it even more important for organizations to understand their attack surface, know which vulnerabilities are actually exploitable in their environment, what they connect to, and which ones warrant that fix-generation capacity in the first place. The most effective approach evaluates risk as changes are introduced, not after they’ve already reached production.

   “As the dual forces of code generation and exploit generation become faster and cheaper, the triage layer becomes the critical bottleneck to ensure the right risks are prioritized and fixes are in place before a breach.”

Check Point Advances Secure AI Transformation for MSPs with New Platform, AI Security Capabilities, and Unified Security Bundles

Posted in Commentary with tags on June 10, 2026 by itnerd

Check Point today announced a major expansion of its Managed Service Provider (MSP) platform. Unveiled at the Pax8 Beyond 2026 flagship conference and rolling out globally to Check Point partners, the new platform is designed to help MSPs secure AI adoption, streamline operations, and simplify managed security delivery.

The announcement brings together three strategic innovations under a single MSP vision:

  • Securing AI and AI usage for MSPs
  • A new multi-tenant MSP management platform with Management Control Plane (MCP) access
  • Unified managed security bundles delivered through a simplified licensing model

Together, these capabilities are designed to help MSPs evolve from infrastructure providers into strategic security and AI transformation partners for their customers.

Securing AI and AI usage for the MSP Market

As AI adoption accelerates across businesses of all sizes, the conversation in the MSP community has focused largely on using AI, not securing it. According to Check Point’s 2026 Cloud Security Report, while 77 percent of organizations have updated their security strategies in response to AI, only 26 percent say they have the architectural capability to enforce those strategies, exposing a growing AI security gap.

To help address this challenge, Check Point is extending Workforce AI Security into its MSP ecosystem, enabling MSPs to discover AI usage, govern employee interactions with AI tools, and protect sensitive data across emerging AI applications and agents.

“AI is reshaping both the threat landscape, and the expectations customers now place on their service providers,” said Dave Meister, Vice President of MSP/MSSP at Check Point Software Technologies. “MSPs are no longer just managing infrastructure — they are helping customers navigate AI transformation. With these new capabilities, we’re giving our partners their first opportunity to discover, secure and govern AI usage, and AI agents at scale in an MSP friendly monthly consumption model with no minimums or locks in in a multi-tenanted environment”

New MSP Platform: Multi-Tenant, AI-Integrated, Built for Scale

The new MSP platform is purpose-built to meet the operational demands of managed service providers, providing:

  • Access to the Check Point product portfolio in a multi-tenant, MSP-friendly environment
  • Native integration of AI security capabilities, including Workforce AI
  • Reinforces Check Point’s open-garden strategy through expanded Professional Services Automation (PSA) integrations
  • MCP (Management Control Plane) for the MSP portal
  • A new dedicated MSP experience team focused on support, onboarding, enablement, and ongoing partner success

This platform establishes the foundation for Check Point to serve as a long-term infrastructure partner for MSPs, enabling them to manage comprehensive security from a single interface.

Unified Security Bundles for Simplified Managed Delivery

Check Point also introduced new unified MSP security bundles that simplify how partners procure, manage, and deliver managed security services.

The bundles combine email security, endpoint security, browser security, mobile security, SASE, Workforce AI, security awareness training, and DMARC into a single integrated offering. Delivered through a unified management experience and single SKU aligned to the partners’ Microsoft licensing, the bundles help MSPs reduce tool sprawl, streamline procurement, improve operational efficiency, and accelerate customer onboarding.

For partners, the bundles create a more scalable and cost-effective managed security model. For customers, they deliver a simplified, enterprise-grade security experience spanning users, devices, email, SaaS applications, networks, and AI environments. The bundles are also packaged in a simple, easy-to-understand format that enables MSPs to more effectively communicate security value to customers, regardless of their technical expertise.

Pax8, which named Check Point the official AI sponsor of Beyond 2026, highlighted the announcement during its keynote, reflecting growing demand for AI-driven security and the expanding role of MSPs as strategic advisors. Pax8 has also named Check Point its Most Valuable Vendor, recognizing its leadership in delivering innovative cyber security solutions across North America. The award will be presented on the Beyond 2026 mainstage, reinforcing Check Point’s commitment to advancing security and threat prevention for the MSP community.

The new MSP platform is available to Check Point partners beginning today. For more information visit checkpoint.com/partners/msp-program/.

BDO Canada launches Defence Cyber Readiness Accelerator

Posted in Commentary with tags on June 10, 2026 by itnerd

Today, BDO Canada announced the launch of its Defence Cyber Readiness Accelerator, a new advisory service designed to help businesses navigate the Canadian Program for Cyber Security Certification (CPCSC). 

As the CPCSC, a new federal cybersecurity framework for defence procurement, introduces baseline cybersecurity requirements for organizations handling sensitive but unclassified defence information, BDO Canada’s Defence Cyber Readiness Accelerator is designed to help organizations prepare.

The offering supports businesses in assessing readiness, identifying compliance gaps, and building practical pathways toward certification and long-term procurement eligibility. As part of BDO Canada’s broader defence-sector offering spanning compliance, capability, and capital, the Accelerator is intended to help strengthen supply chain trust and support wider participation in Canada’s growing defence industry.

A narrowing window for Canadian suppliers

As the federal government begins integrating CPCSC requirements into upcoming defence procurement opportunities, organizations across the supply chain are facing increasing pressure to prepare. Companies that are unable to demonstrate the appropriate level of cybersecurity readiness may risk losing access to future contract opportunities and could face challenges maintaining eligibility for existing defence-related work.

Built on BDO’s defence sector experience

BDO Canada already serves more than 250 clients across the Canadian defence ecosystem, including aerospace manufacturers, robotics innovators, infrastructure firms, logistics providers, and technology suppliers. The firm’s defence industry team brings together cross-functional expertise across cybersecurity, regulatory compliance, government incentives, deal advisory, manufacturing, infrastructure, and public sector, giving businesses access to a single team that understands the full defence-entry lifecycle.

Kyndryl launches AI Orchestration for Business to accelerate agent-driven transformation

Posted in Commentary on June 10, 2026 by itnerd

Kyndryl today announced Kyndryl AI Orchestration for Business, a new capability built with the Kyndryl Agentic AI Framework designed to move enterprises beyond experimentation and siloed workflows to enterprise-wide AI impact.

As organizations in retail, consumer packaged goods (CPG), travel and transportation, and other industries struggle to leverage AI to meet customer expectations around personalized experiences, real-time responsiveness and seamless fulfillment, Kyndryl AI Orchestration for Business helps to address these challenges. The capability autonomously interacts with AI agents across supply chains, commerce, finance, IT and customer operations to enable seamless coordination, cross-functional alignment and controlled execution at scale – supporting governed, policy-driven AI agent functionality.

Kyndryl AI Orchestration for Business combines data, events and AI agents from across the enterprise to support role-based decision making and real-time action. Instead of reacting to issues after they occur, leaders and frontline teams receive proactive alerts, recommended actions and embedded agentic workflows that allow them to augment their own workstreams to intervene or approve automated actions before disruptions impact customers or revenue.

Kyndryl AI Orchestration for Business supports agentic workflows for use cases across store and enterprise operations, including:

  • Agentic Commerce: Connects supply chain, pricing, promotions and customer engagement – allowing organizations to anticipate demand shifts, manage disruptions and personalize customer experiences without sacrificing control
  • Proactive supply chain disruption management: Identifies supply risks, impacted SKUs and financial exposure in real time, prompting planners and managers to act before stock‑outs reach stores or customers
  • Role‑based operational orchestration: Delivers alerts, recommendations and actions to the right roles – such as demand planners, supply chain leaders and pricing teams – enabling faster, more coordinated decisions across functions
  • Policy‑driven execution and auditability: Embeds operational, regulatory and business rules directly into agent workflows at the reasoning level using policy as code, with full transparency into how decisions are made and executed
  • Coordinated commerce and customer experience enablement: Aligns supply, inventory, pricing and fulfillment decisions in real time to reduce disruptions, protect revenue and deliver a more consistent customer experience

Kyndryl Consult experts will help customers design, deliver and deploy AI Orchestration for Business, while leveraging the full Kyndryl Agentic AI Framework and the company’s deep experience running mission-critical systems across hybrid cloud, on-premises and edge environments. The capability is cloud and large language model-agnostic, integrates with existing enterprise platforms and can operate with or without managed services tools – giving organizations the flexibility to modernize at their own pace.

Kyndryl is uniquely positioned to be the orchestration partner of choice for these industries, recognizing that achieving enterprise-scale process transformation requires targeted modernization across varied technology landscapes. Kyndryl accelerates this journey through a catalog of workflows and AI-native industry architectures that deliver speed, consistency and quality at scale. From unlocking legacy data and transactions across mainframe and distributed environments to re-architecting applications to enable Model Context Protocol servers and power agentic workflows, Kyndryl leverages its comprehensive services to drive efficient end-to-end transformation.

Learn more information about Kyndryl AI Orchestration for Business

Global Cyber Attacks Ease in May 2026, But Ransomware Surges 48% As Threats Reorganize

Posted in Commentary with tags on June 10, 2026 by itnerd

In May 2026, global cyber-attack activity eased from April’s sharp rebound, though the underlying trends offer little genuine comfort. Organizations experienced an average of 2,055 weekly cyber-attacks, a 2% increase year over year and a short term 7% decrease month over month. While the monthly decline may read as stabilization, ransomware activity surged to its highest year-over-year growth rate of 2026, and GenAI-driven data exposure risks continued to deepen across enterprise environments.

Check Point Research data consistently shows that short-term volume moderation does not equal reduced risk. Adversaries keep recalibrating timing, tools, and targeting, and May is a clear example of that pattern.

The Sectors That Kept Taking the Hits

Education absorbed more attacks than any other industry in May, averaging 4,641 weekly attacks per organization, with year-over-year volumes climbing another 7%. The combination of open networks, high student turnover, and chronically stretched security budgets continues to make schools and universities an almost frictionless target. Government sat in second place at 2,620 weekly attacks, and Telecommunications followed at 2,583, both essentially where they were a year ago.

Where in the World Attacks Hit Hardest

The more interesting movement happened further down the list. Agriculture surged 51% year over year to 2,243 weekly attacks. Hospitality, Travel and Recreation climbed 24% to 2,291, and Construction and Engineering rose 23% to 1,999. These are not sectors anyone would have highlighted as cyber attack hotbeds two years ago. The growing digitization of their operations, combined with the sheer availability of automated attack tooling, is changing that calculation fast.

Latin America held the top spot for another month running, with 3,149 weekly attacks per organization and a 13% year-over-year increase, as rapid digitalization continues to outpace security maturity across the region. Africa posted the most dramatic shift of any region, down 20% year over year, though volumes remain high enough to keep it firmly in the danger zone.

GenAI: The Risk That Grows With Every New Tool Adopted

Enterprise GenAI adoption showed no signs of slowing in May, and neither did the exposure risks that come with it.

  • 1 in every 25 GenAI prompts from enterprise networks carried a high risk of sensitive data leakage
  • 91% of organizations using GenAI tools regularly were touched by this risk
  • A further 22% of prompts contained potentially sensitive information
  • Organizations ran an average of 9 different GenAI tools during the month
  • The average enterprise user sent 70 GenAI prompts per month

Every new tool adopted without a governance framework in place is another surface where credentials, intellectual property, and internal data can slip out quietly. The exposure does not announce itself.

Ransomware Recorded Its Sharpest Year-Over-Year Jump of 2026

If May had a headline, this was it. 698 ransomware attacks were reported globally, a 48% increase on May 2025, when 472 incidents were recorded. The growth landed across every region: Asia up 119%, EMEA up 40%, the Americas up 39%. This was not concentrated pressure from one geography or one group. It was broad-based acceleration.

Business Services bore the sharpest end of it, accounting for 35% of all ransomware victims and recording a year-over-year increase of 359%, from 54 incidents to 248 in a single month. Consumer Goods and Services grew 223%, and Industrial Manufacturing climbed 50% from last year.

North America absorbed 49% of reported incidents globally, followed by Europe at 22% and APAC at 19%. The United States alone accounted for 43% of all reported ransomware victims, with Canada (5.6%), the United Kingdom (4.6%), Germany (4.0%), and Spain (3.0%) rounding out the top five.

Three Groups Led, But 61 Were Active

Ransomware in May was dominated at the top but remarkably spread out everywhere else. The top three groups accounted for 39% of reported attacks, all growing above the average rate. The other 61% was distributed across 58 additional active groups, a level of fragmentation that reflects just how industrialized and competitive the ransomware market has become.

Qilin led the field at 14% of published attacks, continuing its expansion following RansomHub’s retirement and the aggressive affiliate recruitment drive it has been running since early 2025. The Gentlemen secured second place at 10%, a striking position for a group that had zero recorded activity in May 2025. Founded in mid-2025 by a former Qilin affiliate, the group built its early reach around self-service access to approximately 14,000 pre-exploited FortiGate devices and has since grown into a top global threat in under a year. Their May 2026 operator communications announced a tactical evolution away from brute-force EDR-killing toward surgical userland evasion, suggesting a group investing seriously in longevity. DragonForce climbed to third at 8%, having risen five positions since January 2026 by absorbing displaced RansomHub affiliates and running a white-label model that lets affiliates operate entirely independent brands on shared infrastructure.

Reading May Correctly

The dip in overall volumes is real, but it is the wrong thing to anchor on. Underneath it, ransomware posted its biggest year-over-year leap of the year, new groups matured at a pace that has no real precedent in recent history, and sectors that once sat comfortably outside the crosshairs are now absorbing thousands of incidents per month. The threat landscape is not pausing. It is reorganizing. A prevention-first, AI-powered security strategy across cloud, network, endpoint, and user environments is not just best practice in that context. It is the only realistic response to a landscape that adapts faster than reactive models can follow.

University of Nottingham first public victim in latest ShinyHunters attack

Posted in Commentary with tags on June 10, 2026 by itnerd

You may have seen that the University of Nottingham looks to be the first public victim of a new attack salvo by ShinyHunters.

We know this information is likely to cause concern for students and staff in our community and we apologise for any anxiety that this may cause.

Two groups have been impacted by the incident – current students, and alumni.

We are working to understand the data that has been accessed and have contacted those students and alumni affected directly. We are working closely with Action Fraud, the Information Commissioner’s Office, and other regulatory bodies.

We will remain in contact with those directly impacted and will continue to provide updates as the situation develops.

Targeted at Oracle’s Peoplesoft software, it seems like yet another example of supply chain attacks that can spread far and wide at little cost to the attacker.

Raluca Saceanu, CEO of Smarttech247, argues that the best strategy in the world is worthless if you can’t trust the whole chain:

“We’ve seen this type of supply chain attack before. It’s yet another example of how the best cybersecurity strategy in the world is worthless if partners up and down the chain aren’t working to the same standards. The Salesloft Drift breach — where a single compromised integration exposed over 700 organisations — proves exactly this point. Most attackers don’t discriminate: Nottingham is likely just the first tremor in a chain reaction of similarly affected businesses. In this environment, trust is critical. That’s only possible if all parties react swiftly and effectively to the threat; if communications are open and intelligence is shared immediately; and if security in every organisation has a human face that’s clearly following best practice and protocols. Without this, every part of the supply chain remains an island. And isolated victims are much easier to pick off.”

Lee Sult, Chief Investigator of Binalyze, points out how organisations can try and disrupt ShinyHunters’ apparent winning streak:

“If this is a supply chain attack, it’s another painful reminder that attackers love the path of least resistance. Why compromise a group of organisations separately when you can just do one and move laterally from there? It also makes it clear that nobody is exempt from being a target: if you use software, you’re in the firing line.

“Initial reports suggest the attackers have stolen financial data and even National Insurance numbers. That can be used for devastating follow-on attacks should the data be shared among cybercriminal groups for scams and phishing attempts.

“If it’s all true, ShinyHunters is on a winning streak against universities. This is the latest addition to their trail of havoc in the education sector. Just recently we had the ransomware attack and settlement on education software provider Canvas which impacted countless universities and people. They’re getting what they want from their attacks.

“That’s why thorough, fast investigations are crucial to know exactly what happened, showing victims the right steps have been taken to mitigate impact, and getting the word out to all who may have been affected.”

My advice is that ShinyHunters is a force to be taken seriously. Thus if you don’t take them seriously, you will pay the price.

A Q&A With Volvo Cars Canada Regarding The Use Of Advanced Sensors And Vehicle Data

Posted in Commentary with tags on June 10, 2026 by itnerd

I was having a conversation with Volvo Cars Canada about using advanced sensors and vehicle data in terms of identifying near miss accidents. The key is that there are near miss accidents. As in there are not accidents. This helps Volvo kicks things up a notch as they are increasing their safety status beyond what’s available with other cards.

Here’s the Q & A from Volvo Cars Canada:

Q. Talk to me about the use of advanced sensors and vehicle data in terms of identifying near miss accidents. 

A. At Volvo, we believe preventing accidents starts long before a collision occurs. Near-miss data is critical because it lets us identify risk before a crash happens. Using advanced sensors like cameras, radars and sensors, vehicles can detect dangerous situations in real time, often stepping in with warnings or interventions to help avoid a collision.

By learning from these moments of real-world driving situations, we can continuously improve our safety systems. Ultimately, it shifts safety from reactive to preventative, helping us move closer to our ambition of zero collisions.

Q. How does identifying near miss accidents help with elimination of collisions?

A. To prevent collisions, you first need to understand how and why they happen. Near-miss events provide valuable insights into situations where a collision was narrowly avoided, helping Volvo identify risks before they lead to real-world accidents.

These learnings are incorporated into the Volvo Safety Standard, Volvo’s internal safety benchmark that goes beyond regulatory requirements and traditional crash testing. By studying real-world driving scenarios and using that data to inform both physical and virtual crash testing, Volvo develops preventative safety systems that better address the complexities of everyday driving.

This continuous feedback loop helps Volvo identify risks earlier, improve collision avoidance technologies, and move closer to its long-term ambition of eliminating serious injuries and fatalities in new Volvo vehicles.

Q. How does this help make Volvo cars safer? 

A. Real-world data enables Volvo to continuously improve both active and passive safety systems based on how people actually drive, rather than solely relying on standardized testing scenarios.

Insights gathered from crash investigations, near-miss events, connected vehicle data, onboard sensors, and driver behaviour help Volvo refine technologies such as automatic emergency braking, collision avoidance systems, driver assistance features, occupant protection, and driver monitoring.

This data-driven development process allows Volvo engineers to validate safety innovations against real-world conditions and continuously improve vehicle safety performance over time.

What makes this even more powerful is how we process and learn from the data. With Volvo Cars’ next generation core compute and centralized systems like HuginCore we can analyze these signals at scale and continuously improve how the vehicle understands risk. Combined with over-the-air updates, we’re able to refine and enhance our safety systems based on these real-world learnings, without customers needing to visit a retailer.

Q. Are there other advancements that help make Volvo cars safer? 

A. Safety innovation remains at the core of Volvo Cars. One of our latest advancements is the new multi-adaptive safety belt, an award-winning, world-first technology designed to further enhance occupant protection in real-world traffic situations.

Using real-time data from interior and exterior sensors, the system can adapt protection based on factors such as a person’s size, body shape, seating position, and crash severity. By significantly expanding the range of load-limiting settings that control how force is applied during a collision, the belt can provide more personalized protection for different occupants. It’s an example of how Volvo continues to use technology and data to make safety systems more intelligent, responsive, and effective.