Archive for June 10, 2026

Newer Entries »

Liquibase Introduces Agent Safe Governance for AI-Generated Database Change Share

Posted in Commentary with tags on June 10, 2026 by itnerd

Liquibase today announced Liquibase Secure 5.2, a major release introducing Agent Safe Governance for AI-generated database change. Liquibase Secure 5.2 helps enterprises validate, track, and govern database change before and after production, whether created by humans or AI.

Liquibase also announced that Liquibase Secure earned five 2026 TrustRadius Top Rated Awards across Database DevOps, Build Automation, Release Management, Database Management, and Version Control. TrustRadius Top Rated Awards are based entirely on customer reviews, with no paid placement or analyst opinion, and recognize products that meet criteria for review recency, customer rating, and category relevance.

Companies are moving faster across applications, infrastructure, data products, and AI initiatives. But every application, data product, and AI model still depends on database change. That creates a new pressure point: database changes can now be generated in seconds, while many enterprise controls still rely on tickets, manual reviews, disconnected scripts, and after-the-fact audit trails.

According to Liquibase’s State of Database Change Governance report, 96% of organizations allow AI to interact with production databases. As tools such as Cursor, Claude, GitHub Copilot, and other AI assistants become part of the developer workflow, database changes are no longer created only by humans. But faster creation does not mean those changes are safe to deploy.

Agent Safe Governance is Liquibase’s answer to that shift. AI can help create a database change, but it cannot bypass the checks, approvals, audit trails, schema lineage, drift detection, and recovery controls enterprises require before production.

AI is changing how database changes are created. Liquibase Secure governs how they reach production.

“AI agents are becoming part of how developers work, but they should not have a free pass to change production databases,” said Pete Pickerill, Co-Founder at Liquibase. “Agent Safe Governance means AI can help create a database change, while Liquibase Secure validates it, tracks it, checks it against policy, preserves schema lineage, detects drift, and controls how it moves to production. That is the balance enterprises need: faster development without turning database change into an unmanaged risk surface.”

Liquibase Secure 5.2 uses the Liquibase MCP server to connect AI-assisted workflows to govern database change management. Developers and AI assistants can create Liquibase-formatted changelogs, schema updates, rollback logic, and AI-generated DDL, while Liquibase Secure applies policy checks, governance workflows, drift detection, and audit-ready evidence before changes reach production.

Liquibase Secure 5.2 Brings Agent Safe Governance to the Database Layer: Liquibase Secure 5.2 gives enterprises one control plane for every database change, human or AI. The release connects new AI-assisted workflows with the proven governance controls enterprises already rely on to validate, track, and secure database change.

AI-assisted database change authoring through the Liquibase MCP server: The Liquibase MCP server connects AI-assisted workflows to Liquibase Secure, helping developers and AI assistants create structured, reviewable, and governed database changelogs, schema updates, rollback logic, and AI-generated DDL. AI can assist with authoring, but Liquibase Secure governs the path to production.

Change Intelligence and schema lineage for human and AI-generated change: Liquibase Secure gives teams visibility into the full lifecycle of every database change. Change Intelligence helps teams understand what changed, who or what created it, where it ran, whether controls were followed, how the schema changed over time, whether drift exists, and what evidence is available for audit or investigation.

Policy checks and drift detection as the governance foundation: Liquibase Secure applies policy checks before deployment to help teams block risky operations, enforce standards, support separation of duties, and validate compliance requirements. Drift detection helps identify when environments no longer match the approved database state, including manual updates, emergency fixes, shadow changes, or AI-assisted changes that bypass governed workflows.

Expanded enterprise database coverage: Liquibase Secure 5.2 deepens support for complex enterprise database estates with new capabilities for Teradata, MongoDB, and DynamoDB. These enhancements help teams extend governed change across the databases that power mission-critical applications, data products, and AI systems.

Machine-Readable Vulnerability Intelligence with VEX: Liquibase Secure 5.2 adds Vulnerability Exploitability eXchange, or VEX, support to provide machine-readable vulnerability assessments for Liquibase products. Published through the Liquibase VEX repository, included alongside SBOM files inside the Secure distribution, and available as standalone files on the Liquibase download site, VEX helps enterprise security teams understand vulnerability context, integrate with automated scanners, and streamline security response.

One Control Plane. Every Database. Every Change. Human or AI. Liquibase Secure 5.2 extends Liquibase’s role as the enterprise control plane for database change. It helps organizations govern database change across human developers, AI assistants, CI/CD pipelines, and production environments.

For regulated industries, this is already a board-level issue. Financial services, healthcare, insurance, retail, media, and technology organizations must prove that database changes are reviewed, approved, traceable, recoverable, and compliant. AI does not remove that requirement. It raises the stakes.

With Liquibase Secure 5.2, enterprises can move from reactive database control to continuous governance, with one consistent way to manage database change across applications, data products, and AI systems.

Liquibase Secure’s five 2026 TrustRadius Top Rated Awards reinforce the same customer demand driving this release: database change needs to move faster, stay governed, and remain trusted across increasingly complex enterprise environments.

Availability

Liquibase Secure 5.2 is available now. Learn more about Agent Safe Governance and Liquibase Secure 5.2.

Leave a comment »

$2 Trillion a Year Never Makes It from Obligation to Settlement. Rivvun AI Is Built to Recover It.

Posted in Commentary on June 10, 2026 by itnerd

Rivvun AI Inc. today announced a $7.55 million oversubscribed seed round led by Sitara Capital and 3one4 Capital, to deploy an autonomous AI execution layer purpose-built for enterprise spend and revenue recovery.

The scale of the problem is staggering. McKinsey research finds that enterprise procurement functions lose up to one-third of planned savings during execution — with an additional 3– 4% of total external spend lost to transaction inefficiency and noncompliance. Across fortune 2000 revenues that compounds to more than $2T in value that never reaches the bottom line. The money isn’t lost to fraud or bad contracts. It disappears in the gap between what was contractually committed and what enterprise systems were ever built to collect.

Built by the Executives Who Saw This Problem at Scale

Anand Veerkar and Niranjan Umarane spent the last decade as senior executives at Icertis, where they helped scale the company to more than $350 million ARR and built a platform governing some of the world’s largest commercial portfolios. Across every industry, the pattern was consistent: terms of trade were precisely structured; financial execution against them was not. Money owed under negotiated agreements quietly went uncollected — not because anyone decided to leave it, but because no system in the enterprise stack was designed to recover it. They left to build that system. They are joined by serial entrepreneur Patrick Linton, who brings deep experience scaling global operations for enterprise software companies.

The Problem Is Structural. So Is the Solution.

ERP systems record transactions. CRM tools track relationships. Procurement platforms manage approvals. None of them enforce outcomes. Rivvun’s autonomous AI execution layer connects to existing ERP, CRM, and procurement systems, interprets commercial obligations, identifies what hasn’t settled as agreed, and initiates recovery at the transaction level. No rip-and-replace. No new system of record.

Two agentic families power the platform: Spend Assurance on the buy side — recovering supplier rebates, pricing commitments, and procurement obligations that have gone unenforced; and Margin Defense on the sell side — recovering customer settlement variances, trade term discrepancies, and revenue that left the P&L without authorization.

Built Vertical-First, Because Leakage Isn’t Generic

Chargeback mechanics in pharma — GPO compliance, government pricing obligations — look nothing like settlement gaps in banking or trade term failures in CPG. Generic AI produces generic results. Rivvun deploys with vertical-specific agent logic tuned to the precise failure patterns of each industry, across Pharma, Healthcare, Banking, CPG/Retail and Industrial.

Leave a comment »

Canada’s AI spend is surging. Will it pay off?

Posted in Commentary with tags on June 10, 2026 by itnerd


New data in ServiceNow’s AI Maturity Index shows that Canadian companies are going big on AI, but the next test is turning that spend into real results. Canadian organizations expect AI to account for 22% of IT budgets by 2027 – doubling year over year – yet companies are lagging in execution.

The question now is: how can companies move from AI investment to measurable business impact?

You can read the report here: https://www.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-type/resource-center/white-paper/wp-enterprise-ai-maturity-index-2026.pdf

Leave a comment »

The global spam machine hiding behind Google and the New York Times

Posted in Commentary on June 10, 2026 by itnerd

Spam emails promising financial rewards, miracle health products, gambling bonuses, or urgent payment requests are a familiar nuisance. But what is far less understood is the infrastructure sitting behind them and how attackers are abusing trusted names like Google and The New York Times to make their campaigns harder to detect.

To find out, Comparitech investigated spam and phishing emails received in a standard consumer inbox, tracing the links through Google Cloud Storage and on to attacker-controlled infrastructure. The research uncovered a coordinated global network of 12,704 internet-facing servers across 55 countries, many of which served near-identical landing pages containing scraped New York Times content apparently to appear benign to scanners, researchers, and visitors who are not selected targets.

Key findings include:

  • Thousands of internet-facing servers across dozens of countries were found to be part of a coordinated global phishing infrastructure linked to spam campaigns targeting everyday consumers.
  • Attackers are abusing Google Cloud Storage links to improve email deliverability and sidestep spam filters, exploiting the trusted reputation of a major platform to reach more victims.
  • Servers redirected targets to near-identical landing pages packed with scraped New York Times content, a deliberate technique to appear legitimate to security scanners while serving phishing pages to identified targets.
  • The vast majority of discovered hosts were running end-of-life software, indicating a sprawling, largely unmanaged infrastructure with little operational overhead for the attackers.
  • Infrastructure was spread across hundreds of different hosting providers, making coordinated takedowns extremely difficult for any single platform or authority to take action.
  • Most servers had no prior abuse reports on record, suggesting the infrastructure is rapidly provisioned, frequently rotated, or purpose-built for short-lived redirection, all tactics designed to evade detection.

Here is a link to the full study: https://www.comparitech.com/news/how-spammers-are-hiding-behind-google-and-the-new-york-times/

Leave a comment »

Team Cymru Expands APJ Operations in Sydney, Deepening Regional Partnerships and Critical Infrastructure Collaboration 

Posted in Commentary with tags on June 10, 2026 by itnerd

Team Cymru today announced the expansion of its Asia-Pacific and Japan (APJ) operations, with Sydney serving as the company’s regional operational hub. The announcement follows RISEx Sydney, where Team Cymru leadership met with customers, partners, and public-sector stakeholders from across the region. 

The expansion responds to accelerating demand from APJ organizations for visibility into the external threat landscape, particularly across critical infrastructure, financial services, government, and telecommunications. Team Cymru’s Pure Signal™ provides defenders the ability to see adversary infrastructure as it is built and operated, enabling earlier detection, faster response, and proactive disruption of threat actor campaigns before they reach the perimeter. 

A Regional Hub for Long-Term Investment 

As part of the expansion, Team Cymru is: 

  • Establishing Sydney-based operations as the coordination point for APJ customer engagement, threat intelligence delivery, and partner enablement; 
  • Growing its in-region team, with additional customer engineering, intelligence, and go-to-market hires planned over the next six months; and 
  • Engaging with the New South Wales government on regional investment, workforce, and industry development initiatives. 

The Sydney hub will strengthen regional customer engagement, partner enablement, and technical support for organizations operating across Australia, New Zealand, and the wider APJ region.

Aligned With Regional Cyber Priorities 

The expansion comes as APJ governments and operators continue to elevate cyber resilience as a national priority. Critical infrastructure operators face mounting pressure to defend against well-resourced adversaries leveraging global infrastructure, while financial institutions are contending with industrial-scale fraud and account-takeover networks. Across the region, public-private collaboration — and shared visibility into adversary infrastructure — is increasingly recognized as essential to collective defense. 

Leave a comment »

iCOUNTER Names Joel Molinoff Chief Operating Officer

Posted in Commentary with tags on June 10, 2026 by itnerd

iCOUNTER today announced the appointment of Joel Molinoff as Chief Operating Officer. Molinoff brings nearly three decades of senior operational, security, and risk leadership at some of the world’s most recognizable enterprises and cybersecurity firms.

Most recently, Molinoff served as Global Head of Third-Party Risk Products and Services at BlueVoyant, where he led the development and growth of the company’s third-party risk management business serving commercial and government clients worldwide. He previously served as Vice Chairman of BlueVoyant. Earlier in his career, Molinoff was Executive Vice President and Chief Information Risk Officer at CBS Corporation, following six years as the company’s Senior Vice President and Chief Information Security Officer.

Previously Molinoff worked in intelligence for the United States Government with roles at the National Security Agency and the White House.Molinoff has also served on numerous advisory boards as well as  the Federal Communications Commission’s Communications Security, Reliability, and Interoperability Council (CSRIC), and is an Advisory Council Member with American Corporate Partners, an organization that supports U.S. veterans transitioning to civilian careers. He holds an MBA from Columbia Business School.

Leave a comment »

ServiceNow Discloses Breach Exposing Customer Data

Posted in Commentary with tags on June 10, 2026 by itnerd

ServiceNow is warning customers through a support bulletin about a security incident after hackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances.

Bleeping Compiter has the details here:  https://www.bleepingcomputer.com/news/security/servicenow-discloses-security-incident-exposing-customer-data/

Dan Moore, Sr. Director CIAM Strategy at cybersecurity company FusionAuth, provided the following comments:

“Everyone’s calling this an unauthenticated API vulnerability. The attacker bypassed the authentication because there wasn’t any. The endpoint, which lets you create related lists to show up on ServiceNow forms, apparently had its authentication check default to off. It’s unclear how long this has been exposed.

A one-line smoke test “hit the endpoint with no credentials, expect a rejection” catches this. Nobody wrote the test, because the platform treated ‘no auth’ as valid configuration for a sensitive endpoint. When authentication is something you toggle per endpoint instead of a default the platform enforces, an exposed endpoint isn’t a bug the system rejects. It’s a setting someone forgot to change.

If you manage an application with an API, does an endpoint with no auth fail your build, or does it just ship?”

It should not ship. But that is now how the universe sees things. Maybe the universe should change.

Leave a comment »

Majority of Security Leaders Say Traditional Pentesting Can’t Keep Pace with Modern Threats, Omdia Research Finds

Posted in Commentary with tags on June 10, 2026 by itnerd

Cobalt today announced findings from new research conducted by Omdia that reveal a significant shift in how organizations approach offensive security. As AI accelerates both attack and defense capabilities, security leaders are moving away from static, point-in-time assessments in favor of continuous, intelligence-driven security validation that combines human expertise with automation.

The survey of 400 cybersecurity professionals found that 94% of organizations see the importance of keeping humans in the loop for offensive security programs, while 60% expect analysts to shift from executing offensive security tasks to supervising autonomous workflows. At the same time, 53% of respondents said traditional offensive security approaches, such as manual penetration testing, provide a static view that is obsolete by the time reports are delivered.

The findings highlight a broader transformation in offensive security. Organizations increasingly recognize that point-in-time testing cannot keep pace with rapidly changing attack surfaces, AI-powered threats, and accelerated software development cycles.

The research also found that 58% of organizations now utilize PTaaS, making it the most widely adopted offensive security model surveyed. Additionally, 88% of respondents expect to increase spending on offensive security technologies over the next 12 months, including 23% planning significant increases.

Among the key findings:

  • 94% of organizations explicitly see the importance of keeping humans in the loop for offensive security programs.
  • 60% expect analysts to shift from executing offensive security tasks to supervising autonomous workflows.
  • 53% say traditional offensive security strategies provide a static view that is obsolete by the time reports are delivered.
  • 58% already utilize PTaaS, making it the most widely adopted offensive security model surveyed.
  • 88% plan to increase offensive security spending over the next 12 months, consisting of 65% planning moderate increases and 23% planning significant increases.

The findings underscore growing demand for offensive security programs that provide continuous visibility, integrate with existing security and engineering workflows, and help organizations reduce measurable risk rather than simply identify vulnerabilities. Furthermore, respondents emphasized that shifting toward continuous validation turns security into a business accelerator, whereby development teams can bring secure products to market faster.

The research, Next-generation Offensive Security Strategies Give Defenders the AI Advantage, was conducted by Omdia and surveyed 400 IT and cybersecurity professionals across North America responsible for developing and managing offensive security strategies.

The full report is available here.

Source: Omdia Research Survey, Next-generation Offensive Security Strategies Give Defenders the AI Advantage, May 2026.

Leave a comment »

Newer Entries »