Potpie AI raises $2.2 million to make AI agents usable inside real-world engineering systems

Posted in Commentary with tags on February 23, 2026 by itnerd

Software teams are moving faster than ever, yet the systems they build and maintain were never designed for AI agents to operate inside them. Codebases span millions of lines, context is scattered across dozens of tools, and critical knowledge lives in the heads of a few senior engineers. Potpie was built to change that. Today, the company announced a $2.2 million pre-seed round to help engineering teams unify context across their entire stack and make AI agents genuinely useful in complex software environments.  

The round was led by Emergent Ventures with participation from All In Capital, DeVC and Point One Capital. The capital will be used to support early enterprise deployments, expand the engineering team, and continue building Potpie’s core context and agent infrastructure.

As generative AI adoption accelerates, most tools focus on surface-level code generation while ignoring the deeper problem of context. Large language models are powerful, but without access to system-level understanding, tooling history, and architectural intent, they struggle in real production environments. Traditional approaches rely on senior engineers to manually hold this context together, a model that breaks down at scale and fails entirely when AI agents are introduced.

Potpie addresses this by unifying context across the entire engineering stack and enabling spec driven development. It pulls in information from source code, tickets, logs, documentation, and reviews, links it together, and makes it usable by agents.

With Potpie, the spec becomes the source of truth. Agents plan the feature end to end first by turning requirements into a clear implementation plan, mapping dependencies and edge cases, and aligning tests and rollout steps before writing a single line of code. The principle is simple. An agent is only as effective as the information it can access and the tools it can use. Potpie focuses on both.

The platform enables teams to automate high-impact and non trivial use cases across the software development lifecycle, like debugging cross-service failures, maintaining and writing end-to-end tests, blast radius detection and system design.  It is designed for enterprise companies with large and complex codebases, starting at around one million lines of code and scaling to hundreds of millions. Rather than acting as another coding assistant, Potpie builds a graphical representation of software systems, infers behavior and patterns across modules, and creates structured artifacts that allow agents to operate consistently and safely.

Potpie also actively creates context as systems evolve. When pull requests are created, it can update documentation and tickets automatically. When tickets are opened, it can generate system designs. The platform automatically generates structured behavior definitions for each AI agent, outlining how they should operate within a specific codebase. At the same time, it builds a searchable, tagged index across APIs, services, databases, and components, narrowing the search space and significantly improving reliability.

The company was founded by Aditi Kothari and Dhiren Mathur, who began working on the problem in October 2023, at the start of the first wave of generative AI adoption. While much of the industry focused on knowledge workers, they saw that developers faced a fundamentally different challenge. Code is non-linear, deeply interconnected, and spread across large systems. They spent nearly two years building the foundational layer that understands codebases and creates the underlying knowledge graph, before launching Potpie publicly last year in January 2025

Early deployments reflect the scale of the problem Potpie is addressing. One customer with a codebase exceeding 40 million lines reduced root cause analysis for production issues from nearly a week to around 30 minutes, with engineers acting as reviewers instead of investigators. Another customer maintaining decades-old systems used Potpie to update and generate tests in the background, compressing work that previously took multiple sprints into a much shorter cycle.

Potpie currently works with Fortune 500 and publicly listed companies in regulated industries, including healthcare and insurtech. Its open-source projects have surpassed 5,000 stars on GitHub, creating a strong magnet for enterprise adoption. 

Leave a comment »

Critical Infrastructure Operators Gain Secure Remote Access That Survives Network Disruptions

Posted in Commentary with tags on February 23, 2026 by itnerd

Xona Systems today announced Platform v5.5, a secure access solution designed to address the convergence of escalating threats, tightening regulatory requirements, and operational realities that legacy VPN and jump server architectures were never built to handle.

Critical infrastructure operators are navigating a fundamentally changed threat landscape in 2026. Nation-state actors are increasingly targeting industrial control systems through remote access vectors, while regulatory frameworks, including NERC CIP, IEC 62443, and TSA SD2 demand demonstrable governance over who accesses critical systems and under what conditions. At the same time, the operational reality of critical infrastructure (offshore platforms, rural substations, bandwidth-constrained sites) requires access solutions that maintain security and auditability even when network conditions degrade. Industry surveys¹ show remote access paths remain a primary driver of OT security incidents, yet many organizations still rely on VPN and jump server tools designed for stable IT networks, not operational technology environments.

Access That Survives Network Disruptions

Critical infrastructure often operates in conditions where traditional remote access tools fail: intermittent connectivity on offshore platforms, bandwidth constraints at rural substations, or air-gapped industrial facilities. Platform v5.5 introduces Session Hold and RDP Auto-Reconnect capabilities that maintain session continuity through network interruptions, allowing operators to continue critical work without losing progress or reauthenticating. This resilience eliminates the gap between security policy and operational reality that has long plagued OT environments, ensuring security controls don’t create incentives for operators to find workarounds during critical moments.

Critical infrastructure environments routinely operate under conditions that undermine assumptions embedded in traditional remote access architectures. Offshore platforms experience intermittent and high-latency connectivity, rural substations face persistent bandwidth constraints, and many industrial sites remain partially or fully air-gapped. In these contexts, conventional VPN- and session-based access tools—designed for stable enterprise IT networks—often fail to maintain session integrity during transient network disruptions, resulting in forced disconnects, loss of operational state, and repeated reauthentication.

Platform v5.5 addresses these constraints through the introduction of Session Hold and RDP Auto-Reconnect capabilities, which preserve session state across temporary connectivity loss without exposing underlying OT assets or expanding the attack surface. These mechanisms are complemented by configurable time synchronization services, enhanced CLI tooling for constrained or disconnected environments, and hardened FIPS-compliant cryptographic behavior to support diverse deployment and regulatory requirements.

By maintaining session continuity and operational context through network interruptions, operators are able to complete time-sensitive maintenance and response activities without restarting workflows or bypassing security controls. This resilience directly mitigates a long-standing tension in OT environments, where security mechanisms that impede operational continuity often incentivize informal workarounds during critical events. Aligning access security with real-world industrial operating conditions ensures that enforcement of security policy does not degrade availability, safety, or response effectiveness—particularly in high-risk, high-consequence scenarios.

Unified Governance Across Distributed Operations

Platform v5.5 expands the Xona Centralizer into a true single-pane-of-glass for secure access governance. Teams can now centrally manage connection and folder structures, session recordings and playback exports, real-time logs and bandwidth metrics, integration syncs with Forescout, Nozomi Networks, and other OT security platforms, and security policy settings that are enforced across all connected Xona Gateways. This full-spectrum visibility gives organizations the ability to scale secure access across global operations without scaling risk, complexity, or oversight burden. Rather than fragmented site-by-site management, teams gain a common, authoritative view that remains enforceable even when connectivity is unstable or bandwidth is constrained, ensuring access remains visible and accountable during the moments that matter most.

Built for How Critical Infrastructure Actually Operates

Platform v5.5 supports the workflows that define critical infrastructure operations. Users can now run multiple concurrent RDP, SSH, and Web sessions, switching between or collaborating across live troubleshooting efforts without interruption. An upgraded session transfer workflow enables secure handoffs between users during shift changes or escalation events, critical for 24/7 operations and remote OEM collaboration. Enhanced audit controls provide the visibility and evidence needed to demonstrate compliance without adding operational burden to security and engineering teams.

“In critical infrastructure, remote access is no longer just about getting connected, it’s about maintaining control under pressure,” said Raed Albuliwi, Chief Product Officer at Xona. “Access models that only work when networks are stable or environments are simple don’t hold up in critical infrastructure. Operators need governance that holds up in the field, not just on paper. That’s exactly what our next-generation access platform delivers.”

Market Traction

Deployed across more than 40 countries in energy, utilities, manufacturing, and maritime sectors, Xona has established itself as the secure access platform purpose-built for critical infrastructure.  Cybersecurity ecosystem partners such as Forescout and Radiflow are working with Xona to replace vulnerable legacy remote access infrastructure.

Availability

As threats, regulations, and operational complexity continue to converge, secure remote access has become one of the most scrutinized control points in critical infrastructure security. Xona Platform v5.5 represents a shift from access that only connects to access that governs, from tools that work in ideal conditions to infrastructure that holds up when it matters most.

Xona Platform v5.5 is available now. Organizations seeking to modernize critical infrastructure remote access can learn more at www.xonasystems.com or schedule a demo.

[1] SANS Institute 2025 survey, “SANS Institute 2025 survey finds OT cybersecurity incidents rising as ransomware and remote access risks grow,” Industrial Cyber, November 20, 2025. Available at: https://industrialcyber.co/news/sans-institute-2025-survey-finds-ot-cybersecurity-incidents-rising-as-ransomware-and-remote-access-risks-grow/

Leave a comment »

ESET Research discovers PromptSpy, the first Android threat to use generative AI

Posted in Commentary with tags on February 20, 2026 by itnerd

ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI in its execution flow to achieve persistence. It is the first time generative AI has been deployed in this manner. Because the attackers rely on prompting an AI model (specifically, Google’s Gemini) to guide malicious UI manipulation, ESET has named this family PromptSpy. The malware can capture lockscreen data, block uninstallation attempts, gather device info, take screenshots, record screen activity as video, and more.  This is the second AI-powered malware that ESET Research has discovered, following PromptLock in August 2025, the first known case of AI-driven ransomware.

Based on language localization clues and the distribution vectors observed during analysis, this campaign appears to be financially motivated and seems to primarily target users in Argentina. However, PromptSpy has not been observed in ESET telemetry yet, possibly making it a proof of concept.

While generative AI is deployed only in a relatively minor part of PromptSpy’s code — the one responsible for achieving persistence — it still has a significant impact on the malware’s adaptability. Specifically, Gemini is used to provide PromptSpy with step-by-step instructions on how to make the malicious app “locked”, i.e. pinned, in the recent apps list (often represented by a padlock icon in the multitasking view of many Android launchers), thus preventing it from being easily swiped away or killed by the system. The AI model and prompt are predefined in the code and cannot be changed. 

PromptSpy is distributed by a dedicated website and has never been available on Google Play. As an App Defense Alliance partner, ESET nevertheless shared the findings with Google. Android users are automatically protected against known versions of this malware by Google Play Protect, which is enabled by default on Android devices with Google Play Services.

With the app’s name being MorganArg and its icon seemingly inspired by Morgan Chase, the malware is likely impersonating the Morgan Chase bank. MorganArg, likely a shorthand for “Morgan Argentina”, also appears as the name of the cached website, suggesting a regional targeting focus.

Because PromptSpy blocks uninstallation by overlaying invisible elements on the screen, the only way for a victim to remove it is to reboot the device into Safe Mode, where third party apps are disabled and can be uninstalled normally. To enter Safe Mode, users should typically press and hold the power button, long press Power off, and confirm the Reboot to Safe Mode prompt (though the exact method may differ by device and manufacturer). Once the phone restarts in Safe Mode, the user can go to Settings → Apps → MorganArg and uninstall it without interference.

For a more detailed analysis of PromptSpy check out the latest ESET Research blogpost “PromptSpy ushers in the era of Android threats using GenAI”  on WeLiveSecurity.com

Leave a comment »

The CISA Has Provided Two Warnings That You Should Pay Attention To

Posted in Commentary with tags on February 19, 2026 by itnerd

The CISA has given US government agencies three days to patch their systems against a maximum-severity hardcoded credential vulnerability (CVE-2026-22769)in Dell’s RecoverPoint solution exploited by the UNC6201 Chinese hacking group since mid-2024 https://www.cisa.gov/news-events/alerts/2026/02/18/cisa-adds-two-known-exploited-vulnerabilities-catalog.

Ensar Seker, CISO at threat intelligence company SOCRadar:

“When CISA orders agencies to patch within three days, that signals confirmed active exploitation and real operational risk. This is not theoretical exposure. A hardcoded credential vulnerability like CVE-2026-22769 effectively removes authentication as a barrier. If exploited, it can lead to root-level persistence, which is extremely difficult to detect and eradicate.

“The three-day mandate reflects two things: first, the vulnerability likely provides reliable post-exploitation value; second, federal systems running backup and recovery platforms are high-value targets. Backup infrastructure is especially sensitive because compromising it weakens an organization’s last line of defense against ransomware and destructive attacks. What makes this particularly concerning is that exploitation reportedly began in mid-2024. That means adversaries may have had months of dwell time in some environments. Even after patching, agencies must assume possible compromise and validate integrity, credentials, and persistence mechanisms.

“The real takeaway for enterprises is this: if federal agencies get three days, the private sector should not assume they have three weeks. When a vulnerability combines maximum severity, hardcoded credentials, and active exploitation, patching becomes a board-level risk discussion, not just an IT task.”

On top of that, the CISA published an advisory warning that a critical security vulnerability (CVE-2026-1670) has been identified in four Honeywell CCTV camera models that could allow attackers to bypass authentication and take control of device accounts.

The flaw is classified as “missing authentication for critical function” and has been given a CVSS severity score of 9.8.

According to the advisory, the vulnerability stems from an unauthenticated API endpoint that lets attackers remotely change the “forgot password” recovery email address associated with a camera account. By modifying this recovery email without needing credentials, an attacker could potentially take over the account and gain unauthorized access to live camera feeds or administrative functions.

Honeywell is a widely deployed global supplier of security and video surveillance equipment, including many NDAA-compliant cameras used in government, industrial, and commercial critical infrastructure environments. 

Nick Mo, CEO & Co-founder, Ridge Security Technology Inc. provided this comment:

   “IoT assets like cameras and smart printers remain massive security blind spots. While organizations obsess over protecting “crown jewel” databases, attackers exploit these overlooked devices as easy entry points.

   “The Honeywell zero-day (CVE-2026-1670) shows how a single vulnerability in a CCTV system can compromise critical infrastructure. Whether it’s a sophisticated exploit or a basic failure—like the 2025 Louvre heist where the password was just “Louvre”—the risk is the same: neglected hardware creates an open door.

   “Security testing must include every connected device. Find the holes before the hacker does.”

Michael Bell, Founder & CEO, Suzu Labs had this comment:

   “The device you installed to protect the building just became the way into the network. CVE-2026-1670 lets an unauthenticated attacker change the password recovery email on affected Honeywell cameras and take over the account, no credentials needed. These are NDAA-compliant models that go into government facilities and critical infrastructure, and the vulnerability is an open API endpoint on a password reset function.

   “A physical security contractor puts the cameras up, plugs them into whatever network is available, and IT may never know they’re there. Nobody patches a device nobody knows they own, and nobody segments a device that isn’t in the asset inventory. CISA hasn’t seen active exploitation yet, so there’s still a window to get ahead of this one.”

John Carberry, Solution Sleuth, Xcape, Inc. adds this comment:

   “The discovery of CVE-2026-1670 in Honeywell CCTV cameras serves as a stark reminder that the surveillance systems safeguarding our critical infrastructure are frequently exposed to the public Internet. By leaving a “forgot password” API endpoint unauthenticated, Honeywell inadvertently enabled remote hijacking of device accounts. Attackers could simply redirect recovery emails to themselves, gaining unauthorized access.

   “This vulnerability, boasting a near-perfect CVSS score of 9.8, grants attackers a straightforward route from digital compromise to physical surveillance. This affects NDAA-compliant systems in government and industrial sectors. For Security Operations Center (SOC) teams, the presence of these devices on public-facing networks without VPNs or stringent access controls now constitutes an immediate liability.

   “This issue highlights a fundamental lapse in secure-by-design principles for hardware entrusted with protecting our most sensitive assets. As we increasingly adopt “smart” security solutions for our perimeters, it’s crucial to understand that an unpatched camera is not only a guardian, but it can also become an open portal for pivoting to other sensitive systems.

   “Organizations utilizing affected models must prioritize firmware updates, limit external access through network segmentation, and diligently monitor for any unauthorized configuration changes.

   “When your security cameras can be commandeered remotely, the watcher becomes the watched.”

The CISA does a lot of good work to keep people safe from a cybersecurity standpoint. Thus I would heed their warnings and take action ASAP when they appear.

Leave a comment »

Cayosoft Captures Record Market Momentum in 2025

Posted in Commentary with tags on February 19, 2026 by itnerd

Cayosoft today reported record growth, product innovation and customer momentum in 2025. Cayosoft significantly expanded its presence across enterprise and government sectors, adding the Internal Revenue Service (IRS), U.S. Department of War (DoW), CCL Industries, athenahealth, Australian Trade and Investment Commission, and Heartland Coca-Cola, among others. The company also invested in new technology innovations and earned industry accolades from Gartner, CISA, and other organizations.

Used by 90% of large organizations worldwide, Microsoft Active Directory and Entra ID remain the backbone of enterprise identity, serving as the central hub for managing permissions, logins, and access. Cayosoft delivers the industry’s only unified solution for identity security and operational resilience that supports all on-premises and cloud Microsoft environments, including Active Directory, Entra ID,  Microsoft 365, and Intune. 

In addition to expanding its customer base, Cayosoft achieved other significant milestones and accolades last year, including: 

Industry Recognition & Analyst Validation 

In 2025, Cayosoft earned expanded industry and analyst acclaim, including:

  • Named a finalist for the InfoWorld 2025 Technology of the Year Award in Cloud Backup and Disaster Recovery.
  • Affirmed the technical and economic advantages of Cayosoft Guardian Instant Forest Recovery by analyst firm Paradigm Technica, validating that the Cayosoft solution is at least 99% faster than specialized or general-purpose alternatives—setting a new industry benchmark for identity resilience.
  • Featured in seven Gartner reports in the last 12 months, including a newly released January 2026 report, Market Guide for Microsoft 365 Governance Tools, reinforcing Cayosoft’s growing influence and credibility with prominent analysts and enterprise buyers. 
  • Recognized by CISA and listed on the Secure by Design page, validating Cayosoft’s secure-by-default approach to identity governance and resilience.

Product Adoption, Innovation & Velocity

Cayosoft’s innovation engine saw one of its biggest years ever:

  • Secured SOC 2 Type II certification, reinforcing its commitment to enterprise-grade security and compliance and confirming that Cayosoft maintains robust, independently audited security controls that perform effectively over an extended period.
  • Delivered over 148 net-new features and enhancements in Cayosoft’s core platform in 2025, reflecting one of the most active innovation cycles in the company’s history.
  • Released Cayosoft Guardian Protector, the industry’s first free, always-on threat detection for Active Directory and Entra ID. 
  • Announced the upcoming Cayosoft Guardian SaaS to be generally available in Q2 2026.

Business Momentum, Customer Expansion & Adoption 

Cayosoft reported 76% year-over-year annual recurring revenue growth, driven by:

  • A significant increase in net-new enterprise customers and expanding adoption across highly regulated industries and complex environments. 
  • Continued strength in legacy AD vendor tool replacement business from Quest Software and Semperis.
  • Strong demand and traction from large enterprises and state, local and federal government organizations, including:
  • Heartland Coca-Cola
  • Australian Trade and Investment Commission
  • Los Angeles County Employees Retirement Association (LACERA)
  • CCL Industries
  • athenahealth
  • Internal Revenue Service (IRS)
  • U.S. Department of War (DoW) 
  • Yukon Hospital Organization

For more information about Cayosoft’s solutions for managing and protecting the modern Microsoft enterprise, visit cayosoft.com.  

Leave a comment »

Hackers Target Microsoft Entra Accounts in Device Code Vishing

Posted in Commentary with tags on February 19, 2026 by itnerd

It is being reported hackers are targeting technology, manufacturing, and financial organizations in campaigns that leverage device code phishing with voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts.

Unlike previous attacks that utilized malicious OAuth applications to compromise accounts, these campaigns instead leverage legitimate Microsoft OAuth client IDs and the device authorization flow to trick victims into authenticating.

This provides attackers with valid authentication tokens that can be used to access the victim’s account without relying on regular phishing sites that steal passwords or intercept multi-factor authentication codes.

Ensar Seker, CISO at SOCRadar, commented:

“This campaign is significant because it doesn’t break authentication, it abuses it. The OAuth 2.0 Device Authorization flow was designed for usability across limited-input devices, but attackers are now socially engineering users into completing legitimate device login prompts under the guise of IT support or security validation. By leveraging real Microsoft OAuth client IDs instead of malicious apps, adversaries avoid many traditional detection controls. The result is a valid authentication token issued by Microsoft itself, which means no password theft, no MFA bypass exploit, just human manipulation.

“What makes this especially dangerous for enterprises is that many security programs still focus heavily on credential phishing indicators, fake domains, cloned login pages and MFA fatigue. Device code phishing shifts the battlefield into token abuse and session hijacking. Once the attacker has a valid access token tied to Entra ID, they can move laterally into M365, SharePoint, Teams, and potentially pivot toward financial fraud or data exfiltration without triggering obvious alerts.

‘If ShinyHunters is indeed involved, it signals continued evolution from traditional data-theft extortion toward identity-centric compromise models. Identity is the new perimeter, and OAuth abuse is becoming a preferred entry point because it blends into normal authentication telemetry.

“From a defensive standpoint, organizations need to restrict or monitor the Device Authorization flow where not required, enforce Conditional Access policies that bind tokens to compliant devices, reduce token lifetimes, enable sign-in risk policies, and implement stronger session monitoring. Security teams should also train employees that legitimate IT will never ask them to manually enter device codes shared over the phone.

“This is not a vulnerability in Microsoft Entra, it’s a design feature being exploited through social engineering. The real lesson is that modern attacks increasingly weaponize legitimate cloud workflows rather than exploit technical flaws.”

This is a very good time to start looking at your Microsoft Entra setup to make sure that you are not vulnerable. Because now that this is being used by one group of threat actors, it will be used by others soon enough.

Leave a comment »

Liquibase Secure 5.1 Extends Modeled Change Control to Snowflake

Posted in Commentary with tags on February 19, 2026 by itnerd

Liquibase, the leader in Database Change Governance, today announced the release of Liquibase Secure 5.1, extending modeled Change Control to Snowflake. With 5.1, enterprises can govern Snowflake control plane changes with the same rigor and automation they already apply to schema evolution, closing a critical gap in data platform security, compliance, and AI readiness. Liquibase Secure 5.1 also expands database platform coverage, including new support for additional cloud and enterprise data stores.

Snowflake has become mission-critical infrastructure for analytics, data products, and AI initiatives. As organizations scale DataOps and internal developer platforms, Snowflake changes are no longer isolated technical updates. They are platform-level changes that impact trust, availability, and every downstream consumer. Yet many of the most consequential changes still happen outside standardized governance, often delivered as scripts with limited visibility, weak enforcement, and evidence that is difficult to assemble when it matters most.

Modeled Change Control for Snowflake

Liquibase Secure 5.1 treats key Snowflake control plane changes as first-class, modeled change types, rather than opaque scripts. That modeling enables precise policy enforcement, object-aware drift detection, and audit-ready evidence at the level where access, movement, and execution are defined.

With Liquibase Secure 5.1, data platform teams can govern Snowflake changes across access and security configuration, data sharing and movement, platform and cost controls, and automated execution, using standardized workflows across environments and teams.

Key outcomes include:

  • Stop risky Snowflake control plane changes before they reach production
  • Standardize how Snowflake changes are delivered across environments and teams
  • Automatically generate audit-ready evidence for every change
  • Detect drift and out-of-band updates to governed Snowflake objects
  • Recover faster with traceable, reversible changes and tested rollback procedures

This closes a long-standing gap for organizations that govern schema evolution, yet still struggle with over-permission creep, ungoverned data movement, and control plane drift that can undermine security posture and AI initiatives.

Built for DataOps, data products, and AI readiness

As Snowflake increasingly powers feature engineering, model training, and AI-driven decisioning, the blast radius of ungoverned change grows. A single access change can expose sensitive training data. An unreviewed sharing update can expand compliance scope. An execution change can silently alter business-critical logic. Liquibase Secure 5.1 helps data platform teams keep Snowflake predictable, auditable, and reliable as usage scales, without turning governance into a bottleneck.

Expanding database support across Liquibase’s industry-leading coverage

Liquibase Secure continues to deliver broad database coverage across 60+ platforms, from mainframe DB2 to cloud-native data stores. Liquibase Secure 5.1 expands support for Snowflake, Databricks, and MongoDB, and adds new platform support for Couchbase, AWS Keyspaces, DataStax Enterprise, and AlloyDB for Google Cloud. This breadth helps enterprises standardize change governance across heterogeneous environments using a single platform instead of stitching together siloed tools and processes. Teams can apply consistent workflows and generate unified, audit-ready evidence across their database estate, reducing operational overhead while preserving the flexibility to adopt new technologies without rebuilding governance each time.

Enterprise partnership, not just tooling

Liquibase brings more than a decade of frontline experience helping enterprises govern database change at scale. In addition to the platform, Liquibase provides hands-on professional services, a dedicated customer success organization, and ongoing advisory support to help teams operationalize Change Control across their delivery model.

Availability

Liquibase Secure 5.1 is available now. To learn more about Change Control for Snowflake and Database Change Governance, visit liquibase.com.

Leave a comment »

Compliance Scorecard Launches v10

Posted in Commentary with tags on February 19, 2026 by itnerd

As cyber insurers and regulators begin scrutinizing how AI is used in compliance workflows, Compliance Scorecard has launched v10 – a governed AI system designed to produce audit-ready compliance rather than conversational guesses.

The milestone 10th release introduces what the company calls a “GRC Context Engine” – AI that is visible, editable, and defensible. Unlike black-box AI tools that hide their reasoning, v10 exposes the governance layer to MSPs: every prompt can be viewed and modified, context is explicitly configured rather than inferred, and all changes are version-controlled.

v10 treats AI as a governed system of context and controls, not a conversational interface.

Why This Matters Now

Regulators, cyber insurers, and customers are changing the questions they ask. It is no longer sufficient to show a policy exists – organizations must demonstrate their people understood it. It is no longer enough to run an assessment – auditors want to know how conclusions were reached and why they should be trusted.

For MSPs adding AI to their compliance workflows, this creates a new category of liability: if you cannot explain what the AI did and why you trusted its output, you are taking on risk you cannot quantify or defend.

Built on Defensible Data

v10 builds AI capabilities on structured compliance data maintained in the Compliance Scorecard Vendor Tool, a free, publicly accessible database refined over several years with MSP community input. The dataset includes 1,200+ security tools from 866+ vendors, mapped to 101+ compliance frameworks with over 200,000 normalized control mappings – maintained to exclude marketing claims and keep compliance data accurate.

Governed by Design

v10 includes 30+ purpose-built AI prompts across 12 workflow categories – policy, assessment, analysis, recommendations, risk, reports, and evidence – each fully editable with version control. The platform supports multiple AI providers including OpenAI, Microsoft Azure OpenAI, Anthropic (Claude), and Google Gemini, with Bring Your Own Key functionality that keeps API credentials encrypted using AES-256.

From Acknowledgment to Informed Behavior

v10 reframes policy management around comprehension. The platform generates assessment questions from policy content, translates technical language into plain-language explanations at configurable reading levels, and documents that employees understood the policy before signing off – not just that they clicked “I agree.”

The ultimate objective is not policy acknowledgment, but informed behavior.

Availability

v10 is available immediately to all Compliance Scorecard customers. New customers can request a demo at compliancescorecard.com. All AI-powered features, including BYOK support, are included at no additional cost.

Leave a comment »

Abstract Launches AI-Gen Composable SIEM, Redefining the Future of Security Operations

Posted in Commentary on February 19, 2026 by itnerd

Abstract Security, the leader in streaming-first security data operations, today announced the launch of AI-Gen Composable SIEM, a new architectural standard for modern security operations built natively for AI, streaming data, and modular control. 

The launch follows a breakout 2025 for Abstract, including:

  • 380% year-over-year ARR growth
  • 280% increase in new customers
  • 240% net revenue retention
  • 40 strategic hires to support enterprise expansion

As security data volumes grow 25-30% annually as AI exhaust and multi-cloud complexity accelerate, traditional SIEM platforms have struggled to keep pace. AI-Gen Composable SIEM represents a fundamental shift away from monolithic architectures toward a modular, streaming-first model where ingestion, pipelines, storage, detection, AI triage, and response operate as composable building blocks.

What AI-Gen Composable SIEM Means

AI-Gen Composable SIEM introduces a system-of-systems architecture that enables organizations to:

  • Decouple data sources and destinations to eliminate vendor lock-in
  • Run detections in-stream for near real-time threat response
  • Tier and route data intelligently to reduce storage costs
  • Embed AI across workflows for triage, investigation, and response
  • Scale elastically across multi-cloud and hybrid environments

Unlike legacy platforms that centralize all functionality into a single stack, AI-Gen Composable SIEM allows enterprises to choose their architecture, deployment model, and analytics engines without sacrificing performance or control. 

From Signal to Scale

Abstract enters 2026 under the theme Signal to Scale, reflecting the company’s focus on expanding adoption of the AI-Gen model across enterprise and regulated markets.

Security leaders are increasingly prioritizing data strategy as the foundation of effective AI-driven security operations. By shifting analytics left into the data stream and embedding AI natively into detection and response workflows, Abstract customers report:

  • 65–75% reduction in SIEM-related costs
  • Faster mean time to detect (MTTD)
  • Faster mean time to respond (MTTR)

Founded in 2023, Abstract has raised $28.5 million across seed and Series A funding and continues to expand its enterprise footprint across Fortune 1000 and global organizations. Abstract prides itself with providing easy-to-use solutions, but also providing first class customer service for all customers and partners.

Abstract will be at RSAC in March and the team is available for product demonstrations and conversations. To schedule a meeting at RSA, visit this link.

Additional Information

Leave a comment »

Sumo Logic Expands EMEA Footprint with AWS European Sovereign Cloud and Swiss Data Center

Posted in Commentary with tags on February 18, 2026 by itnerd

Sumo Logic today announced it will expand regional availability of its AI-powered cloud security solutions to the AWS European Sovereign Cloud and AWS Swiss Data Center deployments. The new offerings will support European organizations with their data privacy, sovereignty, data residency and security needs as they support and expand their digital and AI strategies.

Analyst firm IDC predicts that 63% of organizations are now more likely to adopt sovereign cloud services in response to recent geopolitical events, and that spending on sovereign cloud services will reach more than $400 billion by 2029.

Further, according to new research from Sumo Logic with UserEvidence, 96% of security leaders say they’ve adopted AI to some extent. But those uses are still relatively nascent as products are still evolving, with only 9% using AI for incident triage and only 20% for automated incident response. This expands on the IDC analysis, which predicts that by 2028, 60% of multinational firms will split AI stacks across sovereign zones, tripling integration costs as regulatory fragmentation and supply chain risks slow strategic scaling.

Providing cloud security for AWS European Sovereign Cloud deployments

Sumo Logic will deliver its AI-powered Intelligent Security Operations Platform as part of the AWS European Sovereign Cloud, helping European companies and government entities implement cloud services while meeting strict rules on data residency and privacy. Companies will be able to run their infrastructure as part of an independent sovereign cloud and use Sumo Logic to log, track and secure those deployments over time.

Expanding cloud security and log analytics to AWS Swiss Data Center implementations

Sumo Logic will also deploy its platform in Switzerland to support enterprises that need faster in-country data residency to meet the Swiss Federal Act on Data Protection (FADP), as well as General Data Protection Regulation (GDPR) requirements. This move will expand Sumo Logic’s global footprint to the AWS Swiss Data Center, delivering the company’s agentic AI-powered log analytics platform and advanced SIEM to enterprises that require in-country data residency for regulatory compliance.

The new region supports enterprises operating in or serving Switzerland by offering localized processing over data sovereignty, which is especially relevant for organizations in highly regulated industries such as finance and the public sector.  The new data center will also provide a faster, low-latency environment for organizations in the country to take advantage of.

Resources:

Leave a comment »

« Older Entries
Newer Entries »