zero-trust
Safeguard articles tagged "zero-trust" — guides, analysis, and best practices for software supply chain and application security.
51 articles
Edge Appliances Are the Soft Underbelly: VPN Zero-Days as Initial Access in 2026
Check Point's CVE-2026-50751 and Cisco's seventh SD-WAN zero-day of the year are not isolated bugs — they are the same story. Here is why VPN and edge appliances keep becoming the front door for ransomware, and how to monitor and segment them.
Platformization vs Best-of-Breed: The 2026 Security Consolidation Debate
RSAC 2026 made it official: the industry is consolidating. But platform breadth buys you integration and data gravity at the cost of lock-in and concentration risk. Here is where consolidation genuinely helps, and where it quietly hurts.
Enterprise Browser Security: The Browser Is the New Endpoint for Agentic AI
RSAC 2026 made it official — the enterprise browser is where agentic AI and shadow AI now live, and the industry is racing to put controls there. Here is what actually shipped and what still does not add up.
Agentic AI Security: Gartner Says Most AI-Agent Attacks Will Be Access-Control Failures
Gartner predicts that through 2029, more than half of successful attacks against AI agents will exploit access-control issues — with prompt injection as the delivery mechanism. Here's why that framing matters more than the headline number.
After the Worms: A CI/CD Security Playbook for Developer Credentials in 2026
The 2026 npm and PyPI worms proved that a trusted release pipeline is a credential vault. Here is what IronWorm and Mini Shai-Hulud actually exploited, and how to harden CI/CD before the next one lands.
Shadow AI: Finding and Governing the Tools Your Employees Already Use
Most of your organization is already using AI you never approved. Here is how to discover it, govern it, and offer sanctioned alternatives before it becomes a breach.
Agentic AI Security: Access Control Is the Whole Ballgame
Gartner expects most successful attacks on AI agents through 2029 to exploit access control, with prompt injection as the delivery mechanism. Here is why that single failure mode dominates agentic AI security, and what actually moves the needle.
Checkmarx Zero Trust Deployment Guide 2026
A practical Checkmarx zero trust deployment guide for 2026: integrating Checkmarx One into a zero-trust SDLC with policy gates, identity, and signed artifacts.
Microservices security: authentication between services
Service-to-service auth stops lateral movement between microservices. Learn how mTLS, OAuth2, and SPIFFE/SPIRE secure internal calls in production.
RSAC 2026 Floor Report: Agentic AI Security, Platformization, and the Consolidation Debate
What the Moscone show floor actually said about platformization vs. best-of-breed, data sovereignty, and how agentic AI security rewrote the enterprise buying conversation at RSAC 2026.
RSAC 2026: Agentic AI, Shadow Tools, and the Quiet Return to the Endpoint
Agentic AI dominated RSA Conference 2026, but the harder story was shadow AI agents running unseen inside enterprises and a renewed scramble to secure the endpoint they live on.
How to Secure AI Agents on the MCP Protocol
MCP gives AI agents real tools, real credentials, and real blast radius. Here is a hardening guide for running MCP servers in production without torching your environment.