Expert Analysis – Help Net Security

Expert analysis Archives – Help Net Security Daily information security news with a focus on enterprise security.

  • The MDR renewal question: What changes when AI can handle the alerts
    by Help Net Security on July 15, 2026 at 5:00 am

    For most of the past decade, the managed detection and response (MDR) decision was a simple one: teams that couldn’t staff a 24/7 SOC outsourced detection and response to a provider who could. It solved a resources problem, and the alternatives (hiring a team you couldn’t afford or keeping a functional set of SOAR playbooks across an expanding alert surface) were worse. But a growing number of security leaders are looking at their next MDR … More → The post The MDR renewal question: What changes when AI can handle the alerts appeared first on Help Net Security.

  • Why SBOMs, signing, and provenance still don’t tell you if software is safe
    by Help Net Security on July 13, 2026 at 6:30 am

    We have made real progress in software supply chain security, improving visibility into software components, authenticity and build integrity. Much of this progress traces back to Executive Order 14028, which pushed agencies, contractors and enterprises to invest in SBOMs, signing and provenance. All of that matters, but it is not enough. The current software trust model still stops short of the question that determines risk at execution: What is this code capable of doing if … More → The post Why SBOMs, signing, and provenance still don’t tell you if software is safe appeared first on Help Net Security.

  • July 2026 Patch Tuesday forecast: Is CVE tracking still practical?
    by Help Net Security on July 10, 2026 at 7:30 am

    I was off by a month in my forecast of record-setting CVE releases from Microsoft. In June, we saw the deluge of over 200 reported CVEs that I expected in May. There were 116 CVEs for Windows 11 and 104 for Windows 10. In addition, we saw large numbers in both common applications like Office and SharePoint Server as well as the host of development tools and libraries like Visual Studio and .NET. Will the … More → The post July 2026 Patch Tuesday forecast: Is CVE tracking still practical? appeared first on Help Net Security.

  • How to implement a continuous offensive security testing program
    by Help Net Security on July 8, 2026 at 4:30 am

    The hard part was never finding the exposure. It was deciding what to do about it: whether to patch, mitigate, monitor, or accept, and banking that that decision would still hold tomorrow. A penetration test answers this question for the day it runs, then quietly expires. The environment shifts, a control drifts, a new technique lands, and the report now describes a network that no longer exists. That gap, between finding an exposure and trusting … More → The post How to implement a continuous offensive security testing program appeared first on Help Net Security.

  • How to prioritize AI agent security by business impact
    by Help Net Security on July 6, 2026 at 6:30 am

    Your CEO calls about an AI agent security incident in finance. He wants to know whether money moved, whether financial data was exposed, who owned the agent and why it had this level of access. The agent was connected to a spend management application to reconcile invoices, summarize vendor contracts and flag unusual payment activity. The breakdown occurred when the employee who configured it left and the OAuth grant remained active, allowing the agent to … More → The post How to prioritize AI agent security by business impact appeared first on Help Net Security.

  • What a financial planner taught me about cybersecurity
    by Help Net Security on July 1, 2026 at 6:30 am

    When I spoke at a recent cybersecurity awareness event for financial planners and tax advisors, the audience really engaged with the subject. As happens at conferences the world over, people often come up to speakers to ask follow-up questions, or just give their feedback about points made during the presentation. This time, it struck me how many of them said they had been scared by what they heard during my talk. As I made my … More → The post What a financial planner taught me about cybersecurity appeared first on Help Net Security.

  • EU Cybersecurity Act 2.0: When good regulation goes bad
    by Help Net Security on June 16, 2026 at 5:30 am

    Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain attacks targeting our critical infrastructure, that seriousness is welcome. But good intentions and good policy are not the same thing, and the proposed EU Cybersecurity Act 2.0 is starting to look a lot more like the former than the latter. The problem with CSA 2.0 The original EU Cybersecurity Act, which … More → The post EU Cybersecurity Act 2.0: When good regulation goes bad appeared first on Help Net Security.

  • The rise of machine identities and agentic AI: Securing trust in the next era of digital autonomy
    by Help Net Security on June 16, 2026 at 5:00 am

    In the latest episode of Identity Insider, I sat down with Chris Hughes, a cybersecurity expert who’s involved in OWASP’s work on non-human and machine identity security. Unsurprisingly, our discussion centered on the rapidly changing cybersecurity landscape, driven by the rise of artificial intelligence (AI), particularly agentic AI, which is giving systems unprecedented autonomy within the enterprise. You can watch our full discussion here: The conversation reinforced something I’ve been thinking about for a while: … More → The post The rise of machine identities and agentic AI: Securing trust in the next era of digital autonomy appeared first on Help Net Security.

  • How to use NIST and ISO frameworks to govern AI agents
    by Help Net Security on June 12, 2026 at 6:00 am

    Security leaders no longer need convincing that AI agents introduce risk. What’s missing is how to govern them once they move into production and begin operating autonomously across enterprise environments. AI agents already read sensitive documents, invoke internal APIs, trigger workflows, and make decisions that still require human judgment. From a security perspective, the most important shift is not their intelligence, but their behavior and intent, since they carry delegated authority, operate autonomously, and often … More → The post How to use NIST and ISO frameworks to govern AI agents appeared first on Help Net Security.

  • The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic
    by Help Net Security on June 9, 2026 at 6:00 am

    The advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism. Patching is, by definition, a reactive approach to security. It cannot occur until after a vulnerability is discovered and a vendor fix is made available, an operational delay that all too often lands well after an exploit is already weaponized in the wild. … More → The post The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic appeared first on Help Net Security.

Share Websitecyber
We are an ethical website cyber security team and we perform security assessments to protect our clients.