Blog

Security debt is becoming a governance issue for CISOs

Application security backlogs keep expanding across large development portfolios. Veracode’s 2026 State of Software Security Report puts numbers behind a familiar operational pattern, fixes lag discovery, and older weaknesses stay open across release cycles. 2026 findings against the 2025 baseline (Source: Veracode) The analysis spans 1.6 million unique applications that underwent static analysis, dynamic analysis, software composition analysis, and manual penetration testing through Veracode’s platform. The scope covers commercial software suppliers, outsourcers, and open source … More → The post Security debt is becoming a governance issue for CISOs appeared first on Help Net Security.
http://news.poseidon-us.com/TRF3z3

BlacksmithAI: Open-source AI-powered penetration testing framework

BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. A multi-agent structure for offensive workflows BlacksmithAI runs as a hierarchical system in which an orchestrator coordinates task execution across specialized agents. Each agent maps to a common penetration testing function. The recon agent handles attack surface mapping and information gathering. The scan and enumeration agent performs service discovery. A vulnerability analysis agent evaluates … More → The post BlacksmithAI: Open-source AI-powered penetration testing framework appeared first on Help Net Security.
http://news.poseidon-us.com/TRDxbt

When cyber threats start thinking for themselves

In this Help Net Security video, Jason Rivera, Field CISO & Head of Solution Engineering at SimSpace, discusses how autonomous AI agents are changing cyber threats. Drawing on experience in the US Army, NSA, Deloitte, and CrowdStrike, he describes how security teams have traditionally measured risk through volume, speed, and sophistication. He outlines how AI-driven agents operate without waiting for human input. Phishing campaigns can run continuously. Network movement can happen through automated path discovery. … More → The post When cyber threats start thinking for themselves appeared first on Help Net Security.
http://news.poseidon-us.com/TRDxbp

AI risk moves into the security budget spotlight

Enterprises are pushing AI deeper into workflows that touch sensitive data across cloud platforms and SaaS apps. The 2026 Thales Data Threat Report, based on a survey of 3,120 respondents in 20 countries, places that shift alongside growing pressure on data protection, identity controls, and cloud security. A dedicated budget for AI security is becoming more common. Thirty percent of respondents report having a dedicated AI security budget, up from 20% in the prior year. … More → The post AI risk moves into the security budget spotlight appeared first on Help Net Security.
http://news.poseidon-us.com/TRDxZp