News for today:
- [Silverfort] Strategic alliance on identities with SentinelOne. Silverfort and SentinelOne announced a strategic alliance for securing identities (of multiple types) in the era of AI-enabled attacks, with tight alignment between Silverfort Runtime Identity Security and SentinelOne Singularity. Through this partnership, Silverfort and SentinelOne are directly addressing this challenge by securing identity at runtime, resulting in faster containment, reduced lateral movement & privilege escalation. Silverfort’s expertise in discovering and securing AI Agents, non-human identities, combined with SentinelOne’s leadership in AI-powered detection and its expansion into AI security, establishes a foundation for securing environments where humans, machines, and AI agents operate simultaneously and autonomously. Silverfort
- [NinjaOne] Updates to the Backup engine. NinjaOne redesigned its backup engine, added AI-driven boot verification, and improved its compliance controls. NinjaOne Backup embeds device backup and SaaS backup directly into the NinjaOne Unified IT Operations Platform. NinjaOne Backup leverages the platform’s lightweight, unified agent so every managed device is backup-ready. Alongside NinjaOne Device Backup, NinjaOne SaaS Backup protects the cloud applications organizations depend on (Microsoft 365, Google Workspace, and Microsoft Entra) with automated backups, granular recovery, and compliance controls. With one console, organizations get complete visibility into the health of their backups across every workload, with the automation and controls they need to protect data, meet compliance requirements, and recover quickly. NinjaOne said 15,000 customers use its Backup offering. NinjaOne
- [HackerOne] Managing the surge in AI-discovered vulnerabilities. HackerOne announced h1 Validation, for continuous validation and remediation capabilities in light of the rapid increase in new AI-discovered vulnerabilities. h1 Validation … handles high volumes of vulnerabilities and increasingly complex attack paths at scale. By rapidly validating exploitability and prioritizing real risk, the offering helps security and engineering teams respond faster to vulnerabilities that can be exploited by adversaries. HackerOne
- [Datadog] Operational complexity holding back AI scaling. New research from Datadog argues that operational complexity is what’s holding AI back now, not model intelligence. Nearly seven in ten companies (69%) now use three or more models alongside increasingly complex agent workflows. Around 5% of AI model requests fail in production, with nearly 60% of those failures caused by capacity limits – leading to slowdowns, errors, and broken experiences in AI-powered applications. Datadog
- [Aikodo] Endpoint Protection for developer devices. Aikodo’s new Endpoint Protection is built to protect developer devices from software supply chain attacks. So aren’t developer devices protected by existing tools? No. That’s the thing. The security tools most companies rely on, traditional endpoint protection (EDR) for detecting threats on the operating system and device management (MDM) for managing what gets installed, were built for a world of signed binaries and operating system attacks. And they definitely weren’t built for today’s developers. The software being installed on developer machines today is code packages, IDE extensions, browser extensions, AI tools, and MCP servers. Plaintext, uncompiled software. EDR doesn’t see npm install. MDM doesn’t know what an MCP extension does. Aikodo
- [Semperis] Identity security assessments for Microsoft GCC High. Semperis added support for Microsoft Government Community Cloud High environments to Purple Knight, for assessing the security of Active Directory and Entra ID deployments. GCC High is the cloud environment purpose-built by Microsoft to meet the stringent FedRAMP High, ITAR, and DFARS compliance requirements that most government agencies must adhere to. Until now, federal agencies and defense organizations running GCC High tenants were unable to take advantage of Purple Knight’s Entra ID assessment scanning capabilities. Agencies could assess their on-premises Active Directory health but lacked the ability to extend that same assessment into their GCC High cloud identity environment. Semperis