Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Five Principles of an Accountable AI Agent Network: How to Evaluate Any Governance Platform

The first post in this series argued that AI agent governance hasn’t kept pace with deployment. The second laid out the five pillars of accountability, and what is required. The third walked through why network policies, API gateways, MCP/A2A protocols, DIY security patterns, and Role-based Access Control (RBAC) each leave critical accountability gaps. So what does good look like? The five pillars define what AI agent accountability requires.

Kubernetes Operational Maturity: Why You Should Modernize Your Ingress with Gateway API

SIG Network introduced Ingress in 2015 as a minimal way to expose HTTP services from a cluster. That simplicity was an advantage at a time when most workloads were HTTP, clusters were single-tenant, and the occasional gap could be papered over with a vendor annotation.

Stop Building AI Agents That Can't Be Audited

AI agents have moved beyond experimentation. Today, they schedule meetings, process invoices, respond to customers, analyze contracts, update records, and make decisions that directly affect business operations. As organizations race to automate more workflows, one critical question is often overlooked: Can you explain exactly what your AI agent did, why it did it, and how it reached that decision?

Why Your Vendor Monitoring Strategy Has a Blind Spot: The Case for Continuous TPRM

You monitor everything. Network traffic, application performance, authentication events, infrastructure health. If something meaningful changes in your environment, you have a signal for it. That discipline is foundational to how modern IT and security operations work. But there is one part of your stack you almost certainly cannot see in real time: your vendors.

Why Critical Vulnerabilities Often Get Stuck in Remediation Queues

Critical vulnerabilities rarely fail because engineers can't patch. They fail because organizations can't decide. That sounds like an insult. It's a diagnosis. A queue forms when work competes, when ownership blurs, when risk turns into an abstract noun that nobody can put on a calendar. Security teams shout in numbers, CVSS, exploitability, and blast radius. Product teams answer in dates, revenue, and churn. Operations teams answer with uptime and the bitter memory of the last "quick fix" that took down production at 2 a.m. The queue becomes a diplomatic zone where everyone stays polite, and the bug stays alive.

Why Most Organizations Still Don't Know What's Protected

Organizations invest heavily in cybersecurity tools, yet many still struggle to confidently understand what is actually protected across their environment. This blog explores how disconnected systems, unknown assets, and inconsistent data create blind spots, and how Teneo’s Cyber Asset Attack Surface Management (CAASM), powered by ThreatAware, helps organizations gain a trusted view of security coverage.

Enforce Artifact Governance with OPA Policy-as-Code | Harness Artifact Registry

Artifact governance should not depend on manual checks. But for many teams, container images, software packages, and open-source dependencies are imported into registries from multiple internal and external sources. Without automated guardrails, vulnerable images, untrusted packages, end-of-life dependencies, or non-compliant artifacts can reach developers and delivery pipelines.

Why Security Teams Spend So Much Time Reconciling Data

Security teams today are managing growing volumes of cybersecurity data across increasingly complex environments. This blog explores the hidden operational cost of disconnected tools, manual data reconciliation, and fragmented reporting, and how Teneo’s Cyber Asset Attack Surface Management (CAASM), powered by ThreatAware, helps organizations create a more unified and trusted view across their security estate. Most organizations are not short of security tools.

Top Semgrep Alternatives

Application security has recently become one of the most important parts of software development. Today, there is an increasing number of threats that target code, dependencies, and cloud environments, so developers need tools that go way beyond basic static analysis. Semgrep is a popular tool for code scanning (SAST), but many teams are looking for other alternatives that provide broader security coverage, better automation capabilities, or just easier workflows.

Certificate lineage: the concept your tools already use but nobody named

The word “certificate” means too many different things. When someone says “the certificate for example.com,” they might mean the public key the CA signed. They might mean the key-pair sitting on the filesystem. They might mean the signature that expires in 47 days. Or they might mean all the things together, that you’ve been renewing for the last 10 years. That last one doesn’t have a name in any PKI standard. And it should.