1. A Quiet Near-Miss in the Software Supply Chain In January 2026, the security community caught a glimpse of the future of software supply chain attacks. It was not a zero-day exploit, a malicious dependency, or a leaked signing key. It was something far more mundane, and far more dangerous: a name. Koi Security disclosed a subtle but serious weakness affecting several popular AI-powered IDEs, including Cursor, Windsurf, and Google Antigravity. These tools inherit Visual Studio Code’s...

In today’s digital landscape, organisations face an ever-growing array of cyber threats. To protect sensitive data and maintain operational integrity, it is essential to conduct a thorough vulnerability assessment process. This process helps identify weaknesses in systems, networks, and applications before attackers can exploit them. Understanding how to perform a comprehensive vulnerability assessment is a critical step in strengthening your cybersecurity posture. Understanding the...

The Industry Is Solving the Wrong AI Threats The industry is focused on blocking the wrong failures. While most AI security efforts concentrate on filtering toxic outputs and preventing obvious misuse, a far more dangerous class of risk is quietly emerging: instruction persistence . During a recent enterprise AI safety evaluation, we observed how a single, seemingly legitimate interaction could introduce instructions that persisted over time. These instructions shaped behaviour well beyond...