Security Insights
Deep dives, expert analysis, and practical guidance on exposure management, adversarial validation, and the future of AI-driven exposure management.
How Strobes AI Turns a Supply Chain Zero-Day into a Full Exposure Assessment in Under 30 Minutes
When the axios npm package was compromised on March 31, 2026, Strobes AI agents autonomously performed incident response, identified every exposed repository across the attack surface, and generated a complete exposure assessment with remediation tasks in under 30 minutes.
Axios npm Supply Chain Attack: 83M Weekly Downloads Compromised by Cross-Platform RAT
On March 31, 2026, attackers compromised the axios npm maintainer account and published backdoored versions deploying a cross-platform RAT to macOS, Windows, and Linux. Full incident breakdown with IOCs, detection guidance, and real-time AI-driven response.
Strobes AI: The Agent Stack Specialized for Offensive Security
A deep-dive into the multi-agent architecture behind Strobes AI — 12 purpose-built offensive security agents, the Skills system, Human in the Loop governance, and the architectural properties that make continuous exposure management viable at scale.
A Poisoned PyPI Package Quietly Hit 36 Percent of Cloud Environments Through LiteLLM
LiteLLM 1.82.7 and 1.82.8 silently swept AWS credentials, Kubernetes configs, and SSH keys from 3.4 million daily installs. Here is exactly what the payload did and how Strobes AI detects and shuts it down.
What is an Exposure Assessment Platform? The Complete Guide for Security Leaders
An Exposure Assessment Platform (EAP) is the connective tissue that unifies, normalizes, prioritizes, and mobilizes remediation across your entire attack surface. This guide covers how EAPs work, why they replace traditional vulnerability management, and how to evaluate one for your CTEM program.
Driving CTEM Adoption Across the Enterprise
Most enterprises are not short on security activity. They run scanners, onboard new tools, commission assessments, run internal reviews, and publish regular risk reports. Yet exposure still slips through. Incidents still trace back to issues that were already known. Teams still debate what matters m
Top 10 Exposure Management Platforms That Truly Reduce Risks
If you’ve owned security outcomes for any length of time, the shift is clear. Counting CVEs no longer tells you whether risk is actually going down. Attack surfaces expand continuously, change faster than teams can track, and traditional scanners struggle to show what attackers are actually exploiti
2025, The Year We Stopped Building Features and Started Building Outcomes
Let me be real with you. 2025 wasn't about launching a hundred features and patting ourselves on the back. It was about asking one uncomfortable question: Are we actually helping security teams reduce exposure, or are we just giving them another dashboard to stare at? The answer shaped everything we
Why Organizations Are Moving to CTEM
Security teams are facing exposure patterns that form and spread far faster than traditional assessment cycles can handle. A misconfigured cloud role created during an early-morning deployment can expose sensitive permissions before lunch. A forgotten internet-exposed asset can be scanned by automat
The Real Cost of Security Fatigue and How CTEM Brings It Down
Security fatigue is becoming one of the most overlooked challenges in cybersecurity today. A recent report by Sophos found that 85% of cybersecurity and IT professionals in the Asia-Pacific region are already experiencing burnout or fatigue. That means even before a major attack happens, many teams
Inside the CTEM Boom: Pioneers, Followers, and What Black Hat 2025 Made Clear
Black Hat 2025 had it all. Vegas heat outside, but inside the halls were packed with energy - nonstop conversations, bold ideas, and the kind of buzz you can’t fake. But one thing rose above everything else. I saw it on banners, heard it in pitches, and caught it in the hallway chatter. And honestly
CTEM vs ASM Explained: Choosing the Right Approach for Proactive Security
Security challenges for organizations have become increasingly complex. We often find ourselves contending with sophisticated threats that demand more than just reacting to incidents as they occur. There's a clear and pressing need to move towards a more proactive stance, one that provides comprehen