Latest news with #OWASP
Techday NZ
06-06-2025
- Business
- Techday NZ
Cobalt unveils platform updates to streamline pentesting workflows
Cobalt has announced a series of product enhancements within its Offensive Security Platform intended to assist customers in scaling security testing with greater clarity, automation, and control. The platform centralises access to security services provided by a team of pentesters, enabling organisations to identify and address vulnerabilities more efficiently across their environments. Features offered include faster pentest launches, real-time collaboration with testers, continuous scanning, and integration with remediation workflows. According to the company, these processes aim to support security teams in identifying critical issues and accelerating the mitigation of risks. The latest updates seek to provide customers with clearer risk prioritisation. Each finding within the platform now comes with standardised CVSS v3.1 scores alongside OWASP ratings, offering a measurable and objective understanding of vulnerability severity. Users are expected to be able to concentrate their remediation efforts on the most critical security issues first, potentially saving time and resources while maintaining their security posture. CVSS data are accessible via reports, CSV exports, the public API, and integrations. Deeper insight and increased trust in pentest results is also a focus of these enhancements. Final pentest reports now include a detailed Coverage Checklist with associated findings. This addition is designed to provide a comprehensive overview of testing scope and methodology, linking individual findings directly to test activities. This approach is intended to make it easier for users to analyse results and take appropriate action. For organisations dealing with recurring or retested vulnerabilities, workflow simplification is addressed through a new configuration option. Users can automatically associate findings carried over from previous reports with existing tracking tickets or generate new tickets for separate tracking. This is intended to save time and reduce confusion in vulnerability management processes. The process of launching a pentest has also been redesigned. The platform now provides an intuitive flow in which users can select from a range of pentest options, customise requirements - such as requesting a debrief call - and place their order in a matter of minutes. Cobalt describes this as making launching a pentest as simple as ordering a pizza, with the goal of improving the user experience and accelerating the initiation of testing. Boris Diebold, Chief Technology Officer at HeyJobs, commented, "These updates are all about delivering more impactful and efficient testing. The clearer reporting and streamlined workflows help us understand and address our security risk with more confidence and speed." Discussing the direction of the platform, Jason Lamar, SVP of Product at Cobalt, said, "These innovations mark the next chapter in the evolution of offensive security services. We're building toward a future where pentesting is continuous, deeply integrated into development workflows, and backed by data that drives real security outcomes - not just compliance. The Cobalt Platform is redefining what it means to test smarter, not harder." The enhancements are intended to make pentesting more actionable and transparent, whether an organisation is launching a test in a short timeframe, integrating insights directly into development pipelines, or supporting compliance reporting. The platform continues to prioritise usability, integration capabilities, and the timely remediation of vulnerabilities, as it serves security and development operations teams dealing with changing and emerging security threats.
TECHx
28-05-2025
- Business
- TECHx
Qualys TotalAI Enhances LLM Security Features
Home » Tech Value Chain » Global Brands » Qualys TotalAI Enhances LLM Security Features Qualys, Inc. (NASDAQ: QLYS) has announced major updates to its Qualys TotalAI solution. The enhancements aim to secure the complete MLOps pipeline, from development to deployment. The company revealed that organizations can now test large language models (LLMs) more rapidly, even during development cycles. These updates bring stronger protection against new threats and introduce on-premises scanning with an internal LLM scanner. As AI adoption accelerates, security remains a critical concern. A recent study reported that 72% of CISOs are worried generative AI could cause breaches. Enterprises need tools that balance innovation with secure implementation. Tyler Shields, principal analyst at Enterprise Strategy Group, emphasized the importance of security. He noted that Qualys TotalAI allows only trusted, vetted models in production, helping organizations manage risk while remaining agile. Qualys TotalAI addresses AI-specific risks. It tests models for jailbreak vulnerabilities, bias, sensitive data leaks, and threats aligned with the OWASP Top 10 for LLMs. The solution goes beyond infrastructure checks and supports operational resilience and brand trust. Key updates include: Automatic risk prioritization: Using MITRE ATLAS and the Qualys TruRisk™ engine, risks are scored and ranked for faster resolution. Secure development integration: On-premises LLM scanning enables in-house testing during CI/CD workflows, improving agility and protection. The platform also detects 40 types of attack scenarios. These include jailbreaks, prompt injections, bias amplification, and multilingual exploits. These scenarios simulate real-world tactics to improve model resilience. Another update is protection from cross-modal exploits. TotalAI can now detect manipulations hidden in images, audio, and video files meant to alter LLM outputs. Sumedh Thakar, president and CEO of Qualys, said the solution offers visibility, intelligence, and automation across AI lifecycles. He added that TotalAI helps companies innovate confidently while staying ahead of emerging threats. Qualys TotalAI is now positioned as one of the most comprehensive AI security solutions available today.
Channel Post MEA
28-05-2025
- Business
- Channel Post MEA
Qualys Updates TotalAI Solution
Qualys has announced major updates to its TotalAI solution to secure organizations' complete MLOps pipeline from development to deployment. Organizations will now be able to rapidly test their large language models (LLMs), even during their development testing cycles, with stronger protection against more attacks and on-premises scanning powered by an internal LLM scanner. With the current rush of AI adoption, organizations are moving at an unprecedented pace – often without implementing foundational security controls necessary to manage risk. A recent study revealed 72% of CISOs are concerned generative AI solutions could result in security breaches for their organizations. Enterprises need a better solution to bridge the gap between innovation and secure implementation. As AI becomes a core component of business innovation, security can no longer be an afterthought,' said Tyler Shields, principal analyst at Enterprise Strategy Group. 'Qualys TotalAI ensures that only trusted, vetted models are deployed into production, enabling both agility and assurance across organizations' AI usage. This security helps organizations achieve their innovation goals while managing their risk.' Qualys TotalAI is purpose-built for the unique realities of AI risk, going beyond basic infrastructure assessments to directly test models for jailbreak vulnerabilities, bias, sensitive information exposure, and critical risks mapped to the OWASP Top 10 for LLMs. Taking a risk-led approach, TotalAI not only finds AI-specific exposures — it helps teams resolve them faster, protect operational resilience, and maintain brand trust. TotalAI delivers: Automatic Prioritization of AI Security Risks : Findings are mapped to real-world adversarial tactics with MITRE ATLAS and automatically prioritized through the Qualys TruRisk scoring engine, helping security, IT, and MLOps teams zero in on the most business-critical risks. : Findings are mapped to real-world adversarial tactics with MITRE ATLAS and automatically prioritized through the Qualys TruRisk scoring engine, helping security, IT, and MLOps teams zero in on the most business-critical risks. Faster, Safer AI Application Development: With the new internal on-premises LLM scanner, organization can now incorporate comprehensive security testing of their LLM models during development, staging, and deployment – all without ever exposing models externally. This shift-left approach, incorporating security and testing of AI-powered applications into existing CI/CD workflows, strengthens both agility and security posture, while ensuring sensitive models remain protected behind corporate firewalls. With the new internal on-premises LLM scanner, organization can now incorporate comprehensive security testing of their LLM models during development, staging, and deployment – all without ever exposing models externally. This shift-left approach, incorporating security and testing of AI-powered applications into existing CI/CD workflows, strengthens both agility and security posture, while ensuring sensitive models remain protected behind corporate firewalls. Enhanced Defense Against Emerging AI Threats: TotalAI now expands to detect 40 different attack scenarios, including advanced jailbreak techniques, prompt injections and manipulations, multilingual exploits, and bias amplification. The expanded scenarios simulate real-world adversarial tactics and strengthen model resilience against exploitation, preventing attackers from manipulating outputs or bypassing safeguards. TotalAI now expands to detect 40 different attack scenarios, including advanced jailbreak techniques, prompt injections and manipulations, multilingual exploits, and bias amplification. The expanded scenarios simulate real-world adversarial tactics and strengthen model resilience against exploitation, preventing attackers from manipulating outputs or bypassing safeguards. Protection from Cross-modal Exploits with Multimodal Threat Coverage: TotalAI's enhanced multimodal detection identifies prompts or perturbations hidden inside images, audio, and video files that are designed to manipulate LLM outputs, helping organizations safeguard against cross-modal exploits. 'AI is reshaping how businesses operate, but with that innovation comes new and complex risks,' said Sumedh Thakar, president and CEO of Qualys. 'TotalAI delivers the visibility, intelligence, and automation required to stay agile and secure, protecting AI workloads at every stage — from development through deployment. We are proud to lead the way with the industry's most comprehensive solution, helping businesses innovate with confidence, while staying ahead of emerging AI threats.' 0 0
Techday NZ
23-05-2025
- Business
- Techday NZ
Radware named leader for AI-driven API security by GigaOm
Radware has been recognised as a Leader and Fast Mover in the GigaOm Radar for Application and API Security. The GigaOm Radar evaluated 16 leading application and API security solutions, aiming to assist organisations in making informed decisions about their security investments. Radware received particular recognition for its approaches to vulnerability detection, account takeover protection, and bot management. The report highlighted Radware's coverage of key industry benchmarks. According to the GigaOm Radar, "Radware's comprehensive coverage of OWASP Top 10 web application security risks and Top 10 API security vulnerabilities, coupled with real-time adaption capabilities, demonstrates a cutting-edge approach to AI-enhanced vulnerability detection that goes beyond the basics to offer advanced protection and automated response." The company's machine-learning-driven approach to detecting and mitigating attacks was also noted. GigaOm wrote, "Radware's system also includes ML-based anomaly detection that can identify anomalies on targeted endpoints and automatically push real-time signatures to mitigate attacks, demonstrating a proactive and adaptive approach to account takeover protection that goes beyond standard measures." GigaOm further commented on Radware's multilayered security strategy, stating, "Radware earned a strong score due to a multilayered strategy that includes preemptive protection to block unwanted IPs and identities, AI-powered behavioral-based detection that catches threats others might miss, and advanced mitigation offering a wide range of granular and accurate options." Connie Stack, Chief Growth Officer at Radware, addressed the increasing demands being placed on application and API security in the current landscape. "Organizations are increasingly relying on web applications and APIs to operate their businesses, generate revenue, and engage customers, which is why keeping them secure has become so important—and more difficult," said Stack. "Our advanced AI and machine learning technologies offer customers real-time, state-of-the-art protection across an attack surface and threat landscape that is constantly evolving. We are honoured to be recognised among the market's leading providers of application and API security solutions by GigaOm." Radware's Cloud Application Protection Service comprises a suite of security features, including bot detection and management, API protection, a web application firewall (WAF), client-side protection, and application-layer DDoS protection. These capabilities are combined with end-to-end automation, behavioural-based detection, and 24/7 managed services. The offering is designed to deliver high standards of application protection while aiming to reduce false positives for its customers. The company has also received additional awards and recognitions for its application and network security solutions from other analysts in the field, including Aite-Novarica Group, Forrester, Gartner, KuppingerCole, and QKS Group. Radware provides cloud application, infrastructure, and API security solutions with the use of AI-driven algorithms intended to deliver real-time protection against a range of web, application, DDoS, API abuse, and bot-related threats. The organisation serves enterprises and carriers worldwide, supporting their efforts to address cybersecurity challenges and safeguard their business operations.
Forbes
01-04-2025
- Business
- Forbes
How To Secure Non-Human Identities With Modern IAM
Rajat Bhargava is an entrepreneur, investor, author and currently CEO and cofounder of JumpCloud. getty Every second, hundreds of automated processes and service accounts access sensitive data without human oversight. These non-human identities (NHIs)—spanning API keys, secrets, tokens and service accounts—operate behind the scenes to power cloud applications, automation and microservices. NHIs authenticate and execute automated processes between cloud applications and third-party integrations; they allow applications, virtual machines and scripts to access resources securely; and they can generate cryptographic credentials that encrypt and validate communications between automated processes—to name just a few of their uses. The number of NHIs is growing as organizations race to innovate—or just keep pace with digital transformation. NHIs now often outnumber human users, creating a sprawling network of identities that require immediate attention. Modern architectures—from DevOps pipelines to serverless computing—rely heavily on NHIs. This creates opportunities for bad actors, where multiple permissions, when exploited together, can lead to catastrophic breaches. Left unsecured, NHIs become prime targets for cyberattacks. OWASP released its 2025 top 10 risks associated with NHIs, highlighting that a lack of monitoring, excessive permissions and credential mismanagement are just a few of the key issues that can lead to unauthorized access, attacks on infrastructure and data breaches. Unauthorized or poorly managed NHIs can inadvertently grant attackers lateral movement across systems. Such shadow access invites attackers to exploit systems, exposing sensitive data and resources without anyone even knowing. Security teams often struggle to track these interactions due to the complexity of managing NHIs across cloud and on-premises resources. Legacy identity and access management (IAM) systems are typically ill-equipped to handle the nuances of NHIs. Designed primarily for human users, these systems have two key weaknesses in relation to NHI. • Lack Of Visibility: Legacy IAM systems fail to provide insight into how NHIs interact with resources, leaving organizations with significant blind spots. • Focus On A Reactive Approach (Versus Proactive): Vulnerabilities are detected only after exploitation, limiting the ability to proactively secure systems. Modern IAM must evolve to secure NHIs by leveraging automated detection, risk prioritization and real-time analytics to mitigate risks before they escalate. To address the growing risks associated with NHIs, here are five best practices for organizations to adopt proactive strategies: 1. Establish full visibility. Use tools like risk engines and query analytics to map IAM vulnerabilities across NHIs. This approach reveals patterns of cloud data exposure, excessive privileges or overlapping permissions and exploitability. SaaS management capabilities can help reveal which vulnerabilities carry the greatest potential impact. 2. Automate risk detection and remediation. Deploy automated detection mechanisms to identify and address lateral movement, chained access and other high-risk scenarios. Ensure continuous monitoring and timely alerts to reduce reaction times and strengthen overall security posture. 3. Establish governance for NHIs. Implement strict policies to govern NHIs, such as enforcing expiration dates for access keys and conducting regular audits of service accounts. Secure service principles and tokens by aligning with established frameworks that include governance recommendations. 4. Integrate proactive security measures. Adopt a risk-driven IAM strategy that prioritizes areas with the highest exposure and exploitability. Implement a system for monitoring SaaS usage and leverage operational data to predict vulnerabilities and prevent breaches before they occur. 5. Educate and empower security teams. As with all areas of cybersecurity, employees can be a robust bulwark or an extraordinary vulnerability. Regularly provide specialized training on the risks posed by NHIs and equip teams with tools that focus on high-priority threats to minimize alert fatigue. 6. Move to more modern security postures for NHIs. API keys are useful and easy, but there are better ways of providing secure authentication for NHIs. Leverage signed JSON Web Tokens (JWTs) for authentication so that they can't be reused if compromised. Use role-based access where you don't need to have a static credential. The rapid adoption of cloud technologies and automation has made securing NHIs a top priority. It has also made clear that traditional IAM approaches fail to meet the challenges they introduce. Organizations must evolve their strategies to gain visibility, automate remediation and establish robust governance frameworks. Securing NHIs isn't just about reducing risk; it's about future-proofing your organization in an increasingly automated world. Given the acceleration of automation and cloud adoption, adopting an IAM strategy that addresses NHI vulnerabilities isn't just a priority—it's mission critical. The question isn't whether your existing IAM approach is up to the task, but how quickly your organization can rise to the challenge. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
