Opinion & Analysis
Commentary
Practitioner perspectives on security strategy, threat trends, and industry challenges. Opinionated, argued from experience, and written for professionals in the trenches — not the boardroom.
RSS feed →The Hallucination Problem in Your AI Security Tools Is Not Getting Fixed
A new paper by Vishal Sikka and Varin Sikka uses settled computational complexity theory to prove that transformer hallucinations and fixed reasoning depth are architectural facts, not engineering failures. For security practitioners building operational dependencies on LLM-based tools, the implication is uncomfortable: the limitations most vendors are implicitly promising to train away cannot be trained away. They are proven.
CipherWatch Editorial
Security Intelligence Platform
AI Has Learned to Find Bugs Faster Than We Can Fix Them
Claude Mythos discovering thousands of zero-days confirms what was already theoretically obvious: AI vulnerability research is orders of magnitude faster than human-paced remediation. The industry's response — private disclosure programmes — is a delay mechanism, not a solution to the structural asymmetry between discovery speed and patch deployment speed.
CipherWatch Editorial
Security Intelligence Platform
The Shared Responsibility Model Is a Liability Shield, Not a Security Framework
McGraw Hill's statement that its Salesforce breach 'appears to be part of a broader issue involving a misconfiguration within Salesforce's environment' exposes what the shared responsibility model actually is: a contractual arrangement that tells you who to blame after a breach, not a security control that prevents one.
CipherWatch Editorial
Security Intelligence Platform
Patch Tuesday Is Not a Patching Programme
Every second Tuesday, the industry runs a collective sprint to triage, test, and deploy hundreds of Microsoft patches before the next cycle begins. We call this a patching programme. It isn't. It's a treadmill — and the real security question is whether we're measuring the right thing.
CipherWatch Editorial
Security Intelligence Platform
Security Awareness Training Is Solving the Wrong Problem
We spend billions every year teaching employees not to click malicious links. The same employees work in environments where clicking a malicious link can collapse the company. The problem isn't the clicking.
CipherWatch Editorial
Security Intelligence Platform
TOTP MFA Is Security Theatre and We Need to Admit It
Adversary-in-the-Middle toolkits that defeat time-based one-time passwords are commercially available for under £400. The security industry's continued recommendation of TOTP as meaningful phishing protection is not a minor technical nuance — it is a significant misrepresentation of what MFA actually protects against in 2026.
CipherWatch Editorial
Security Intelligence Platform
The CISO Role Is Structurally Broken — and Fixing It Requires Honesty About Why
The average CISO tenure is 18 to 26 months. We treat this as a talent pipeline problem. It isn't. It's a governance problem that the industry has been unwilling to name clearly for fifteen years.
CipherWatch Editorial
Security Intelligence Platform
The Threat Intelligence Report That Nobody Reads
Most organisations have a threat intelligence subscription. Fewer have a threat intelligence programme. The gap between the two is not a budget problem — it is a clarity problem about what intelligence is actually for, and it costs the industry significantly in both money and security posture.
CipherWatch Editorial
Security Intelligence Platform
Vendor Security Ratings Are a Confidence Trick — And We Keep Buying Them
The third-party security ratings industry has built a billion-dollar business on a simple premise: that an outside-in scan of your suppliers' infrastructure tells you something meaningful about their security posture. It doesn't. And the gap between what these tools imply and what they deliver is creating a false sense of supply chain security in boardrooms everywhere.
CipherWatch Editorial
Security Intelligence Platform
Ransomware in Healthcare Is a Patient Safety Crisis, Not an IT Problem
The ransomware attack on ChipSoft paralysing 80% of Dutch hospitals and the Anubis attack on Signature Healthcare this week are not data breach incidents with clinical inconvenience as a side effect. They are patient safety events. The healthcare sector's continued treatment of ransomware as a cybersecurity problem rather than a clinical risk is costing lives.
CipherWatch Editorial
Security Intelligence Platform
BYOVD Is a Commodity Technique Now — Your EDR Vendor Knows
Qilin's Warlock toolkit, capable of disabling over 300 security tools using Bring Your Own Vulnerable Driver techniques, is not a nation-state capability — it is an affiliate-accessible ransomware tool. EDR is a necessary control. It is not a sufficient one, and the industry's marketing has outpaced what the technology can actually guarantee.
CipherWatch Editorial
Security Intelligence Platform
Active Directory Keeps Getting Owned Because We Keep Letting It
A Kerberos authentication bypass and an Active Directory privilege escalation were both patched this week, adding to a multi-year catalogue of critical flaws in Microsoft's foundational identity infrastructure. The problem is not that Microsoft keeps shipping vulnerabilities — it is that organisations keep deploying Active Directory in configurations that maximise their exposure when those vulnerabilities arrive.
CipherWatch Editorial
Security Intelligence Platform
Ransomware Has Industrialised — Your Response Strategy Probably Has Not
Qilin's 131 confirmed victims in March alone is not a spike — it is what a mature criminal enterprise operating at scale looks like. The ransomware ecosystem has industrialised completely, with dedicated development, HR, and affiliate management functions. Enterprise response strategies built for a different threat model are overdue for review.
CipherWatch Editorial
Security Intelligence Platform
AI Infrastructure Is Accumulating Security Debt Faster Than Anyone Admits
LangFlow's actively exploited remote code execution vulnerability and this week's LiteLLM supply chain attack are not isolated incidents — they are early symptoms of an ecosystem that has scaled faster than its security practices. Organisations deploying AI infrastructure are inheriting technical debt they have not yet been asked to account for.
CipherWatch Editorial
Security Intelligence Platform
Your CI/CD Pipeline Is Now a Primary Attack Surface
Two supply chain attacks this week — one against a widely-used vulnerability scanner, another poisoning an AI framework via PyPI — targeted the tools developers trust without question. CI/CD pipelines and open-source tooling are not peripheral attack surfaces. They are the path of least resistance into production.
CipherWatch Editorial
Security Intelligence Platform
The KEV List Is Not a Vulnerability Management Strategy
CISA's Known Exploited Vulnerabilities catalogue has become the de facto patch priority list for thousands of organisations — most of whom had no coherent strategy before it arrived. Treating the KEV list as a vulnerability management programme is a category error that leaves organisations systematically exposed to everything that has not yet been exploited.
CipherWatch Editorial
Security Intelligence Platform