Your annual pentest report landed in March. By April, three new shadow apps were live. By June, a developer pushed an unauthenticated API endpoint to production. By the time next year’s engagement kicks off, your attack surface has changed so much that the previous report is archaeology, not security. The question more security teams are… Read More »Continuous Autonomous Pentesting: A 5-Step Workflow for 2026
Insights from a closed-door roundtable on AI agent safety and governance, chaired by Bruce Schneier and hosted by FireCompass founder Bikash Barai. Participant comments are kept anonymous by agreement. The most useful thing about this roundtable was that nobody pretended to have the answer. A room of senior security leaders spent an hour on AI… Read More »AI Agents Are Doing Real Work. Governing Them Is the Unsolved Problem
Yesterday, Anthropic shipped Fable 5, the public avatar of its Mythos-class model and the most capable model it has ever released to anyone with a subscription. Fable 5 and the gated Mythos 5 are the same underlying weights. What separates them is a layer of safety classifiers, separate models that inspect every request, and the… Read More »7 Insights: How Fable 5 (Mythos Avatar) Will Change Your Offensive Security Program
When someone tells you they do continuous offensive security testing or COST, ask two questions. Q1: Can it prove the exploit with reproduction steps and a PoC, or does it just flag a maybe? Q2: Can it run autonomously without you losing control of what it touches? A new label is showing up across the… Read More »The Future of Pen Testing Is Continuous Offensive Security Testing (COST).
SEBI’s May 5, 2026, circular (HO/13/19/12(1)2026-ITD-1_CIMGI/10873/2026) is addressed to every category of regulated entity in the Indian securities market — exchanges, depositories, brokers, mutual funds, custodians, credit rating agencies, merchant bankers, portfolio managers, investment advisors, and more. Over 10,000 entities. The subject: AI-driven vulnerability detection tools like “Claude Mythos” and the new risk dimensions they… Read More »SEBI AI Guidelines: What 10k+ Financial Entities Must Do