The Evolution of Attack Surfaces: 2020 vs 2026 TL;DR The enterprise attack surface has not just expanded; it has fundamentally transformed. In 2020, security was built around a defined perimeter with controlled infrastructure. In 2026, that perimeter no longer exists. Cloud sprawl, SaaS adoption, APIs, remote work, and AI agents have created a distributed and constantly changing
2026 External Threat Landscape: What CISOs Need to Know TL;DR After 15 years in the trenches, 2026 marks the first year where I’m advising boards that external threat intelligence is no longer optional. The threat landscape has fundamentally shifted from perimeter defense to identity warfare, from human-speed attacks to AI-driven operations, and from isolated incidents to cascading supply
AI vs. Signatures: Why Machine Learning Wins for External Threat Detection TL;DR Signature-based security was built for a predictable threat landscape. That world no longer exists. External threats today evolve faster than signatures can be written, leading to missed detections and overwhelming alert noise. AI threat detection changes this dynamic by focusing on patterns, behavior, and context
Beyond Chatbots: Why Agentic AI Is Every CISO’s New Governance Challenge After RSA 2026 TL;DR Agentic AI is shifting enterprise risk from data exposure to autonomous action. Unlike traditional AI, these systems can initiate decisions, trigger workflows, and interact across platforms without constant human oversight. This introduces a governance gap where accountability, visibility, and control become difficult