Systems | Development | Analytics | API | Testing

AI Agent Platforms Are Getting Hacked. Here's What's Missing.

In late June 2026, two of the most widely used AI agent platforms were compromised within the same week. Langflow disclosed a critical unauthenticated remote code execution flaw. Dify, powering over one million applications, revealed four vulnerabilities that exposed private conversations and internal APIs across tenant boundaries. These weren't theoretical risks. They were production exploits hitting real infrastructure.

Building Secure, Resilient, and Compliant Fraud Detection With Confluent Cloud

Banking customers expect financial transactions to be completed quickly. Fraud analysis must execute in milliseconds, so traditional batch processing systems are inherently too slow. To safeguard transactions, institutions must shift to proactive, in-flight prevention. Confluent enables this shift by using Apache Kafka and Apache Flink to continuously correlate transactional and behavioral signals, blocking malicious activity before a transaction settles.

Beware of PII in Testing Data: The Security Iceberg and Where PII Actually Hides

If you run a platform tools or security team, you have likely heard this request from developers: “I just need a copy of the production database for staging so I can run realistic load and integration tests.” It is a completely reasonable request. Production traffic and data contain the actual request shapes, real-world value distributions, long-tail anomalies, and timing patterns that make tests useful.

Blocking Install Scripts Is Not a Silver Bullet

npm v12 finally turns off automatic install scripts. That closes one door and leaves another wide open. I have spent years on the security side of the Node.js ecosystem, more recently as the primary contact for the OpenJS Foundation CNA, and now as the Node.js AI Security Engineer in Residence, a role supported by Alpha-Omega. Almost all of that work comes down to one question: can you trust the code you install? So I will say this plainly.

We won't train on your data is not a security architecture

Every enterprise contract I’ve signed in the last two years has the same clause. “Vendor will not use Customer Data to train machine learning models.” Sometimes it’s a paragraph. Sometimes it’s a whole section. The language varies but the intent is identical: don’t feed our production data into your AI. I get it. I sign the same clause as a vendor. But here’s what’s been bothering me: that clause is a promise, not an architecture.

Set the Foundation for Trusted AI and Data with Snowflake AI Security

Safely deploy autonomous workflows and agents across your organization in minutes instead of months with Snowflake AI Security. Discover how to new features like use Agent Identity, Data Movement Policies, and the Snowflake Trust Center to effortlessly block data exfiltration, enforce runtime masking, and neutralize threats before they execute.

Security at Scale: How NodeSource Remediated 21 Vulnerabilities Across Enterprise Node.js Environments

Security vulnerabilities in production environments rarely arrive one at a time. Recently, one of our enterprise Node.js support customers identified a collection of security advisories affecting their Node.js infrastructure. The affected environments were running Node.js v20 and v22 and included vulnerabilities not only within runtime-adjacent tooling but also in components distributed alongside Node.js deployments.

Zscaler Revolutionizes Cybersecurity Data with Snowflake

Zscaler's Tiffany Blakeney shares how her team replaced fragmented tools and months-long development cycles with Snowflake's all-in-one AI platform. By consolidating all data, APIs, and AI models in one secure platform, Zscaler reduced campaign creation from months to minutes—and more importantly, gained the trustworthy, governed AI foundation a cybersecurity company demands. Learn how they're using Snowflake's integrated AI capabilities to move from POC to production faster than ever while maintaining the security posture critical to their industry.