2024 was a big year for Software Analyst Cybersecurity Research (SACR), and I’m thrilled to welcome many new readers!🎉 To mark the milestone year, I’ve aggregated all my research publications from the past year into one comprehensive report, covering key areas like: 1️⃣

The biggest risks in AI model development! AI security isn’t just about securing the final product. The real threats happen during the development process. Three major risks are emerging: 1/ Data Poisoning—Attackers manipulating the learning process AI models rely on massive

Was October 7, 2023 foretold in the Bible? This short PragerU documentary, adapted from Dinesh D’Souza’s feature-length film The Dragon’s Prophecy, reveals the stunning connections.

As enterprises race to deploy GenAI and LLMs, the risks around privacy, misuse, and model manipulation are no longer hypothetical—they're already here. This is why SACR is sharing our collaborative full market map of many AI security vendors building tools to secure enterprise

The 3 Pillars of Modern Data Security Our report outlines a complete data security framework built on three pillars: Visibility, Protection, and Recovery. Here’s how each pillar works: 1/ Visibility: Discover, Classify, and Map Modern environments span cloud, SaaS, AI

The SOC of the future won’t be defined by detection engines. It will be defined by Data pipelines. What does this mean? Cribl is developing a new model for enterprise telemetry: a Telemetry Services Cloud designed to abstract the complexity of managing growing data volumes while

AI is no longer just an add on for detection. It’s reshaping how the SOC itself is designed and operated. 3 architectural models are emerging: 1/ Connected & Overlay Model: AI systems deployed on top of existing stacks via APIs, enhancing detection and response without

The 3 reasons why Wiz won cloud security. Most cloud security tools were slow, siloed, and tedious to deploy. Wiz changed that—fast. Here’s how they became the fastest-growing cybersecurity company ever: 1/ Zero to $1B: GTM Masterclass ▪️ Enterprise-first sales ▪️ Marketplace

Cloud runtime security is moving to the center of enterprise defense, and every CISO needs a strategy for what comes next. On Nov 6, I’ll be co-hosting an invitation-only executive dinner in San Francisco with our Chief Research Officer, @aqsa_taylor, focused on: Key Takeaways

The 3 Pillars of Modern Data Security Our report outlines a complete data security framework built on three pillars: Visibility, Protection, and Recovery. Here’s how each pillar works: 1/ Visibility: Discover, Classify, and Map Modern environments span cloud, SaaS, AI

AI adoption in the cloud is stabilizing, but the risks are far from settled. The current state of where things stand across cloud environments: ▪️85% of organizations are now using some form of AI, managed or self-hosted. ▪️Managed AI services rose from 70% to 74% YOY.

Still debating agent vs. agentless? You’re asking the wrong question. One of the most consistent debates in cloud security over the past five years has been around deployment models: agent vs agentless. It’s easy to treat this as a binary discussion, but the reality is far more

CTEM is not just another buzzword, it’s a security strategy you can operationalize. Attack surfaces are expanding at a pace that outstrips traditional vulnerability management. That’s where Continuous Threat Exposure Management (CTEM) comes in. The process is structured into

The release of our 2025 AI SOC Market Landscape for CISO and SOC leaders is now live on our new platform. Last year, I was skeptical. The promise of “AI for security” felt vague, more hype, less substance. Our team has been tracking this market since our report last year (see my

Big news out of @Microsoft Sentinel this week. As you are all aware, our team at SACR has been exploring the SIEM space in depth over the past few weeks, and we had an early look at Microsoft's launch before it was released. Below are some thoughts: It's no longer news that

Is @cyera_io quietly redefining what modern DLP looks like with the rise of GenAI? Lately, I've been reflecting on their massive round last week, where they raised $540M at a $6 billion valuation (for context: That’s two funding rounds in under six months). They likely didn't

A new chapter begins at SACR. We’re proud to announce the launch of SACR 2.0, the next phase in our mission to advance cybersecurity research. We’re thrilled to welcome Aqsa Taylor as Chief Research Officer (CRO), joining the leadership team to help shape the next era of SACR.

Excited to share a report, focused on the rise of Security Data Pipeline Platforms (SDPP) and how the SIEM market is rapidly evolving as a result of this shift. This is a market I believe will produce big winners in security operations, and one where many CISOs are investing

I often get asked why there is a significant shift to cloud runtime security from the largest cloud security vendors. As organizations have accelerated their cloud adoption, traditional CSPM (and often agentless) built for static environments haven't keep up with the dynamic

With every major technology revolution, comes a parallel rise in cyber risks. In the early 2000s, the broadband expansion marked a turning point. Always on internet connections gave attackers persistent access, while the growth of botnets enabled large scale distributed denial

Every breach has a starting point. More often than not, it begins with identity. Attackers are walking through the front door, using stolen or misused credentials. It begins with prevention. Tools like MFA, IGA, PAM, and CIEM aim to strengthen posture and reduce exposure. But

The evolution of Endpoint Security is a story of adaptation, each stage building on the lessons of the one before it. In the late 1980s through the mid 2000s, antivirus defined the frontline of defense. It scanned files on each endpoint and matched hashes against a central