Supply Chain Security stories

Capsule Security emerges from stealth with $7 million backing to police AI agents at runtime as enterprises widen their use.

OpenAI broadens Trusted Access for Cyber to verified defenders, giving vetted users GPT-5.4-Cyber for tougher security work and code analysis.

Sonatype flags 21,764 malicious open-source packages in Q1 2026, with npm hit hardest as attackers used trusted workflows to steal secrets.

Most companies lack confidence in cyber defences as a Sygnia survey finds major gaps in visibility, coordination and board-level readiness.

Business Hub warns UK firms to tighten basic cyber defences as government figures show 43% hit by breaches, phishing and ransomware in past year.

Ledger names Ian Rogers as Chief Human Agency Officer, putting hardware approval and human oversight at the centre of its AI security push.

KnowBe4 unveils Agent Risk Manager to monitor autonomous AI agents in real time, flag prompt injections and curb rogue data access.

GitLab deepens Google Cloud partnership so Duo Agent Platform users can tap Vertex AI models, while counting the spend against existing commitments.

Forrester warns Anthropic's Project Glasswing could overwhelm vulnerability management, as AI uncovers flaws faster than patching teams can respond.

Booking.com tells some customers to watch for phishing after suspicious activity exposed reservation details, contact data and messages linked to bookings.

Salt warns AI agents are widening the API security gap, with 92% of organisations still short of advanced defences and 47% delaying releases.

Cloudsmith survey finds most engineering teams still lack automated SBOM checks, leaving many unready for fast EU Cyber Resilience Act audits.

Yokogawa wins three cybersecurity approvals for control, safety and connectivity products as plant operators face tighter scrutiny over cyber risk.

Intruder expands cloud security platform with registry-level container image scanning for AWS, Google Cloud and Azure users.

Anthropic enlists Amazon, Apple and Microsoft in Project Glasswing to use Claude Mythos Preview for hunting vulnerabilities in critical software.

Orca Security warns that AI credentials, vulnerable dependencies and lax pipeline controls are leaving production environments exposed across US and Europe.

Distology adds Snyk's AI and agent security tools to its portfolio, as the distributor broadens support for resellers across Northern Europe.

2N calls for tougher cyber rules on access control, urging stronger vulnerability reporting, tighter component sourcing and longer support lifecycles.

Identity failures are now the main way cyber attackers breach firms, with experts warning that non-human credentials are widening the risk.

Anthropic and partners unveil Project Glasswing, using Claude Mythos Preview to hunt software flaws faster amid fears of AI-boosted cyber attacks.