The future of data control, why detection fails, and the weekly news – Thyaga Vasudevan – ESW #443
Segment 1: Interview with Thyaga Vasudevan
Hybrid by Design: Zero Trust, AI, and the Future of Data Control
AI is reshaping how work gets done, accelerating decision-making and introducing new ways for data to be created, accessed, and shared. As a result, organizations must evolve Zero Trust beyond an access-only model into an inline data governance approach that continuously protects sensitive information wherever it moves. Securing access alone is no longer enough in an AI-driven world.
In this episode, we’ll unpack why real-time visibility and control over data usage are now essential for safe AI adoption, accurate outcomes, and regulatory compliance. From preventing data leakage to governing how data is used by AI systems, security teams need controls that operate in the moment - across cloud, browser, SaaS, and on-prem environments - without slowing the business.
We’ll also explore how growing data sovereignty and regulatory pressures are driving renewed interest in hybrid architectures. By combining cloud agility with local control, organizations can keep sensitive data protected, governed, and compliant, regardless of where it resides or how AI is applied.
This segment is sponsored by Skyhigh Security. Visit https://securityweekly.com/skyhighsecurity to learn more about them!
Segment 2: Why detection fails
Caleb Sima put together a nice roundup of the issues around detection engineering struggles that I thought worth discussing. Amélie Koran also shared some interesting thoughts and experiences.
Segment 3: Weekly Enterprise News
Finally, in the enterprise security news,
- Fundings and acquisitions are going strong
- can cyber insurance be profitable?
- some new free tools shared by the community
- RSAC gets a new CEO
- Large-scale enterprise AI initiatives aren’t going well
- LLM impacts on exploit development
- AI vulnerabilities
- global risk reports
- floppies are still used daily, but not for long?
All that and more, on this episode of Enterprise Security Weekly.
Thyaga Vasudevan is a high-energy software professional currently serving as the Executive Vice President, Product at Skyhigh Security, where he leads Product Management, Design, Product Marketing and GTM Strategies. With a wealth of experience, he has successfully contributed to building products in both SAAS-based Enterprise Software (Oracle, Hightail – formerly YouSendIt, WebEx, Vitalect) and Consumer Internet (Yahoo! Messenger – Voice and Video). He is dedicated to the process of identifying underlying end-user problems and use cases and takes pride in leading the specification and development of high-tech products and services to address these challenges, including helping organizations navigate the delicate balance between risks and opportunities.
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
Adrian Sanabria
- FUNDING/M&A – Courtesy of the Security, Funded newsletter, issue #227 – Nobody Told M&A to Slow Down
VIBE CHECK
Is AI finally solving the problem of tool integration in cyber?
40% - No, it's just another layer that doesn't integrate 27% - It helps, but the mess underneath remains 20% - Too early, ask me in 2027 13% - Yes, AI is bridging what other platforms couldn't
“A security stack is like an ogre. Like an ogre, it has layers. Then the analogy stops because each layer irritates the other layers it’s sandwiched by.”
FUNDING
- Armadin Security, a United States-based automated red-teaming and AI threat hunting platform, raised a $165.2M Venture Round.
- Aikido Security, a Belgium-based application security posture management (ASPM) platform, raised a $60.0M Series B from DST Global.
- WitnessAI, a United States-based AI governance and safety platform, raised a $58.0M Venture Round from Sound Ventures.
- Novee Security, an Israel-based continuous automated red teaming and penetration testing platform, raised a $51.5M Seed from YL Ventures, Canaan Partners, and Oren Zeev.
- depthfirst, a United States-based threat and risk prioritization platform, raised a $40.0M Series A from Accel.
- Project Eleven, a United States-based platform for migrating blockchain networks to post-quantum cryptographic standards, raised a $20.0M Series A from Castle Island Ventures.
- CloudSEK, a Singapore-based externally focused threat and risk prioritization platform , raised $10.0M Series B from Connecticut Innovations and an undisclosed Secondary Market transaction.
- NetBird, a United States-based open-source secure remote access platform, raised a $9.9M Series A from Pace Capital.
- Fencer, a United States-based threat and risk prioritization platform for software and SaaS companies, raised a $5.5M Seed from MHS Capital.
- Horizon3.ai, a United States-based breach and attack simulation platform, raised an undisclosed Venture Round from Prosperity7 Ventures.
ACQUISITIONS
- Zurich eyes evolving cyber market with $10 billion Beazley bid <- the CEO of Zurich famously said that cyber was "uninsurable" (I got receipts)
- StrongDM, a United States-based just-in-time privileged access management (PAM) platform for DevOps and AI workloads, was acquired by Delinea for an undisclosed amount. StrongDM had previously raised $34.0M in funding.
- FREE TOOLS: Write Good Incident Response Reports Using Your AI Tool
Still trying to fully grok what this is. Man, this is making me feel old and out of touch.
- FREE TOOLS: GitHub – trailofbits/skills: Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows
- INDUSTRY MOVES: Jen Easterly Named CEO of RSAC, the World’s Leading Cybersecurity Community Platform
- TRENDS: Majority of CEOs report zero payoff from AI splurge
- TRENDS: CEOs Say AI Is Making Work More Efficient. Employees Tell a Different Story.
- ANALYSIS: Agentic Browser Security: 2025 Year-End Review
- ESSAYS: “Stop Trying to Manage Risk”: A GRC Practitioner’s Response
An essay response to Adam Shostack's somewhat controversial talk, Stop Trying to Manage Risk
- ESSAYS: On the Coming Industrialisation of Exploit Generation with LLMs
This is one of those "what's possible vs what we'll actually see" situations. Folks that specialize in finding vulnerabilities and creating exploits see the future of that craft. It's interesting, but I think the enterprise security landscape would have to change before attackers would start prioritizing exploit development more than they are now.
I certainly don't think the spoils go to whomever 'burns the most tokens'. That's money set on fire from an attackers perspective. Most adversaries don't spend money until they're given no other option.
- VULNERABILITIES: ‘Most Severe AI Vulnerability to Date’ Hits ServiceNow
- VULNERABILITIES: A single click mounted a covert, multistage attack against Copilot
- BREACHES: 1-15 January 2026 Cyber Attacks Timeline
Found this handy rollup of breaches for the past 2 weeks (59 of them?!?)
- SQUIRREL: Floppy disks are STILL relevant
