惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cisco Talos Blog
Cisco Talos Blog
V
V2EX
C
Check Point Blog
GbyAI
GbyAI
D
Docker
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
B
Blog RSS Feed
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
Netflix TechBlog - Medium
T
Troy Hunt's Blog
博客园 - Franky
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Microsoft Security Blog
Microsoft Security Blog
P
Privacy & Cybersecurity Law Blog
WordPress大学
WordPress大学
The Cloudflare Blog
S
SegmentFault 最新的问题
Latest news
Latest news
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
I
InfoQ
博客园 - 【当耐特】
NISL@THU
NISL@THU
A
About on SuperTechFans
T
Tailwind CSS Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Scott Helme
Scott Helme
雷峰网
雷峰网
C
CXSECURITY Database RSS Feed - CXSecurity.com
Security Latest
Security Latest
V
Vulnerabilities – Threatpost
Security Archives - TechRepublic
Security Archives - TechRepublic
A
Arctic Wolf
Hacker News: Ask HN
Hacker News: Ask HN
N
News and Events Feed by Topic
IT之家
IT之家
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
aimingoo的专栏
aimingoo的专栏
T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
SecWiki News
SecWiki News
大猫的无限游戏
大猫的无限游戏
S
Security Affairs
The Register - Security
The Register - Security
www.infosecurity-magazine.com
www.infosecurity-magazine.com
L
LINUX DO - 热门话题
T
Tor Project blog

VMware Blogs

Diagnostics for VMware Cloud Foundation (VCF) 9.1 with Old Versions of VCF Components Mastering Infrastructure Policies in VMware Cloud Foundation Automation 9.1 Modernizing the Private Cloud: Why VCF 9.1 Lifecycle Management is a Game Changer Announcing the VMware Cloud Foundation 9.1 Upgrade Planning Tool VCF Breakroom Chats Episode 86 – Containers Made Easy: The New “Container-as-a-Service” in VCF 9.1 Securing Your VCF 9.1 Infrastructure with the Symantec Identity Security Platform Virtually Speaking: The AI Reality Check with Dave Linthicum Zero Touch Provisioning: Activating Edge Sites with VMware Cloud Foundation Edge 9.1 VCF Breakroom Chats Episode 85 – Cloning Success at Scale: Inside VCF 9.1’s App Stack Formation VMware Cloud on AWS の使用状況を確認できる API Unlocking the Full Potential of Programmable Infrastructure with VMware Cloud Foundation 9.1 – New Features and Capabilities Smarter Patching at Scale: Vulnerability Assessment and Remediation with VMware Tanzu Platform Encrypted vMotion Offload to Intel QAT in VMware Cloud Foundation 9.1 Deepen Your Expertise: Four Key Benefits of Attending Increase Deployment Flexibility with VCF Edge Automation 1.0.3 Avi Advantage: Automating Certificate Management of VCF Workloads More Memory, Less Effort: Configuring Memory Tiering in VCF 9.1 VCF 9.1 Licensing: Programmatic, Centralized, and Built to Scale Why APJ Networking Professionals Need Private Cloud Expertise VCF 9.1 Networking: Simpler VPC Connectivity Control VCF 9.1 Networking: Exploring Network Services for Virtual Private Clouds VCF Networking 9.1: Seamless DDI Integration with Infoblox The Open Source Advantage: Building from Source for Ultimate Security Expand Shared VMDKs with Clustered Applications in VMware vSAN for VCF 9.1 Monetizing Zero-Trust Security with VCF 9.1 and VMware vDefend VMware vSAN Protection and Recovery Enhancements for VCF 9.1 Deliver Production SQL Server DBaaS with VMware Data Services Manager 9.1 Maximizing Profitability: VCF 9.1 Cost-Focused Approach for VMware Cloud Service Providers Modernizing Your Infrastructure: Introducing VMware Cloud Foundation 9.1 to VCSPs VCF 9.1 is Available: Explore the New Features in Hands-on Labs What’s New with vSphere in VMware Cloud Foundation 9.1? Resizing VMware vCenter in VMware Cloud Foundation 9 Non-Disruptive VMware vCenter Patching in VMware Cloud Foundation 9.1 VMware vCenter Virtual Hardware Gets an Upgrade in vSphere with VCF 9.1 AI Has Changed the Threat Landscape. Is Your Infrastructure Ready? Simplifying Storage with the New Effective Capacity View in VMware vSAN for VCF 9.1 Auto-RAID in VMware vSAN for VCF 9.1 – Comprehensive System-Managed Data Resilience Introducing VMmark 4.1: Enhanced Power Efficiency Benchmarking for Private Cloud Infrastructure Advanced Memory Tiering Enhancements in VMware Cloud Foundation 9.1 VCF 9.1 Is Here. See It in Action. 博通發布 VMware Cloud Foundation 9.1 How to Prepare for the World of AI Driven Exploits Avi Innovations for VCF 9.1: Powering Kubernetes, Agentic AI and VPC Workloads VCF 9.1: The Secure, Cost-Effective Private Cloud Platform for Production AI Announcing VCF 9.1: Modern Private Cloud Built for Efficiency and Resilience Announcing VMware Cloud Foundation Edge 9.1: A Scalable, Autonomous Edge Platform Accelerate, Streamline, and Control Your Self-Service Private Cloud with VMware Cloud Foundation 9.1 Deploy Modern Apps Faster, Scale Smarter, and Lower Your TCO with VMware vSphere Kubernetes Service in VCF 9.1 Scale Smarter, Save More: Redefining Infrastructure Economics with VMware vSphere in VCF 9.1 AI with VCF 9.1 on AMD GPUs: Build with open frameworks and simplify management, at a lower TCO Streamline, Simplify and Protect all your AI workloads with VCF 9.1 Simplify Workload Connectivity and Enhance Network Scale and Performance with VCF 9.1 VMware and CrowdStrike Deliver New Integration for Cyber Recovery Workflows How Many Users Can Your LLM Server Really Handle? From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 2 The New Frontier: Leading the Cloud-Native Evolution Replicating VMware vSphere Configuration Profile Desired State Webinar Recap: Design and Architecture Considerations for VMware vSphere Kubernetes Service on VMware Cloud Foundation Kubernetes 1.36: What Actually Changed for Enterprise Platforms Enhance Lateral Security and Ingress Load Balancing for Kubernetes Workloads Avi Load Balancer Analytics: Root Cause Application Performance Issues in Minutes Analyst Insight Series #3: Policy-Driven Governance and Multi-Tenant Control Post-Quantum Readiness on VMware Cloud Foundation Registration Is Live for Las Vegas | $ave with Early-Bird May 21, 2026: What’s New in VMware Tanzu Data Intelligence 10.4 From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 1 Stop Guessing: Advanced Monitoring and Troubleshooting for Data Services CPU, Disk, Network, and Memory Workload Profiles for DVD Store Database Testing How VMware Salt Automates Compliance Across Private Cloud Analyst Insight Series #2: Operational Scalability and Lifecycle Management MCP vs. APIs: Why You Need Both for AI Applications The Real Constraint on Enterprise AI isn’t GPUs; It’s Power Deploying Harbor Service in Air-Gapped VMware Cloud Foundation 9.0 Why Enhanced DirectPath Wins for High-Performance Apps Bridging the (.Local) Gap: A Split-Domain Design for VMware Cloud Foundation Deployment Observability on VMware vSphere Kubernetes Service VMware Cloud on AWS: Introducing the Usage Report APIs Converging VMware vSphere to VMware Cloud Foundation 9.0: The Top 10 Questions Answered May 6, 2026: What’s New in Tanzu Platform 10.4: Powering Agentic Apps at Scale VMware Tanzu RabbitMQ Powers the Modern Data Lakehouse with New Spark Integration and Enterprise Tooling Tanzu Data Intelligence 10.4 Delivers AI-Driven Analytics, Unified Real-Time Operations, and Sovereign Resilience Enterprise-Ready Agents Made Simple & Safe with VMware Tanzu Platform Agent Foundations Introducing Tanzu Platform 10.4: Extending Platform as a Service to Agentic Applications How AI-Assisted Analytics in Tanzu Data Intelligence Can Help Remove the SQL Bottleneck From Prototype to Production: Securing Database MCP at Enterprise Scale The Compelling Case for a Private Cloud Data Intelligence Platform The Unification Dividend: Consolidating Database Operations on VMware Cloud Foundation The Modern Spring Workflow Is Enterprise-Ready and AI-Boosted [TAM Blog] セキュアブート証明書の有効期限切れに関する注意点と対応について Accelerate Lateral Security and Ingress Load Balancing for Kubernetes Workloads From Platform to Data: Building a Cloud-Native Developer Experience On-Prem with VMware Cloud Foundation How VMware Cloud Foundation (VCF) Training Helps Keep Top Tech Talent in APJ Build Your Case for Attending VMware Explore 2026 Spring 開発元が提供する商用サポート「VMware Tanzu® Spring Essentials」とは VMware Cloud on AWS より i7i.metal-24xl インスタンスの提供開始 VMware Advanced Memory Tiering Tips for Success VMware Cloud Foundation Edge 9.0: Two-Host Edge Site Deployment with Brownfield Import Your Database Is About to Become an AI Tool. Is It Ready? Applying GitOps Principles to Maintain Desired State Configuration using VMware vSphere Configuration Profile – Part 3 Webinar Recap: Converging VMware vSphere to VMware Cloud Foundation 9.0
How Broadcom Is Helping Enterprises Win the AI Security Sprint
Purnima Padm · 2026-05-06 · via VMware Blogs

Earlier this month, Broadcom published findings from our frontier model research initiative examining what frontier AI models can do when applied to vulnerability discovery and exploitation. The conclusions were sobering: AI can compress the window between disclosure and active exploit from weeks to hours, at a scale and persistence no human red team can match. This is not a distant risk. It is the environment your security and platform teams are operating in today. I am sharing best practices, along with specific product recommendations based on our experiences within the Tanzu Division of Broadcom.

Go to the source: Lean on your vendors 

Here is the part of this story that does not always make the headlines: frontier AI is not only a tool for attackers. The same capabilities that allow a bad actor to find and chain vulnerabilities at machine speed are available to the engineers building the software your organization depends on. I urge you to know who built the software your organization depends on, ensure you have a direct relationship with them, and keep that line of communication open

Take our patches and updates, do not defer them. 

At Broadcom, our engineers leverage AI models to actively identify potential exploits across our open source and commercial portfolio. When a vulnerability surfaces, we quickly find, assess, and push a fix. From a Tanzu perspective, we make sure that patch updates to our solution, Tanzu Platform and Tanzu Data Intelligence, can be applied easily and when possible without downtime. 

Do not let older releases become a liability.

Not every organization can move to the latest release on the day we ship it. As primary steward for Spring and as an active contributor to Cloud Foundry, Greenplum, GemFire and RabbitMQ, we are extending commercial support for releases that have passed their standard end-of-support date. Spring deserves particular emphasis: it is the foundational framework for an enormous share of enterprise Java applications worldwide, and keeping it secured is not optional. Extended commercial support means you receive security patches for the versions you are running today while you plan a migration, rather than choosing between a rushed upgrade and an exposed runtime.

Insist on enterprise-validated open source.

Community releases are not built for enterprise accountability. They lack the compatibility testing, security hardening, and production validation commitments that enterprises require. Through Bitnami Secure Images, Broadcom continuously packages and validates the latest releases of hundreds of open source components. When your developers reach for a database, a message broker, or a runtime, they should be reaching for something built to that standard.

Where Broadcom is the upstream steward, we fix at the source. Where we package and distribute, we validate and keep current. Either way, your organization should not be waiting on an intermediary when a vulnerability needs to close.

Equip yourself for continuous patching: Make it part of the architecture

The rising volume of patches from vendors and open-source providers requires remediation for both packaged and custom applications. However, most enterprise environments are “snowflakes”, unique and non-standardized, making it difficult to prioritize updates. Patching entire environments, from the OS to the application stack, is a daunting task, especially when aiming for continuous availability.

Standardize the stack, own the patch path.

Broadcom, with Tanzu Platform can help with continuous patching by structurally enforcing security and eliminating the need for manual, application-by-application remediation, which is necessary to respond to the shrinking time between vulnerability disclosure and active exploit.

Tanzu Platform separates application code from the underlying runtime components; the OS, the filesystem stack, and the dependent packages, to enable independent, fleet-wide updates for every layer. 

Hardened OS Stemcells are virtual machine images that provide the underlying operating system for the infrastructure. A single stemcell update remediates every virtual machine in the fleet. For example, one stemcell update addresses a vulnerability like the “Copy Fail” Linux kernel exploit, remediating the entire fleet with zero downtime. Rather than taking infrastructure offline to patch it, Tanzu Platform replaces virtual machines one at a time. It drains each instance of live traffic, replaces it with a freshly patched version, verifies it is healthy, and returns it to service before beginning the update on the next instance. Users experience no interruption. Application teams receive no pages. Security debt closes without a fire drill.

Hardened Filesystem stacks are OS base layers for running application containers, located beneath the application code. Because stacks are consistent, applying an OS-level patch once automatically triggers a container rebuild, ensuring all applications get the latest version at the next startup.

Precurated Buildpacks automate the conversion of source code into runnable artifacts, detecting and adding the correct language runtimes and dependencies (like Java, Node.js, or Python). All applications draw from the same centrally maintained and regularly updated repository of packages. Changes to these packages or security updates automatically trigger a container rebuild, which the platform then deploys. Automated container deployments enable healthy containers to always run to support the application, resulting in continuous application availability.

Scale out continuous updates across the organization

This model yields striking results. Some of our customers execute over 100,000 platform-driven updates monthly across their application fleets, with at least one planning to scale to 250,000 updates a month. These are not scheduled batch maintenance windows; they are continuous, automated, and invisible to end users. This represents a fundamentally different relationship with software currency than most enterprises have ever had.

When an organization achieves this cadence, the threat calculus changes entirely. A newly disclosed CVE fix is no longer a crisis that triggers a war room, but a patch that enters the pipeline and closes within the existing operational rhythm. This is what continuous security looks like, and it is the standard we believe every enterprise should adopt

Build multiple layers of defense

Rapid patching is necessary, but not enough. Our frontier model research shows that AI-assisted attackers chain vulnerabilities together to escalate privileges. While faster patching is important, preventing lateral movement is critical.

You need perimeter security, but strengthening your application runtime defense is equally vital. Tanzu Platform provides structural runtime security controls that operate below the application layer, making them invisible to application teams and resistant to misconfiguration.

Deny-by-default network and resource isolation.

Tanzu Platform inverts the typical cloud-native model where applications communicate freely. Every workload starts with zero network connectivity and with a bounded set of compute and memory resources. Communication paths to other applications, services, AI models, or external endpoints must be explicitly declared and approved. This means an attacker has no lateral path to follow unless explicitly authorized by the platform.

Structural secrets isolation.

Since credential theft is a primary attacker objective, and AI excels at searching file systems for sensitive data, Tanzu Platform removes this attack vector. Applications never hold credentials directly. The platform injects them into the runtime at binding time, without exposing them to the code or automated agents. Because secrets are never stored in clear text or distributed manually, there is nothing for an attacker to find.

This fundamental shift from manual security administration to architectural enforcement is essential for building the resilient defense posture required for the current threat environment.

How we can help you get there

The capabilities I have described are running in production today across some of the world’s largest enterprises. Getting there from where most organizations are today does not require a leap. It requires a sequence. Here is where we suggest starting.

Secure support coverage for your open source software.

If your organization is running one of the Broadcom-supported technologies like Spring, RabbitMQ, Cloud Foundry, Greenplum, or GemFire, we can provide, through commercial support, patches and updates not only on your current versions but also on older, non-community supported versions of the software. This will provide you a vendor to call when a critical CVE drops, access to patches for community end-of-life versions, and the confidence that your applications are actively maintained at the source. 

Assess your custom application portfolio.

Most large enterprises lack a complete picture of where their exposure is concentrated. You can engage Broadcom’s Tanzu team to assess your custom applications, build a picture of concentrated risk and out-of-date dependencies, and outline a prioritized modernization roadmap.

Prioritize Tanzu Platform onboarding on VCF.

For organizations using VMware Cloud Foundation (VCF), onboarding Tanzu Platform is quick and offers immediate benefits. It deploys natively, allowing you to quickly and incrementally onboard legacy applications to immediately gain continuous patching, zero-downtime updates, and structural security controls like deny-by-default networking and secrets isolation.

The threat environment has changed. The tools to respond to it exist today. I would welcome the conversation.