惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
B
Blog RSS Feed
宝玉的分享
宝玉的分享
腾讯CDC
博客园_首页
T
Tailwind CSS Blog
月光博客
月光博客
博客园 - 司徒正美
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
M
MIT News - Artificial intelligence
A
About on SuperTechFans
云风的 BLOG
云风的 BLOG
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
大猫的无限游戏
大猫的无限游戏
MongoDB | Blog
MongoDB | Blog
博客园 - 聂微东
V
Visual Studio Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
SecWiki News
SecWiki News
美团技术团队
P
Privacy International News Feed
H
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Know Your Adversary
Know Your Adversary
Y
Y Combinator Blog
D
DataBreaches.Net
Project Zero
Project Zero
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
C
Cybersecurity and Infrastructure Security Agency CISA
C
Cisco Blogs
S
Schneier on Security
G
GRAHAM CLULEY
博客园 - 三生石上(FineUI控件)
Cisco Talos Blog
Cisco Talos Blog
小众软件
小众软件
Forbes - Security
Forbes - Security
D
Docker
T
Tenable Blog
S
Secure Thoughts
雷峰网
雷峰网
S
Security @ Cisco Blogs
T
The Exploit Database - CXSecurity.com
The Cloudflare Blog
博客园 - 【当耐特】
Spread Privacy
Spread Privacy
阮一峰的网络日志
阮一峰的网络日志

Swift for Visual Studio Code comes to Open VSX Registry | InfoWorld

Notion courts developers with a platform for AI agents and workflow automation A better way to work with SQL Server Evidence-driven workflows: Rethinking enterprise process design AWS debuts Graviton-powered Redshift RG instances to cut analytics costs SAP’s AI promises last year? Most are still rolling out First look: Lemonade serves up local AI with limitations GitLab CEO sees developer tool bill increasing 100-fold Red Hat adds support for agentic AI development What’s new and exciting in JDK 26 Kill the loading spinner with local-first data and reactive SQL A networking revolution at AWS Tokenmaxxing is super dumb How to add AI to an existing product (without annoying users) Your AI doesn’t need another database What happens when engineering teams reorganize around AI agents Python isn’t always easy When cloud giants meddle in markets 12 model-level deep cuts to slash AI training costs The best new features in Python 3.15 Teradata launches platform for enterprise AI agents moving beyond pilots Three skills that matter when AI handles the coding MongoDB targets AI’s retrieval problem Building AI apps and agents with Microsoft Foundry Designing front-end systems for cloud failure No, AI won’t destroy software development jobs Diskless databases: What happens when storage isn’t the bottleneck Vibe coding or spec-driven development? The agentic AI distraction Vibe coding or spec-driven development? How to choose Cloud providers are blinded by agentic AI SAP to acquire data lakehouse vendor Dremio Small language models: Rethinking enterprise AI architecture Making AI work through eval hygiene Improving AI agents through better evaluations AI in the cloud is easy but expensive Running AI in the cloud is easy – and expensive Making AI work for databases Harness teams of agentic coders with Squad Harness teams of coding agents with Squad Oracle NetSuite announces AI coding skills for SuiteCloud developers Why it’s so hard to create stand-alone Python apps A new challenge for software product managers The hidden cost of front-end complexity GitHub shifts Copilot to usage-based billing, signaling a new cost model for enterprise AI tools OpenAI’s Symphony spec pushes coding agents from prompts to orchestration The front-end architecture trilemma: Reactivity vs. hypermedia vs. local-first apps Enterprise AI is missing the business core The best JavaScript certifications for getting hired Google begins putting the guardrails on agentic AI Why world models are AI’s next frontier Where to begin a cloud career Google pitches Agentic Data Cloud to help enterprises turn data into context for AI agents How open source ideals must expand for AI Is your Node.js project really secure? How I doubled my GPU efficiency without buying a single new card SpaceX secures option to acquire AI coding startup Cursor for $60B Google’s Gemma 4 shines on local systems – both big and small AI is upending the SaaS game How AI is upending SaaS tools Snowflake offers help to users and builders of AI agents From the engine room to the bridge: What the modern leadership shift means for architects like me Addressing the challenges of unstructured data governance for AI The cookbook for safe, powerful agents Enterprises are rethinking Kubernetes GitHub pauses new Copilot sign-ups as agentic AI strains infrastructure Best practices for building agentic systems Making agents dull Oracle delivers semantic search without LLMs When cloud giants neglect resilience Exciting Python features are on the way Ease into Azure Kubernetes Application Network The agent tier: Rethinking runtime architecture for context-driven enterprise workflows The two-pass compiler is back – this time, it’s fixing AI code generation MuleSoft Agent Fabric adds new ways to keep AI agents in line Salesforce launches Headless 360 to support agent‑first enterprise workflows Tap into the AI APIs of Google Chrome and Microsoft Edge Where will developer wisdom come from? GitHub adds Stacked PRs to speed complex code reviews The hyperscalers are pricing themselves out of AI workloads HTMX 4.0: Hypermedia finds a new gear Google Cloud introduces QueryData to help AI agents create reliable database queries Hands-on with the Google Agent Development Kit Are AI certifications worth the investment? AWS targets AI agent sprawl with new Bedrock Agent Registry Cloud degrees are moving online Swift for Visual Studio Code comes to Open VSX Registry AI agents aren't failing. The coordination layer is failing How Agile practices ensure quality in GenAI-assisted development Anthropic rolls out Claude Managed Agents Microsoft’s reauthentication snafu cuts off developers globally Meta’s Muse Spark: a smaller, faster AI model for broad app deployment Bringing databases and Kubernetes together Rethinking Angular forms: A state-first perspective Minimus Welcomes Yael Nardi as CBO to Facilitate Strategic Growth Microsoft announces end of support for ASP.NET Core 2.3 Get started with Python’s new frozendict type AWS turns its S3 storage service into a file system for AI agents Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents The winners and losers of AI coding GitHub Copilot CLI adds Rubber Duck review agent
Using continuous purple teaming to protect fast-paced enterprise environments
2026-05-14 · via Swift for Visual Studio Code comes to Open VSX Registry | InfoWorld

Enterprise environments are changing quickly as organizations adopt cloud platforms, automated infrastructure, and continuous delivery pipelines. Software updates are released more often, and systems are set up automatically using infrastructure-as-code automation tools. While this acceleration allows organizations to deliver software and services faster, it also creates new challenges for security teams responsible for protecting constantly changing systems.

Today’s enterprise security teams must defend environments that are dynamic, distributed, and difficult to fully observe. As organizations adopt new platforms and development practices, the attack surface grows. Security teams must detect and respond to threats across these environments while maintaining clear visibility into what is happening in real time.

Traditional security testing models were not designed for this pace of change. Organizations have long relied on penetration tests and red team engagements to simulate real attacks and uncover weaknesses. These assessments remain valuable, but they typically occur at fixed intervals and may not reflect the current state of the environment. By the time results are delivered and remediation begins, the environment may already look very different.

As enterprise environments evolve more quickly, security testing must also become continuous. Continuous purple teaming offers one practical way to achieve this by bringing offensive and defensive security teams together in ongoing workflows, driven by real-world threats and grounded in measurable outcomes.

Threat intelligence as the driver of continuous validation

One of the most important elements of continuous purple teaming is what drives the simulations. Running attack techniques on a schedule is not enough. Without a continuous feed of curated, prioritized threat intelligence, organizations risk simulating generic activity that does not reflect what is actually targeting them. In that case, the exercise becomes closer to breach and attack simulation tooling rather than true purple teaming.

Continuous purple teaming relies on up-to-date threat intelligence aligned to the organization’s industry, geography, and technology stack. This intelligence determines what to test, why it matters, and how often it should be exercised.

In practice, this means mapping intelligence to a common framework such as MITRE ATT&CK. This provides a shared taxonomy for adversary behavior, helping teams align simulations, detection coverage, and reporting while identifying gaps. Without this grounding, teams are training against yesterday’s threats. With it, they validate readiness against what is targeting them today.

Moving security validation into daily operations

Historically, many organizations approached security validation as a series of isolated assessments. Red teams conducted engagements designed to emulate real attackers, producing reports that described vulnerabilities and potential attack paths. Blue teams then reviewed these findings and began remediation work. This model has value because it reveals complex weaknesses that automated scanners often miss. However, it also introduces gaps between testing cycles. When infrastructure and applications change frequently, those gaps can leave organizations uncertain about the current effectiveness of their security controls.

Continuous purple teaming also generates data that helps organizations measure how well their detection and response capabilities perform during simulated attacks. Offensive simulations occur regularly and sometimes automatically, allowing defenders to observe how detection systems and response workflows perform in realistic attack scenarios.

Security engineers can then adjust logging strategies, detection rules, and response playbooks immediately. This model aligns security validation with the operational flow of modern enterprises. Instead of testing defenses occasionally, organizations continuously evaluate how their security tools and processes perform under realistic conditions.

Just as importantly, these exercises are not performed in isolation. The value comes from the collaboration between teams. Red team operators explain how and why a technique works. Blue team analysts share what they see, or do not see, in telemetry. Together, they refine detections, improve visibility, and strengthen response workflows.

This real-time knowledge transfer is what makes purple teaming effective. The focus is on building shared understanding between offense and defense.

Atomic testing and attack chain simulation

Not all simulations serve the same purpose, and mature programs distinguish between two types of testing: atomic testing and chain-based testing. Both approaches are necessary.

Atomic testing focuses on individual techniques. For example, testing whether endpoint detection tools identify credential dumping from LSASS or whether a specific persistence mechanism triggers an alert. Atomic tests provide breadth and speed. They help teams quickly identify gaps in visibility or detection logic.

Chain-based testing simulates full attack paths. This might include an initial phishing attempt, followed by credential access, privilege escalation, lateral movement, and ultimately data exfiltration. Chain-based simulations provide depth. They expose whether detections correlate across stages, whether alerts are understood in context, and whether response processes actually work end-to-end. They also reveal breakdowns in handoffs between teams and gaps in orchestration and automation.

Building environments for realistic attack simulation

To operationalize purple teaming effectively, organizations need environments where realistic attack scenarios can be executed safely. Many enterprises build these environments as cyber ranges or laboratory infrastructures that mirror production architectures as closely as possible. These environments may replicate identity systems, cloud services, endpoint devices, and network segmentation controls. The goal is to create a controlled environment where both offensive and defensive teams can collaborate. Red team operators can simulate adversary behavior while blue team analysts monitor telemetry, investigate alerts, and practice incident response procedures.

These environments support both validation and training. Security engineers can test new detection strategies and logging configurations, while analysts gain experience investigating incidents that resemble real attacks. Because exercises take place outside of production systems, teams can experiment with new techniques without disrupting business operations.

Hands-on environments have become an important component of modern cybersecurity training and operational readiness. Platforms that provide simulated labs and realistic attack scenarios help practitioners develop practical skills across both offensive and defensive domains while working through complex security challenges.

Operationalizing purple teaming at scale

Automation plays a key role in making continuous purple teaming practical at enterprise scale. Infrastructure-as-code tools allow teams to create testing environments that closely mirror their production systems. Cloud resources, identity services, endpoints, and network configurations can all be set up automatically.

Once the environment is in place, attack simulations can also run through automation. Security teams can script common adversary techniques aligned to MITRE ATT&CK such as credential harvesting, privilege escalation, lateral movement, and data exfiltration. These simulations can run on a schedule or be triggered automatically when infrastructure changes occur.

Because the same scenarios can be run repeatedly, teams can see how their defenses perform over time. If a new deployment introduces a visibility gap or changes how detection tools behave, the next simulation can quickly reveal the issue.

Continuous purple teaming also gives organizations data about how well their detection and response processes work during simulated attacks. Security teams can track metrics such as:

  • Detection coverage: Which ATT&CK techniques are exercised and observed
  • Time to detection: How long it takes monitoring systems to identify suspicious activity
  • Time to investigation: How long analysts need to triage alerts and begin analysis
  • Response effectiveness: How well automated or manual response actions work during simulations

However, detection coverage alone is not enough. An alert does not automatically mean effective detection. Mature programs evaluate detection quality. This includes whether the correct alert fired, at the right fidelity, with the right context, and whether it was actionable for the analyst. Detection quality matters as much as detection coverage.

Preparing for AI-enabled threats

AI is influencing both offensive and defensive cybersecurity practices. Threat actors increasingly use AI tools to automate reconnaissance, generate phishing content, and accelerate malware development. These capabilities allow attackers to scale operations and experiment with new techniques more rapidly.

Purple teaming environments provide a controlled setting where organizations can safely explore these emerging threats. Red teams can simulate AI-assisted attack scenarios such as automated reconnaissance workflows or large-scale phishing campaigns generated by language models. These exercises help defenders observe how AI-driven attack techniques interact with existing monitoring systems.

These environments also support AI red teaming, where organizations intentionally test how generative AI systems and AI-enabled tools might be abused by adversaries. Security teams can simulate prompt manipulation, automated social engineering, and AI-generated attack workflows in order to evaluate defensive controls and detection strategies.

Defensive teams can also explore how AI supports their own operations. AI-assisted investigation tools, anomaly detection systems, and automated threat analysis platforms can be tested in controlled environments before being deployed in production security systems.

Security validation at the speed of enterprise infrastructure

Enterprise infrastructure will continue to evolve as organizations adopt new cloud services, automation frameworks, and development practices. Security programs must adapt to this pace of change to remain effective.

Continuous purple teaming provides a practical framework for aligning security validation with modern enterprise operations. Automated attack simulations, reproducible testing environments, and integrated security telemetry allow organizations to validate defenses continuously rather than intermittently. This approach helps security teams identify weaknesses earlier and refine their defenses through constant feedback. Analysts gain experience responding to complex threats, while security leaders gain clearer visibility into how well their monitoring and response capabilities perform.

In an environment where infrastructure evolves rapidly and attackers continue to innovate, continuous validation becomes a key component of resilient enterprise security operations. Purple teaming gives security teams a practical way to test their defenses as infrastructure evolves.

New Tech Forum provides a venue for technology leaders—including vendors and other outside contributors—to explore and discuss emerging enterprise technology in unprecedented depth and breadth. The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Send all inquiries to doug_dineley@foundryco.com.