惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - Franky
N
News | PayPal Newsroom
GbyAI
GbyAI
B
Blog RSS Feed
博客园_首页
Y
Y Combinator Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 三生石上(FineUI控件)
D
DataBreaches.Net
Blog — PlanetScale
Blog — PlanetScale
阮一峰的网络日志
阮一峰的网络日志
宝玉的分享
宝玉的分享
D
Docker
美团技术团队
The GitHub Blog
The GitHub Blog
Recorded Future
Recorded Future
H
Help Net Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
云风的 BLOG
云风的 BLOG
T
Tailwind CSS Blog
T
The Blog of Author Tim Ferriss
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Secure Thoughts
Forbes - Security
Forbes - Security
雷峰网
雷峰网
Help Net Security
Help Net Security
V2EX - 技术
V2EX - 技术
Hugging Face - Blog
Hugging Face - Blog
人人都是产品经理
人人都是产品经理
Recent Commits to openclaw:main
Recent Commits to openclaw:main
B
Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Jina AI
Jina AI
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cloudbric
Cloudbric
T
Troy Hunt's Blog
Hacker News: Ask HN
Hacker News: Ask HN
AI
AI
P
Proofpoint News Feed
O
OpenAI News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Last Watchdog
The Last Watchdog
量子位
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Schneier on Security
Schneier on Security
Microsoft Azure Blog
Microsoft Azure Blog
Google Online Security Blog
Google Online Security Blog
S
Security Affairs
Apple Machine Learning Research
Apple Machine Learning Research

Sysdig Blog

Masterclass: AI is more than ChatGPT and LLMs CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace Kubernetes 1.36 - New security features 5 steps to securing AI workloads Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours Security briefing: March 2026 The Sysdig MCP server is now available in AWS Marketplace Risk isn’t reduced until you take action: How teams resolve issues in the cloud AI infrastructure security: Why it deserves its own category Three pillars for building effective runtime-powered cloud defense, the right way Closing the cloud security gap with runtime security TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions AI coding agents are running on your machines — Do you know what they're doing? Runtime security for AI coding agents: Protecting AI-assisted development How runtime insights power every cloud security use case CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours Inline Cloud Response: Accelerating AWS threat containment for SOC teams Runtime malware detection for AWS Fargate Detecting CVE-2026-3288 & CVE-2026-24512: Ingress-nginx configuration injection vulnerabilities for Kubernetes Malware detection with Sysdig Security briefing: February 2026 Leveling up Kubernetes Posture: From baselines to risk-aware admission Eliminating runtime blind spots: How CleanStart and Sysdig build continuous trust across the container lifecycle LLMjacking: From Emerging Threat to Black Market Reality Real risks live at runtime: Why CISOs must care about deep telemetry in 2026 Sysdig named a Leader in the Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026 How to run rootless containers AI-assisted cloud intrusion achieves admin access in 8 minutes Security briefing: January 2026 Securing GPU-accelerated AI workloads in Oracle Kubernetes Engine Bringing OSS runtime security to AWS: Falco integration with AWS Security Hub CSPM Our customers have spoken: Sysdig rated a Strong Performer in Gartner® Voice of the Customer for Cloud-Native Application Protection Platforms Protecting sensitive business data in preparation for the organization's Gen AI VoidLink threat analysis: Sysdig discovers C2-compiled kernel rootkits AI is still a workload: A practical guide to securing AI workloads How threat actors are using self-hosted GitHub Actions runners as backdoors How Sysdig Sage delivers AI-powered, real-world vulnerability management Security briefing: December 2025 Top 10 ways to get breached in 2026 EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2 Introducing runtime file integrity monitoring and response with Sysdig FIM How to detect multi-stage attacks with runtime behavioral analytics EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks Detecting React2Shell: The maximum-severity RCE vulnerability affecting React Server Components and Next.js The rise of AI agents: How autonomous AI Is transforming cloud security Kubernetes 1.35 - New security features The Urgency of Securing AI Workloads for CISOs Security briefing: November 2025 Quantum and the cloud: Science fiction turned security strategy Cloud security, the right way: What the industry should demand (and why "good enough" isn't) Return of the Shai-Hulud worm affects over 25,000 GitHub repositories Detecting CVE-2024-1086: The decade-old Linux kernel vulnerability that’s being actively exploited in ransomware campaigns What’s old is new again: How to demystify AI security with AIBOMs Securing Kubernetes with agentic cloud security How agentic cloud security reduces real risks Hunting reverse shells: How the Sysdig Threat Research Team builds smarter detection rules Shifting left with AI and MCP: Sysdig + Amazon Q Developer How Falco and Stratoshark close the gap between open source runtime detection and deep forensic analysis Investigating security issues with ChatGPT and the GitHub MCP server New runc vulnerabilities allow container escape: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 Harden your LLM security with OWASP Security briefing: October 2025 How agentic AI is changing cloud security Kubernetes Incident Response: Detect, investigate, and contain in under 10 minutes Sysdig recognized as a Cloud Security Leader in Latio Tech Cloud Security Market Report AI echolocation of cloud risks using Sysdig & Snyk MCP servers Sysdig MCP Server: Bridging AI and cloud security insights Understanding CVE-2025-49844: “RediShell” Critical Remote Code Execution in Redis How Sysdig secures your containers and Kubernetes Sysdig Security Briefing: September 2025 Cloud security, the right way: The 3 pillars of real-time defense Open source spotlight: Bringing web application security to Falco with Falcoya's Nginx plugin Malicious NPM packages: Are you exposed? AI for SOC teams: 5 cloud security prompts to start your day with Sysdig Sage™ Shai-Hulud: The novel self-replicating worm infecting hundreds of NPM packages ZynorRAT technical analysis: Reverse engineering a novel, Turkish Go-based RAT Modern vulnerability management, built for the cloud Build your AWS incident response playbook with open source tools 2025 Gartner® CNAPP Market Guide: Runtime visibility is no longer optional Threat hunting with Sysdig: Uncovering “IngressNightmare” Open source spotlight: From alerts to action with AI-powered Falco Vanguard From triage to action: How Sysdig’s agentic cloud security platform slashes noise and accelerates remediation The vision comes to life: Agentic cloud security with Sysdig Sage™ Data security findings: A technical deep dive Connecting runtime to source: Sysdig and Semgrep integration Fix what matters, faster: How Sysdig and Semgrep are unifying security without silos – from code to runtime Defending sensitive data with Sysdig Secure Redefining cloud security, the right way Join the movement: The Sysdig Open Source Community is live A smarter, safer cloud in the age of AI Unifying detection and response: Sysdig + Cortex XSOAR for security at cloud speed The future of security is open, and it needs a unified hub: The Sysdig Open Source Community is here CVE-2025-53104: Command injection via GitHub Actions workflow in gluestack-ui Why MCP server security is critical for AI-driven enterprises What’s new in Sysdig — June 2025 AI-powered CNAPP with Sysdig Sage™ Revolutionizing Cybersecurity Search with Sysdig Sage™ Sysdig Threat Bulletin: Iranian Cyber Threats The end of the prioritization-only era: Vulnerability management needs action Dangerous by default: Insecure GitHub Actions found in MITRE, Splunk, and other open source repositories
Seeing risk isn’t stopping it: Why visibility alone isn’t enough
Matt Kim · 2026-03-25 · via Sysdig Blog

Cloud security has evolved beyond basic visibility.

For years, security teams have focused on understanding what exists in their environment, often playing catch-up to development teams that had already embraced the speed of the cloud. That  approach made sense when the biggest challenge was just gaining control over rapidly expanding infrastructure. If you could see everything, you could reduce risk.

The reality today has changed. Applications are built and shipped faster than before, driven by AI and cloud-native development. Containers and Kubernetes now power critical, revenue-generating services. At the same time, attackers are using AI to scale their attacks, and exploit weaknesses in minutes. In this environment, visibility is still necessary, but it’s no longer enough to simply see misconfigurations, vulnerabilities, and exposed assets.

Visibility solved the initial problem

As organizations began transitioning to the cloud, posture management tools delivered meaningful value, especially in the early stages of their journey. They give security teams a way to understand what resources exist in their environment and identify misconfigurations that create risk. This foundation still matters today, as you need to see your environment to secure it effectively.

However, in modern cloud environments, this level of visibility has become table stakes. Most security platforms can now provide broad inventory of resources, identities, and cloud services. The challenge is that visibility by itself was designed to solve an early-stage problem. The solution of posture-first security doesn’t fully reflect how dynamic and complex cloud systems have become.

You can’t defend what you don’t understand

As organizations mature in the cloud, the volume of data security teams have to deal with can become overwhelming. Posture management tools continuously surface misconfigurations, vulnerabilities, and other risks, often across multiple clouds. But much of this data is static or disconnected from what’s actually happening in real time.

This becomes more critical as attack speed increases. With AI-driven threats, attackers can move from initial access to lateral movement and exploitation in minutes. In this kind of environment, point-in-time visibility quickly loses its value because it can’t answer the questions teams need to respond effectively to real incidents.

This is where posture-first approaches start to break down. They are designed to prioritize what could happen, not what is happening. They highlight potential exposure but don’t show how those risks play out once workloads are running. As a result, teams lack clear direction on what occurred and what actions to take next.

Closing the gap requires runtime context. Teams need to see what’s happening in their environment in real time, with enough depth to understand behavior, not just how resources are configured. Instead of a list of vulnerabilities and permissions, they should understand which vulnerabilities are in active packages and which permissions are being exercised. It means correlating activity, like linking a login, process execution, and network call into a coherent view of what happened, rather than relying on isolated signals. With this level of context, they can start taking targeted action instead of relying on broad, disruptive responses.

Runtime security: The winning moment

In modern cloud environments, risk exists in running workloads, especially as organizations invest in AI adoption. This is also where security teams have to answer the important questions: what happened, how bad is it, and what do we do next?

This is why cloud security is shifting toward a model focused on action, not just visibility. Teams need real-time insight into what’s running, along with context to inform decisions. That means augmenting defense with deep runtime telemetry and AI-driven guidance to give teams control in high leverage situations.

The shift has a direct impact on the business. Without runtime context, incidents are detected later and response becomes broader and more disruptive, often still taking days or even weeks to resolve. This can lead to increased breach impact, operational disruption, and higher costs as systems are taken offline. It’s only with real-time visibility and context that teams aren’t left piecing things together after the fact.

Turning visibility into action

Moving forward, cloud security will be defined by how quickly and precisely you can act. Visibility is the starting point, but security teams will be measured by the ability to reduce risk as it emerges, not just document it after the fact.

Organizations that embrace runtime insights will be better positioned to keep pace with cloud speed and evolving threats. Ultimately, runtime is where cloud security wins or fails, and where organizations determine whether they stay ahead or fall behind.