The recent supply chain breach at Vercel highlights a critical blind spot: once an attacker hijacks a valid OAuth token, they don’t need to crack your password, they simply inherit your trust and walk right past your MFA No password is needed No MFA challenge is triggered No anomalous login event is created while the user is accepted Once a session token is issued, access is governed by the token alone, completely detached from the factors that created it. This is what an OAu

The most significant vulnerability in the age of Artificial Intelligence isn't necessarily a flaw in the code, it’s a flaw in the information. Because AI models are built on vast amounts of data, their reliability depends entirely on the integrity of that input. This has given rise to a calculated method of attack known as data poisoning, where adversaries subtly subvert an AI’s learning process to control its outcomes. Unlike a traditional hack, data poisoning doesn't requir

The most dangerous attacks do not look like attacks We like to believe attacks are loud. Failed logins, SIEM alerts, and malware detections are what most analysts are trained to look for. But the most dangerous attackers generate none of that. There are no failed logins, no alerts, and no obvious anomalies. From the system’s perspective, everything is working exactly as expected. The broken assumption Most detection strategies rely on one core idea: malicious activity will lo

The Rise of Vibe Coding Risks Welcome to the latest dispatch from the front lines of Vibe Coding . If you haven't heard, "vibe coding" is the 2026 trend where we stop wrestling with boring syntax and start "vibing" apps into existence using natural language. It’s fast, it’s magical, and if you aren't careful it's a total security dumpster fire. Think of vibe coding like hiring a brilliant, caffeinated intern who works at 10,000 mph but has absolutely no concept of what a "lo

We have officially entered the era of the Agentic Workforce . Companies are no longer just using AI to write emails; they are deploying AI "agents" to actually do things: manage databases, connect to APIs, and automate entire business workflows. Agentic Workforce is a massive leap in productivity. But it’s also a massive security blind spot. The Problem: When Good AI Goes "Rogue" The very thing that makes an AI agent powerful is its agencies - its ability to take a goal and

October, 2025 The more a country digitalises, the more vulnerable it becomes to cyberattacks. Brian Zarb Adami, CEO of CyberSift, explains what people still get wrong about cybersecurity, how Cyprus can do better and why Generative AI is tipping the balance in favour of the attackers. It’s striking that most of us lock our homes, cars and even bikes without a second thought, yet online we behave as if nothing bad could happen – until that illusion is shattered. People think t

David Vassallo, CTO, CyberSift August, 2025 According to IBM’s 2024 Cost of a Data Breach Report, the average cost of a data breach reached a record US$4.88 million – up from US$4.45 million in 2023. Strikingly, around 95% of breaches stemmed from unknown or poorly managed digital assets, also known as shadow or unmanaged IT . The Missing Piece: Accurate IT Asset Inventory A modern security strategy begins with visibility. Risk.net ’s analysis of the 2023 Citrix Bleed inciden