Levo.ai

OpenAI just launched GPT-5.4-Cyber, a model fine-tuned specifically for defensive cybersecurity work, and expanded its Trusted Access for Cyber (TAC) program to thousands of verified security professionals. This signals a broader shift in how AI providers are being assessed. Security assurance is no longer a footnote in the terms of service, but a competitive differentiator especially for enterprises.   But here is what caught our attention beyond the headline: Most AI providers already ship security and data governance settings that the majority users are not aware of and thus don't configure. Before evaluating any third-party AI security vendor, the first step is simpler than most teams realize and that is ensuring employees enable these security configurations: 1. OpenAI offers Zero-Data Retention (ZDR) configurations that control whether your prompts and responses are stored or used for training. Most enterprises have not checked whether this is enabled for their API usage. 2. ChatGPT Team and Enterprise workspaces provide admin-level controls over data handling, SSO enforcement, and conversation history retention. Many organizations are still running individual accounts with none of these active. 3. Anthropic, Google, and other providers each have their own data processing agreements, opt-out mechanisms, and workspace governance features that sit unused in enterprise accounts. None of these replace a dedicated AI governance platform. But they are table stakes. And they cost nothing to enable.

What does it actually take to be ready for AI-accelerated vulnerability discovery? The Mythos-Ready guide by Cloud Security Alliance, SANS Institute and OWASP GenAI Security Project attempts to answer that. It moves past the panic and lays out a structured program for CISOs who need a plan, not a headline. We read the full report and here are the 3 core insights that stood out: 1. Your patch pipeline is now part of your threat model. When time-to-exploit collapses, every patch you ship becomes a reverse-engineering opportunity. The fix itself becomes the attacker's blueprint. Patching is no longer purely defensive. 2. CVE-based security is a lagging strategy. AI-driven discovery will outpace enumeration systems. Novel vulnerabilities will not appear in KEV by definition. Programs built around waiting for intelligence are structurally behind. 3. Governance friction is now measurable risk. If it takes 90 days to approve a defensive control, that is not a process. It is a liability. AI-accelerated timelines have given internal friction a harder deadline. Most security guidance tells you what to worry about. This one tells you what to do Monday morning. A staged plan from this week to 12 months, with clear owners and outcomes at every step. Thank you to Gadi Evron, Rich Mogull and Rob T. Lee and all co-authors for putting this together, a must read for all. #anthropic #glasswing #cybersecurity #ai #aisecurity

Security bandwidth is already limited. Trying to review every AI-generated change with the same depth is not a strategy. The better play is to focus on the few controls that do most of the work: 1. Govern the tooling a. Maintain an approved list of AI coding tools and enterprise plans b. Put formal approval paths around new AI use cases c. Start with visibility into AI usage, then tighten enforcement 2. Review by risk, not volume a. Force human review for high-impact code like auth, access control, and data handling b. Let low-risk scaffolding, documentation, and boilerplate move faster c. Add pre-commit hooks and AI-specific quality gates to catch insecure defaults early 3. Spend security effort where AI creates new debt a. Budget for LLM-specific testing and static analysis b. Continuously monitor AI-generated code quality c. Train developers on the patterns AI gets wrong repeatedly 4. Contain blast radius a. Keep AI-generated components isolated where possible b. Use service boundaries, gateways, or sandboxes so one weak output does not spread into core systems. That is the 20% of effort that drives most of the outcome: preserved security bandwidth, fewer security incidents, and a stronger security posture without trying to ban the tools outright. #ai #aisecurity #vibecoding #genai

Snowflake’s handling of the recent incident stood out for the right reasons: quick containment, clear updates, and practical guidance for customers. And it highlights a hard truth many teams learn the hard way. Your biggest risk can sit outside your core platform as a part of third-party integrations. In this case, attackers reportedly used stolen tokens from a third party integration to reach customer environments. That is why complete visibility into every third party integration matters, what it can access, and what it can do. A simple starting point is an accurate API inventory that shows every connected service and the trust paths it creates. At Levo, we help enterprises build that visibility continuously, so these integrations are easier to track, review, and tighten before they become a blind spot. #cybersecurity #apisecurity #supplychainattacks #enterprisesecurity

Anthropic’s Glasswing Project is a milestone. Not just because it is a step forward in frontier AI, but because it signals a shift in the broader cybersecurity market. Finding vulnerabilities is getting faster and cheaper. A long list of findings is no longer impressive if teams still have to spend weeks figuring out what is real and what to fix first. Enterprises still want the same outcomes they have always wanted: fewer incidents, lower risk, and faster fixes. You do not get there without runtime context. Runtime context is knowing what is actually deployed, reachable, and used in production. It tells you what matters now, not what might matter in theory. With that context, teams cut noise, prioritize with confidence, and enforce safely. That is why we are excited about where the market is heading. We at Levo.ai, we have spent years building runtime instrumentation with multiple agent and agentless methods, built to cover both north-south and east-west traffic efficiently, at enterprise scale. #ai #aisecurity #claude #projectglasswing

Most enterprises still treat API risk as an external problem. But in modern architectures, the majority of APIs are internal and that is exactly why they are often the least scrutinized. Internal APIs are frequently built on assumptions of trust. They sit behind VPCs, gateways, and security rules, so teams convince themselves they are inaccessible. That is what makes internal APIs so dangerous. They often handle high-value actions, carry sensitive data, and in some cases are rolled out with weaker authentication because they are considered “safe” by default. This is also why some of the most powerful blind spots in an enterprise are not public-facing APIs, but internal and admin APIs that no one thought to secure with the same rigor. API security cannot be split into “external matters now, internal later.” Once an attacker gets a foothold, those distinctions disappear. Go through the below clip from the Scalekit podcast where Ravi Madabhushi and Buchi Reddy B discuss the same. #apis #apisecurity #applicationsecurity #cybersecurity

Over 40% of teams already use AI to generate API docs, and honestly, that makes complete sense. For developers buried in API work, automating documentation feels like an easy way to win back bandwidth. And that instinct is not wrong, some documentation is better than no documentation. The real issue is that most LLM-generated docs are built from static inputs like code, comments, and specs, so they often sound complete while missing the identity, behavioral and changelog context that DevSecOps teams depend on. That gap matters more than most teams realize, because security testing, partner onboarding, governance, and API monetization all depend on documentation being grounded in live behavior, not intended behavior. Once the docs drift from runtime truth, every function built on top of them starts losing ground. The creative below breaks down the difference. #apis #apisecurity #apidocs #cybersecurity

If we think of agent authentication only as secure connection, we leave them suseptible to manipulation. That proxy worked better in simpler software environments. When one client connected directly to one service, a protected channel often came close to proving a trusted actor. AI agents break that simplicity. They do not just connect and respond. They receive instructions, assemble context, consult models, invoke tools, pass through other systems, and keep acting until the task is done. In that kind of flow, the hard question is no longer just whether the channel is secure. It is whether the original actor, authority, and intent remain intact across the full path of execution. That is what makes agent authentication more complex. A secure connection can still carry borrowed authority, blurred identity, and manipulated intent. So for agentic systems, authentication cannot stop at protecting the path. It has to preserve who the agent is, who it is acting for, and how that authority survives every hop along the way. At Levo.ai, we solve this with complete runtime visibility across agents, LLMs, and MCP servers, so teams can see the prompts, flows, identities, scopes, and tool invocations that actually define agent behavior in production. That includes visibility into the dual-identity problem of who authorized an action vs. who actually executed it, plus operational signals like loops, retries, and runaway tasks. Because you cannot govern what you cannot see. #ai #aisecurity #aisecurity #agenticsecurity

A week after the LiteLLM incident, the lesson is clearer. This was not a “prompt attack.” It was a supply-chain compromise. A dependency was used as the delivery mechanism, and the goal was simple: access to secrets. LiteLLM sits in a sensitive spot in many stacks because it routes LLM traffic. In practice, that means it often runs close to the credentials that power your AI workflows: model provider keys, internal service tokens, cloud credentials, and sometimes even Kubernetes access. When a component in that path is compromised, the blast radius is not limited to “one library.” It can quickly become “everything that library can see.” So the takeaway is not “stop using open source” or “stop shipping AI.” The takeaway is that shipping AI changes where trust lives. More automation means more machine-to-machine calls, more tokens, and more critical middleware layers. That increases the probability and impact of supply-chain attacks, making these security best practices mandates: 1) Pin dependencies and review changes. If you allow unpinned installs, you are letting your build pick up whatever was published most recently. Pinning forces deliberate upgrades and makes it easier to detect unexpected version drift. 2) Verify provenance where you can. The point is to reduce the chance that a tampered package becomes “just another install.” Use trusted sources, prefer signed artifacts or attestations when available, and treat sudden version anomalies as a real signal. 3) Scope CI secrets tightly. CI is a high-leverage target because it often has access to deploy keys, publish tokens, and cloud credentials. If a compromised dependency runs in CI, broadly scoped secrets turn a single event into a multi-system compromise. Least privilege here matters more than anywhere else. 4) Have a credential rotation plan ready. In incidents like this, speed matters. If you cannot rotate keys quickly, attackers have time to explore. Treat rotation like a drill, not an emergency improvisation. #litellm #supplychainattacks #cybersecurity #ai #applicationsecurity

Happy Mahavir Jayanti 🕊️ A day to reflect on ahimsa, truth, and compassion, and bring those principles into daily life. Wishing everyone peace and harmony! #MahavirJayanti #Ahimsa #Compassion #Peace #Jainism