Blog

Security Insights

Deep dives, expert analysis, and practical guidance on exposure management, adversarial validation, and the future of AI-driven exposure management.

A Poisoned PyPI Package Hit 36 Percent of Cloud Environments

LLM SecurityCybersecurity

A Poisoned PyPI Package Quietly Hit 36 Percent of Cloud Environments Through LiteLLM

LiteLLM 1.82.7 and 1.82.8 silently swept AWS credentials, Kubernetes configs, and SSH keys from 3.4 million daily installs. Here is exactly what the payload did and how Strobes AI detects and shuts it down.

Mar 26, 202612 min

What is an Exposure Assessment Platform - Strobes CTEM Guide

CTEMVulnerability Management

What is an Exposure Assessment Platform? The Complete Guide for Security Leaders

An Exposure Assessment Platform (EAP) is the connective tissue that unifies, normalizes, prioritizes, and mobilizes remediation across your entire attack surface. This guide covers how EAPs work, why they replace traditional vulnerability management, and how to evaluate one for your CTEM program.

Mar 25, 202613 min

Offensive SecurityPenetration Testing

Agentic Pentesting with Strobes AI

What happens when you point Strobes AI at a real web app and let it run a full OWASP WSTG assessment with zero hand-holding? 32 tasks, 21 phases, 42 confirmed vulnerabilities — all autonomous.

Mar 25, 20269 min

AI Harness for Offensive Security - Strobes blog cover showing multi-agent architecture concept

Offensive SecurityPenetration Testing

Building an AI Harness for Offensive Security: What It Takes to Turn LLMs Into Reliable Pentest and Validation Operators

The model is 20% of the problem. Here is the engineering story behind the orchestration, tooling, middleware, and infrastructure that turns a capable LLM into a reliable penetration testing operator.

Mar 22, 202614 min

Application SecurityVulnerability Management

Threat Modeling Explained: STRIDE and Methodology

Threat modeling finds design flaws on a whiteboard, before code exists. A worked STRIDE pass on a login system, attack trees, and why DREAD lost favor.

Mar 21, 20269 min

Three-angle crawl strategy: static analysis, swarm crawling, browser handover into Strobes orchestrator

Penetration TestingOffensive Security

Why Crawling Is the Hardest Part of AI-Powered Pen Testing (And How We Fixed It)

AI agents are brilliant at reading code but terrible at navigating browsers. Here's how Strobes combines static analysis, CDP-based swarm crawling, and human browser handover to build a complete attack surface map before testing begins.

Mar 20, 202612 min

Application Security

Secure Code Review: A Complete Guide

A senior reviewer's guide to secure code review: trace taint from source to sink, write real Semgrep and CodeQL rules, and gate findings at PR time.

Mar 6, 20268 min

Data Breaches

Top Data Breaches of February 2026

February 2026 brought a series of significant data breaches spanning automotive, aviation, hospitality, finance, telecom, and media. The incidents were not driven by a single attack method. Some resulted from credential stuffing, others from ransomware and extortion tactics, and several from inadequ

Mar 2, 202610 min

Offensive Security

Assumed Breach Assessment Explained

An assumed breach assessment starts with the attacker already inside, so the whole budget goes to detection, response, and blast radius instead of the front door. Here is how it works and when to use it.

Feb 19, 20268 min

Application Security

42,900 OpenClaw Exposed Control Panels and Why You Should Care

Over the past two weeks, most coverage around Moltbot and OpenClaw has chased the flashy angle. One-click exploits, remote code execution, APT chatter, scary screenshots. Meanwhile, security teams are doing what they always do when a new tool gets hit. Patch, block ports, rotate keys. That's necessa

Feb 12, 202611 min

CTEM

Driving CTEM Adoption Across the Enterprise

Most enterprises are not short on security activity. They run scanners, onboard new tools, commission assessments, run internal reviews, and publish regular risk reports. Yet exposure still slips through. Incidents still trace back to issues that were already known. Teams still debate what matters m

Feb 9, 202612 min

Offensive Security

The Five Stages of Red Team Methodology

Red team methodology runs in five stages, recon, initial access, foothold and C2, lateral movement and privilege escalation, then actions on objective. Here is each stage with the ATT&CK techniques and the detections that should fire.

Feb 4, 20268 min