NordVPN has launched post-quantum encryption (PQE) support for all its VPN applications. The first iteration of post-quantum cryptography was implemented on the NordVPN Linux application last year. In 2025, NordVPN also rolled out its PQE feature for Windows, macOS, iOS, and Android, including Android TV and tvOS. The PQE upgrade integrates quantum-resistant algorithms into NordLynx, the company’s high-speed VPN protocol based on WireGuard, and complies with NIST’s latest cryptographic standards. In September 2024, NordVPN released a Linux app update with the first post-quantum cryptography upgrade for the Nordlynx protocol — a high-performance VPN protocol known for its extreme speed and security, based on WireGuard. The upgraded protocol complied with the latest National Institute of Standards and Technology (NIST) standards for post-quantum encryption and protected Linux users from quantum decryption, while also collecting essential performance metrics, such as impact on connection speeds and latency. NordVPN’s early Linux deployment allowed the company to collect performance data to optimize encryption transitions without degrading user experience, enabling a seamless rollout across all platforms.
Picus Security’s service accurately quantifies the actual exploitability of vulnerabilities against real-world attack techniques in real time using context-aware scoring that replaces assumptions with evidence
Cybersecurity validation startup Picus Security launched Picus Exposure Validation, a new service that allows security teams to verify the exploitability of vulnerabilities based on their unique environments. The new capability has been designed to continuously test security controls against real-world attack techniques to identify which vulnerabilities are truly exploitable and which can safely be deprioritized. Picus Exposure Score provides an evidence-based, context-aware metric that accurately quantifies actual risk by accounting for how effectively current security controls mitigate real threats. Common Vulnerability Scoring System, Exploit Prediction Scoring System and Known Exploited Vulnerabilities offer theoretical risk signals. Picus Exposure Validation delivers proof by testing threats against your production defenses in real time. It replaces assumptions with evidence so security teams can focus on vulnerabilities that are exploitable. Picus Exposure Validation allows security teams to prioritize accurately and deprioritize safely. The service leverages a transparent, automated Exposure Score and advanced security validation technologies to allow teams to focus on threats that truly matter and confidently set aside vulnerabilities that pose no real risk. The new service also enables faster, more confident decision-making. With real-time reporting, continuous attack simulations and in-depth security control testing, users are provided with the evidence needed for compliance documentation and executive communication. Picus Exposure Validation additionally helps save time and improve mitigation efforts via automated validation that reduces manual workloads. The resulting tailored recommendations support rapid improvements in security control effectiveness, even when immediate patching isn’t feasible.
Persado’s multi-agent AI platform for financial services marketing continuously learns from consent orders, public comments, and evolving regulations, and refines analysis with every interaction to offer 90% reduction in legal review
Persado, a provider of AI-powered content compliance and performance solutions for marketing, today launched Persado Marketing Compliance AI, the first agentic AI platform purpose-built for financial services marketing and legal teams to speed time to market of customer communications. The enterprise-grade solution integrates regulatory compliance analysis, performance prediction scoring, and brand fit insights, so companies can identify and rapidly resolve risks within content, shortening legal reviews by up to 90%.Persado’s first Marketing Compliance AI solution is designed for large and mid-size retail banks and credit unions. The solution leverages AI agents and builds on a decade of content insights gleaned from working with 8 of the 10 largest U.S. banks. In turn, marketers can rapidly analyze, edit, and finalize copy, achieving (on average): 90% reduction in review time; 85% reduction in compliance rejections; 80%+ reduction in campaign cycle time. Persado Marketing Compliance AI applies multi-agent AI that continuously learns from consent orders, public comments, and evolving regulations—and refine analysis with every interaction, providing institutions with smarter, more precise insights over time. AI agents include: Regulation agents; Marketing agents; Library and oversight agents. Additional solution capabilities include analysis of copy in PDF, text, and image formats for adherence to Federal, state, and local laws, a library of high-risk expressions, copy performance scoring, disclaimer analysis, customizable compliance guidelines, and more. Persado also offers customizable, integrated workflows that enable marketing and legal to collaborate in the platform in real time, leveraging the agentic output to streamline decision making.
Banking groups led by ABA want the SEC to revoke its cybersecurity incident disclosure requirement because of need for confidentiality about critical infrastructure
American banking groups want the Securities and Exchange Commission (SEC) to revoke its cybersecurity incident disclosure requirements. These groups, led by the American Bankers Association (ABA), wrote to the SEC last week, contending that disclosing cybersecurity incidents “directly conflicts with confidential reporting requirements intended to protect critical infrastructure and warn potential victims.” Joining the ABA were the Securities Industry and Financial Markets Association, the Bank Policy Institute, Independent Community Bankers of America, and the Institute of International Bankers, who argue the rule hinders regulatory efforts to bolster national cybersecurity. The letter was flagged in a report Monday (May 26) by Cointelegraph, which noted that the rule in question — the SEC’s Cybersecurity Risk Management rule, published in July 2023 — requires companies to quickly disclose incidents such as data breaches or hacks. But the banking groups say this rule was flawed from the beginning and has been problematic in practice since going into effect. The letter said that the “complex and narrow disclosure delay mechanism” interferes with incident response and law enforcement, while also breeding “market confusion” between mandatory and voluntary disclosures.
Breaking encryption with a quantum computer just got 20 times easier following modular exponentiations getting twice as fast and packing more useful data into the same space to improve error correction
Google just released a new research paper, and it could be a big deal for Bitcoin and online security. Their quantum research has found that it might take 20 times less power and effort for a quantum computer to break RSA encryption – the technology that protects things like bank accounts and Bitcoin wallets – than experts thought earlier. the breakthrough has come from two places: better algorithms and smarter error correction. Researchers have made two big improvements in how quantum computers handle encryption. The first is that they have managed to make the modular exponentiations twice as fast. Then, they have also packed more useful data into the same space to improve error correction. However, the security implications are of a much serious nature. RSA and similar systems go against the global secure communications, ranging from banking to digital signatures.
IBM’s two-pronged approach to modern application management involves automating applications with AI and managing them through observability, aided by AI-generated problem summaries in plain English to simplify triage
AI, observability and automation at scale are converging to redefine how modern applications are built, monitored and optimized. IBM Corp.’s approach is two-pronged — automating applications with AI and creating a conducive environment, through observability, to manage them. Chris Farrell, group product manager of Instana observability at IBM. “We’re focused on both those things at the same time, simultaneously. One of the things that we’re doing is putting AI into the observability aspect of managing the applications. We have recently released integration with watsonx to create summarizations of problems in plain English so that anyone can get a summarization and print it out.” Central to IBM’s approach is the integration of AI into observability tooling, particularly through Instana and its connection with watsonx. This powerful combination enables AI-generated problem summaries in plain English, simplifying issue triage for both technical and non-technical teams. Additionally, IBM is taking steps toward AI-based remediation. With watsonx, problems can be detected and suggestions — or even automated actions — can be triggered to resolve them. This shift reduces the time between incident detection and resolution, enhancing uptime and operational efficiency, according to Farrell.
Sifflet’s AI-native data observability platform replaces manual triage, alert sprawl, and static rule sets with context-aware automation to help data teams scale data quality and reduce incident response times
Sifflet, the AI-native data observability platform, has shared an early look at their upcoming system of AI agents designed to help modern data teams scale data quality and reliability, reduce incident response times, and stay ahead of complexity. The new agents extend Sifflet’s core observability capabilities with a new layer of intelligence: Sentinel analyzes system metadata to recommend precise monitoring strategies; Sage recalls past incidents, understands lineage, and identifies root causes in seconds; Forge suggests contextual, ready-to-review fixes grounded in historical patterns. Sifflet’s AI-native approach is already helping customers to handle these workloads with existing functionality. Sifflet’s AI agents address the growing challenge and go one step further by replacing manual triage, alert sprawl, and static rule sets with context-aware automation that augments human teams. Sanjeev Mohan, founder of SanjMo and former VP Analyst at Gartner “Rather than relying on static monitoring, these agents bring memory, reasoning, and automation into the fold, helping teams move from alert fatigue to intelligent, context-aware resolution.” The agentic system is fully embedded in Sifflet’s AI-native platform and will soon be available to select customers in private beta.
Fenergo’s agentic AI for compliance allows users to interact with all operational, policy and entity data through natural language and harness real-time insights on process efficiency, operations and risk
Fenergo, a Dublin-based provider of client lifecycle management and compliance solutions, has launched its FinCrime Operating System. The system uses “agentic AI” to help firms cope with rising operational costs and compliance demands. The FinCrime OS unifies client lifecycle events, including onboarding, KYC, screening, ID&V, and transaction monitoring, on a single platform. The system can automate tasks and save up to 93% of operational costs. Fenergo’s initial six AI agents can streamline periodic KYC reviews, cutting review timeframes by up to 45%. The Six AI agents available today include: Data sourcing agent: Sources data from one or more third-party data provider, compares against entity data and auto-completes tasks; Screening agent: Runs screening checks against third-party integrations, auto-resolves hits and returns results to providers; Document agent: Extracts, classifies and links documents using AI to automate document-management processes; Significance agent: Performs a check against data changes to determine significance to define next action; Autocompletion agent: Automates the completion of tasks based on pre-defined rules, policy and configured guardrails; and Insights agent: Fenergo’s co-pilot allows users to interact with all operational, policy and entity data through natural language and harness real-time insights on process efficiency, operations and risk.
Fenergo launches compliance operating system, eyes big cost savings
Fenergo, a Dublin-based provider of client lifecycle management and compliance solutions, has launched its FinCrime Operating System. The system uses “agentic AI” to help firms cope with rising operational costs and compliance demands. The FinCrime OS unifies client lifecycle events, including onboarding, KYC, screening, ID&V, and transaction monitoring, on a single platform. The system can automate tasks and save up to 93% of operational costs. Fenergo’s initial six AI agents can streamline periodic KYC reviews, cutting review timeframes by up to 45%. The Six AI agents available today include: Data sourcing agent: Sources data from one or more third-party data provider, compares against entity data and auto-completes tasks; Screening agent: Runs screening checks against third-party integrations, auto-resolves hits and returns results to providers; Document agent: Extracts, classifies and links documents using AI to automate document-management processes; Significance agent: Performs a check against data changes to determine significance to define next action; Autocompletion agent: Automates the completion of tasks based on pre-defined rules, policy and configured guardrails; and Insights agent: Fenergo’s co-pilot allows users to interact with all operational, policy and entity data through natural language and harness real-time insights on process efficiency, operations and risk.
Agentic AI’s role in taking down DanaBot malware-as-a-service through orchestrating predictive threat modeling cuts months of forensic analysis to weeks validates its value for SOC teams
U.S. Department of Justice unsealed a federal indictment in Los Angeles against 16 defendants of DanaBot, a Russia-based malware-as-a-service (MaaS) operation responsible for orchestrating massive fraud schemes, enabling ransomware attacks and inflicting tens of millions of dollars in financial losses to victims. Agentic AI played a central role in dismantling DanaBot, orchestrating predictive threat modeling, real-time telemetry correlation, infrastructure analysis and autonomous anomaly detection. These capabilities reflect years of sustained R&D and engineering investment by leading cybersecurity providers, who have steadily evolved from static rule-based approaches to fully autonomous defense systems. Taking down DanaBot validated agentic AI’s value for Security Operations Centers (SOC) teams by reducing months of manual forensic analysis into a few weeks. All that extra time gave law enforcement the time they needed to identify and dismantle DanaBot’s sprawling digital footprint quickly. DanaBot’s takedown signals a significant shift in the use of agentic AI in SOCs. SOC Analysts are finally getting the tools they need to detect, analyze, and respond to threats autonomously and at scale, attaining the greater balance of power in the war against adversarial AI. Agentic AI directly addresses a long-standing challenge, starting with alert fatigue. Microsoft research reinforces this advantage, integrating gen AI into SOC workflows and reducing incident resolution time by nearly one-third. DanaBot’s dismantling signals a broader shift underway: SOCs are moving from reactive alert-chasing to intelligence-driven execution. At the center of that shift is agentic AI. SOC leaders getting this right aren’t buying into the hype. They’re taking deliberate, architecture-first approaches that are anchored in metrics and, in many cases, risk and business outcomes.