The first international standard for cybersecurity threats to AI systems maps 13 attack categories across the AI lifecycle. It fills a gap that most organizations do not know they have.

The EU gave 27 member states two years to implement NIS2. Only 4 made the deadline. 23 got infringement proceedings. Europe's biggest cybersecurity mandate is off to a chaotic start.

I run a DNS sinkhole on every network I manage. It blocks C2 callbacks, phishing domains, and malware downloads at the resolver level, before the endpoint agent even sees the connection.

I stopped writing vendor-specific detection rules two years ago. Sigma lets me write once and deploy to Splunk, Elastic, and Sentinel. My detection library is finally portable.

I have seen organizations with 50,000 findings and zero remediation. Scanning without triage, prioritization, and tracking is just generating PDFs nobody reads.