- Friday Tech News
- Posts
- Friday Tech News
Friday Tech News
Emerging Tech Trends & Updates In Cyber & AI | 04.25.2025
Phil Moroni
April 25, 2025
Good morning and welcome to another edition of Friday Tech News! I hope you’ve had a wonderful week.
Easter came and went quickly in the Moroni household and it feels like we did 138 Easter Egg hunts this past weekend. Props to Pat Ginley over at Wiz for hosting the best one we went to. Hope you also enjoyed the weekend if you celebrated Easter!
On the professional side of things, this has been a crazy week of tech news. There’s been an amazing amount of announcements ahead of RSA, and guess what - they literally each deal with the incorporation of Agentic AI (for the most part…AI for everybody though). I’ve separated AI versus Cyber into two sections this week to better account for the segment of the vendor so lines aren’t blurred. It’s funny how traditional players are now all “AI this” and “AI that”. Let’s be clear. If you haven’t incorporated Agentic AI from the start, you can’t claim your product is natively built as such. Using AI has been around for quite a bit and many vendors use it inside their platforms today. But telling me you’re a former Network Detection and Response player now turned “Agentic AI” player makes absolutely no sense.
In addition, I’ve been writing a new piece of work I’ll elaborate on more in depth in the coming weeks about what I consider to be one of the more important elements of Enterprise Security - AppSec. More to come on that. It’s about the uniqueness of ASPM and why it’s important fund initiatives in AppSec.
Image generated using ChatGPT 4o
Anyway, enjoy this edition of FTN, and truly thank you from the bottom of my heart for continuing to follow, read, and share these updates.
Stay physically and digitally safe,
Phil
OEM News & Updates 📰 | AI Focused
AgentCreator 3.0 is a no-code AI platform that enables businesses to create autonomous AI agents with tools like Prompt Composer and Agent Visualizer for transparency and scalability.
Also, they introduced a new API mgmt. suite to enhance composability, security, and governance.
They’ve also partnered with Glean to improve enterprise Ai initiatives by connecting diverse data sources for a unified view into enterprise data projects.
OpenAI | OpenAI launches Flex API
OpenAI has introduced the Flex API, a cost effective option for low-priority AI tasks that comes with slower response times and the occasional unavailability at half the standard rate.
It’s in beta right now
Pricing model flexibility continues to be a theme between OpenAI, Google, Claude, and others in the AI race.
Google | Google launches Gemini 2.5 Flash
Again, the pricing convo comes up. Google has launched Gemini 2.5 Flash, a multimodal AI model built for speed, scalability, and affordability while exceling in real time tasks like chatbots and data extraction.
They’re introducing hybrid reasoning mode, allowing devs to adjust the “thinking” level for cost and latency control.
Can handle extensive datasets and documents at competitive rates.
This is designed to simplify AI model integration with enterprise data through a common interface.
The MCP server supports natural language querying and interoperability, enabling seamless connections between AI apps and external data sources.
Devs can access sample code and guides via GitHub to experiment with the protocol right now.
Cohere | Cohere Introduces Embed 4
Cohere has launched Embed 4, a multimodal AI embedding tool designed for enterprise data retrieval.
The tool can generate embeddings for documents up to 128K tokens and supports over 100 languages. Very versatile.
Available in Cohere’s platform, MSFT’s Azure AI Foundry, and SageMaker from AWS.
Docker has launched the MCP Catalog and MCP Toolkit, simplifying AI software delivery by integrating Anthropic’s MCP into its containerization tools.
The MCP catalog offers a centralized hub for discovering and managing MCP servers, while the Toolkit provides enterprise tools for deploying AI apps securely.
They’re aiming to address challenges with packaging, versioning, and auth.
Adobe is lagging in the AI Content creation war.
They unveiled the Firefly app, an all-in-one tool for generating images, video, audio, and vectors using their Firefly GenAI models. Apparently they offer lifelike quality, advanced creative control, and precise rendering of complex scenes.
They also launched Content Authenticity, a tool for applying durable metadata (content credentials) to images and videos. This is a good feature as it ensures proper attribution and transparency in GenAI produced content versus human content.
HYCU introduced R-Sheild, a pioneering resilience solution integrated into their R-Cloud data protection platform. It offers robust anomaly detection, ransomware recovery, and total coverage for SaaS, cloud, and on-prem IT.
Targets the challenges posed by unmanaged data, fragmented infrastructures, and increasing threats from malicious people, especially in multi-cloud and SaaS applications.
Pretty neat innovation.
Solo.io launched Agent Gateway, an OSS data plane optimized for AI Agent Connectivity. It supports Agent2Agent, and MCP, enabling seamless A2A and A2Tool communication.
Agent mesh is also out - which is a comprehensive solution for security, observability, and governance across AI agent ecosystems.
Answers the question I asked a few weeks ago of how to govern all these Agents running around doing things.
OEM News & Updates 📰 | Cybersecurity Vendors
Ahead of RSA, here are a ton of updates from critical players in the market:
BigID has launched the AI Privacy Risk Posture Management (AIRPM) solution. Mouthful for sure. This offers end-to-end tools to manage data privacy risks across the AI lifecycle, and a new buzzword.
The platform enables organizations to discover AI assets, enforce data policies, and streamline privacy risk management with automated assessments and reporting.
Aligns with upcoming and evolving regulations like the EU AI Act.
GreyNoise | GreyNoise Launches Global Observation Grid for Real-time Threat Intelligence on Network Attacks
GreyNoise has launched the Global Observation Grid, a sophisticated sensor based network with 5,000 sensors in 80 countries, processing half a billion sessions daily to monitor global attack traffic.
The platform provides real-time intelligence on internet scanning and exploitation to help orgs prioritize vulnerabilities and improve security operations.
Very cool, big fan of the threat intel community.
Cyera | Cyera launches OmniDLP
Cyera has launched Omni DLP, an AI native solution that claims to revolutionize data loss prevention by reducing false positives and providing adaptive, real-time protection.
The platform integrates with their DSPM and DLP analysis solutions as well.
It’s designed for the AI era and offers deep governance, dynamic policies, and comprehensive visibility across endpoints, networks, and cloud environments.
So far, we’re all announcing things about AI.
Snyk introduced Snyk API & Web, a DSAST solution that integrates AI powered tools to address vulns in APIs and web apps.
This is the Probely acquisition at play.
Key features include an AI-driven API security testing engine, enterprise grade capabilities and customization, and tools to address vulns like Broken Object Level Authorization.
Descope | Descope launches Agentic Identity Hub
Descope has launched the Agentic Identity Hub which is designed to simplify authentication and authorization of AI agents, apps, and APIs using standards like OAuth and MCP.
The Hub includes tools like Inbound Apps for AI Agent connectivity, Outbound Apps for integrating with external tools, and MCP Auth SDKs to protect remote MCP servers.
This addresses challenges in securely connecting AI systems to external tools to ensure proper authentication in this whole “zero trust world” we’re living in.
As AI systems become integral to enterprise workflows, these sort of solutions are crucial for scaling adoption while maintaining security and compliance. This is an advancement that bridges the gap between readiness and the chomping at the bit enterprise demands of today.
BlinkOps has launched a No-code security Agent Builder which enables teams to create customized AI agents for operational control without writing code.
The platform integrates with over 30,000 API actions and hundreds of IT and security tools to offer prebuilt workflows for enterprise security tasks.
The agents are designed to perform specialized roles to reduce risk associated with unrestricted AI access.
This is very cool. By empowering organizations to create tailormade agents, orgs can scale operations efficiently while maintaining direct control. Timely innovation given the growing complexity of enterprise environments today.
Veracode has updated its Risk Manager and introduced Package Firewall which focuses on proactive risk mitigation and automated security for enterprise-scale software development.
Lots of enhanced features like container risk context, advanced labeling, and repo tools for precise vuln tracking and remediation.
We need more early threat mitigation efforts.
Entro has launched a GenAI Engine to enhance NHI and secrets security.
The engine reduces false positives and alert fatigue by leveraging advanced reasoning and context analysis.
It operates on a private, self-hosted LLM stack, ensuring compliance and data security.
Aqua has launched the CSRA, a free tool that provides visibility into runtime risks in containerized environments using real-world production data.
The CSRA leverages Aqua’s behavioral detection engine to identify anomalous behavior, misconfigs, and active threats.
Container attacks rising nearly 400% over the past year makes this a timely innovation that helps orgs prioritize remediation without slowing dev speed.
CrowdStrike has introduced the Falcon Privileged Access module and Charlotte AI Agentic Detection Triage offerings.
These are likely partnerships like the one with Salt Security to bolster its position in the market.
The industry is moving toward integrated and adaptive security measures. AI is helping with that.
Zenity | Zenity Expands AI Agent Security
Zenity has expanded its AI Agent Security and Governance platform to integrate with the ChatGPT Enterprise Compliance API, enabling enterprises to secure and govern AI Agents effectively.
The platform provides end-to-end protection across the AI agent lifecycle, offering features like real-time threat detection, policy enforcement, and secure development controls.
Very cool, love to see these advancements.
Articles I Liked This Week 💡
VentureBeat | Amazon’s PolyBench exposes limitations of AI coding
AWS introduced SWE-PolyBench, a benchmark for evaluating AI coding assistants across multiple programming languages and real-world scenarios.
Current standard for evaluating AI is SWE-Bench which has limitations in Java, JavaScript, TypeScript, and Python.
SWE-Bench primarily focuses on Python. It includes over 2,000 challenges from real GitHub issues and uses more advanced eval metrics to understand the coding assistants.
This highlights the growing need for AI coding tools to actually excel in multi-language environments and environments with dispersed datasets. By moving beyond simple bug-fixing tasks these tools can really achieve meaningful outcomes if wrangled correctly by humans.
The Register | The UK’s New Cyber Security and Resilience Bill
Really interesting to see. Highlights include:
Daily fines of $100,000 pounds for failing to address government issues security directives
Expanding regulations to cover more orgs, granting regulators greater enforcement powers, and allowing flexible updates to adapt to evolving threats.
Incident reporting now will be stricter with initial reports needed within 24 hours and full reports within 72.
It’s nice to see the UK moving in this direction and addressing the fact that work is digital and must be protected in new and evolving ways. It’ll force US businesses to also adapt if they do business overseas which will hopefully strengthen US Cyber Influence and posture management of all businesses.
Silicon Republic | OpenAI’s X and new AI models
wild if they go compete against X. I think that platform has had it’s time now, don’t we?
As orgs integrate AI employees in the future, the focus here must shift from traditional security measures to innovative solutions that address NHI’s and their respective elements. This includes developing tools for visibility, accountability, and adaptive security protocols. If you invest in this area, you might just be ahead of your time.
Geeky Gadgets | OpenAI’s guide to building production ready agents
Really like that they’ve come out with this
Key best practices include:
starting with single agent systems
limiting tool usage per agent
refining models and instructions iteratively based on real-world feedback
Safety is prioritized through input/output management, classifiers, and continuous updates to guardrails making it adaptive.
This framework sets a new standard for scalable, reliable, and secure AI systems led by the creators of some of the most innovative technology since the internet.
Tech Funding & M&A 💸
Goodfire | Goodfire raises $50M Series A
Goodfire is a San Francisco based company making advanced AI systems more understandable, controllable, and safe. They’re developing Ember, which decodes the internal workings of AI models.
Fennel is a feature engineering startup that DB bought to integrate its engineering capabilities into the Intelligence Platform. It aims to enhance DB’s ability to provide real-time personalized and context aware AI models while of course keeping costs “optimized”.
You know I’m a big DB fan. They just keep going.
Exaforce | Exaforce raises $75M
Exaforce is a California based Cybersecurity and AI company specializing in developing innovative solutions for SOC teams using Multi-model AI. They have a flagship platform, The Agentic SOC Platform, the integrates LLMs with semantic, behavioral, and statistical models to enhance secops.
Spur | Spur raises $4.5M
Spur uses AI browser agents that click around the page like a real human user.
Supabase | Supabase raises $200M series D
Supabase is an OSS backend dev platform that provides tools for devs to build apps efficiently. They’re based in California.
Cynomi | Cynomi raises $37M for vCISO for SMB
Cynomi is an Israeli based company specializing in offering a vCISO platform for SMBs.
Endor Labs | Endor Labs raises $93M Series B
Endor Labs is a California based company specializing in application security and managing open-source software dependencies.
Push Security | Push raises $30M Series B
Push is a UK based company specializing in identity security and protecting against identity-based attacks. They provide a browser based platform to monitor and secure attack surfaces.
SquareX | SquareX raises $20M Series A
SquareX is a Singapore based company focusing on browser based data security solutions.
Giving new breadth to the term BDR (Browser Detection & Response).
Datadog | Datadog acquires Metaplane
Metaplane is a Massachusetts based company specializing in data observability.
LaunchDarkly | LaunchDarkly acquires Highlight
Highlight is an OSS full stack app monitoring platform known for its capabilities in error monitoring, logging, distributed tracing, and session replay.
Layoff | Intel to layoff 20% of workforce
Meme of the week 🤣
Recommendations 👉🏻
|
|
Thank you so much for making this a part of your Friday morning coffee time. I'm Phil Moroni, and I'm an Account Executive in the Information Technology industry here with another edition of Friday Tech News!
What is this? This is a newsletter that provides updates and insights on the latest trends and developments in the technology industry. I am a professional who specializes in supporting IT leaders in evaluating, investing, and managing people, processes, and technology tools that support their businesses.
Each week, I summarize relevant industry updates from popular Original Equipment Manufacturers (OEM's), software publishers, and managed providers. The goal of my research and newsletter is to keep you informed about current trends and events that may impact your business from a trusted and reputable source. It's just information I'm sharing, and I follow and work with hundreds of partners in the industry, keeping track of their growth, changes, and evolution so that you don't have to.
Bottom Line: As you focus on improving your business through digital initiatives, my commitment is to keep you informed of the fast-paced changes and trends taking place so that you can plan ahead and stay ahead of the game.
Key areas of focus for me are:
Cloud Computing, Security, Trends
Developer & Security Tools
Networking & Infrastructure Tools
End User Tools & Workspace Tech
Emerging Technologies and Future Concepts
If you have any questions, would like information about any specific vendors I follow, or would like to have a conversation about any topic that is challenging you, I invite you to engage with me! I value feedback immensely and would love to know what you find valuable about this newsletter so feel free to reach out!
Thank you for reading and stay digitally and physically safe!
Phil
Reply