Jeff Pollard

Claude Code Security Causes A SaaS-Pocalypse In Cybersecurity AI agents reshaped the cybersecurity market on February 20th. Learn how Claude Code Security, SAST tools, and AppSec strategies will evolve and what CISOs must do next.

Claude Code Security shook up cybersecurity with an experimental release that went well beyond appsec. The AI Platforms - like hyperscalers - want in on security and left stock prices reeling as a result. Read our analysis here: www.forrester.com/blogs/claude...

The Notepad++ supply chain attack – unnoticed execution chains and new IoCs Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sidelo...

We included some great links to the broader cybersecurity community in the blog including @cyb3rops.bsky.social and
@rapid7.com. In addition, Securelist just released a detailed blog with additional IOCs and analysis that's worth checking out: securelist.com/notepad-supp...

When A Hosting Provider Becomes A Hostile Provider: The Notepad++ Compromise The Notepad++ compromise shows how a hosting provider failure turns into a software supply chain attack. CISOs can learn how to assess their exposure, validate software integrity, and run targeted thr...

When a hosting provider turns hostile your software supply chain pays. The Notepad++ compromise shows how a single utility can quietly become an enterprise wide attack path. Check out our blog where we detail the Notepad++ compromise and what to do about it here: www.forrester.com/blogs/when-a...

Ready For Clawdbot To Click And Claw Its Way Into Your Environment? Security leaders face a new AI agent craze as personal tools like Clawdbot spread. AI butlers are the next shadow superuser.

Clawdbot looks so cool! So I ALMOST started messing with it, but I don't need it in my personal life. I need it at WORK. I won't be the only (potential) user to come to those conclusions.
@jessburn.bsky.social and I wrote blog about what that means for CISOs here: www.forrester.com/blogs/ready-...

Forrester AEGIS: The New Standard For AI Governance Explore Forrester’s AEGIS AI governance crosswalk mapping NIST AI RMF, ISO 42001, EU AI Act, OWASP, and MITRE so CISOs can prioritize high‑yield controls.

AI governance just got easier. Forrester’s AEGIS Framework crosswalks NIST, ISO 42001, EU AI Act, OWASP, and MITRE. This gives CISOs a clear path to trust and governance for AI. Forrester AEGIS: The New Standard For AI Governance here: www.forrester.com/blogs/forres...

How To Build AI Red Teams That Actually Work AI red teaming blends offensive testing and safety checks to uncover risks in models, apps, and infrastructure.

AI red teaming should be more than prompt bombing clever prompts. But today's AI red team market is a mix of products, services, and hybrid approaches that can befuddle...everyone. Here's How To Build AI Red Teams That Actually Work here: www.forrester.com/blogs/how-to...

Securing AI's M&A Feeding Frenzy Is On Explore how recent cybersecurity acquisitions are transforming AI security. Learn what CISOs must do to manage enterprise risk, vendor consolidation, and new threats like prompt injection.

$2.0+ billion dollars, 8 vendors, 8 acquisitions in 18 months. There’s a securing AI feeding frenzy happening in cybersecurity that is reshaping vendor platforms.Give this a read to find out why it matters and what it means: www.forrester.com/blogs/securi...

Vibe Hacking And No-Code Ransomware: AI’s Dark Side Is Here AI is no longer just a tool for defenders; it’s now a weapon in the hands of cybercriminals.

Vibe Hacking And No-Code Ransomware: AI’s Dark Side Is Here: Anthropic’s August 2025 Threat Intel Report is one of the most fun reads of the year. We summarize some of the key elements and offer CISOs advice on what to do about it here: www.forrester.com/blogs/vibe-h...

MCP Doesn’t Stand For Many Critical Problems…But Maybe It Should For CISOs MCP and A2A protocols power agentic AI but introduce major security risks. Learn what CISOs need to know to secure autonomous systems.

MCP Doesn’t Stand For Many Critical Problems…But Maybe It Should For CISOs www.forrester.com/blogs/mcp-do...

How To Choose A Security Platform Without Getting Burned Not all security platforms are created equal. Get five tips on how to separate real platforms from glorified product bundles.

My coauthor @jessburn.bsky.social and I just released our work on security platforms. We don't attempt to articulate all the various products that comprise a platform. Instead, we focus on the components, outcomes, and benefits platforms bring. Give the blog a read: www.forrester.com/blogs/how-to...

Zscaler Snatches Up Red Canary: The Good, The Bad, And The Concerning Zscaler acquires Red Canary, bringing MDR and Zero Trust together. Check out Forrester's analysis of the good, the bad, and the concerning.

Zscaler announces its intent to acquire Red Canary. SSE meets MDR in a platform play.

The Good: Visibility boost
The bad: Integration unknowns
The concerning: Culture clash?
Check out the full blog from us here: bit.ly/44Z9vYC

Then, on Thursday April 24th at 2:20 PM Eastern I'll be leading a session at the SANS Cybersecurity Leadership Summit 2025 to help CISOs think about their security program as a profit center, not a cost center. This is a free event that you can register for here: www.sans.org/cyber-securi...

Action packed week in webinars! In just a few minutes Merritt Maxim, Alla Valente, and I will be delivering a webinar on "Leading Through Volatility" for security leaders. Forrester clients can register here: www.forrester.com/webinar/Lead...

RSAC 2025 Early-Stage Expo Preview: AppSec, IAM, GenAI, SecOps, And More As we put together our game plan for what to see at RSA Conference 2025, we want to scope out innovation. Here's trends to know going in.

RSAC Launch Pad and Innovation Sandbox represent two major chances for new vendors to show where our industry is headed. Heidi Shey and I give you a glimpse here: RSAC 2025 Early-Stage Expo Preview: AppSec, IAM, GenAI, SecOps, And More www.forrester.com/blogs/rsac-2...

Announcing The Forrester Wave™: Managed Detection And Response Services, Q1 2025! The third installment of the Forrester Managed Detection and Response (MDR) Services Wave™ is now live. There’s so much to love about the MDR market: fantastic providers, engaged clients, and meaningf...

Finally there's a threepeat worth talking about in 2025...in this case it's me finishing and releasing the third and newest edition of the MDR Wave! Give the blog a read! Announcing The Forrester Wave™: Managed Detection And Response Services, Q1 2025! forrester.com/blogs/announ...

Choose Your Own MDR Adventure: Avoid The Free-For-All Of “New” MDR Services Managed detection and response (MDR) has successfully claimed the crown of all managed security services for making and keeping clients happy.

In pursuit of sustaining their success, MDR providers now offer a wild mix of services that sometimes make MDR better and other times just satisfy investors chasing growth. For more read what @jessburn.bsky.social and I just released: www.forrester.com/blogs/choose...