AI security and agents
MCP, LLM agents in production, model supply-chain risk, GenAI browser extensions. What organisations can actually control today, what depends on the provider, and which controls to require by contract.
Technical breakdowns, practical guides and operational criteria from the Hard2bit team — the same one that runs a 24/7 SOC, handles incident response, executes pentests and supports compliance programmes at mid-market and large organisations.
We publish about the work we run every day. Every article is signed by someone who has been inside the problem, not written by an external copywriter. You'll find technical breakdowns of high-impact CVEs, implementation-focused guides on NIS2, DORA, ENS and ISO 27001, and explanations of which controls actually move maturity forward and which are theatre.
We cover five areas:
When the decision is X or Y: what each option assesses, where they overlap, and when each makes sense. Written to unblock scoping and procurement calls.
Four frameworks, one control map. What each requires and how to prioritise.
Compare →Endpoint detection, cross-domain correlation or 24/7 managed service. When to pick each.
Compare →Real cost, response capability and operational control. When to internalise, when to outsource.
Compare →What each offensive exercise validates and which one the board, auditor or regulator asks for.
Compare →When an in-house CISO makes sense and when a fractional vCISO solves the equation better.
Compare →Four areas where the blog concentrates most material. Each block links to the articles that cover the fundamentals and to the equivalent service at Hard2bit.
MCP, LLM agents in production, model supply-chain risk, GenAI browser extensions. What organisations can actually control today, what depends on the provider, and which controls to require by contract.
What each type of offensive exercise actually assesses, what a useful pentest report should deliver, and how external attack surface work differs from a compliance audit.
Live campaigns and techniques observed in real engagements. ClickFix, C2 over Microsoft Teams, Microsoft 365 account takeover, npm supply-chain attacks. Vector, indicators and the controls that actually block the technique.
Boardroom-facing material: exposure dashboards a board can act on, digital supply-chain lessons for the CISO, and continuous exposure management for regulated environments.
The blog is signed by Hard2bit's founding partners and technical team. Every article carries the byline of someone who has worked the problem in a real engagement — not an external copywriter.
Filter by category
Microsoft has confirmed active exploitation of CVE-2026-42897, an XSS flaw in on-premises Exchange OWA that runs JavaScript the moment a crafted email is opened. What it means and how to contain it.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
Passive analysis of 60 EU domains — banking, pharma, telcos, energy, retail and public sector — against the 11 emerging AI Agent Readiness standards. Aggregated data by sector.
By Adrián González · CEO
A flaw in the Microsoft Defender engine spawns a SYSTEM shell on fully patched Windows 10 and 11. What RoguePlanet is, how to check your engine version and how to detect and defend against it.
By Adrián González · CEO
OWASP, PTES, OSSTMM, NIST SP 800-115 and MITRE ATT&CK: what each penetration testing methodology contributes, how they differ and how they combine in a serious test.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
Stealing AI compute is now an industry: stolen cloud credentials and exposed inference servers that hand you the bill and fuel further attacks.
By Adrián González · CEO
Nmap, Burp Suite, BloodHound, NetExec, Impacket, Hashcat: a penetration tester's real toolkit by phase, what each family validates, how it chains together and the trace it leaves.
By Adrián González · CEO
Anubis ransomware has claimed 91 victims by exploiting Citrix Bleed 2: it leaks NetScaler memory, steals session tokens and walks in with no password and no MFA. What to detect before encryption.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
An operational guide to turning NIS2 obligations into executable controls, with audit-ready evidence and reporting that is genuinely useful to leadership.
By Irene Ocando · Directora de Cumplimiento Normativo Hard2bit
If you are implementing ISO 27001, do not start with everything at once. These controls tend to reduce the most risk for the least effort and show visible results in weeks.
By Irene Ocando · Directora de Cumplimiento Normativo Hard2bit
A tactical guide to automating ISO 27001 without losing rigour: control design, clear ownership and metrics that are genuinely useful for audit and leadership.
By Adrián González · CEO
NIS2 does not only affect large operators: many supplier SMEs will have to demonstrate controls, incident response and third-party management, often through their larger customers.
By Irene Ocando · Directora de Cumplimiento Normativo Hard2bit
A strategic guide to adopting an AI compliance platform with end-to-end traceability, less operational friction and a stronger position at audit time.
By Adrián González · CEO
A complete step-by-step guide to implementing ISO 27001: scope, risk assessment, controls, documentation, internal audit and certification, and how to approach it realistically.
By Adrián González · CEO
LLMs, copilots and vibe coding are already in companies, faster than their controls. The real risks to data, code and governance, plus the shadow-AI controls to put in place.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
How recent conflicts in Ukraine and Iran shape European cybersecurity: resilience, critical infrastructure, third parties, spillover and the lessons for businesses.
By Adrián González · CEO
What a breach linked to the European Commission reveals about supply chain, API keys, third parties, cloud, monitoring and compliance under NIS2, DORA, ENS and ISO 27001.
By Adrián González · CEO
A practical model to prioritise OT/IT risk for European manufacturers: critical processes, remote access, NIS2, IEC 62443, metrics and a realistic roadmap.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
A Microsoft 365 security audit checklist for businesses: Entra ID, MFA, Conditional Access, email, permissions, tenant hardening and the risks that most often appear.
By Adrián González · CEO
Vulnerability management does not fail for lack of scanners, but for poor prioritisation. What to fix first, using exploitation, exposure, asset criticality and compromised credentials.
By Adrián González · CEO
A web security checklist to review TLS, HTTP headers, DNS, DMARC, cookies, technologies, CVEs, cloud exposure, leaks, subdomains, reputation and AI readiness with Hard2bit Scanner.
By Adrián González · CEO
What malware analysis is, how it is performed, the techniques it uses and what it can reveal in a real incident: persistence, credential theft, exfiltration and more.
By Adrián González · CEO
An IT security audit identifies vulnerabilities, misconfigurations and risks that can compromise a company's systems. A practical checklist of what to review and the common failings.
By Adrián González · CEO
Langflow's IDOR (CVE-2026-55255) landed on CISA's KEV list on 7 July. Attackers abuse it to harvest LLM keys, cloud credentials and database secrets embedded in AI flows.
By Adrián González · CEO
Treating cybersecurity and compliance as separate functions no longer works. Why NIS2, DORA and modern risk management demand unified controls, evidence, governance and operations.
By Adrián González · CEO
An executive guide for boards on what to communicate, to whom and at what cadence during the first 24 hours of a cyber incident, aligning business, legal and technical response.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
In 2026 most incidents combine credential theft, abuse of privileged access and resilience gaps. A practical guide to prioritising measures and aligning with NIS2 and DORA.
By Adrián González · CEO
A red team exercise does not hunt for vulnerabilities: it validates whether your SOC detects them. The key differences, the metrics that matter and when it is worth it.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
A practical set of questions for evaluating a cybersecurity provider, MSSP or software product in 2026. Reduce hidden risk and buy with more judgement, operation and control.
By Adrián González · CEO
Scanning for vulnerabilities is not managing risk. How to prioritise, remediate and evidence vulnerabilities in ENS, NIS2, ISO 27001 and enterprise environments.
By Adrián González · CEO
Many organisations use "audit" and "pentest" interchangeably, but they are not the same. What each one reviews, when to buy which, and how to choose.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
What penetration testing is, the types that exist, how a test is run, the methodology behind it and when it genuinely makes sense for an organisation.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
What a Security Operations Centre really is, the service levels it should offer and how it maps to NIS2, DORA and ENS: monitoring, managed security and forensic investigation.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
Vulnerability management is not just running a scanner. It includes inventory, detection, risk-based prioritisation, remediation, verification, exceptions, reporting and continuous follow-up.
By Adrián González · CEO
Healthcare is Europe's most ransomware-hit sector and an essential entity under NIS2. What ENISA's data shows, what the law demands and how to protect a hospital group without disrupting care.
By Adrián González · CEO
CVE-2026-12569 gives unauthenticated remote code execution on PTC Windchill and FlexPLM, already exploited with JSP web shells. Why your PLM is an attack surface almost no one inventories.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
A CVSS 10.0 flaw in SimpleHelp lets attackers forge OIDC tokens and gain technician sessions without credentials. Now on CISA's KEV list, exploited to deploy TaskWeaver and Djinn Stealer.
By Adrián González · CEO
CISA added CVE-2026-45659 to KEV on 1 July: a SharePoint on-premises RCE that Storm-2603 abuses to deploy Warlock ransomware. What to detect and how to respond.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
Sysdig documents JADEPUFFER, the first agentic ransomware: an AI model that entered through Langflow, stole credentials and destroyed a database. Read from the defender's side.
By Adrián González · CEO
Two critical Cursor flaws (DuneSlide) turn indirect prompt injection into code execution. What it means for the AI editors your developers use, and how to defend.
By Adrián González · CEO
The US is offering up to $10 million for information on Russian-linked groups that compromised Signal and WhatsApp accounts. What companies and executives should do next.
By Adrián González · CEO
On 23 June 2026 CISA added four UniFi OS and Lantronix EDS5000 flaws to its KEV catalogue. Chained, three of them give unauthenticated remote code execution on the box that manages your network.
By Adrián González · CEO
An unauthenticated endpoint in Splunk Enterprise's PostgreSQL service allows remote code execution. CISA added it to the KEV catalogue on 18 June. What breaks and how to contain it.
By Adrián González · CEO
DragonForce hid its command and control inside Microsoft Teams TURN relays and stayed undetected for nearly two months. How Backdoor.Turn works and how to hunt it on your network.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
On 17 June 2026 an attacker pushed more than 140 @mastra npm packages carrying a malicious dependency that runs a trojan during postinstall. What happened, and how to defend against it.
By Irene Ocando · Directora de Cumplimiento Normativo Hard2bit
We ran a 100% passive OSINT scan against 24 well-known brands and found 591 live typosquatting domains. 48% can send email. Anonymised aggregate data, June 2026.
By Adrián González · CEO
ClickFix tricks users into running PowerShell by pasting a command. 517% growth in 2025. Anatomy, operational detection and defences that genuinely work.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
Realistic 2026 ranges for cybersecurity audit pricing in the Spanish and EU mid-market, what a professional audit covers and how to choose a serious provider.
By Irene Ocando · Directora de Cumplimiento Normativo Hard2bit
ENISA Threat Landscape 2025 (4,875 EU incidents) and Verizon DBIR 2026 combined: five CISO lessons on supply chain, digital dependencies, vulnerabilities, AI phishing and NIS2.
By Adrián González · CEO
A practical 12-KPI cyber resilience dashboard for the Board: what to measure, how to present it, and how to use it to drive decisions on risk, investment and strategy.
By Adrián González · CEO
SPIFFE/SPIRE for workload identity and OAuth for machine-to-machine: how each works, where each fits, and the hybrid pattern that scales for cloud-native enterprises.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
How to combine CISA KEV, EPSS and SSVC to prioritise exploitable vulnerabilities, replace CVSS-only triage and produce defensible remediation decisions.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
How to implement Continuous Threat Exposure Management (CTEM) in regulated enterprises: five phases, architecture, KPIs, compliance mapping and a 90-day rollout plan.
By Adrián González · CEO
Technical playbook for SOC and IR teams: how to detect, contain and reduce Active Directory abuse in hybrid environments — Kerberoasting, AD CS misconfigurations, Golden Ticket and Entra ID.
By Thilina Manana · COO y Director Técnico de Seguridad hard2bit
Executive guide to preparing the post-quantum transition for European enterprises 2026-2028: cryptographic inventory, prioritisation by impact and feasibility, governance, KPIs and quick wins.
By Adrián González · CEO
How to move AI agents from pilot to secure production with MCP: control architecture, guardrails, security minimums and a phased implementation plan for the enterprise.
By Adrián González · CEO
Non-human identities now outnumber humans in most enterprises. Practical guide to inventory, least-privilege, secret rotation, anomaly detection and a 90-day implementation plan.
By Adrián González · CEO
Traditional MFA isn't enough. Technical analysis of Adversary-in-the-Middle (AiTM) attacks, Evilginx2, ESTSAUTH cookie theft and FIDO2-based mitigation in Microsoft 365.
By Adrián González · CEO
Device-code phishing in Microsoft 365 abuses legitimate OAuth flows to steal tokens without asking for passwords. How it works, warning signs and the controls that actually block it.
By Adrián González · CEO
AI-powered browser extensions can read sessions, prompts, cookies, SaaS data and corporate secrets. Learn the real risks, technical controls and detection patterns to protect your organisation.
By Adrián González · CEO
AI Agents like ChatGPT, Perplexity, Claude and Gemini discover websites through 11 emerging standards. What they are and how to audit your site against them.
By Adrián González · CEO
How we publish, who writes, what we cover and how to cite the material.
Several articles a month. We refresh the pillar posts (NIS2, DORA, ENS, ISO 27001, pentesting, SOC, AI security) whenever the technique or the regulatory interpretation shifts.
The Hard2bit team: SOC analysts, pentesters, compliance leads and security architects. Every article is signed by someone who has worked the problem in a real engagement, not by an external copywriter.
Offensive security (pentesting, red team, external attack surface), compliance and GRC (NIS2, DORA, ENS, ISO 27001, ISO 42001, EU AI Act), AI security (agents, MCP, LLMs), defensive operations (managed SOC, MDR, threat hunting, incident response) and analysis of live cyber threats.
The technical ones are: CVE analyses, security architecture, AI, threat hunting or pentesting content is transnational. Compliance material focuses on the European regulatory frame (NIS2, DORA, EU AI Act) and on Spanish specifics (ENS). The English edition covers the same topics adapted to the UK/EU context.
Yes, with attribution to Hard2bit and a link to the original URL. For partial reproduction or translation, get in touch and we'll coordinate.
Before you leave…
Quick 15-minute assessment and we'll tell you what to prioritise first: Microsoft 365, pentesting, vulnerability management, SOC, DORA, NIS2, ENS or ISO 27001.
No spam. Reply within 24h.