So, you read my previous blog post about breaking the patch sound barrier, but it left you wanting more? Well, this is that “more.”Gemini blog illustration / steampunk vuln apocHere are three useful ideas to advance the conversation.1. Defining the “Vulnerability Apocalypse”People love to throw around terms like vulnerability apocalypse, but what ... Read More

Breaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up With AI Exploit Speed. So?Many years ago while at Gartner, I wrote a blog post where I defined the concept of the “Patch Sound Barrier.” (original via Archive if you don’t believe that I was that smart back in ... Read More

OK, RSA 2026 is over. If my record keeping is correct, I first attended RSA in 2006. At that time, I was annoyed by … AI? XDR? NIDS? …. noooo… I was annoyed by NAC (“As many other RSA observers agreed, under each tree you now see a NAC.” NAC rapidly arose ... Read More

My Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO).Gemini image for thisTop 10 posts with the most lifetime views (excluding paper announcement blogs):Anton’s Alert Fatigue: The ... Read More

Look, I’m not a developer, and the last time I truly “wrote code” was probably a good number of years ago (and it was probably Perl so you may hate me). I am also not an appsec expert (as I often remind people).Below I am describing my experience “vibe coding” an ... Read More

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #13 (full version, no info to enter!) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, ... Read More

This blog is perhaps a little bit more like an ad, so if you don’t want to check the ads, consider not reading it.a very cyber image (Gemini)But this year at RSA 2026, I’m speaking on three topics: securing AI, using AI for SOC, and sharing lessons about how Google applies AI ... Read More

You read the “AI-ready SOC pillars” blog, but you still see a lot of this:Bungled AI SOC transitionHow do we do better?Let’s go through all 5 pillars aka readiness dimensions and see what we can actually do to make your SOC AI-ready.#1 SOC Data FoundationsAs I said before, this one is my ... Read More

Amazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify).Top 10 posts with the most lifetime views ... Read More

(written jointly with Tim Peacock)Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or — if you’re a very large enterprise — just start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast ... Read More