The number of publicly reported unique vulnerabilities has risen year after year.

There was a brief decrease and stabilization in 2015 – 2016, but those are the only years in the over two decades (1999 – on) I have been following vulnerability metrics. Other than that, it has been up, up, up.

I need to confess something. A few days ago whilst vibe coding at 2am (which can end up burning through tokens like they are going out of fashion) I accidentally pasted my API key directly into a Claude chat instead of the terminal window I had open.

On March 9th, Codewall.ai disclosed how it had hacked McKinsey & Company’s AI platform called Lilli, a purpose-built system for 43,000+ employees to analyze documents, chat, and access decades of proprietary research. The researchers unleashed an AI agent which quickly scanned 200 endpoints, identified 22 that did not require authentication, and one that wrote user search queries into a database including non-parameterized JSON keys which were concatenated directly into SQL.

The old rules for spotting a phishing email are changing. Remember looking for bad grammar and clumsy spelling? Thanks to AI, hackers’ emails are increasingly polished and hard to spot. But a new poll from KnowBe4 reveals the modern worker’s most reliable alarm bell for a cyberattack isn’t a typo; it’s a sense of manufactured urgency.

Last week, our KnowBe4 Leeds office opened its doors to a group of security professionals for an immersive, full-day deep dive into the evolving landscape of human risk.

Digital Cleanup Day might be seen as a digital chore: delete old files, clear the inbox, reduce your carbon footprint. It’s framed as a technical exercise. But digital cleanup isn’t only about your hard drive; it’s also about your mind.

I am very proud of our customer community here at KnowBe4. It is a place where customers can discuss our products amongst each other and interface with KnowBe4’s developers and product managers.