Ridge Security Technology Inc.

Join Dan Mrvos and Eric Bowerman next Thursday 10 AM PT · LinkedIn Live 🔗 Register: https://t.co/lKpwq73N0n Eric Bowerman, CISO at DFW Airport, will tell you straight: they got off to a rough start with AI adoption. People were bringing tools in, and they had to start backing out of things. Figuring out which LLMs are safe, what data can go where, and how to actually make it useful for the team. #Cybersecurity #CISO #SecurityLeadership #CISOCommunity

The 2026 Verizon DBIR analyzed 22,000+ confirmed breaches across 145 countries. Here are the numbers: 📌 31% — breaches starting with vulnerability exploitation (now #1, up from #2) 📌 13% — breaches via stolen credentials (used to be #1) 📌 43 days — median time to fully patch (up from 32 last year) 📌 26% — share of critical CVEs actually remediated (down from 38%) 📌 48% — breaches involving ransomware 📌 69% — ransomware victims who did NOT pay 📌 60% — increase in third-party involved breaches 📌 40% — higher click rate on mobile phishing vs. email 📌 45% — employees using AI on corporate devices (up from 15% last year) 📌 15 — median number of attack techniques where threat actors used GenAI The theme of this year's report: "keeping a strong foundation in the face of change." AI is accelerating attacks. Patch windows are shrinking. Third-party exposure is exploding. And shadow AI is quietly leaking source code to unauthorized tools. The fix is unglamorous: patch faster, enforce MFA, manage your vendors, govern AI use. Attackers are getting faster. The fundamentals can't wait. 📄 Full report: https://t.co/idXyh5m0Bc #Cybersecurity #DBIR2026 #InfoSec #DataBreach #CyberRisk #AI

We are excited to announce our participation in this year’s CYBR.HAK.CON in Plano, Texas. As the threat landscape evolves, staying ahead of vulnerabilities is more critical than ever. Join us on May 27! Visit https://t.co/WGCwOCFUlb for full event details and registration. #CyberSecurity #CYBRHAKCON #RidgeSecurity #InfoSec

Agentic AI in security is a hot topic, but it’s rarely demonstrated. On May 21, we’re changing that with a live session. Register: https://t.co/PfHKJQJzS0 Join us for a LinkedIn Live to see PurpleRidge in action. Witness exactly how an AI reasons through an application, chains exploits, and validates findings, all without a human in the loop. ⭐️ Get 100 Free Credits Want to test it yourself before the session? Sign up now to get 100 free credits. Run a full agentic AI pentest on any domain you own and see the results instantly. 👉 Claim your credits & try it free: https://t.co/WDdkhmrdIy #CyberSecurity #AgenticAI #Pentesting #PurpleRidge #InfoSec #AI

Government and public sector teams operate in complex environments with legacy systems, rapid cloud adoption, strict compliance requirements, and an expanding attack surface. RidgeBot helps organizations, including government agencies, identify and validate exploitable risks across hybrid environments using automated offensive security testing. We’re honored to be recognized by Security Today for the innovation behind RidgeBot. Read more: https://t.co/pSbCebTVt1 #GOVIES #Cybersecurity #Pentesting #Government #AIPowered #OffensiveSecurity #RidgeBot

🚨One JWT vulnerability. Twelve cascading findings. That's what happened when Ken Huang benchmarked RidgeGen against OWASP Juice Shop. Full analysis → https://t.co/TrR3QyN4iB After confirming a JWT alg:none bypass, RidgeGen didn't log the finding and move on. It updated its model of the application's authentication surface and reprioritized everything downstream: → Role claims in forged tokens accepted server-side → vertical privilege escalation → Admin access confirmed → full API surface enumeration → /api/Users/:id → account takeover via mass assignment → /api/Products/:id → unauthenticated price and description manipulation → 12 IDOR vulnerabilities across basket, address, complaint, and privacy endpoints → Admin-level enumeration and deletion across feedback, complaints, and user records Neither of the two competing frameworks in the benchmark found any of these. They stopped at the first layer. Huang calls the underlying failure "belief state amnesia" — when a system can't maintain coherent knowledge about what it's learned across a session, it can't reason about the implications of its discoveries. It logs findings sequentially instead of asking: given what I now know, what else becomes possible? This is what we built RidgeGen to do differently. The architecture maintains a persistent, structured model of what has been tested, what has been confirmed, and what attack paths remain open — and updates that model after every significant finding. All three platforms in Huang's benchmark used the same LLM. The difference is entirely the system design. Full analysis → https://t.co/TrR3QyN4iB #CyberSecurity #PenetrationTesting #AIpentesting #AppSec #RidgeSecurity

Ken Huang benchmarked three platforms against OWASP Juice Shop under identical conditions: same target, same URL, same LLM backend (Gemini 3 Flash), network-isolated, with anti-cheat controls in place. His core argument: the phrase "agentic AI pentester" has been stretched so thin it no longer means anything. Glorified scanners, pre-defined payload libraries, decision trees with an LLM on the output — all marketed with words like "AI-driven exploitation" and "autonomous reasoning." 🎯 The benchmark puts a number on that gap: • RidgeGen: 55 findings — 0% hallucination rate • Shannon: 27 findings — 63% unconfirmed (no execution evidence) • Strix: 6 findings — all confirmed, but 95% of attack surface unexplored Huang's methodology note is the most important part: all three platforms used the same model. The 55 vs. 6 finding gap isn't about which LLM you're running. It's entirely about system architecture — how a platform plans, maintains state, validates findings, and chains discoveries. The 63% unconfirmed rate on Shannon's findings isn't a minor quality issue. When unconfirmed findings mix with real ones in a report, every result requires a meta-level judgment from the analyst reviewing it. That overhead compounds — and ultimately destroys trust in the platform's output. Worth a read for anyone evaluating or building in this space: https://t.co/TrR3QyN4iB #CyberSecurity #AIpentesting #AppSec #AgenticAI

Cisco recently disclosed several critical vulnerabilities in Catalyst SD-WAN Manager, some of which are actively being exploited in the wild. As a result, CISA has added these flaws (CVE-2026-20128, CVE-2026-20133, and CVE-2026-20122) to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting the immediate risk to network infrastructure. Learn more: https://t.co/VBc868IWtA #CVE #KEV #RidgeBot #AgenticAI