- Cyber Essentials
- Penetration testing
Cyber Essentials Danzell: What Is Changing And How It Will Affect You
From 27th April, Cyber Essentials moved from Willow to Danzell; a set of changes significant enough that organisations going through assessment unprepared are likely to feel it. The five control themes remain, but the marking criteria, scoping expectations, and CE+ methodology have all tightened around three areas in particular: cloud service scoping, multi-factor authentication, and patching discipline.
- Attack surface discovery
- Penetration testing
- Red teaming
AI Is Raising the Stakes: Why Security Basics Matter More Than Ever
AI is changing the economics of vulnerability discovery. As the barrier to finding and weaponising software flaws falls, organisations can no longer assume that fully patched systems and perimeter controls are enough. The fundamentals of good security - minimising attack surface, enforcing least privilege, segmenting environments, managing data properly and investing in detection - are becoming more important, not less.
- Penetration testing
- Red teaming
- Research
- Tools and techniques
Probabilistic Systems, Deterministic Security
LLMs and AI agents are increasingly being connected to tools, APIs, data sources and business workflows. While this creates real value, it also introduces an important security question: should probabilistic systems be trusted to enforce security boundaries?
This article explains why prompts, refusals and LLM-based guardrails should not be treated as access controls. It explores the difference between deterministic security enforcement and probabilistic model behaviour, highlights risks seen in real-world AI agent testing, and sets out why secure LLM architectures should keep deterministic controls in charge of identity, authorisation, data access, tool execution and sensitive output handling.
The key principle is simple: use LLMs at the interaction layer, but enforce security in the surrounding application, services and infrastructure.