- How Wallarm Redefines Agentic AI SecurityIs an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious
- CISO Spotlight: Lefteris Tzelepis on Leadership, Strategy, and the Modern Security MandateLefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure to real-world attacks at the Greek Ministry of Defense to building and leading security programs inside complex enterprises, his career mirrors the evolution of the CISO role itself. Now a group CISO overseeing security across multiple organizations, Lefteris brings a
- 2026 API and AI Security Predictions: What Experts Expect in the Year AheadThis is a predictions blog. We know, we know; everyone does them, and they can get a bit same-y. Chances are, you’re already bored with reading them. So, we’ve decided to do things a little bit differently this year. Instead of bombarding you with just our own predictions, we’ve decided to cast the net far
- Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged regarding the initial Proof-of-Concept exploit, as well as improved detection methods, exploitation mechanics observed in the wild, and rapidly growing attack activity. This update summarizes the changes and observations we have made across Wallarm customers.
- 2025 in Review: A Year of Smarter, Context-Aware API SecurityAs the year draws to a close, it’s worth pausing to look back on what has been an extraordinary year for Wallarm and, more importantly, for the businesses we protect. If 2024 was about laying the groundwork (tracking API sessions to understand behavioral attacks), then 2025 was the year we built upon that foundation, turning
- Wallarm Halts Remote Code Execution Exploits: Defense for Vulnerable React Server Component WorkflowsOn December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. A working PoC was released publicly, and Wallarm immediately began observing widespread exploitation attempts across customer environments. What is CVE-2025-55182? CVE-2025-55182 is an unauthenticated remote code execution (RCE) vulnerability, rated CVSS 10.0,
- Attackers Don’t Need to Breach Your API -They’ll Breach the Tools That Touch ItThe API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services that connect to them. These unmanaged dependencies are now the shortest path to your sensitive data. The recent Mixpanel incident is a stark reminder of that fact. What Happened During
- When your AI Assistant Becomes the Attacker’s Command-and-ControlEarlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust.
- APIs Are the Retail Engine: How to Secure Them This Black FridayCan you ever imagine the impact on your business if it went offline on Black Friday or Cyber Monday due to a cyberattack? Black Friday is the biggest day in the retail calendar. It’s also the riskiest. As you gear up for huge surges in online traffic, ask yourself: have you protected the APIs on