InfoQ Homepage Security Content on InfoQ
-
Bring Your Own Key (BYOK): AWS IAM Identity Center Adopts CMKs to Meet Enterprise Compliance Needs
AWS IAM Identity Center now supports customer-managed KMS keys (CMKs) for encrypting identity data at rest. This enhancement offers organizations complete control over their encryption keys, ensuring granular access management, robust auditing via AWS CloudTrail, and improved compliance for regulated industries. It’s a key evolution for data sovereignty in the cloud.
-
QCon AI New York 2025 Schedule Published, Highlights Practical Enterprise AI
The QCon AI New York 2025 schedule is now live for its Dec 16-17 event. Focused on moving AI from PoC to production, the program offers a practical roadmap for senior engineers & tech leaders. It addresses the real-world challenges of building, scaling, and deploying reliable, enterprise-grade AI systems, helping organizations overcome the hurdles of productionizing their AI initiatives.
-
New DNS Armor Service Helps Google Cloud Workloads Preemptively Block Cyber Threats
Google Cloud's DNS Armor, in partnership with Infoblox, offers a vital layer of security against DNS-based threats for Google Cloud workloads. Utilizing advanced threat detection and machine learning, it identifies and mitigates risks like malware and data exfiltration, ensuring robust protection without impacting performance. Deployable as a managed service providing seamless control for users.
-
OWASP Flags Tool Misuse as Critical Threat for Agentic AI
Earlier this year OWASP released guidance for Agentic AI security called Agentic AI - Threats and Mitigations. The document highlights the unique challenges involved in securely deploying this emerging technology and suggests mitigations and architectural patterns for defense.
-
Google Cloud Unveils New Data Security Posture Management Offering in Preview
Google Cloud unveils its new Data Security Posture Management (DSPM) offering, enhancing data governance, privacy, and compliance. This innovative solution provides visibility into sensitive data, helping organizations identify risks and enforce controls. With advanced features integrated into the Security Command Center, it addresses the evolving challenges of cloud data security.
-
Anthropic Proposes Transparency Framework to Safeguard Frontier AI Development
Anthropic has proposed a new transparency framework designed to address the growing need for accountability in the development of frontier AI models. This proposal focuses on the largest AI companies that are developing powerful AI models, distinguished by factors such as computing power, cost, evaluation performance, and annual R&D expenditures.
-
The White House Releases National AI Strategy Focused on Innovation, Infrastructure, and Global Lead
The White House has published America’s AI Action Plan, outlining a national strategy to enhance U.S. leadership in artificial intelligence. The plan follows President Trump’s January Executive Order 14179, which directed federal agencies to accelerate AI development and remove regulatory barriers to innovation.
-
How to Build Secure Software without Sacrificing Productivity
Security can clash with development efficiency. Focusing on minimizing breach impact can be more effective than prevention. Dorota Parad argues for flexibility in compliance and collaborating with security teams to define practical protections. Limiting blast radius and using automation can boost security with minimal productivity loss.
-
AWS CloudFront Adds HTTPS DNS Support
Amazon CloudFront now supports HTTPS DNS alias records in Route 53, streamlining DNS lookups by returning protocol details alongside IP addresses. This innovation accelerates page loads, enhances security against downgrade attacks, and eliminates DNS costs. With wide browser support, it significantly boosts performance and reduces operational expenses for users.
-
Jakarta EE 11 Delivers One New Specification, 16 Updated Specifications and Modernized TCK
Although a full GA release of Jakarta EE 11 was originally planned for July 2024, only the Core Profile and the Web Profile were delivered in December 2024 and April 2025, respectively. And now, the Jakarta EE 11 Platform has been delivered featuring one new specification and a new TCK. Ed Burns, release coordinator for Jakarta EE 11, spoke to InfoQ about the release of Jakarta EE 11.
-
AWS Shield Network Security Director: Network Topology Visibility and Remediation Guidance
Introducing AWS Shield Network Security Director: a game-changer in DDoS protection and network security visibility. This innovative feature automates resource discovery, evaluates configurations against best practices, and prioritizes security findings. With actionable remediation steps and natural language queries via Amazon Q Developer, organizations can enhance their security posture.
-
Docker Launches Hardened Base Images
Docker has launched its Docker Hardened Images (DHI), a security-focused range of base images that reduce vulnerabilities by up to 95%. Built using a distroless approach, these minimal images eliminate unnecessary components, offering automatic patching and compatibility with existing Dockerfiles. Ideal for regulated environments, DHI enhances software supply chain security and transparency.
-
Have I Been Pwned 2.0 Adds New Tools for Data Breach Monitoring
Have I Been Pwned (HIBP) - the widely used data breach notification service created by security expert Troy Hunt, has launched a major front-end redesign in version 2.0, introducing several new features aimed at improving how individuals and organizations monitor breach exposure.
-
SSL/TLS Certificate Lifespans to Shrink to 47 Days by 2029
In a move to enhance internet security, the CA/Browser Forum (CA/B Forum) has approved a proposal to reduce the maximum validity period of SSL/TLS certificates from the current 398 days to just 47 days by March 15, 2029.
-
Meta Open Sources LlamaFirewall for AI Agent Combined Protection
LlamaFirewall is a security framework aimed at safeguarding AI agents against prompt injection, goal misalignment, and insecure code generation. It achieved over 90% efficacy in reducing attack success rates when evaluated on the AgentDojo benchmark. Additionally, developers can update its behavior by adding new security guardrails.