Sweet Blog

Static CNAPP Assumes Risk. Runtime CNAPP Proves It.

Static scans show potential risk. Runtime context reveals what’s actually exploitable, so teams focus on what truly matters.

The Next Phase of Cybersecurity Has Begun

AI is shifting the balance in cybersecurity, but only if it’s built into how security operates. Here’s what the next phase looks like.

When Prompts Go Rogue

A single malicious prompt can compromise an AI agent. Learn how jailbreak and prompt injection attacks work and how to stop them.

Inside the Axios Incident: Unpacking an npm Supply Chain Breach

A recent compromise of the widely-used axios HTTP client library: npm supply chains can be leveraged to drop cross-platform RATs

Inside the Trivy Incident: Unpacking a CI/CD Supply Chain Breach?

A deep dive into the Trivy supply chain attack and how CI/CD pipelines were exploited to steal credentials. Learn key indicators, risks, and

Consolidated Remediation: How Sweet Security Turns Vulnerabilities Into Clear Engineering Decisions

Turn CVEs into clear engineering decisions. Learn how Sweet Security’s consolidated remediation prioritizes real risk and recommends the bes

Finding the Sweet Spot: Where Cloud and AI Security Converge

Cloud security is one thing. AI security is another thing. Different tools. Different teams. Different risks. Right? But let’s look closer.

How to Secure AI Agents When Prompts Become Code

AI security must shift from user governance to runtime control. Learn 3 signals to find shadow agents and secure the workload-LLM boundary.

Almost Everybody is Affected: Kubernetes Privilege Escalation Can Lead to RCE

A standard Kubernetes permission has been identified as a direct path to a cluster-wide RCE.

Shai-Hulud 3.0: When a Supply-Chain Worm Evolves - and Makes Mistakes

What changed in Shai-Hulud 3.0, what went wrong for the attacker, and how Sweet Security can detect and stop this threat in real time.

2026 Prediction From the CEO's Desk: Security Didn’t Slow AI Down. Now What?

Making predictions is very easy. Making good predictions is hard. The only way to get close is to start with a clear view of the present.

Critical Alert: Unauthenticated RCE in React & Next.js Demands Immediate Action

Overview of the React & Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

Shai-Hulud 2.0: A Deeply Automated npm Supply-Chain Worm

The npm ecosystem is once again at the center of a major supply-chain security incident.

Raising $75M to Build the Future of Runtime and AI Security

Sweet Security Extends Runtime CNAPP Coverage to Windows Environments

Sweet Security extended its runtime coverage to Windows environments.

SweetX: Your New AI Agent for Cloud Security

Meet SweetX: an AI agent built directly into the heart of your cloud.

From Code to Cloud: Vulnerability Management Across the Cloud Application Lifecycle

At Sweet, we built a 360° vulnerability management framework to reduce backlog and alert fatigue.

Sweet Receives Cloud Security Leader and CADR Badge in the Cloud Security Report 2025 by Latio Tech

Sweet Security was recognized as a Cloud Security Leader Leader and a Cloud Application Detection & Response (CADR) Leader.

Introducing Data Security at Sweet: Protecting Data in Motion

Introducing Data Security at Sweet — a centralized place for all sensitive data detections across your organization.

The ROI of AI: Why Security Must Be Rebuilt from the Inside Out

In cloud security, the future will belong to platforms that are AI-native from the inside out.

Hardening the CI/CD Pipeline: Catching Vulnerabilities Before They Hit Production

Sweet extends its security coverage further left in the development process, directly into CI builds, so risks are caught before production.

Shai-Hulud: The Self-Replicating npm Worm Stealing Secrets and Hijacking Pipelines

A massive supply-chain attack is affecting npm packages.

Kickstarting Vulnerability Investigations with Code Owner Context for GitLab + GitHub

SecOps can now instantly see which developer last updated an image where a vulnerability was found.

Largest npm Supply-Chain Attack to Date Targets Billions of Downloads

The npm ecosystem has suffered an unprecedented supply-chain attack.

Bridging Runtime Visibility and Secrets Management in Kubernetes with Sweet Security and CyberArk

Bridging Runtime Visibility and Secrets Management in Kubernetes with Sweet Security and CyberArk

ECScape: Understanding IAM Privilege Boundaries in Amazon ECS

Part 2 of our educational series on Amazon ECS security

Under the Hood of Amazon ECS on EC2: Agents, IAM Roles, and Task Isolation

When running containers on Amazon ECS using EC2 instances, there’s a lot happening under the hood on each host.

Every Breach Starts with an Attempt. Are You Watching?

As CISOs, we tend to measure security effectiveness by one thing: whether or not a breach occurred.

Understanding Elastic Index Mappings and Field Limits

Mappings help Elasticsearch store and search data efficiently.

Python Tar-File Vulnerability (CVE-2024-12718): What You Need to Know

A critical vulnerability in Python's tarfile module (versions ≥ 3.12) allows attackers to modify metadata or permissions on files.

A CISO's Guide to Reporting on Cloud Security

Let’s be honest; reporting isn't the most glamorous part of the job as CISOs.

Breaking the Cloud Security Illusion: Putting the App Back in CNAPP

We all know that CNAPP stands for Cloud Native Application Protection Platform. Yet, the application part is what is most neglected.

CVSS 10.0: Unauthenticated RCE - One Malformed SSH Handshake is All it Takes

On April 16, 2025, CVE-2025-32433 was disclosed—a critical remote code execution (RCE) vulnerability.

The Sweet Spot of CVE Prioritization: Solving the Biggest Challenge in AppSec with Sweet’s LLM

At Sweet Security, we believe that vulnerability management needs to shift. That’s why we’re introducing a new approach powered by runtime.

NextJS Authorization Bypass (CVE-2025-29927) Highlights the Need for Stronger Runtime Security

Two researchers have recently discovered an authorization-bypass bug in the popular NextJS framework by Vercel. Tracked as CVE-2025-29927

IngressNightmare: How Runtime Changes the Game for Ingress-NGINX Kubernetes-Critical Vulnerabilities

A new set of high-severity vulnerabilities, collectively dubbed IngressNightmare, has been discovered by Wiz. Sweet keeps you secure.

CVE-2025-30066: tj-actions Supply Chain Attack

On Friday, a supply chain attack compromised the widely used GitHub Action tj-actions/changed-files, exposing secrets from numerous repos.

Detection Meets API Security: The Missing Layer for Your Cloud App Protection

Sweet provides a comprehensive and structured view of all API activity, helping security and engineering teams quickly identify risks.

Prioritize CVEs with Jit and Sweet Security’s Runtime Reachability Analysis

Sweet Security and Jit are partnering to bring application security teams the best way to prioritize CVEs.

The Power of a Story: Turning Cloud Incidents into Actionable Narratives

Sweet Security’s LLM-powered storytelling capability is setting a new standard by reducing investigation times by up to 90%.

Automate the Entire Response Lifecycle with the Sweet Security & Torq Integration

Harness the Power of Sweet and Torq: Real Time Detection and Response Meets Seamless Automation

Hit <1% False Positive Rate with Sweet’s Patent-Pending LLM Cloud Detection Engine

Sweet Security Introduces LLM-Powered Cloud Detection Engine to Reduce False Positives & Detect Unknown Unknowns

Strengthening Open Source Security with Sweet’s Package Reputation Checks

Sweet Security’s new Package Reputation feature enables zero-day detection for open-source software.

Start Your Day with Confidence: Introducing Cloud Issues Hub at Sweet

Sweet Security’s new Issues Hub takes the guesswork out of prioritization, helping cloud security teams focus on the most critical problems.

Unified Detections with Sweet: Detecting Cross-Account Role Assumptions

In this blog, we’ll explore an attack recently seen in a customer’s environment involving cross-account role assumptions.

From Cloud Migration to Cloud Security with Sweet’s Runtime-Powered CSPM

Sweet Security’s runtime-powered CSPM is an excellent starting point for those looking to kickstart their cloud security journey.

Modern Problems, Unified Solutions: Sweet Releases the First Unified Detection & Response Platform

Cloud security is no longer an afterthought; it’s a frontline defense.

Unlocking a New Layer of Serverless Security with Sweet’s Sensor for AWS Lambda

Sweet is excited to expand its support into serverless environments, launching a new sensor for AWS Lambda, adding critical runtime...

Sweet Security is Now Available on the AWS Marketplace

Sweet Security is proud to announce its comprehensive Cloud Native Detection and Response platform is now available on the AWS...

Defending Against SSRF Attacks in Cloud Native Applications

A Server-Side Request Forgery (SSRF) attack occurs when an attacker tricks a server into making requests to other internal or external...

Understanding the New Vulnerabilities on Linux’s CUPS: What You Should Know

Yesterday, a new set of vulnerabilities (CVE-2024-47076, CVE-2024-47175/6/7) was discovered on Linux’s Common UNIX Printing System...

Spotlight on Sweet Security’s Advanced Identity Threat Detection and Response

Managing secrets and identities is crucial to maintaining a secure environment as attackers are leveraging credentials to exploit cloud...

Sweet Security’s Vulnerabilities Hub: End-to-End Vulnerability Lifecycle Management

In recent months, Sweet has expanded its features within the realm of Cloud Vulnerability Management to include the following...

Sweet Security Introduces AI Response Playbooks

Sweet is thrilled to announce a new feature: AI Response Playbooks. This groundbreaking capability is now available on the Sweet Security...

Welcome to CandyStore: Sweet Security’s Open Source Key-Value Storage

We’re excited to announce that Sweet Security has officially released CandyStore – an extremely fast open source key-value store

Manage CIS Compliance Across Your Workloads and Clusters

Sweet Security has added a CIS Compliance feature to its Cloud Native Detection and Response Platform.

Introducing Connection Analysis: Unveiling Hidden Network Insights

As cloud environments grow in complexity, having a clear view of the intricate relationships between cloud assets across your infrastructure

The Need for Runtime Protection in Cloud Security

The benefits of rich cloud environments are widely known, but their complexity has blurred the lines between infrastructure and application

Enhance SBOMs with Runtime Security Context

We are excited to introduce the latest addition to Sweet's security platform: the Runtime SBOM (Software Bill of Materials).

Practical Ways to Thwart Non-Human Identity Attacks

Managing non-human identities (NHIs) has become a paramount challenge for security teams. These identities, ranging from automated scripts..

Defending Against the Latest Ghostscript Vulnerability (CVE-2024-29510)

Bleeping Computer has recently reported on a new vulnerability within Ghostscipt, a widely used library for handling PostScript and PDF file

Customized Rules for Enhanced Threat Detection and Response

Sweet is excited to announce our new custom rules detection capability for CDR and ADR, which allows users to build customized rules...

Responding to the CVE-2024-6387 (RegreSSHion) Vulnerability

Qualys research has discovered a critical Remote Code Execution (RCE) vulnerability, CVE-2024-6387, that has resurfaced in OpenSSH.

Introducing Sweet Security for Hybrid Environments

Sweet Security is thrilled to announce comprehensive support for on-premises environments. 

From a Snowflake to a Snowball: How to Detect and Stop Impersonation Attacks

As reported, Snowflake, the data cloud company, is currently under fire for an account hacks campaign...

What is Runtime Security

Runtime security refers to the measures and practices employed to protect an application and workload while it is executing or running.

Of XZ and Unknown Unknowns

The recent XZ (liblzma) supply-chain attack is a marvel of social engineering and a great example of evading detection under the many-eyes..

How Transitioning from Military CISO to Startup CEO Made me a Better Leader

I spent more than 25 years in the Israel’s Defense Forces (IDF), moving up the ranks of Unit 8200 to lead a Cyber Department...

The Cloud Security Alphabet Soup

One complaint I often hear from stakeholders across the cloud security ecosystem is that there are way too many overlapping acronyms...

Cloud Security Predictions – 2024

Just like New Year’s resolutions, predictions are a rite of passage, an opportunity for us to take stock of our hopes and concerns for...

Secure Cloud Migration – Lift, Adapt, and Shift… Right!

A common misconception about moving to the cloud is that it’s a “lift and shift” type effort, when really, it’s more like lift, ADAPT, and..