Attomus

Generative AI is already part of day-to-day business. Staff use it to summarise meetings, draft documents, write code, analyse data, speed up research, and automate routine tasks. Some of that use is sanctioned. Some of it is not.

That is the problem with shadow AI. It gives employees a useful shortcut, but it can also move client information, source code, personal dat...

For years, security teams were taught to think in terms of edges, boundaries, and the network perimeter. That made sense when most users, systems, and data sat inside infrastructure the organisation owned and controlled. It makes far less sense now. Staff work remotely, applications live across cloud platforms, suppliers plug directly into shared systems, and automation now a...

There is a question that comes up constantly in Android security engineering, usually phrased something along the lines of: “how do I prove to my server that this AES key is hardware-backed?” The common answers to this question are often wrong in that they make you think you have a guarantee that you do not have.

The short answer is: you cannot prove an AES key...

Authenticator apps look simple. They generate six-digit codes. The cryptographic building blocks are mature with a protocol from an IETF RFC from 2011. The core algorithm is not especially difficult to implement.

The genuinely hard part is not the TOTP mathematics. It is a design tension built into the product category itself: one every authent...

A peculiar tension plays out in boardrooms across every sector: cybersecurity represents one of the most critical investments an organisation can make, yet it delivers none of the excitement that typically drives corporate spending decisions. This paradox has become a defining challenge for modern c...