< ciso
brief />
Vendor and Hyperscaler Watch Banner

All news in category “Vendor and Hyperscaler Watch

4624 articles · page 39 of 232

Automating PQC Readiness for AWS TLS Endpoints with Config

🔒 The PQC Readiness Scanner automates inventory and continuous monitoring of AWS-terminated TLS endpoints — Application Load Balancer (ALB), Network Load Balancer (NLB), and Amazon API Gateway — to evaluate TLS policies for Post-Quantum Cryptography (PQC) readiness. It classifies endpoints into a three-tier framework (Tier 1: PQ-ready, Tier 2: PQ-ready with backward compatibility, Tier 3: not PQ-ready) and returns COMPLIANT/NON_COMPLIANT results with policy recommendations. Built as an AWS Config conformance pack with custom rules and Lambda functions, it supports organization-wide deployment via CloudFormation StackSets and S3-hosted artifacts. The scanner reduces manual review, tracks migration progress across accounts, and helps prioritize upgrades to TLS 1.3 with PQC key exchange.
read more →

How Google and Wiz Shape Multicloud Strategy for CISOs

🔒 In this May 2026 Cloud CISO Perspectives entry, Vinod D’Souza and Anthony Belfiore outline how Google and Wiz are combining deep cloud telemetry with advanced AI research to address multicloud security challenges. They emphasize a developer-centric shift that moves remediation into code using tools like Wiz Code and sensors for hybrid Linux, vSphere, and Windows environments. The authors envision agentic SOCs and near real-time defenses that boost analyst efficiency while preserving human-in-the-loop oversight. The collaboration aims to accelerate self-healing infrastructure without compromising availability.
read more →

AWS Transform Adds Agentic AI Assistant in Visual Studio

🛠️ The AWS Transform agentic AI assistant is integrated into the AWS Toolkit for Visual Studio, giving .NET developers an in‑IDE, conversational workflow to assess, plan, and execute application modernization. It provides visibility, checkpointing, interactive diffs, automatic build-fix attempts, detailed worklogs, and downloadable HTML reports while preserving context between the web console and Visual Studio. Agents are also accessible via Kiro and other AI coding environments and are available in multiple AWS Regions.
read more →

Google Adds Intrusion Logging to Android Advanced Protection

🔐 Google has added Android Intrusion Logging, released on May 12 as part of Android Advanced Protection Mode, to help investigate spyware on Android devices. The opt-in feature logs device and network activity and was developed with Amnesty International’s Security Lab and Reporters Without Borders. Logs are encrypted with a user-generated key and can only be shared by the device owner for forensic analysis.
read more →

ClickHouse query-plan contention and performance fixes

🔧 At Cloudflare we encountered severe query slowdowns after changing partitioning for a large ClickHouse table to support per-namespace retention; the migration aimed to enable tenant-specific TTLs without thousands of tables. Usual metrics (I/O, memory, rows scanned, parts read) looked normal, but flame graphs exposed heavy lock contention in query planning and costly copies of a giant parts vector. We implemented shared locks, a shared cached parts view, and a binary-search-based prune on the partition key to avoid linear scans. These patches dramatically reduced SELECT latency and were contributed upstream.
read more →

AWS RTB Fabric Adds Custom Domains for AdTech Traffic

🔗AWS announced that RTB Fabric now supports custom domains for real-time bidding transactions received through external links. This enables AdTech companies to preserve existing public endpoints (for example, bid.company.com/path) by using their own DNS and CNAME records without forcing partners to reconfigure endpoints. Customers can create routing rules to map URL patterns to specific RTB Fabric links so demand- and supply-side platforms can route partner traffic seamlessly. The capability is available in all AWS Regions that support RTB Fabric and maintains low latency while reducing standard cloud networking costs.
read more →

SageMaker Data Agent Supports IAM Identity Center Now

🧭 Amazon SageMaker Data Agent is now available in SageMaker Unified Studio domains configured with IAM Identity Center. The agent enables data analysts and engineers to describe analysis goals in plain English and receive working Python or SQL code for connected sources such as Amazon Athena, Amazon Redshift, Amazon S3, and AWS Glue Data Catalog. It preserves conversational context across notebook cells, selected tables, and query history, proposes step-by-step plans, and includes a Fix with AI feature to help debug execution errors. The capability is available in all commercial AWS Regions where Unified Studio is supported.
read more →

Detecting and Preventing Crypto Mining in AWS Environments

🔎 Amazon GuardDuty provides specialized detections and runtime monitoring to identify and mitigate cryptocurrency mining in AWS. It analyzes VPC Flow Logs, DNS queries, CloudTrail events, and workload telemetry to surface findings such as CryptoCurrency:Runtime/BitcoinTool.B and Impact:Runtime/CryptoMinerExecuted. Enable GuardDuty across accounts and Regions and combine it with patching, least-privilege access, and preventive controls to reduce risk.
read more →

Amazon CloudFront Supports OCSP Revocation for mTLS

🔐 Amazon CloudFront now supports OCSP revocation checking for viewer mTLS, allowing real‑time validation of client certificate revocation during connection establishment. Previously, customers relied on static revocation lists implemented with CloudFront Functions and KeyValueStore. CloudFront queries the responder URL in the certificate, caches OCSP responses for up to 30 minutes, and exposes the OCSP result in the connection function so customers can apply custom logic such as grace periods, IP exceptions, or combined revocation strategies. This feature is available at no additional cost.
read more →

Updated AWS Guide: GRC for Responsible AI in FSI Updates

🔒 The updated AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption provides Financial Services customers practical GRC guidance for deploying AI responsibly. It covers governance, risk management, compliance, data and model management, and AI agent oversight, and maps these considerations to AWS capabilities. The guide highlights services such as Amazon Bedrock AgentCore, Bedrock Guardrails, Bedrock Agents, SageMaker Autopilot, and SageMaker Model Monitor. It complements existing AWS responsible AI and Well-Architected resources and is available on the AWS Whitepaper portal.
read more →

Palo Alto Networks Expands Frontier AI Defense Alliance

🛡️ Palo Alto Networks is expanding its Frontier AI Alliance to scale delivery of autonomous, real-time defenses. Building on the Frontier AI Defense initiative and recent testing of frontier models (including Anthropic’s Mythos, Claude Opus 4.7, and OpenAI’s GPT-5.5-Cyber), the company has added a new cohort of strategic partners. By pairing Palo Alto Networks’ technology with partners’ consulting expertise, the program aims to deliver AI readiness at scale and machine-speed MTTR to customers.
read more →

Amazon FSx for OpenZFS Adds Multi-AZ Support in Shared VPCs

🗄️Amazon announced that Amazon FSx for OpenZFS now supports creating Multi-AZ file systems from participant accounts in shared VPCs, enabling organizations to decentralize storage administration while keeping network control centralized. Previously, participant accounts could only create Single-AZ file systems in shared VPCs and needed to own the VPC for Multi-AZ deployments. This change allows participant accounts to create any FSx for OpenZFS file system in a shared VPC across all Regions where the service is available, improving high availability and operational flexibility.
read more →

AWS Payment Cryptography Achieves PCI PIN and P2PE

🔒 AWS announced the completion of PCI PIN and PCI P2PE assessments for AWS Payment Cryptography, expanding validations to include Key Management (KMCP) and Key Loading (KLCP) alongside the existing Decryption Management (DMCP). The coverage is extended to South America (São Paulo) and Asia Pacific (Sydney) Regions. These attestations allow customers to use PCI PTS HSM-certified, AWS-managed HSMs with compliant key management to simplify regulated deployments.
read more →

Microsoft's Investments Drive PostgreSQL's Cloud Future

🔧Microsoft outlines its sustained investment in PostgreSQL through upstream contributions, managed services, developer tools, and community programs. The post highlights 345 commits to the latest PostgreSQL release, active Microsoft committers working upstream, and service offerings such as Azure Database for PostgreSQL and Azure HorizonDB. It also emphasizes AI integrations like vector search and model invocation alongside IDE tooling and community engagement.
read more →

Cloud Infrastructure as the Foundation for Digital Health

🏥 The post argues that modern cloud infrastructure is the superior foundation for regulated Software as a Medical Device (SaMD), enabling faster innovation while meeting regulatory obligations. It outlines regulatory shifts in early 2026, including the FDA's QMSR alignment with ISO 13485 and the EU AI Act's applicability for high-risk systems. The author advocates Compliance as Code and describes three architectural planes—data, control, and evidence—on Google Cloud to deliver continuous audit readiness. It also highlights AI-driven monitoring and a shared fate model between cloud providers and manufacturers.
read more →

Proxy Models Cut LLM SQL Costs and Latency Dramatically

🔍 Google Cloud presents a SIGMOD paper introducing proxy models—cost‑optimized, ultra‑lightweight models that replace most LLM calls in AI-powered SQL functions. They rely on precomputed embeddings (using Gemini) and simple classifiers (currently logistic regression) to deliver orders‑of‑magnitude reductions in latency and token costs. BigQuery and AlloyDB implement this optimization with online training in BigQuery and PREPARE-based offline training in AlloyDB. The technique performs well for many semantic filters but can fail on tasks requiring complex reasoning or extreme selectivity.
read more →

Building Resilient Transportation Systems with Google AI

🚦Google outlines a blueprint for safer, more resilient transportation systems powered by AI. Leaders from Utah DOT, CalSTA, and Deloitte describe tools like Roadway Safety Insights (RSI) that integrate dozens of datasets to predict and mitigate risks, shifting agencies from reactive fixes to proactive safety. The article stresses resolving fragmented data and creating trusted single sources of truth to maximize AI value. Readers are invited to a Best of Next Public Sector Webinar and live demos at ITS America in June.
read more →

Glance converts long-form video into mobile-ready AI clips

📱Glance built an automated pipeline to convert long-form landscape videos into short, vertical clips optimized for mobile lock screens. The system uses Google Cloud Speech-to-Text v2, Gemini, and the Vision API together with Samurai, OpenCV and MoviePy to identify key moments, detect active speakers, and reframe shots intelligently. It supports split-screen stacking, word-level “Karaoke-style” captions, automated branding overlays, and smoothing techniques to scale production from thousands to tens of thousands of daily clips.
read more →

Cloudflare Rebuilds Browser Run on Containers for Scale

🚀 Cloudflare rebuilt Browser Run on its new Containers platform to boost concurrency, throughput, and reliability. Developers can now start 60 browsers per minute via the Workers binding and run up to 120 concurrently — four times the previous limit — while Quick Action response times have dropped by over 50%. The team migrated state from Workers KV to D1, introduced regional pre-warmed pools, and adopted batched Queue writes to avoid race conditions and scale to very large fleets. These changes let Cloudflare ship fixes and features faster and reduce global latency for automated browser tasks.
read more →

Microsoft's MDASH AI Finds 16 Windows Vulnerabilities

🔍 Microsoft disclosed MDASH, an AI-driven vulnerability discovery system that found 16 previously unknown Windows flaws, including four critical remote code execution bugs that were patched as part of the May 12 Patch Tuesday release. Built by the Autonomous Code Security and Windows Attack Research teams, the platform orchestrates more than 100 specialized AI agents across multiple models to scan, validate and construct triggering inputs before human review. Microsoft said MDASH is intentionally model-agnostic and will enter private enterprise preview next month.
read more →