CyberCompare Marktkommentar #37: Kyndryl Numbers; Safe AI operation, NASA coding guidelines

Marktkommentar /

Hello everyone,

Had a bad day at work? Everything is relative. For the Kyndryl CEO, for example, a lot has come together in the last few weeks:

  • The Securities and Exchange Commission (SEC) announced an audit. Therefore, not only the quarterly reporting was postponed…
  • … but also (surprise!) significant weaknesses in cash management and other internal controls were identified.
  • The CFO, Head of Controlling and General Counsel have all been replaced. The CHRO had already left the company in January
  • The share price collapsed by more than half on the day of publication and is thus (even after the recovery) almost 70% down within 1 year. So it would fit well into my portfolio, which is developing similarly brilliantly (by the way, my latest side hustle is betting on cyber attacks at Polymarket, Kalshi & Co.).

Reason enough to take another look at the numbers at Kyndryl – probably still the largest managed service provider in the world. These have just been officially confirmed, the problems mainly concerned outstanding invoices from suppliers and a lack of reports to the supervisory board:

  • ~15 billion USD turnover, ~73,000 employees (of which approx. 7500 in the field of cybersecurity, including the new SOC in India). About half of the turnover is made with banks and insurance companies
  • Order intake (“signings”) has risen sharply and is above sales
  • The first few years after the spin-off from IBM were tough: 2023 and 24 saw falling sales and losses on the bottom line
  • In the meantime, however, it is profitable again and free cash flow is positive. Equity is low compared to debt, but grew again in 2025, although shares could even be bought back
  • So the bottom line is a clear all-clear to all customers, as far as I can judge as a layman.

 

No CISOs who are not currently struggling with the use of AI applications in business departments . How can this really be implemented safely? Advice on practicable approaches or failed attempts with “Unified AI Defense” is welcome!

 

In any case, Prompt Injection has landed in 1st place among the OWASP risks of Gen AI applications. When it comes to the corresponding risks of Agentic Applications, Top 1 is titled “Agent Goal Hijack” – but all 4 examples of this describe prompt injection or prompt override. My current, probably hair-raisingly incomplete understanding:

  • The generative AI models we use today cannot reliably distinguish between commands and data, or in other words, between permissible and inadmissible instructions
  • The risks are particularly pronounced with AI agents with access to the Internet (= arbitrary data that can be manipulated).
  • Control loops, in which one AI system is supposed to check the other, also only work with a certain probability. This, in turn, is not suitable for applications where 100% correctness is required, and allows brute force attacks
  • Therefore , packaging is needed around the AI application that deterministically filters inputs and outputs. Otherwise, sooner or later data exfiltration, secret theft, unauthorized access and other infosec annoyances will occur
  • Palantir, for example, shares practical experience with the use of AI agents in production systems (they may have low sympathy ratings, but in any case sensitive customer data)
  • What should a security concept or tool for secure AI applications take into account?
  1. No storage of prompts/input or output at model providers, no use of your own data for model training
  2. Permissions: API keys / SaaS tokens or similar transaction-specific, time-limited, revocable, assigned to 1 agent at a time (“intent-based ephemeral acess“)
  3. Human in the loop for decisions with an obviously high risk of damage (e.g. data export, IAM changes)
  4. Monitoring of anomalies in access patterns (e.g. high data volume, high token consumption)
  5. Execution environment for agents isolated from production environments (network, compute, storage) where feasible. Ideally, hardened container environment or trusted enclaves with workload isolation and enforced E2E encryption (storage security)
  • In my perception, in addition to the platform players (including Checkpoint, see below) and all DSPM/DLP providers, ~30 startups are also involved in development in order to offer as many of the above-mentioned functions as possible from a single source
  • The financial sector will probably be the first to establish working solutions: High potential for efficiency increases due to transaction volumes (e.g. in customer service, or creditworthiness scoring), at the same time the highest regulatory requirements and willingness to pay for security/compliance

By the way, Tobias Glemser (Managing Director Secuvera) has written a short, understandable article on the generally applicable OWASP Top 10 risks in iX 01/26, core statement “The world of insecure software is comparatively stable and broken”.

 

But what is the benchmark for secure software? To this end, I came across the NASA Coding Guidelines for flight-critical systems in discussion forums. From the initial pass of the original text: “the existing coding guidelines tend to have little effect on what developers actually do when they write code“. Now about 20 years old – of course also part of MISRA or ISO 26262.

 

Here are some of the requirements listed (just so that I can remember them better – everyone else already knows them, I know). What is striking about this is the clarity in the absolute standard (in contrast to most cybersecurity guidelines). No exceptions. Maybe the AI agents will help us to implement this approximately consistently (😉) and at the same time economically:

  • Every day you have to compile and do at least 1 static SW test
  • All compiler configuration characteristics must be the “most pedantic” setting
  • Zero compiler and SAST warnings allowed
  • Zero recursions (goto, jumps) allowed
  • Zero dynamic memory allocation allowed
  • Null Function Pointers allowed (indirect call of other subroutines via pointers)
  • Zero functions allowed that do not fit on 1 single page expression, with exactly 1 line per declaration
  • Each loop must have a set upper limit on the number of iterations

If you have experience with this (or other coding requirements in practice), please let me know.

 

Last but not least: The VDMA has a very good template for GF training courses within the framework of the NIS2 specifications (free of charge for members). Thank you!

 

M&A:

  • Palo Alto acquires Koi (an advanced type of allowlisting) for ~$400 million
  • Checkpoint acquires 3 other companies: Cyata (AI Governance), Rotate (MDR) and Cyclops (RBVM / CTEM). Together with the Lakera acquisition, Checkpoint is thus building a comprehensive AI protection portfolio
  • ZScaler acquires SquareX (Enterprise Browser Solutions, “Browser Detection & Response”, from Singapore). Name is somewhat reminiscent of the competitor LayerX
  • Sophos buys Arco (RBVM)
  • Proofpoint kauft Acuvity (AI Governance)
  • Vega (“Security Analytics Mesh”, also known as Federated SIEM) receives 120 million funding at ~700 million USD valuation
  • Semperis buys MightyID (Backup & Recovery specifically for Okta, Ping and Entra ID) and thus complements the existing AD Forest Recovery
  • Booz Allen Hamilton buys Defy Security (MSSP from USA, approx. 100 employees)

 

Vendor Briefings:

 

Aikido:

  • Belgian DevSec/CNAPP provider over the software lifecycle (SAST, DAST + Automated Pen Tests, SCA, CSPM/KSPM, CWP and AI App Monitoring)
  • So competition depending on the module to Checkmarx, Snyk, Sonarqube or Wiz, Orca, XBOW.
  • More than 2000 corporate customers (including Eurostar, Revolut), approx. 200 employees. Obviously tailwind due to the discussions about digital sovereignty
  • Incl. Open Source License Tracking
  • Exploitability is checked by means of accessibility of the components in order to filter vulnerabilities
  • Suggestions for improved (=secure) code are inserted directly and only have to be confirmed by the developer
  • Cool for me: The step-by-step execution of the automated pentests is presented in a comprehensible way, i.e. which agent has checked what. On this basis, reports for audits or similar are also possible
  • Very transparent pricing, medium package ~7 thousand EUR for 10 developers and 200 code repos. Entry-level packages are free as usual
  • We are still looking for resellers in the DACH region, and are also currently building up a German-speaking sales team.
  • Great respect! I believe this will be a real European success story

 

Reco.AI:

  • Israeli SaaS Security Startup (SentinelOne is an investor)
  • About 100 corporate customers (including Checkpoint), about 10 of them in Europe (e.g. Nestlé)
  • (Shadow) App Discovery, App Block, SSPM, ITDR for ~200 widely used applications (SAP Hana, Okta, Snowflake, Slack, Docusign, Salesforce, Claude, MS Copilot…)
  • Can check if all users of an application are actually using MFA (if it cannot be enforced by the app itself)
  • With compliance checks vs. the common frameworks (DORA, HIPAA, CIS…)
  • I found AI Discovery + AI Agent Sec particularly interesting (but partly still in “beta”): Finds, for example, MCP servers, traffic to chatbots, connections of AI agents, unusual activities of agents in databases
  • Currently looking for sales support for EU => If you are interested, please contact us

 

Group IB:

  • Threat Intel (competition on Recorded Future, Crowdstrike, Google/Mandiant). In addition, XDR, IR, Forensics, VM/ASM, Pen Testing. HQ in Singapore, bootstrapped for > 20 years, profitable
  • > 1000 corporate customers worldwide, including e.g. some banks in the EU (CTI for customer-owned SOC teams). Data for EU customers is hosted in the Hetzner Private Cloud in Germany or can also be provided on prem
  • TI essentially without OSINT, but on the basis of its own analysts
  • XDR: Own EDR, NDR, email filter
  • Own LLM trained for security use cases
  • Brand Protection + Takedown Services (e.g. monitoring of common platforms for fake accounts)
  • Training of security specialists for customers
  • We continue to expand the team in the DACH region. Listing at the BSI as APT Responder also coming soon

 

As always, questions, suggestions, comments, experience reports, topic requests and also opposing opinions or corrections are welcome by email. Ditto for unsubscribing from the mailing list.

 

For the people who have received the market commentary for the first time: Here you can register if you are interested or stroll through the archive.

 

Best regards,

Jannis Stemmann

Ready to make your cybersecurity more affordable?

CyberCompare is your independent partner to make IT, OT and IoT security easier, clearer and more affordable.

With our established cybersecurity ecosystem, you achieve cybersecurity excellence and increase your resilience: With us you save time and money but never lose focus.

Get in Touch

Get in Touch

Associations and industry collaborations

Scroll to Top