As automated attack networks grow larger and more sophisticated, security teams are struggling to keep pace with a surge in malicious bot activity that is reshaping the DDoS threat landscape

In December 2025, Solana experienced one of the largest DDoS attacks in history, with traffic peaking at 6 Tbps. Although the attack continued over more than a week, Solana reported zero network down time. Had the attack succeeded, it could have scammed everyday retail investors out of millions.

Absorbing such a high volume of requests can’t be handled by instituting simple rate limits or perimeter controls, which raises questions about what effective DDoS protection looks like heading into 2026.

One big issue businesses have to tackle is the extent to which automated traffic has become normalised in the modern internet, blurring the line between legitimate and potentially dangerous. Let’s unpack these issues to understand how DDoS protection needs to evolve in this new traffic reality.

Bot Traffic at Record Levels

Automated traffic now makes up more than half of all web traffic. One recent report found that at the start of 2025, non-AI bots alone were responsible for roughly 50% of all HTML requests, and during peak periods, bot traffic exceeded human traffic by up to 25 percentage points.

Whether friendly or malicious, bot traffic behaves similarly at a technical level. It comes with high-frequency requests and not much deviance in interaction patterns. This creates a dilemma for defenders. If they block or apply rate-limiting too aggressively, they risk breaking core services such as APIs, integrations, mobile apps, and background processes that depend on legitimate, automated access to backend systems.

What’s more, malicious actors can “hide” among the noise of normal automation, making early-stage DDoS activity harder to detect.

Modern DDoS Attacks Are Multi-Layered

Modern DDoS attacks are multi-vector, meaning they hit multiple layers of the stack at once. Typically, this involves pairing a network flood (Layer 3) with an application layer or HTTP/API flood (Layer 7).

Traditional DDoS protection mainly covers the network layer, which deals with raw volume. However, attacks on the application layer do not require much volume to do damage. They trigger expensive backend work in the form of repeated page loads, authentication flows, and other operations that exhaust resources and slow down or break the application.

It’s worth noting that volumetric network-layer attacks are still extremely common, mainly because they are cheap to launch and still effective for stressing the target environment at the perimeter.

What’s Breaking and Why Defenders Are Struggling

One of the main challenges for defenders today when addressing the DDoS issue is establishing a reliable baseline of “normal” traffic. Automated traffic makes up an increasing proportion of overall activity, making the baseline noisy, repetitive, and non-human, which are the same characteristics traditionally used to spot malicious behaviour.

The main pain point is tuning protections in a way that blocks attack signatures without generating a high number of false positives. Overly aggressive rules risk blocking real users, while conservative tuning gives attackers room to operate.

Another detection bottleneck is that not all DDoS attacks today aim to take services fully offline. An increasingly common tactic is cost-exhaustion or “economic” DDoS, usually targeting applications. These attacks aim to silently degrade performance and drive up infrastructure costs. They are difficult to detect, because they often stay within normal-looking traffic patterns.

Then there is the dilemma of where to deploy defences. For many organisations, DDoS protection only focuses on absorbing or filtering raw traffic volume at the network layer. But as DDoS attacks are evolving into multi-vector campaigns, it may be time to consider solutions that tackle all layers of the stack.

What Effective DDoS Protection Looks Like Today

Effective DDoS protection today starts with how attacks are detected. High request rates should not be the only metric. Detection must shift toward behaviour-based analysis, examining how requests behave over time, how they interact with specific endpoints, and whether patterns deviate from expected usage for that service.

Detection alone is not enough. Mitigation is what actually matters when handling DDoS attacks, and it must be automatic and fast. In this context, automated mitigation means to rate-limit, challenge, or block abusive traffic in real time, with the goal of maintaining service even when an attack is unfolding.

Effective protection requires visibility and controls across all layers. Network-layer protection is typically handled by ISPs, cloud providers, or dedicated DDoS mitigation services designed to scale quickly under load.

To address application- and API-layer attacks, organisations must deploy controls closer to the application itself, where request context and behaviour are visible. This is commonly done through application delivery controllers, web application firewalls (WAFs), API gateways, or integrated WAAP platforms that sit in front of critical services.

Bot traffic has become the dominant form of internet activity, which changes the dynamics of how DDoS attacks are executed and defended against. At the same time, DDoS attacks remain easy to launch and increasingly common, with over 8 million recorded in the first half of 2025 alone.

For many organisations, even short disruptions can impact availability, performance, and user trust. As we move into 2026 and beyond, it’s clear that DDoS can no longer be treated as a secondary risk. It is a core availability challenge that requires modern, layered defences built to withstand today’s traffic reality.

The post DDoS Protection Faces Fresh Challenges As Bot Traffic Reaches New Peak appeared first on IT Security Guru.

The development of intelligently integrated, cloud-based management solutions has been a rising trend across major industries for many years. By centralising the collection, analysis and organisation of actionable data within remote-accessible, unified environments, leaders can streamline a wide variety of core processes and positively impact productivity metrics.

These fundamental benefits underline the popularity of X-as-a-Service (XaaS) business models, with around 55% of IT professionals believed to have invested in one or more of these services in recent years. While many businesses may already be well-acquainted with some iterations of XaaS, subscription-based video security plans are a more recent trend.

Reports indicate the Video Surveillance-as-a-Service (VSaaS) market will grow at a CAGR of 18.5% between now and 2028, suggesting many business leaders are at least interested in the potential benefits of VSaaS plans. But is this approach to commercial security really more effective than traditional native video security operations? In some cases, it might be.

What Is Video Surveillance-As-A-Service?

At its core, Video Surveillance-as-a-Service offers businesses the ability to store, access and manage surveillance footage on a secure cloud-based server. The main advantage of such solutions is that internal teams can freely access live and historic surveillance data from any location and at any time. This provides businesses great flexibility in security management.

Business video surveillance usually includes additional security features and integrations, including automated video recording, real-time alerts, cybersecurity tools and integrations with security alarm systems. In essence, if a business requires a flexible approach to commercial security, and lacks the resources to develop native management platforms, VSaaS can be a great solution.

How Does VSaaS Work?

In operation, VSaaS plans work similarly to subscription-based cloud data storage solutions. Cameras installed on the property are linked to an off-site cloud storage and management platform, removing the need for on-premises physical storage devices. Data is streamed to the provider for reporting and monitoring, with internal teams able to access feeds remotely.

VSaaS vendors also handle all maintenance, management and software update processes, affording businesses peace of mind that their security systems will remain free from novel vulnerabilities. Additionally, the cloud-based foundation of VSaaS packages allows for simple scalability, enabling SMEs to expand or reduce operations in line with evolving requirements.

Factors Influencing The Growth Of VSaaS

The growing demand for VSaaS solutions can be directly linked to the increasing adoption of cloud-based services across commercial enterprises as a whole. Data suggests as many as 94% of all organisations on a global scale currently use some form of cloud software, a 14% increase when compared to figures published in 2020. While adoption rates may have been influenced to some extent by the pandemic, leaders remain committed to cloud technologies.

It’s believed large enterprises aspire to move around 60% of their commercial environments to the cloud by 2025. For many, this will likely include existing commercial security solutions. This rising demand for cloud services has not gone unnoticed by providers, with companies like Google and Amazon developing novel cloud zones and infrastructure across the globe.

Entertaining a switch to VSaaS also aligns with many organisations’ needs for cost-efficient and scalable essential services among economic uncertainty. With no requirement to create expensive on-site servers and management systems, and the ability to scale operations as and when needed, VSaaS affords many leaders the flexibility they require in modern times.

The Benefits Of VSaaS For SMEs

The transition from traditional on-premises security management systems to novel VSaaS solutions can bring a number of significant benefits to organisations of all sizes. For SMEs, VSaaS plans may be entertained to reduce workloads shouldered by limited internal teams.

When broken down, the key benefits of VSaaS for SMEs include:

• Optimised data storage – Surveillance systems collect vast amounts of data on a continuous basis, the organisation and management of which can be incredibly time and resource intensive. VSaaS solutions ensure these tasks are performed to a high standard by the service provider, reducing workloads for internal management teams
• Streamlined compliance – Navigating strict data privacy and security management regulations requires constant vigilance from knowledgeable professionals. Under a VSaaS deployment, service providers will ensure all systems maintain HIPAA, FIPS and NDAA compliance, suggesting adjustments if guidelines are expected to change
• Simple scalability – Taking on the expense of developing on-premises surveillance management solutions may be unwise for SMEs planning to scale, with adjustments made to physical systems incurring costs and avoidable downtime. VSaaS solutions can instead be adjusted by providers in direct response to changing business needs
• Remote accessibility – With all surveillance and wider security data automatically stored, managed and made available on a cloud-based platform, stakeholders can access required information from anywhere and at any time. Teams can monitor live security feeds 24/7 from any secure smart device to ensure continuous protection

Physical security will likely always remain a top priority for any business operating out of a physical location. The ability to both monitor key locations and review historical security data forms the backbone of commercial security best practices. However, developing, maintaining and adjusting on-premises security solutions can be incredibly costly and time-consuming.

With many leaders continuing to explore the development of cloud-based business solutions, it’s only natural that security operations have been considered for migration. With the ability to streamline the management, operation and scalability of essential surveillance solutions, VSaaS deployments are only expected to become more popular among global businesses.

The post The Increase In Adoption Of Video Surveillance-As-A-Service appeared first on IT Security Guru.

In an era where security threats, hacks, and even assisination attempts at major political events have become an urgent concern, Active Security has taken a fundamentally different approach to protecting large, stadium-level gatherings: building high-fidelity camera networks where compromising one device doesn’t give attackers access to everything else.

These networks are designed to integrate seamlessly into broader security environments, whether that’s supporting state, local, and government protection agencies or military operations. This ensures consistent, secure performance across network infrastructures.

The defense contracting firm, which secures some of the largest nationally televised political events, announced a strategic partnership with ZeroTier this week after successfully deploying the technology across multiple recent high-profile events.

These deployments go far beyond local events, encompassing large-scale, stadium-level political gatherings that demand robust, reliable, and secure network performance. The collaboration represents a shift in how organisations think about surveillance security when the stakes couldn’t be higher.

“Traditional VPN and hardware-based solutions simply couldn’t meet the speed, flexibility, and security requirements our discerning clients demand,” said JP Rike, Chief Technology Officer at Active Security. “So our technical team engineered a purpose-built, software-defined network leveraging ZeroTier’s advanced platform.”

The Problem: When Protection Becomes a Vulnerability

Most surveillance systems are built so that all the cameras connect through a shared network infrastructure. Once someone gains access to that infrastructure, they can potentially reach everything connected to it. Leveraging AI potentially can increase the risk of quick navigation of hacked infrastructure. This might be fine for everyday monitoring. But, for protecting major political events in an environment where assassination attempts are a real threat, it creates a dangerous single point of failure.

If someone gains access to one camera, they potentially gain visibility into the entire security operation. They can see where cameras are positioned, identify blind spots, track security personnel movements, and understand exactly how protection is structured. In other words, the very system designed to protect people becomes a reconnaissance tool for those trying to harm them.

This isn’t theoretical. In 2018, a hacker working for the Sinaloa Cartel infiltrated Mexico City’s surveillance camera system and accessed an FBI official’s phone records to track the assistant legal attaché through the city, identify everyone they met with, and then kill potential FBI informants and cooperating witnesses. The Justice Department Inspector General disclosed the incident in a June 2025 audit examining the FBI’s efforts to protect against technical surveillance.

During an era marked by heightened security risks, and even assassination attempts, a more seamless, impenetrable network enables agencies to scale coverage by adding cameras at key points, like stairwells, rooftops, and other vulnerable areas.

In scenarios where comprehensive, connected surveillance systems are in place, including ground-based cameras and aerial drones, potential threats can be detected and contained before they escalate, helping prevent the types of tragic breaches that have recently shaken public confidence in event security.

The Solution: Cryptographic Independence

Active Security’s approach treats each camera as cryptographically independent and defense-grade encryption. Breaking into one device gives you access to that single camera feed, nothing more. There’s no master network to infiltrate, no cascade of compromised devices, no blueprint of the entire security operation handed to attackers.

The system has been tested where it matters most. Across multiple major political events, Active Security connected more than 50 devices across cellular, satellite, and fiber networks, streaming high-definition video in real time with full encryption. The system handled massive crowds, adapted when networks got congested, and delivered the reliable performance onsite and off-site security teams require when protecting thousands of people.

“We were pleased to be able to help Active Security deliver mission-critical video workflows with zero disruption,” said Angelo Rodriguez, SVP of Operations at ZeroTier. “Active Security’s deep expertise in physical security integration combined with ZeroTier’s leading platform creates a powerful solution for any organization requiring secure, scalable connectivity.”

When Failure Isn’t an Option

Active Security protects events where failure means lives lost. National political conventions. Major party gatherings. Stadium-scale events broadcast to millions. These aren’t situations where you get a second chance if the security system fails.

The partnership between Active Security and ZeroTier demonstrates what’s possible when defense-grade security meets modern networking technology. Walt Hasser, president of Active Security and former Marine sniper, understands the stakes better than most. Adam Ierymenko, founder of ZeroTier, built the platform that makes it work.

Together, they’ve created something that didn’t exist before: surveillance infrastructure that maintains its protective value even when individual components are compromised.

“At ZeroTier, our mission has always been to make secure, resilient connectivity effortless, even under the most demanding conditions,” ZeroTier’s Rodriguez said. “Active Security operates in environments where failure is not an option. This partnership proves that distributed, software-defined networks can deliver the reliability and speed needed to protect people when it matters most. It’s a perfect example of technology serving a higher purpose, enabling safety, trust, and operational excellence at any scale.”

Beyond Political Events

The same challenges Active Security solved at stadium-level political events exist across critical infrastructure. Cities deploying thousands of cameras need systems that won’t collapse if one device is breached. Emergency response teams need reliable video that works across different network types. Any organisation running surveillance at scale faces the same question: How do you build “eyes everywhere” protection without creating a single point of catastrophic failure?

Research found more than 40,000 cameras streaming unprotected video online this summer.

Major cities operate hundreds of thousands of cameras on networks originally designed without modern security threats in mind. London has roughly a million surveillance cameras. New York has tens of thousands. Most operate on conventional architectures that Active Security determined couldn’t meet their security requirements.

The solution proven at major political events is now available for smart cities, emergency coordination, and critical infrastructure monitoring. Rather than accepting surveillance networks as inherently vulnerable, organisations can deploy systems architected for the threats that exist today.

Active Security’s public disclosure of its approach represents something new: a defense contractor trusted with protecting nationally televised political events sharing how it architects security systems to resist the kind of infiltration that makes headlines.

The cameras protecting some of America’s largest political gatherings now operate on infrastructure where breaching one device doesn’t compromise the mission. That same architecture can protect the surveillance systems cities are deploying at unprecedented scale.

When assassination attempts are a real concern and “eyes everywhere” security is essential, the network connecting those eyes matters as much as the cameras themselves. Active Security and ZeroTier proved it works where the stakes are highest. Now they’re making it available to everyone facing similar challenges.

The post How Defence Contractors Are Fortifying Security Camera Networks For High-Stakes Live Events appeared first on IT Security Guru.

As software development enters an era dominated by autonomous coding agents, application security programs are finding themselves structurally unprepared. AI models that generate and modify production code on demand can push thousands of changes per day, far beyond what traditional AppSec pipelines were built to handle.

Arnica has stepped into this gap with Arnie AI, a new security suite designed to operate natively inside the workflows of AI-assisted development. The platform introduces two core systems: AI SAST and the Agentic Rules Enforcer that together create what the company describes as continuous, in-process enforcement for AI-generated code.

Why Traditional AppSec Breaks Under Agentic Workflows

The rapid adoption of generative assistants such as GitHub Copilot, Anthropic Claude, and Gemini has transformed how code is written. But these tools are tuned for fluency and compile success, not for compliance or secure design. Embedding deep policy checks within the model itself would require costly token budgets and additional inference latency, tradeoffs most enterprises reject.

That optimisation choice leaves a critical gap: AI agents can now produce functional, deployable code that passes compilation but fails security review. Each commit potentially introduces new dependency chains, unsafe defaults, or context-blind logic decisions.

Generic prompts like “write secure code” offer little protection, since every enterprise maintains distinct libraries, secrets-management patterns, and compliance regimes. Once AI models begin producing code across multiple repositories, those differences multiply. The result, security researchers warn, is an attack surface expanding at algorithmic speed.

AI SAST: Fusing Determinism With Machine Context

Arnica’s AI SAST addresses the detection side of this problem by combining deterministic static analysis with an adaptive AI reasoning layer. The deterministic engine performs conventional control-flow, taint, and data-dependency tracing, while the AI component interprets developer intent, learning how different frameworks, language idioms, and business logic interact in practice.

By running on every push, pull request, and scheduled scan, AI SAST functions as a real-time guardrail rather than a downstream scanner. Its contextual fix engine generates repair suggestions that align with the developer’s existing framework and style, minimising false positives and rework.

The tool also produces auditable output artifacts suitable for regulatory reviews under SOC 2, ISO 27034, or OWASP ASVS benchmarks. Arnica claims this approach can compress mean time to remediation and eliminate the backlog cycles that plague traditional static analysis programs.

Agentic Rules Enforcer: Preventing Vulnerabilities Before They Exist

Where AI SAST detects issues, the Agentic Rules Enforcer prevents them outright. It embeds version-controlled policy sets directly within source repositories, allowing teams to encode their security standards as executable logic. These policies run at code generation time, intercepting unsafe patterns before the commit lands in source control.

The architecture is pipelineless, the rules operate independently of CI/CD pipelines and require no developer opt-in. Enforcement occurs the moment an AI agent or human contributor attempts a violating action, producing an inline explanation of which rule was triggered and why.

Because policies are stored and versioned in the repository, organisations maintain full traceability across teams and branches. Standards like OWASP ASVS or NIST 800-53 can be applied globally or customised per-project without configuration drift.

Architectural Implications

Arnie AI effectively collapses the traditional boundary between development and security operations. Instead of treating AppSec as a gatekeeper at the end of the pipeline, Arnica positions it as a governor that runs concurrently with code creation.

For DevSecOps teams, the impact is threefold:

1. Immediate feedback replaces delayed scans and ticket queues.
2. Rule propagation ensures uniform policy enforcement across distributed environments.
3. Elastic scalability allows enforcement to match the output rate of autonomous agents.

“As AI systems increasingly write and modify production code, the industry is confronting a new kind of security gap, one born not of human error, but of machine speed,” said Tyler Shields, Principal Analyst at Omdia. “Solutions like Arnica’s Arnie AI that proactively secure AI-generated code represent the next frontier in application security, where policy enforcement and continuous validation must evolve to match the scale and autonomy of agentic development.”

A Different Philosophy of Security Automation

Arnica’s CEO Nir Valtman frames the approach as an inevitable response to the new development order. “AI systems are now active participants in the SDLC. To keep pace, security enforcement has to live alongside them not behind them,” he said. “Arnie AI was built to ensure velocity and trust can coexist.”

The company’s broader strategy reflects a growing movement away from pipeline-centric security toward deterministic governance controls that run continuously, require no manual invocation, and deliver consistent outcomes across both human and AI contributors.

As enterprises begin integrating agentic frameworks into production, the industry’s focus is shifting from detecting bad code to preventing its creation altogether. Arnica’s Arnie AI may not end that evolution, but it illustrates where AppSec is heading: toward an architecture where security logic executes at the same layer and the same speed as the code itself.

The post Arnica’s Arnie AI Reimagines Application Security For The Agentic Coding Era appeared first on IT Security Guru.

AI is transforming how restaurants operate. It’s automating calls, managing orders, handling reservations and even predicting customer demand. But, what lies beneath the surface? Beyond this exciting wave of innovation lies a growing security question that is, how safe is the data fuelling all this progress?

In an industry that deals daily with personal details, payment information and customer communication, cybersecurity simply cannot be an afterthought. 

The restaurant sector’s rush to adopt AI-driven solutions has created a tension between innovation and regulation, and the fact of the matter is that only the most security-conscious platforms will stand the test of time.

Innovation Without Safeguards Is a Recipe For Risk

The rise of generative AI and automation tools has lowered the barrier to entry for SaaS developers. Today, a small team can spin up a voice AI assistant or automated ordering system in weeks. But, that speed often comes at a price.

Many newer entrants to the restaurant tech space have been accused of bypassing telecom compliance standards and other data security obligations to get products to market faster. Some rely on unsecured APIs or unvetted cloud integrations, leaving customer data and business communications open to interception or misuse.

Restaurants, often unaware of the risks, end up inheriting the exposure from data leaks to compliance fines. In a world governed by GDPR, PCI DSS and emerging AI regulations, ignorance isn’t an excuse anymore.

So, for an industry built on trust and service, a single breach can undo years of reputation-building.

Secure AI with Compliance at Its Core

Long-standing AI providers rooted in secure telecommunications, such as ReachifyAI, are showing that innovation and security don’t have to be mutually exclusive. These companies illustrate how experience in regulated industries can shape AI solutions that are both functional and compliant. You really can have the best of both worlds. 

ReachifyAI’s platform handles core restaurant communication tasks, from taking phone orders and managing missed calls to routing messages, while embedding compliance and data protection into its design from the outset. 

Its infrastructure aligns with the regulatory standards that govern secure telecommunications, ensuring data is encrypted in transit and at rest. Sensitive information is kept under strict governance, reducing the risks that often accompany third-party integrations or unsecured APIs.

By taking a measured approach rather than racing to deploy at all costs, ReachifyAI demonstrates a principle increasingly recognised across the industry – that is, security and trust are not optional. 

Embedding compliance into the architecture ensures that automation can scale without compromising customer data, creating a model for other AI platforms in hospitality to follow.

This example highlights a key point for the broader restaurant sector ultimately, responsible AI deployment isn’t just about technology, it’s about preserving trust while modernising operations.

Understanding The Security Stakes

Indeed, AI in the restaurant industry isn’t just about efficiency – much like every other industry, it’s about trust at scale. Voice-driven AI systems, for instance, capture real-time customer data, voice recordings and sometimes payment information. Without strong identity verification and encryption, that data becomes an easy target for attackers.

Then there’s the issue of AI model leakage. That is, when sensitive data used to train or prompt large language models can unintentionally resurface. For a restaurant handling thousands of customer interactions per week, the exposure risk multiplies, more so than many people care to imagine.

ReachifyAI mitigates these risks through controlled data environments, compliant APIs and strict access policies. Its approach aligns with key cybersecurity principles – least privilege, encryption-by-default and regulatory transparency.

The result is a platform that not only helps restaurants automate and scale operations, but it also ensures that their customer data remains fully protected.

Compliance Isn’t a Checkbox, It’s a Competitive Advantage

Too often, compliance is viewed as a box to tick rather than a strategic differentiator, but this is where so many companies are going wrong.

In an era of rising cyber threats, adhering to frameworks like GDPR, CCPA and telecom regulations builds confidence with customers, investors and regulators alike.

ReachifyAI’s long-standing commitment to operating within these frameworks has made it a trusted partner in the restaurant industry, particularly for businesses that want to leverage AI without exposing themselves to unnecessary legal or cyber risk.

This compliance-first mindset is increasingly critical as governments around the world tighten oversight of AI systems. The EU’s forthcoming AI Act, for instance, will require companies to prove the safety, explainability and reliability of their AI models. So, the best move would be to prepare now rather than to wait for later.

A Safer Future For Restaurant AI

The restaurant industry is entering an AI boom, but not all solutions are created equal. Platforms that prioritise convenience over compliance may deliver short-term gains but face long-term vulnerabilities.

ReachifyAI is showing that security doesn’t have to slow innovation. By fusing telecom-grade compliance with next-generation AI, it’s giving restaurants the tools to modernise safely, sustainably and with confidence.

Because in the end, the question isn’t whether AI will transform the restaurant industry, it’s about who will build it securely enough to last.

The post AI Can Transform the Restaurant Industry But Only If It’s Built Securely appeared first on IT Security Guru.