Alan Shimel

Customise Consent Preferences I spent some time this week in Dallas at Automation Anywhere's Imagine 2026 conference , my second time attending the event, and once again, I walked away impressed.

The job of “protecting the data” in a cloud-native environment used to mean snapshots and offsite copies of stateful workloads.

Published On: May 25, 2026 Reading about the proposed Stratos AI project in Utah , I found myself thinking about Dwight Eisenhower.

Everyone says they have AI governance.According to JFrog’s latest Software Supply Chain Security report, 97% of organizations claim they do.But here’s where it gets interesting.53% are pulling models from repositories where malicious payloads have already been detected.18% have no governance over IDEs or MCP servers sitting directly inside developer workflows.That’s not a governance problem.That’s a visibility problem.For years, software supply chain security was about source code, open source packages, containers and binaries. Today the supply chain includes AI models, agent skills, MCP servers, IDE extensions and autonomous workflows.The attack surface has expanded dramatically.Attackers understand this. That’s why they’re increasingly targeting trust relationships instead of just vulnerabilities.A malicious package.A poisoned model.A compromised MCP server.A rogue extension.The software supply chain is becoming less about code and more about trust.The biggest takeaway from the JFrog report isn’t the 451% increase in malicious npm packages.It’s the growing gap between the governance organizations think they have and the control they actually possess.That’s a dangerous place to be.My latest Techstrong op-ed examines why the AI Governance Gap may be the next major software supply chain challenge.#AI #Cybersecurity #SoftwareSupplyChain #DevSecOps #PlatformEngineering #MCP #AgenticAI #OpenSource #DevOps #Security

Deal Would Combine Futurum's Analyst and Intelligence Platform With ETR's Enterprise Technology Spending Data

Published On: May 27, 2026 There's an old saying in baseball that a great scout can watch a player take ten swings in batting practice and know things about him that the box score will never reveal.

When I was a college student, I asked a question in a political science class that seemed straightforward at the time. Why did they accept government surve

Open source security absolutely deserves more attention.But after reading Jen Easterly’s proposal for a billion-dollar fund, I found myself asking a different question:How much is already being spent?Between DARPA, OpenSSF, Glasswing, Linux Foundation initiatives and Project Lightwell, there is already a tremendous amount of activity underway.Before we raise another billion dollars, maybe we should coordinate the first billion.New Shimmy Says:👉 [LINK]#OpenSource #Cybersecurity #AI #Techstrong

Published On: June 2, 2026 LAS VEGAS — The technology industry has a funny habit. Once a technology becomes widely adopted, we stop talking about it.

I've been covering Cisco long enough to remember when the biggest debates centered on routing protocols, switching architectures and whether voice over IP would ever become mainstream. Through every major technology cycle since then, Cisco has remained one of the industry's constants.