Ivanti

Continuing the Patch Apocalypse this month we are already seeing some more aggressive shifts in updates from many vendors. Oracle announced a new release cadence starting in May 2026 to address the acceleration of vulnerability detection introduced by Mythos and other AI security models. Monthly Critical Security Patch Update (CSPUs) will fill in the two-month gap between their quarterly Critical Patch Update (CPU). Mozilla had been working with AI models prior to Mythos which led to 22 security-sensitive bugs being resolved in Firefox 148. They announced continued collaboration with Anthropic to apply an early version of Mythos to Firefox and released Firefox 150 resolving 271 vulnerabilities identified during the evaluation. Since Firefox 150.0.0 released, they have been on a more aggressive weekly cadence for security updates including the release of Firefox 150.0.3 on May Patch Tuesday resolving between three to five CVEs in each release. Apple is another early participant in Proje

Data will always be unclean. It's just a matter of degree. I internalized that on day one of my master's program in data science, when a professor warned us that roughly 80% of our time would go to preprocessing and cleaning, not building models. Years later, as Principal Product Manager for AI, ML and Analytics at Ivanti, I've found the guidance holds up remarkably well in practice. As my team and I work to bring AI out of the lab and into production for IT and security teams, AI data management matters more than ever. Ivanti’s 2025 Technology at Work Report found that 42% of office workers use generative AI tools at work, up 16 points in a single year. Among IT professionals, adoption reached 74%. The appetite is there. So is the hesitation. Many IT leaders know their data isn’t clean, their systems are fragmented, and their governance hasn’t caught up. The good news: you don't need perfect data to adopt AI. You need a clear data management for AI strategy built around what you alrea

Ivanti releases standard security patches on the second Tuesday of every month. In today’s rapidly evolving technology and threat landscape, we believe responsible transparency should be a cornerstone of any product security program. AI is compressing the time-to-exploit , and Ivanti uses leading technologies to proactively find and fix issues ––including integrating advanced LLMs into our Engineering and product security to enhance the capabilities of our teams. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Secure Access Client, Xtraction, V

In today’s rapidly evolving technology and threat landscape, responsible transparency should be a cornerstone of any product security program. Especially with the advancements in AI, we believe it is important to respond quickly when a new risk is discovered. Ivanti’s efforts integrating AI into our development and product security process have increased the capabilities of our Engineering and Product Security Red Teams to identify and fix vulnerabilities. Our objective in proactively discovering issues is to increase the resilience of our products in today’s threat environment and reduce the likelihood of exploited-in-the-wild Zero Days. We have already successfully identified vulnerabilities traditional tools missed, including some that are being disclosed today. Importantly, we are committed to using AI responsibly in product security, including keeping a human in the loop to verify automated or agentic work. Our top priority is the security of our customers, and we expect that this

The promise of AI in IT service management has been circulating for years. Chatbots that deflect tickets. Virtual agents that answer FAQs. Automation that routes requests. These are useful, but probably not the dream-state you were originally sold. What's different today is the arrival of agentic AI: systems that don't just respond to instructions but reason, act, and adapt across multi-step workflows with real consequences. The question for IT leaders is no longer whether to adopt agentic ITSM. It's how to govern it well enough to run at speed. AI agents aren't coming to your service desk — they're already there. Ivanti Neurons for ITSM is at the center of this shift by embedding AI agents directly into incident management, service requests and knowledge management. The agentic service desk deployed An agentic ITSM workforce isn't a chatbot with extra steps. In Ivanti Neurons, AI agents are purpose-built for defined ITSM personas, triaging and classifying incidents the moment they arr

On April 7, Anthropic announced that its Claude Mythos Preview model had autonomously identified thousands of high- and critical-severity zero-day vulnerabilities across every major operating system and every major web browser. Over 99% of them were unpatched the day of disclosure. Two weeks later, on April 21, Mozilla said it had used the same model to find and patch 271 vulnerabilities in the latest Firefox release. Mozilla's own assessment: "So far we've found no category or complexity of vulnerability that humans can find that this model can't." 271 is the first wave. Chrome, Edge, Windows, macOS, Linux, FreeBSD — the 17-year-old remote code execution flaw in FreeBSD that Anthropic's red team disclosed (CVE-2026-4747) is an early example of what's coming. Every vendor under Anthropic's Project Glasswing umbrella is positioned to ship fixes at a tempo the industry hasn't seen before. All those fixes become public CVEs with patches available, which lands them in the same place: your

Foreign Filing filed 2026-04-22

Investors and enterprises are finally asking the question they'd been avoiding: which software companies will survive the AI revolution, and which will be made obsolete by it? The answer is becoming clear. Companies that serve as the system of record, the authoritative source of truth that AI itself depends on, are essential.  Today, Ivanti is announcing a controlled release of the  Ivanti Neurons AI Self-Service Agent , our first autonomous AI solution. We're building from a position of strategic strength, introducing the new solution initially within our IT Service Management (ITSM) framework, building on our long history of intelligent automation through built-in workflows, our Neurons bot infrastructure, generative AI tools and now a fully conversational autonomous agent.  Building the foundation to scale AI  There's no shortage of talk about what A

Traditional data protection followed a straightforward principle: Data stored in country A is protected by the laws of country A; data stored in country B is protected by the laws of country B. But in today’s global economy, where your data physically resides no longer determines which governments can demand access to it. Cloud infrastructure brought new jurisdictional complexity. The physical location of data centers, the nationality of the cloud provider's headquarters, and the entity controlling operations can each create competing jurisdictional claims, potentially allowing multiple governments to demand access to the same data. What is digital sovereignty? This challenge has a name: digital sovereignty. Digital sovereignty is the principle that organizations maintain complete control over their data within their home jurisdiction's legal framework. This idea has become a necessity for organizational resilience as businesses work in a more fractured, less trusting geopolitical worl

The lead up to Patch Tuesday has been interesting. We had a Google Chrome zero-day (CVE-2026-5281) that was patched on April 1, an Adobe Acrobat Reader zero-day ( CVE-2026-34621 ) late in the day on Friday April 10, and several older CVEs that were added to the CISA KEV list yesterday ( April 13 ). All of this amidst a lot of industry buzz about Anthropic Mythos and Project Glasswing . What is the correlation between these events and Project Glasswing you ask? Most of the discussions around Mythos have been focused on where it will be used and the ramifications. Finding exploitable flaws in code can be a powerful tool for good when used by the vendor writing the code before it is released. However, it will also be used by researchers and threat actors to find flaws in code that is already released and that is where my speculation is directed. Consider the knock-on effects of a massive model like Mythos and what it will mean near term and longer term for the software that companies cons

Ivanti releases standard security patches on the second Tuesday of every month.  Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments. We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates. To that end, today Ivanti is disclosing vulnerabilities in Ivanti Neurons for ITSM (on-premises and