Blog
Security insights for modern teams
Best practices, compliance guides, and research from the Sunspot security team.
Ghost in the Machine: Threat Modelling the AI-Native Stack
Traditional threat models like STRIDE were built for deterministic software. LLMs and AI agents break those assumptions. Here's what needs to change.
The Human Element: Threat Modelling Your Internal Processes
Your threat model probably stops at the code level. But the most exploitable vulnerability in any organisation is the people, and the processes they follow.
Securing Local LLM Integrations: Privacy, Compliance, and the Risks Nobody Talks About
Running LLMs behind your own firewall doesn't automatically make them secure. Here's how to handle data sovereignty, compliance, and agentic risk for local AI deployments.
Building a Security-First Culture Without Slowing Down Innovation
How to embed security into your DevOps pipeline so it becomes a guardrail, not a roadblock, without killing your team's velocity.
The Secret Life of a Bug: A Vulnerability's Journey from Discovery to Remediation
Follow a vulnerability through its entire lifecycle, from threat modelling to triage to patch to compliance, and see what a modern security pipeline actually looks like in practice.
What Is Cyber Risk Management? A Complete Guide for 2025
Learn what cyber risk management is, why it matters for modern enterprises, and how to build a program that reduces your exposure without slowing down your business.
SOC 2 Compliance Checklist for 2025: Everything You Need to Pass Your Audit
A complete, actionable SOC 2 Type II checklist covering all five trust service criteria, ready for your next audit cycle. Updated for 2025.
The Complete Guide to Vendor Risk Assessment in 2025
Learn how to build a scalable vendor risk assessment program that identifies third-party risks before they become your incidents. Includes a free questionnaire template.