Insights

Stay informed on the ideas, technologies and real-world choices defining the next era of agentic presented by our teams working every day to help you defend, detect, and respond.
When AI Becomes
the Attack Surface:
CVE-2026-25724AI isn’t just a tool anymore — it’s an attack surface. Learn how we uncovered CVE-2026-25724 in an agentic AI coding tool and why meaning and context now matter as much as code in security.
Critical Security Advisory: Unauthenticated RCE in React & Next.js EcosystemThis research post examines CVE-2025-55182 and CVE-2025-66478, two patched vulnerabilities in the React Server Components Flight protocol that could enable unauthenticated Remote Code Execution (RCE) in default Next.js, Waku, and RedwoodJS configurations. We break down how the Flight serialization process works, why traditional scanners struggled to detect these issues, which applications were actually exposed, and how teams can validate and prioritize updates without unnecessary alarm.
How to evaluate AI-assisted and AI-driven testing systems and toolsHow to evaluate AI-assisted security testing tools. Understand benchmark bias, realistic testing methods, and what signals indicate real vulnerability discovery.
The Fallacy of Arbitrary Severity ScalesIn the endless battle between security teams and hackers, cybersecurity professionals face an overwhelming challenge: Managing the unmanageable.
Web Application Pen Testing: The Essential GuideLearn more in this guide to web application penetration testing. Learn key steps, common vulnerabilities, and the importance of continuous testing with Terra.
What is Adversarial Exposure Validation (AEV)?Discover how Adversarial Exposure Validation uncovers real risks by simulating live attacks and validating exploitable paths in your environment. Explore Terra.
Explore More
What is Offensive Cybersecurity (OffSec)? Benefits, Examples, and Best PracticesLearn what offensive cybersecurity is, how it works, and best practices to scale pen testing and stay ahead of real-world threats with Terra Security.
What is Pen Testing as a Service (PTaaS), and Do You Need it?What is PTaaS & do you need it? Learn the benefits of continuous security testing for faster vulnerability detection wit Terra Security.
How Terra’s AI Agents Uncovered a Critical SQL Injection Missed by Traditional Tools and Manual Testers
LabelContinuous is the new pentesting standard.Book a demo to see how you can operationalize
it for your organization with Terra.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.