Organizations now use a median of 112 SaaS purposes—a quantity that retains rising. In a 2024 examine, 49% of 644 respondents who ceaselessly used Microsoft 365 believed that that they had lower than 10 apps linked to the platform, although aggregated information indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on common per deployment. And that is only one main SaaS supplier. Think about different unexpected vital safety dangers:
Every SaaS app has distinctive safety configurations—making misconfigurations a prime danger.
Enterprise-critical apps (CRM, finance, and collaboration instruments) retailer huge quantities of delicate information, making them prime targets for attackers.
Shadow IT and third-party integrations introduce hidden vulnerabilities that usually go unnoticed.
Massive and small third-party AI service suppliers (e.g. audio/video transcription service) might not adjust to authorized and regulatory necessities, or correctly check and evaluation code.
Main SaaS suppliers even have 1000’s of builders pushing adjustments day by day. Understanding every SaaS app, assessing dangers, and securing configurations is overwhelming and inhumanly doable. And far of it’s simply noise. Maybe nothing malicious is occurring at scale, however small particulars can usually be ignored.
Conventional safety approaches merely can not scale to fulfill these calls for, leaving organizations uncovered to potential breaches.
AI: The Solely Method to Preserve Up
The complexity of SaaS safety is outpacing the sources and energy wanted to safe it. AI is now not non-obligatory, it is important. AI-driven safety options like AskOmni by AppOmni—which mix Generative AI (or GenAI) and superior analytics—are remodeling SaaS safety by:
✓ Delivering instantaneous safety insights by means of conversational AI.
✓ Investigating safety occasions effectively.
✓ Turning complicated SaaS safety questions into clear, actionable solutions.
✓ Visualizing dangers for deeper understanding.
✓ Breaking language limitations—multi-lingual help allows safety groups to work together with AI in Japanese, French, and English. With multi-lingual help, groups worldwide can work together with safety information of their native language—enhancing accessibility and response occasions.
For instance, with its skill to sew collectively context from disparate information factors, AskOmni can notify directors about points attributable to overprovisioning of privileges, considering entry patterns, delicate information, or compliance necessities, and information them by means of the remediation course of. Past typical risk notifications, AskOmni alerts directors to new threats, explaining potential penalties and providing prioritized remediation steps.
The Energy of AI + Information Depth
Excessive-quality information is the gas that powers GenAI, however it’s usually briefly provide. Whereas GenAI is more and more used to create artificial information for simulations, detection testing, or red-teaming workouts, the standard of that information determines the effectiveness of the outcomes.
Generative fashions require clear, related, and unbiased datasets to keep away from producing inaccurate or deceptive outcomes. That is a serious problem in cybersecurity domains the place high-fidelity risk intel, logs, and labeled incident information are scarce or siloed.
As an illustration, constructing a GenAI mannequin to simulate cloud breach situations calls for entry to detailed, context-rich telemetry—one thing that is not at all times obtainable attributable to privateness considerations or lack of standardized codecs.
However GenAI could be a highly effective device that may automate risk analysis to speed up incident reporting, serving to streamline workflows for researchers, engineers, and analysts alike. Its success, nevertheless, will depend on fixing the info high quality and availability hole first.
In SaaS safety, discovering quick, actionable solutions historically means sifting by means of information, which will be time-consuming and requires experience.
AI is just as efficient as the info it analyzes. The power to research safety occasions permits AI to supply deep visibility into SaaS environments and detect threats with higher accuracy. Safety groups profit from AI’s skill to prioritize dangers, correlate complicated safety observations, and supply suggestions grounded in real-world experience.
With 101+ million customers secured and a pair of+ billion safety occasions processed day by day, AppOmni ensures:
Deep visibility into SaaS environments
Correct danger detection and prioritization
Actionable safety insights grounded in experience
Actual-World Influence: AI in Motion
A world enterprise just lately leveraged AI to evaluate its complicated SaaS setting. With just some prompts, AskOmni effectively analyzed the system and highlighted key areas for focus. AskOmni offered the next insights that one buyer was capable of instantly motion and remediate:
An software bypassing IP restrictions: a vital misconfiguration.
Unauthorized self-authorization in Salesforce: a serious safety hole.
Outdated high-risk purposes: flagged earlier than they might be exploited.
With out AI, figuring out these dangers would have taken hours or been missed totally.
The Current and Future Belongs to AI-Pushed SaaS Safety
AI isn’t just enhancing the safety of SaaS purposes — it is redefining what is feasible. Organizations utilizing AI-powered safety instruments will achieve a vital edge in defending their information and staying forward of cyber threats.
Discovered this text attention-grabbing? This text is a contributed piece from one in every of our valued companions. Observe us on Twitter and LinkedIn to learn extra unique content material we submit.
This publish assumes fundamental data of dealing with insets and is relevant in case your WebViews are drawing beneath system bars or show cutouts. See the Compose and Views documentation, and the Inset dealing with suggestions weblog for steerage on dealing with insets.
Tips on how to deal with WebViews in case your app doesn’t personal the net content material
Tips on how to deal with WebViews in case your app owns the net content material
Dealing with IME insets in WebViews
WebViews displaying exterior content material can not simply draw edge-to-edge and will as a substitute be inset to keep away from the system bars and show cutout. The implementation is completely different relying on when you’re utilizing Compose or Views, however usually follows these steps:
Wrap the WebView in a container and apply insets as padding on that container.
Set the app’s background coloration in a best-effort try and match the webpage.
Determine 1. Left to proper. (a) The left picture reveals a full display screen WebView in an app focusing on SDK 35, at which level edge-to-edge is enforced. The highest of the WebView collides with standing bar icons. (b) The center picture reveals the results of padding the WebView’s mum or dad. The app’s background is about to pink to make it obvious that the WebView is inset. (c) The suitable picture is the specified consequence. The app’s background is about to white in a best-effort try and match the webpage.
See the next code samples.
Apply insets to a WebView in a Compose app
To make sure a WebView in Compose avoids overlapping with system bars, show cutout and keyboard, apply Modifier.windowInsetsPadding(WindowInsets.safeDrawing) to its wrapper (e.g. AndroidView). This offers the mandatory padding to maintain the WebView content material throughout the secure space of the display screen.
@Composable enjoyable WebViewInCompose() { AndroidView( modifier = Modifier.windowInsetsPadding(WindowInsets.safeDrawing), manufacturing unit = { context -> WebView(context).apply { // Configure WebView choices right here } } ) }
Then, replace your app’s background so it matches the WebView’s background as a lot as potential.
Apply insets to a WebView in a Views app
To make sure a WebView in Views avoids overlapping the system bars, show cutout and keyboard, wrap the WebView in a container like a FrameLayout and do one of many following:
Set android:fitsSystemWindows="true"
Use ViewCompat.setOnApplyWindowInsetsListener() and apply systemBars, displayCutout, and ime insets on the container. See the Views documentation for a code pattern utilizing the listener.
Lastly, replace android:windowBackground in your themes.xml so it matches the WebView’s background if potential.
In case your app owns the net content material, both pad the WebView’s mum or dad as described above; or, use JavaScript to inject padding into the net web page to attract the web page edge-to-edge as described under.
To inject padding into the net web page, first add to your HTML.
Second, outline CSS variables for prime, proper, backside and left secure space insets, because the env(safe-area-inset-*)variables return 0px on Android on the time of scripting this weblog.
As a substitute of making use of insets on the WebView’s container, use JavaScript to move the insets to your CSS variables to pad the webpage. The implementation is completely different relying on when you’re utilizing Compose or Views, however it usually follows these steps:
Retrieve the highest, proper, backside and left system bar, show cutout and IME insets as uncooked pixel values.
Convert the uncooked pixel values to density impartial pixels.
Inject the density impartial pixels into the CSS variables as CSS pixels. When the web site renders on the Android system, the WebView converts the CSS pixels again to density impartial pixels. See Help completely different screens in internet apps for extra info.
In Compose, recompose when the software program keyboard expands or collapses if relevant.
In Views, dispatch insets when the webpage first masses.
Determine 2. Prime to backside. (a) The highest picture reveals a full display screen WebView in an app focusing on SDK 35, at which level edge-to-edge is enforced. The WebView collides with system bars and show cutout. (b) The underside picture reveals the results of utilizing JavaScript to inject padding into the webpage, which is the edge-to-edge consequence we wish.
See the next code samples.
Utilizing Compose and JavaScript to inject insets into internet pages
A code pattern displaying the right way to use JavaScript to inject insets into webpages in a Compose app.
// Do not apply insets to the container AndroidView( manufacturing unit = { context -> WebView(context).apply { webViewClient = myWebViewClient settings.javaScriptEnabled = true loadUrl(initialUrl) } }, replace = { view ->
// Updates webpage when software program keyboard expands or collapses. // In case your webpage would not have an enter discipline that opens the // software program keyboard, take away this line. applySafeAreaInsetsToWebView(insets, density, layoutDirection, view) } ) }
class CustomWebViewClient( non-public val insets: WindowInsets, non-public val density: Density, non-public val layoutDirection: LayoutDirection ) : WebViewClient(){
// Inject insets into the webpage as soon as the web page has absolutely loaded applySafeAreaInsetsToWebView(insets, density, layoutDirection, view) } }
// Convert uncooked pixels to density impartial pixels val prime = insets.getTop(density).toDp(density).worth val proper = insets.getRight(density, layoutDirection).toDp(density).worth val backside = insets.getBottom(density).toDp(density).worth val left = insets.getLeft(density, layoutDirection).toDp(density).worth
// Retrieve insets as uncooked pixels val safeDrawingInsets = windowInsets.getInsets( systemBars() or displayCutout() or ime() ) val displayMetrics = myWebView.context.assets.displayMetrics
// Convert uncooked pixels to density impartial pixels val prime = pxToDp(safeDrawingInsets.prime.toFloat(), displayMetrics) val proper = pxToDp(safeDrawingInsets.proper.toFloat(), displayMetrics) val backside = pxToDp(safeDrawingInsets.backside.toFloat(), displayMetrics) val left = pxToDp(safeDrawingInsets.left.toFloat(), displayMetrics)
// Inject the density impartial pixels into the CSS variables as CSS pixels myWebView.evaluateJavascript(safeAreaJs, null)
windowInsets }
myWebView.webViewClient = object : WebViewClient() { override enjoyable onPageFinished(view: WebView, url: String) { tremendous.onPageFinished(myWebView, url) // dispatch insets as a result of insets aren't utilized when the webpage first masses. view.requestApplyInsets() } } }
Be aware: If the injected insets look too giant, it may be as a result of your web site’s Viewport initial-scale is greater than 1. On this case, divide the highest, proper, backside, and left variables by the size.
To make sure your internet web page appropriately adjusts when the on-screen keyboard (IME) seems, you should additionally account for IME insets. The offered Compose and Views code instance already contains this by retrieving WindowInsets.safeDrawing() in Compose or WindowInsetsCompat.Sort.ime() in Views:
// Getting IME insets from the above Compose code pattern // safeDrawing contains ime, systemBars, and displayCutout WindowInsets.safeDrawing
// Getting IME insets from the above Views code pattern val safeDrawingInsets = windowInsets.getInsets( systemBars() or displayCutout() or ime() )
Omitting IME insets will result in points the place the webpage content material is obscured by the keyboard. For instance, when the person faucets an HTML textual content enter and the IME expands, the webpage gained’t resize, stopping the person from seeing content material hidden behind the keyboard. By together with IME insets, the webpage dynamically adjusts its format when the IME is displayed, making certain all content material stays accessible to the person.
Determine 3. Left (incorrect implementation) to proper (right implementation). (a) The left GIF reveals a full-screen WebView the place IME insets aren’t dealt with. When the IME seems, the person can not scroll to view content material behind it. (b) The suitable picture reveals the identical WebView with right IME inset dealing with. After the IME seems, the person can scroll to entry the total webpage content material.
In abstract, making certain WebViews are appropriate with an edge-to-edge show requires completely different approaches relying on whether or not the app owns the net content material. For exterior content material, wrap the WebView in a container and apply insets as padding. For owned content material, both pad the container or inject JavaScript to deal with insets throughout the webpage.
Final Up to date on: twenty fifth March 2025, 04:53 pm
I knew it was coming. Waymo has been increasing sooner and sooner up to now couple of years, and it appeared sure that the corporate would carry its robotaxis to a brand new main market in 2025. The truth is, I feel it would broaden into multiple metropolis, however at present we obtained large information of its newest enlargement. Waymo One goes to Washington, D.C.
Oh, nicely, technically, Waymo One service launches subsequent yr, 2026, however the announcement got here at present. Naturally, Waymo should do some prep work within the metropolis, and I presume that might tip off the plans in coming months. The corporate can even wish to fire up client demand within the coming months in order that it will probably launch with a bang.
“We’re laying the groundwork for our absolutely autonomous ride-hailing service after returning to Washington, D.C. earlier this yr, and we’ll proceed introducing ourselves to D.C.’s communities and emergency responders over the approaching months. We’ll additionally proceed to work carefully with policymakers to formalize the rules wanted to function and not using a human behind the wheel within the District,” the corporate famous in its weblog concerning the information.
Picture courtesy of Hyundai
“Waymo One is making absolutely autonomous driving a actuality for tens of millions of individuals throughout the U.S.” provides Waymo co-CEO Tekedra Mawakana. “We’re excited to carry the consolation, consistency, and security of Waymo One to Washingtonians, those that work and play within the metropolis day by day, and the tens of millions of individuals from world wide who journey to the District yearly.”
Being the secretive metropolis of nationwide and worldwide politics that it’s, I do marvel how a lot folks will gravitate to the silence of a driverless robotaxi, or maybe how a lot they are going to be deterred from having inner cameras and mics pointed at them. Hmm….
Waymo One will not be at “mass scale” but — like Uber or Lyft are, or Tesla followers dream Tesla robotaxis might be with the flick of a change … any day now. Nonetheless, it has been scaling up and definitely operates numerous automobiles in comparison with any conventional taxi fleet. Waymo One is at present offering about 200,000 rides per week, or about 30,000 a day. From west to east, it’s working in San Francisco, Los Angeles, Phoenix, and Austin. The following two cities it’s launching service are Atlanta and Miami, after which Washington, D.C.
Picture by Kyle Subject | CleanTechnica
Naturally, Waymo is getting endorsements and assist for its transfer into D.C. “I’ve skilled firsthand how safely the Waymo Driver operates round pedestrians, cyclists, and different weak highway customers,” mentioned Governors Freeway Security Affiliation CEO Jonathan Adkins. “Waymo has labored with GHSA and our first responder community as they’ve expanded their service, all the time placing security first. As somebody who walks to work virtually day by day, I’m excited to share the highway with Waymo in Washington, D.C.”
Waymo notes that it has pushed greater than 50 million absolutely autonomous miles up to now. That’s fairly an accomplishment, and it’ll attain one other 50 million a lot faster. Heck, it ought to get from right here to 500 million faster than it took to get to 50 million.
I’m thrilled to announce SwiftMCP, a Swift macro-based framework that elegantly exposes your Swift capabilities as highly effective Mannequin Context Protocol (MCP) instruments for AI assistants. After months of cautious refinement, SwiftMCP now delivers the expertise I’ve all the time dreamed of: turning commonplace Swift documentation instantly into AI-integrable instruments—effortlessly.
Behind the Scenes
For a very long time, I watched with envy as builders in languages like Python effortlessly created instruments for AI brokers by merely including decorators to their capabilities, together with documentation enclosed in triple quotes. One thing related felt painfully out of attain for Swift builders—till I noticed the unimaginable potential of Swift Macros.
Macros in Swift have full entry to the syntax tree of your supply code, together with each documentation remark, parameter kind, and extra. This opens up astonishing prospects:
Extracting detailed metadata instantly out of your current Swift documentation feedback.
Routinely producing extra supply code that captures and shops this metadata.
Dynamically creating perform wrappers that simplify invocation with versatile arguments.
As an instance, take into account this straightforward Swift perform:
/// Provides two integers and returns their sum
/// - Parameter a: First quantity so as to add
/// - Parameter b: Second quantity so as to add
/// - Returns: The sum of a and b
@MCPTool
func add(a: Int, b: Int) -> Int {
return a + b
}
Utilizing SwiftMCP’s @MCPTool macro, the above perform robotically generates metadata like this:
/// autogenerated
let __mcpMetadata_add = MCPToolMetadata(
title: "add",
description: "Provides two integers and returns their sum",
parameters: [MCPToolParameterInfo(name: "a", label: "a", type: "Int", description: "First number to add", defaultValue: nil), MCPToolParameterInfo(name: "b", label: "b", type: "Int", description: "Second number to add", defaultValue: nil)],
returnType: "Int",
returnTypeDescription: "The sum of a and b",
isAsync: false,
isThrowing: false
)
Moreover, SwiftMCP generates a versatile invocation wrapper, very similar to Goal-C’s NSInvocation, enabling your capabilities to just accept parameters as dictionaries:
/// Autogenerated wrapper for add that takes a dictionary of parameters
func __mcpCall_add(_ params: [String: Sendable]) async throws -> (Codable & Sendable) {
let a = strive params.extractInt(named: "a")
let b = strive params.extractInt(named: "b")
return add(a: a, b: b)
}
This wrapper intelligently validates and parses incoming parameters, robotically dealing with conversions and offering informative error messages if something goes improper.
The ultimate magic occurs on the server stage with @MCPServer, which features a common tool-invocation methodology:
public func callTool(_ title: String, arguments: [String: Sendable]) async throws -> (Codable & Sendable) {
guard let software = mcpTools.first(the place: { $0.title == title }) else {
throw MCPToolError.unknownTool(title: title)
}
let enrichedArguments = strive software.enrichArguments(arguments, forObject: self)
change title {
case "add":
return strive await __mcpCall_add(enrichedArguments)
default:
throw MCPToolError.unknownTool(title: title)
}
}
With this plumbing in place, SwiftMCP effortlessly helps capabilities which are async, throwing, returning void, or returning any Codable kind. You possibly can serve your MCP instruments both through commonplace IO or as an HTTP+SSE server, permitting seamless integration into numerous workflows.
The easier methodology of serving – through commonplace IO – is includes the shopper really launching your app after which speaking or not it’s sending single-line JSONRPC requests to stdin and receiving JSONRPC responses through stdout. If you wish to ship an error, then it’s best to ship that to stderr.
let transport = StdioTransport(server: calculator)
strive await transport.run()
The opposite – extra subtle means of serving – is through a HTTP-SSE server. Right here the shopper makes a GET request to /sse and retains the connection open. It’s knowledgeable of an endpoint to POST JSONRPC requests to. When a message is distributed to the endpoint, the reply for it (with matching id) will probably be despatched through the SSE channel.
let transport = HTTPSSETransport(server: calculator, port: 8080)
strive await transport.run()
SwiftMCP helps each strategies. On the HTTP+SSE transport it has just a few further bells and whistles, like for instance you may restrict entry to purchasers sending a particular bearer token.
When you have your native server working you may expose it through an OpenAPI scheme to customized GPTs, in order that even these can work together along with your native instruments.
What’s Subsequent?
My fast aim is to combine SwiftMCP with my current libraries akin to SwiftMail, enabling my brokers to work together with e-mail through IMAP and SMTP, deal with notifications, and manipulate calendar occasions through EventKit. There are various extra capabilities which you could thus make out there to agentic coders like Cursor.
I’ve began a mission to do exactly that. For now it simply lets me begin an MCP Server and authorize location notifications.
This exposes the perform to ship native notifications to my pc:
/// Sends a notification with the desired title and physique
/// - Parameters:
/// - title: The title of the notification
/// - physique: The physique textual content of the notification
/// - subtitle: Non-compulsory subtitle for the notification
@MCPTool
func sendNotification(title: String,
physique: String,
subtitle: String? = nil
) async throws
One other concept is to have some primary workflow issues that Cursor is lacking however Xcode gives, like launching an app in Simulator, or a wrapper for xcode-build and swift for constructing and testing.
Conclusion
Shortly after beginning SwiftMCP, I observed the NSHipster article about iMCP showing in my feed, highlighting the broader neighborhood’s rising curiosity in MCP. Shortly thereafter, I additionally discovered one other Swift MCP implementation by Compiler-Inc. It’s thrilling to see others exploring related options!
SwiftMCP is open-source, actively maintained, and keen in your suggestions and contributions. I’m blissful to listen to from you ways you intend to make use of it or to assist including lacking options.
Within the second half of 2024, cybercriminals have more and more leveraged official Microsoft instruments and browser extensions to bypass safety measures and ship malware, in keeping with Ontinue’s newest Risk Intelligence Report.
Risk actors are exploiting built-in Microsoft options like Fast Help and Home windows Hey to ascertain persistence and evade detection.
Fast Help, a distant entry device, is being utilized in social engineering assaults the place attackers impersonate tech help to realize management of victims’ programs.
Home windows Hey, Microsoft’s passwordless authentication know-how, is being abused to register rogue units and bypass multi-factor authentication in misconfigured enterprise environments.
Browser extensions, notably on Chrome, are more and more being utilized to ship information-stealing malware.
This methodology is very efficient as a result of malicious extensions can persist even after system reimaging, as customers usually unknowingly reintroduce the menace by reimporting their browser profiles in the course of the restoration course of.
Whereas estimated ransom funds decreased to $813.55 million in 2024 from $1.25 billion in 2023, the variety of reported breaches elevated.
This implies that ransomware teams are conducting extra assaults to compensate for decrease ransom success charges.
Ransomware operators are refining their approaches, prioritizing IT abilities over programming experience.
Associates are sometimes chosen for his or her capability to navigate enterprise networks, assess and disable backups, and goal databases and virtualized environments.
This shift underscores the rising sophistication of ransomware assaults and the rising want for sturdy cybersecurity measures.
Rising Threats in IoT and OT Environments
The report warns of a big enhance in threats focusing on Web of Issues (IoT) and Operational Expertise (OT) environments.
These units usually lack centralized safety controls, making them prime targets for cyber threats.
Latest assaults have demonstrated the vulnerability of those programs, together with large-scale botnets leveraging unpatched IoT units and complicated nation-state actors focusing on industrial management programs.
To mitigate these evolving threats, organizations are suggested to implement a variety of safety measures.
These embrace strengthening ransomware defenses, securing authentication strategies, monitoring and securing built-in system instruments, implementing fast patching and vulnerability administration, bettering incident response and menace looking capabilities, and enhancing internet and e-mail safety.
Because the menace panorama continues to evolve, organizations should undertake a proactive strategy to cybersecurity, specializing in fast menace detection, sturdy authentication controls, and an agile response technique to construct a extra resilient safety posture towards rising threats.
Examine Actual-World Malicious Hyperlinks & Phishing Assaults With Risk Intelligence Lookup – Attempt for Free
