Press Archives - NSS Labs

Inside Cybersecurity: NSS Labs issues whitepapers on enterprise AI governance, launches testing initiative

Posted on March 24, 2026March 24, 2026 by NSS Labs

Cybersecurity testing firm NSS Labs has published a series of whitepapers to help organizations address artificial intelligence security governance and has launched a new program to evaluate the effectiveness of AI protection systems.

“We’re at the beginning of the AI revolution and everyone has questions. These papers provide a framework for how to think about securing AI as well as practical guidance for governance of what their AI systems are permitted to do and why. Yes, AI security is a technical issue, but it is also a governance issue,” Vikram Phatak, CEO of NSS Labs, said in a March 18 press release.

The first whitepaper from NSS Labs lays out the argument for enterprise AI security to be “treated as a system-level and governance challenge,” according to the release.

The second whitepaper provides topic areas and questions buyers should ask to evaluate the security of an AI product.

Read the full article here.

NSS Labs Appoints Industry Veteran Dominick Delfino as Executive Advisor

Posted on March 24, 2026March 23, 2026 by NSS Labs

Austin, TX – March 24, 2026 – NSS Labs, the leading authority in independent cybersecurity product validation, today announced the appointment of Dominick Delfino as Executive Advisor. A seasoned technology leader with more than 25 years of experience at Google Cloud, Nutanix, Pure Storage, and Cisco, Delfino will provide strategic guidance to the NSS Labs leadership team as the company expands its testing capabilities for the next generation of AI-driven cybersecurity.

Delfino joins NSS Labs at a pivotal moment for enterprises, where the rise of sophisticated, automated threats has made independent, real-world validation of security efficacy more critical than ever.

Most recently, Delfino served as Global Vice President of Cybersecurity Sales at Google Cloud, where he led the global go-to-market strategy for the company’s security portfolio, including the integration of Mandiant. His distinguished career also includes serving as Chief Revenue Officer at Nutanix and Pure Storage, as well as holding senior leadership roles at VMware and Cisco.

“Dominick is a distinguished leader in the technology and security space,” said Vikram Phatak, CEO of NSS Labs. “His experience scaling global organizations and his deep understanding of the cloud and security landscape from his time at Google Cloud and VMware will be invaluable. Dominick understands exactly what enterprise customers need, and his guidance will be instrumental as we grow our enterprise programs.”

“Throughout my career, I’ve witnessed how difficult it is for organizations to separate marketing claims from actual security performance,” said Delfino. “NSS Labs has always stood for transparency and data-driven truth in a crowded marketplace. I am thrilled to be helping the team scale and ensure that enterprises have the right tools to deliver independent, real-world validation of their security controls.”

As Executive Advisor, Delfino will focus on accelerating NSS Labs global sales, enhancing strategic partnerships, and aligning the company’s roadmap with the rapidly shifting requirements of AI.

NSS Labs Names Keysight Lead Partner in New AI Protection Systems Security Testing Initiative

Posted on March 23, 2026March 22, 2026 by NSS Labs

Austin, TX — March 23, 2026. NSS Labs today announced that Keysight Technologies has joined its new AI Protection Systems (AIPS) security testing initiative as lead partner, supporting the development of one of the industry’s first independent evaluation programs dedicated to testing AI security guardrail technologies.

As artificial intelligence becomes foundational to digital transformation across industries—including finance, healthcare, government, and critical infrastructure—the security and integrity of AI systems has emerged as a global priority. Organizations are rapidly deploying AI models and applications, yet the technologies designed to secure and govern their use—often referred to as AI guardrails, AI firewalls, or AI runtime protection systems—have not yet been independently validated through standardized testing.

To address this gap, NSS Labs is launching a comprehensive independent evaluation program dedicated specifically to AI Protection Systems (AIPS)—security platforms designed to enforce policy, prevent misuse, and defend AI models and applications from adversarial attacks. The initiative aims to establish a transparent, technically rigorous methodology that benchmarks how effectively these systems protect AI deployments against real-world threats while maintaining policy enforcement and operational integrity.

Keysight is a foundational partner, supporting the development and execution of this groundbreaking AI security validation program.

The NSS Labs AIPS methodology evaluates products across seven dimensions of AI security, including malicious input and prompt attacks, output risks and sensitive data exposure, system resilience under adversarial conditions, policy enforcement accuracy, agentic AI and tool invocation security, observability and audit capabilities, and performance and scalability impact.

Across these layers, the methodology includes hundreds of thousands of individual test case executions designed to bypass, manipulate, exploit, or overwhelm AI Protection Systems. Each scenario is executed using multiple attack samples and variations—including prompt injection attempts, jailbreak techniques, obfuscated prompts, sensitive data extraction attempts, exploit generation requests, RAG poisoning attacks, API privilege escalation attempts, and agent tool misuse scenarios.

“AI is rapidly becoming core infrastructure for the digital economy, and with that comes an urgent need for independent validation of the technologies designed to protect it,” said Vikram Phatak, CEO of NSS Labs. “With Keysight joining us as lead partner, we are bringing together our deep expertise in testing along with Keysight’s global innovation solutions that will help the industry understand how well AI protection systems actually perform against real-world threats.”

“AI is quickly becoming foundational infrastructure, and trust in these systems must be earned through transparent, independent validation,” said Ram Periakaruppan, Vice President and General Manager, Network Test & Security at Keysight. “Keysight’s strength in building scalable, real-world test environments and generating actionable performance insights positions us to help shape how AI security is measured. We’re proud to partner with NSS Labs to advance a more resilient and trustworthy AI ecosystem.”

By combining adversarial testing, policy validation, system robustness analysis, and operational visibility checks into a single structured framework, the NSS Labs AI Protection Systems test aims to establish a credible benchmark for independent AI security validation and provide enterprises with objective data on the effectiveness of technologies designed to secure AI.

Feedback for the methodology is currently being accepted from enterprises and security vendors. Please reach out to [email protected] for a draft copy if you would like to provide comments. The AIPS methodology will be published in April.

Executives from NSS Labs are attending the RSA Conference. Please contact us if you would like to schedule a meeting.

NSS Labs Publishes Two Foundational White Papers on Enterprise AI Security

Posted on March 18, 2026March 17, 2026 by NSS Labs

Austin, TX – March 18, 2026 – NSS Labs, the leading authority in independent cybersecurity product validation, today announced the publication of two new white papers addressing the rapidly evolving challenge of securing artificial intelligence in enterprise environments:

Together, the papers provide enterprise security leaders with a structured, governance-driven framework for understanding AI risk in production systems. The research was developed in collaboration with Amazon Web Services (AWS), F5, and Microsoft as well as other industry leaders.

“AI Security Beyond the Model: What Enterprises Need to Care About — and Why,” outlines why securing the AI model alone is insufficient and why enterprise AI security must be treated as a system‑level and governance challenge. The aim is to provide concrete guidance to Chief Information Security Officers (CISOs), enterprise buyers, and Governance, Risk and Compliance (GRC) leaders on the questions to ask before real-world AI failures are exposed under regulatory, legal, customer, or board-level scrutiny.

“Evaluating Enterprise AI Security: Questions Every Buyer Should Be Able to Answer” moves from theory to procurement discipline to help enterprise buyers formulate better questions when shortlisting AI security vendors. The focus is primarily on runtime guardrails in the form of AI Protection Systems, the controls outside the model that enforce policy, protect data, and produce audit evidence.

“We’re at the beginning of the AI revolution and everyone has questions,” said Vikram Phatak, CEO of NSS Labs. “These papers provide a framework for how to think about securing AI as well as practical guidance for governance of what their AI systems are permitted to do and why. Yes, AI security is a technical issue, but it is also a governance issue.”

The white papers highlight several critical priorities for enterprises:

Embedding AI security into Governance, Risk, and Compliance (GRC) frameworks
Moving beyond model-centric controls to system-level runtime guardrails
Managing delegated authority in agentic AI systems
Combining detection with verification where certainty is required
Establishing measurable, independent validation practices

Together, the papers provide a practical roadmap for organizations to safely transition from AI experimentation to accountable, production-grade deployment.

Both white papers are available for download at nsslabs.com.

Cybersecurity Testing Pioneer Bob Walder Joins NSS Labs as Senior Analyst

Posted on March 17, 2026March 26, 2026 by NSS Labs

Austin, Texas — March 17, 2026 — NSS Labs today announced that cybersecurity testing pioneer Bob Walder has joined the organization as Senior Analyst, where he will focus on independent research and advising clients on the security implications of artificial intelligence technologies.

Walder is widely recognized as the founder of The NSS Group, Europe’s first independent network security testing laboratory, which he established in 1991. In 2007, Vikram Phatak acquired the assets, establishing NSS Labs, Inc. in the United States.

Following the acquisition, Walder served as Research Director (EMEA) for Security, Privacy & Risk at Gartner, advising enterprise organizations on cybersecurity strategy and risk management.

With NSS Labs, Inc. (1.0) rapidly growing, in 2011 Phatak persuaded Walder to join NSS Labs as President and Chief Technology Officer. Walder built a team of research analysts dedicated to helping enterprise organizations navigate complex cybersecurity challenges and make informed decisions about security infrastructure investments.

In his new role as Senior Analyst at NSS Labs LLC (2.0), Walder will focus on independent research and analysis exploring how artificial intelligence is transforming the cybersecurity landscape, including both the defensive capabilities AI enables and the new attack surfaces it creates.

“Artificial intelligence is rapidly reshaping the cybersecurity landscape, creating both powerful new offensive and defensive tools as well as entirely new categories of risk,” said Vikram Phatak, CEO of NSS Labs. “Bob has spent decades helping enterprises understand complex security technologies through rigorous independent analysis. His return strengthens our ability to provide trusted insight into one of the most important technology shifts facing the industry today.”

“AI is already transforming how both attackers and defenders operate,” said Bob Walder. “Organizations need clear, independent analysis to understand how these technologies affect risk, resilience, and the security of critical infrastructure. I’m excited to contribute research that helps enterprises navigate this rapidly evolving landscape.

InsideCybersecurity: Cyber Assessment Firm Identifies Evasion Vulnerabilities in Enterprise Firewall Products

Posted on December 1, 2025March 31, 2026 by NSS Labs

A nonprofit cyber assessment firm found vulnerabilities in the ability of widely used enterprise firewall products to block transport and network-layer evasions commonly deployed by cyber attackers, in a report examining the effectiveness of security offerings.

“Enterprise Firewalls are constantly evolving to combat new attacker techniques and tools but sometimes that evolution takes a wrong turn. A vendor can have a near-perfect detection engine but if attackers can bypass that engine it gives them a clear path through your defenses,” CyberRatings.org CEO Vikram Phatak sad in a Nov. 5 release.

CyberRatings is a nonprofit organization conducting independent testing of cybersecurity products through its testing partner firm, NSS Labs.

CyberRatings evaluated the “security effectiveness” of seven firewall products in 55 performance tests using 3,326 exploits, 11,311 malware samples, 5,752 evasion techniques in 53 evasion categories and 6,481 false-positive samples,” according to the report.

Read the full article here.

SDxCentral: Palo Alto Networks and Fortinet Given All Clear After Firewall Hiccups

Posted on November 27, 2025March 31, 2026 by NSS Labs

Palo Alto Networks and Fortinet have received a clean bill of health for their firewall protections, while the jury is still out on current Cisco defenses.

CyberRatings.org recommended both Palo Alto and Fortinet after new tests confirmed they had patched evasions previously discovered by the security testing firm.

In tests carried out at the start of the month by CyberRatings’ testing partner NSS Labs, researchers found they were able to bypass protection using Layer 4 TCP evasions in both Palo Alto’s PAN-OS (version 11.2.8-c537) and Fortinet’s IPS (v7.01154), as well as evading Layer 3 IP in the Palo Alto operating system.

Both firms reacted quickly, with Palo Alto developing an updated PAN-OS firmware package (PAN-OS 11.2.10-c37) and Fortinet deploying an updated IPS package (v7.01165 (33.00064) to fix the vulnerabilities.

Read the full article here.

CyberRatings.org and NSS Labs Announce Follow-On Enterprise Firewall Results

Posted on November 25, 2025March 31, 2026 by CyberRatings.org

Austin, TX – November 25, 2025 – CyberRatings.org (CyberRatings), the non-profit organization dedicated to providing confidence in cybersecurity products and services through independent testing, today announced Follow-On Test Results for the Fortinet FortiGate-200G and Palo Alto Networks PA-1410 Enterprise Firewalls.

Both products have improved their ratings from Caution to Recommended following submissions to NSS Labs to retest after developing new builds to address their earlier evasion resistance deficiencies published on November 5, 2025.

“Both Fortinet and Palo Alto Networks responded quickly and transparently to our original findings, issuing updates within days and requesting immediate retesting,” said Vikram Phatak, CEO of NSS Labs. “The speed at which these vendors addressed and resolved critical issues shows their commitment to their customers’ security.”

Read key findings in the full press release here.

NSS Labs Selects ectacom GmbH to Expand Cybersecurity Representation in Central Europe

Posted on November 12, 2025March 31, 2026 by NSS Labs

Austin, Texas / Munich, Germany – November 12, 2025

NSS Labs, the leading authority in independent cybersecurity product validation today announced that ectacom GmbH, a German value-added distributor, will be representing NSS Labs in the Central European regions of Germany, Austria, Switzerland (DACH) and Poland.

Through this collaboration enterprises, service providers, and security vendors in the region will gain access to NSS Labs real-world cybersecurity testing services, helping organizations strengthen defenses, ensure compliance, and reduce risk.

Among the services offered will be Minion by NSS Labs, a managed security testing service based on live attack scenarios, including malware, exploits, evasion techniques, and false positives sourced from active threat intelligence. Delivered remotely with encrypted control, Minion allows customers to:

Continuously monitor ongoing test results
Track improvements in security products over time
Generate compliance-ready documentation without the burden of in-house test management

This service is designed to support CISOs, CIOs, and Chief Risk Officers in meeting the growing demands of regulatory compliance, supply chain assurance, and resilience.

“ectacom understands the cybersecurity challenges enterprises face today,” said Vikram Phatak, CEO of NSS Labs. “As we expand globally, we are delighted to be represented by ectacom in Central Europe.”

“We are very proud to be partnering with NSS Labs again,” added Tomé Spasov, Managing Partner and Chief Strategy Officer at ectacom GmbH. “Enterprises continue to face significant breach risks, and testing provides the validation needed to ensure vendor products are meeting critical security performance standards.”

About ectacom

ectacom is one of the leading independent German Value-Added Distributors (VAD) for complex IT, OT, and IoT solutions and services. The company works closely with channel partners and integrators, to help companies improve infrastructure efficiency, optimize processes, and maintain compliance. For more information, please visit ectacom.com

About NSS Labs

NSS Labs delivers research-backed insights through its advanced testing platforms, empowering enterprises, security vendors, and service providers to make informed, evidence-based cybersecurity decisions. By handling the heavy lifting of testing for effectiveness, performance, and suitability, NSS Labs helps clients move beyond assumptions to gain actionable clarity. Its auditing and governance services offer continuous assurance that deployed security technologies are performing as expected—protecting investments and supporting accountability. For more information visit nsslabs.com

CyberRatings.org and NSS Labs Announce 2025 Enterprise Firewall Test Results

Posted on November 5, 2025March 31, 2026 by NSS Labs

Austin, TX – November 5, 2025 – CyberRatings.org (CyberRatings), the non-profit organization dedicated to providing confidence in cybersecurity products and services through independent testing, today announced the results of its latest Enterprise Firewall (EFW) evaluation. Tests were conducted by NSS Labs and are now available at no cost on the CyberRatings.org website.

NSS Labs performed independent evaluations of seven leading Enterprise Firewall products using the Enterprise Firewall Test Methodology v3.0. The testing revealed a striking disparity in performance — Security Effectiveness ranged from 46.37% to 99.59%.

Firewalls were tested under encrypted enterprise-grade workloads using 3,326 exploits, 11,311 malware samples, 5,752 evasion techniques spanning 53 evasion categories, 6,481 false-positive samples, and 55 performance tests. Each firewall was required to maintain operational stability throughout testing.

Read key findings in the full press release here.