Introducing CaneCorso: An AI Application Firewall Built for Real Workflows

Posted on April 16, 2026 by Brent Huston

AI has officially crossed the line from experiment to infrastructure.

Email flows into copilots. Documents feed RAG pipelines. Support tickets trigger agents that can take action. The convenience is real—and so is the risk.

What hasn’t caught up is security.

Most security models were built for a world where inputs were predictable and trust boundaries were well-defined. That world doesn’t exist anymore. Today, untrusted content flows directly into systems that can reason, decide, and act.

That’s exactly where things get interesting—and dangerous.

When Good Data Carries Bad Instructions

One of the biggest misconceptions about AI security is that it’s a model problem. It’s not. It’s a workflow problem.

Attackers don’t need to break in anymore. They ride along with legitimate data—emails, PDFs, tickets, knowledge base entries—and inject instructions that your AI system may interpret as truth.

Think about what that means in practice:

A support ticket that contains hidden instructions
A PDF with embedded prompt injection
A knowledge base entry that poisons RAG outputs
An approval workflow manipulated through summarization

Layer in human behavior—blind trust, over-privileged access, weak validation—and you’ve got a system primed to fail in ways that traditional controls simply won’t catch.

CaneCorsoAI

A More Rational Approach to AI Security

CaneCorso™ takes a different path.

Instead of trying to block everything suspicious (and breaking workflows in the process), it follows what’s described in the Rational AI Security model —security that behaves more like an immune system than a wall.

That means:

Detecting and isolating threats without stopping the system
Treating all inbound content as untrusted by default
Preserving business continuity while reducing risk
Producing measurable, auditable outcomes

This isn’t theoretical. It’s a direct response to how AI systems actually behave in production.

One Control Plane for AI Workflows

At its core, CaneCorso gives you a shared AI Application Firewall—a single control plane that sits between your workflows and your models.

Instead of every team building its own brittle filters, you get consistent, reusable protection across:

Email triage and analysis
RAG pipelines and knowledge systems
Document AI and OCR ingestion
Support and ticketing workflows
Agent-driven automation

The platform delivers:

Runtime decisions: allow, sanitize, tokenize, or block
Privacy controls: redact or tokenize sensitive data before model exposure
Audit-ready logs: reasons, scores, and evidence you can actually use
Adversarial validation: Injection Scanner proves controls before and after deployment

This isn’t just about stopping attacks—it’s about making security operationally usable.

How It Works (Without Breaking Everything)

CaneCorso is built around a simple but effective model:

Connect the workflow
Mailboxes, agents, or document pipelines send raw content through a single control point.
Evaluate risk
The system analyzes both security threats and privacy exposure in real time.
Apply the right action
Policies determine whether content is allowed, sanitized, tokenized, or blocked.
Keep work moving
Safe content continues downstream with context, scores, and auditability intact.

The key difference? It doesn’t rely on hard blocking as the default.

Inline tokenization replaces only the unsafe portion of content—meaning the workflow continues, the business operates, and the risk is neutralized.

Why This Matters Right Now

The perimeter has moved.

AI systems don’t just process data—they act on it. That turns every input into a potential control decision.

The threat landscape outlined in the workflow map highlights the shift:

Indirect prompt injection from internal or trusted sources
Multimodal attacks hidden in images, PDFs, or OCR text
Human-in-the-loop deception during approvals
Over-privileged workflows amplifying impact

These aren’t edge cases. They’re becoming normal operating conditions.

Measurable Security, Not Assumptions

One of the most important shifts CaneCorso introduces is moving security from belief to proof.

The Injection Scanner continuously tests workflows against adversarial scenarios, providing measurable evidence that controls work:

Before deployment
After changes
During audits or customer reviews

That matters for engineering teams. It matters for security teams. And it definitely matters when someone asks, “How do you know this is safe?”

Final Thoughts: Security That Matches Reality

For years, security teams have had to choose between protection and usability.

In the AI era, that trade-off doesn’t hold up.

CaneCorso is built on a simple idea: protect the workflow without breaking it. That means embracing how AI systems actually work—messy inputs, probabilistic outputs, and human decision-making in the loop.

If you’re deploying AI in any meaningful way, the question isn’t whether you’ll face these risks.

It’s whether you’ll be ready when you do.

Learn More

To learn more about CaneCorso, schedule a demo, or discuss your environment:

Email: info@microsolved.com
Phone: +1.614.351.1237
Explainer Video: Click Here To Watch Video

Revolutionizing Authentication Security: Introducing MachineTruth AuthAssessor

Posted on August 12, 2024 by Brent Huston

In today’s rapidly evolving digital landscape, the security of authentication systems has never been more critical. As enterprises continue to expand their digital footprint, the complexity of managing and securing authentication across various platforms, protocols, and vendors has become a daunting challenge. That’s why I’m excited to introduce you to a game-changing solution: MachineTruth™ AuthAssessor.

PassKey

At MicroSolved Inc. (MSI), we’ve been at the forefront of information security for years, and we’ve seen firsthand the struggles organizations face when it comes to authentication security. It’s not uncommon for enterprises to have a tangled web of authentication systems spread across their networks, cloud infrastructure, and applications. Each of these systems often employs multiple protocols such as TACACS+, RADIUS, Diameter, SAML, LDAP, OAuth, and Kerberos, creating a complex ecosystem that’s difficult to inventory, audit, and harden.

Before AuthAssessor

In the past, tackling this challenge required a team of engineers with expertise in each system, protocol, and configuration standard. It was a time-consuming, resource-intensive process that often left vulnerabilities unaddressed. But now, with MachineTruth AuthAssessor, we’re changing the game.

With AuthAssessor

MachineTruth AuthAssessor is a revolutionary service that leverages our proprietary in-house machine learning and AI platform to perform comprehensive assessments of authentication systems at an unprecedented scale. Whether you’re dealing with a handful of systems or managing one of the most complex authentication models in the world, MachineTruth can analyze them all, helping you mitigate risks and implement holistic controls to enhance your security posture.

The AuthAssessor Difference

Here’s what makes MachineTruth AuthAssessor stand out:

Comprehensive Analysis: Our platform doesn’t just scratch the surface. It dives deep into your authentication systems, comparing configurations against security and operational best practices, identifying areas where controls are unequally applied, and checking for outdated encryption, hashing, and other mechanisms.
Risk-Based Approach: Each finding comes with a risk rating and, where possible, mitigation strategies for identified issues. This allows you to prioritize your security efforts effectively.
Human Expertise Meets AI Power: While our AI does the heavy lifting, our experienced engineers manually review the findings, looking for potential false positives, false negatives, and logic issues in the authentication processes. This combination of machine efficiency and human insight ensures you get the most accurate and actionable results.
Scalability: Whether you’re a small business or a multinational corporation, MachineTruth AuthAssessor can handle your authentication assessment needs. Our platform is designed to scale effortlessly, providing the same level of in-depth analysis regardless of the size or complexity of your systems.
Vendor and Protocol Agnostic: No matter what mix of vendors or protocols you’re using, MachineTruth can handle it. Our platform is designed to work with a wide range of authentication systems and protocols, providing you with a holistic view of your authentication security landscape.
Rapid Turnaround: In today’s fast-paced business environment, time is of the essence. With MachineTruth AuthAssessor, you can get comprehensive results in a fraction of the time it would take using traditional methods.
Detailed Reporting: Our service provides both a technical detail report with complete information for each finding and an executive summary report offering a high-level overview of the issues found, metrics, and root cause analysis. All reports undergo peer review and quality assurance before delivery, ensuring you receive the most accurate and valuable information.

Optional Threat Modeling

But MachineTruth AuthAssessor isn’t just about finding problems – it’s about empowering you to solve them. That’s why we offer an optional threat modeling add-on. This service takes the identified findings and models them using either the STRIDE methodology or the MITRE ATT&CK framework, providing you with an even deeper understanding of your potential vulnerabilities and how they might be exploited.

Bleeding Edge, Private, In-House AI and Analytics

At MSI, we understand the sensitivity of system configurations. That’s why we’ve designed MachineTruth to be completely private and in-house. Your files are never passed to a third-party API or learning platform. All analytics, modeling, and machine learning mechanisms were developed in-house and undergo ongoing code review, application, and security testing. This commitment to privacy and security has earned us the trust of Fortune 500 clients, government agencies, and various global organizations over the years.

In an era where authentication systems are both a critical necessity and a potential Achilles’ heel for organizations, MachineTruth AuthAssessor offers a powerful solution. It combines the efficiency of AI with the insight of human expertise to provide a comprehensive, scalable, and rapid assessment of your authentication security landscape.

More Information

Don’t let the complexity of your authentication systems become your vulnerability. Take the first step towards a more secure future with MachineTruth AuthAssessor.

Ready to revolutionize your authentication security? Contact us today to learn more about MachineTruth AuthAssessor and how it can transform your security posture. Our team of experts is standing by to answer your questions and help you get started on your journey to better authentication security. Visit our website at www.microsolved.com or reach out to us at info@microsolved.com. Let’s work together to secure your digital future.

New vCISO Client Capacity

Posted on July 9, 2024 by Brent Huston

Exciting News: We Can Now Take on One More vCISO Client!

We’re thrilled to announce that MicroSolved now has the capacity to onboard one more client for our vCISO (virtual Chief Information Security Officer) services! This is a unique opportunity for your organization to gain access to top-tier cybersecurity leadership and expertise without the full-time overhead.

Why Choose Our vCISO Services?

In today’s rapidly evolving digital landscape, businesses face an array of cybersecurity challenges. From sophisticated ransomware attacks to subtle phishing schemes, staying ahead of cyber threats requires expert guidance. Our vCISO services provide:

Expertise and Experience: Benefit from seasoned cybersecurity professionals who bring a wealth of knowledge across various industries.
Cost-Effective Solutions: Access strategic security leadership without the cost of a full-time executive.
Customized Security Strategies: Tailored solutions to meet your specific business needs and objectives.

Get Started with Our Free Whitepaper

To help you understand the full scope and benefits of vCISO services, we’ve prepared an in-depth whitepaper: “Navigating the Complex Landscape of Cybersecurity: How vCISO Services Can Secure Your Business.” This comprehensive guide covers the evolving threat landscape, the role of vCISO services, and real-world case studies demonstrating successful security implementations.

Download Your Copy Today!

Ready to learn more? Download our whitepaper for a deep dive into how vCISO services can transform your cybersecurity strategy. Visit https://signup.microsolved.com/vciso-whitepaper-download/ to get your copy now.

Don’t miss out on this chance to elevate your cybersecurity posture with expert guidance. Act quickly—spaces are limited!

Contact Us

For more information or to discuss how our vCISO services can align with your needs, reach out to us at info@microsolved.com or call (614) 351-1237. We’re here to help you navigate the complex world of cybersecurity and secure your business’s future.

Stay secure,
Brent Huston and the MicroSolved Team

By leveraging our vCISO services, your organization can stay ahead of cyber threats and ensure robust protection for your digital assets. Don’t wait—take the first step today by downloading our whitepaper.

* AI tools were used as a research assistant for this content.

Intruder Pro Game Launched in GPT Store

Posted on January 14, 2024 by Brent Huston

Thanks to the launch of the OpenAI GPT Store, I am proud to announce the immediate availability of a new penetration testing game and hack-the-box simulation platform – Intruder Pro.

Though not a product of MicroSolved, it is personally designed by our CEO and Security Evangelist, L. Brent Huston.

The GPT is a text-based role-playing game that simulates real-world penetration tests and hack-the-box games. It leverages real-world tools, and teaches you a bit along the way.

Even better, you can get a new simulation with new targets and new services to exploit every single game! The system can also provide coaching and score your efforts at any time in the game.

Feedback has been great, and people all around the world are playing, learning, and gaining insights about information security all at the same time.

Check it out by clicking here and let me know on Twitter (@lbhuston) what you think!

New Book Launch: We Need To Talk: 52 Weeks To Better Cyber-Security

Posted on February 7, 2023 by Brent Huston

I have released a new e-book titled “We Need To Talk: 52 Weeks To Better Cyber-Security.” I self-published through PublishDrive and MSI. It has been quite an interesting project, and I learned a lot in both writing/editing (with an AI), and in the publishing aspects.

The book provides a comprehensive approach to discussing cyber-security, addressing topics such as risk management, configuration management, vulnerability management, policy, threat intelligence, and incident response. The discussions that are sparked will lead to helping your team strengthen and mature your organization’s security posture.

The book is designed for information security professionals and their teams looking for a structured way to improve their organization’s cyber-security posture over one year. It is an ideal resource for those teams who wish to develop a well-rounded understanding of cyber-security and gain insight into the various elements that are needed for a successful program.

The book is 111 pages and sells for $9.99 in most of the ebook stores below:

Amazon

Apple

Barnes & Noble

Check it out, and please leave a review if you don’t mind taking the time. It will be much appreciated.

Print-on-demand options and other stores will be coming shortly. Hopefully, the book helps folks build better infosec programs. As always, thanks for reading, and stay safe out there!

IT/OT Convergence and Cyber-Security

Posted on July 28, 2021 by Brent Huston

Today, I spoke at ComSpark as a part of a panel with Chris Nichols from LucidiaIT and David Cartmel from SMC.

We talked extensively about convergence and the emerging threats stemming from the intertwined IT/OT world.

If you missed it, check the ComSpark event page here. I believe they are making some of the content available via recording, though a signup might be required.

Our virtual booth also had this excellent video around the topic. Check it out here.

Thanks and hit me up on Twitter (@lbhuston) and let me know your thoughts.

ClawBack Professional and Managed Services Launched

Posted on August 31, 2020 by Brent Huston

Clawback small

ClawBack™, our data leak detection engine which we released last fall, is a cloud-based SaaS tool focused on helping organizations detect leaked source code, device/application configurations and credentials. You can learn more about the product and why we made it in this quick 8 minute video by clicking here.

While ClawBack has been a very successful product in its own right, the SaaS platform is primarily “Do It Yourself” in terms of operations. It’s easy to use and manage, but the customer does the work of reviewing the alerts and managing the responses. Over the last several months, some clients have asked for a managed service option, where MSI will manage the ClawBack product, review the alerts and work with the customer to issue take downs or provide mitigation advice. Today, we are proud to announce the immediate availability of the ClawBack Managed Service. Now you can get the power and vigilance of ClawBack without the overhead of managing and monitoring the product directly, reviewing the alerts and issuing appropriate take down requests.

Several clients have also asked us about other professional services associated with ClawBack and with Data Leak Prevent/Protection (DLP) capabilities in general. MSI is also proud to announce the immediate availability of the following associated professional services:

Monitoring term identification, optimization and improvement
Watermark implementation in source code and device configurations
Data leak awareness training, especially focused on source code, configurations and credentials
Data leak impact modeling and table top simulations
30/60/90 day data leak assessments
Exfiltration testing and Data Loss Prevention (DLP) assessments and optimization
Data classification and data leak policy and process development and reviews

Additionally, we are launching multiple year packages that combine these services in 3 and 5 year plans, allowing our clients to create long term solutions to the problems of data leakage, intellectual property risk management and compromises stemming from leaked source code, configs and credentials. To learn more about these services or create a package that fits your firm’s needs, give us a call at 614-351-1237 or drop us a line (info@microsolved.com).

Announcing the Launch of the SecureDrive Alliance

Posted on August 18, 2020 by Brent Huston

LMS Consulting and MicroSolved are proud to announce the launch of the SecureDrive Alliance. This team effort is specifically focused on the needs, regulatory requirements and threats facing automotive dealerships today.

SecureDrive Alliance

The alliance will be providing the following focused services to dealerships across the US:

Risk assessments
Vulnerability assessment and penetration testing
Application security
Phishing simulations
Risk management training

To learn more about the SecureDrive Alliance, the leaders of both companies have put together a quick MP3 discussing the reasons behind the launch and the capabilities that the alliance brings to bear. You can listen to the 9 minute MP3 here.

To put the team to work on securing your dealership, give a call to Justin LeBrun, or drop him an email.

Pandemic Planning Webinar Materials

Posted on March 18, 2020 by Brent Huston

John Davis and David Rose held a pandemic planning webinar on the 17th of March.

Here are the materials from the event, in case you were not able to attend.

PDF of slide deck: https://media.microsolved.com/Pandemic.pdf

MP4 recording of event: https://media.microsolved.com/2020-03-17%2010.00%20Pandemic%20Planning%20Update.mp4

Event Description:

MicroSolved’s John Davis and Dave Rose will explore pandemic plan updates in the age of the COVID-19 outbreak. They will discuss lessons learned, from building a basic plan to updating existing plans. They will share the latest advice from our consulting practice, from State, Local and Federal resources and point out a variety of resources that are now available to assist organizations.

We hope this help folks and of course, if we can be of any assistance, please let us know. We are all in this together, and MSI is here to help wherever and whenever we can. Stay safe out there!

Pandemic Planning Update Webinar Scheduled

Posted on March 9, 2020 by Brent Huston

WorldShield We are proud to announce a pandemic planning update webinar scheduled for Tuesday, March 17th at 10am Eastern.

Click here to register. Recordings will be made available after the event.

We want everyone to benefit from pandemic planning. Please let us know if you have questions or need assistance.

MSI :: State of Security

Insight from the Information Security Experts

Category Archives: Announcements