Ivanti Blog

Ivanti Launches Agentic AI on the System of Record You Trust

Mon, 20 Apr 2026 22:00:02 Z

Investors and enterprises are finally asking the question they'd been avoiding: which software companies will survive the AI revolution, and which will be made obsolete by it? The answer is becoming clear. Companies that serve as the system of record, the authoritative source of truth that AI itself depends on, are essential.

Today, Ivanti is announcing a controlled release of the Ivanti Neurons AI Self-Service Agent, our first autonomous AI solution. We're building from a position of strategic strength, introducing the new solution initially within our IT Service Management (ITSM) framework, building on our long history of intelligent automation through built-in workflows, our Neurons bot infrastructure, generative AI tools and now a fully conversational autonomous agent.

Building the foundation to scale AI

There's no shortage of talk about what AI will eventually do, but that potential means nothing without a strong foundation beneath it.

Operationalizing autonomous AI and scaling its impact across an entire organization requires five foundational capabilities.

Knowing what exists: AI must operate on accurate discovery data, not assumptions. Without real-time visibility into devices, users, configurations and dependencies, autonomous actions become dangerous.
Maintaining institutional memory: AI needs durable context that survives organizational change. Relationships, history and dependencies must be preserved in a system of record.
Owning accountability: Every autonomous action needs clear ownership and a decision trail. When AI acts on behalf of the organization, someone must be accountable.
Enforcing policy: AI must distinguish between what's technically possible and what's organizationally permissible. Optimization without governance creates compliance risk.
Ensuring auditability: Every action or decision made through AI must be traceable, explainable and defensible in an audit.

That's not a limitation of any model, but rather the nature of how AI works. AI is powerful, but it operates on data. And if that data is fragmented, inaccurate or ungoverned, the AI built on top of it will be too.

This is what the Ivanti Neurons Platform was built to provide. Our Neurons Platform serves as a robust system of record and control panel for IT and security operations. Our Discovery Engine establishes ground truth. Our CMDB preserves relationships, dependencies, and change history. Our IT Asset Management (ITAM) capabilities assign ownership, lifecycle, and accountability. Our Software Estate Management enforces what's allowed versus what's merely detected.

This is more than product architecture. It's the foundation your organization needs to operate securely and intelligently.

The journey to autonomous service delivery

Agentic AI wasn’t built overnight. At Ivanti, we’ve been building toward this deliberately with a consistent focus on trust, governance, and repeatability.

Our path to autonomous service delivery was strategic and intentional.

Traditional automation: Established rule-based workflows executing predefined tasks in sequence.

Cognitive AI: Added intelligence through bots, machine learning and predictive analytics, moving IT from reactive to proactive.

Generative AI: Introduced large language models and natural language interaction.

Conversational AI: Deepened interactions by adding intent recognition, sentiment detection, and safety guardrails transforming AI from a tool into an interactive partner.

And now, autonomous agents that don't just respond but orchestrate actions across systems while maintaining governance at every step.

Each stage was built on the prior one. And each stage delivered real enterprise value only because it was grounded in accurate data, governance and accountability. That foundation is what makes today's announcement possible.

Introducing Ivanti Neurons AI Self-Service Agent

The problem is one every IT leader knows well — employees struggle to find answers scattered across disconnected knowledge systems. Basic tickets flood the service desk. Users abandon confusing portals in frustration. IT teams get trapped on a ticket treadmill, doing repetitive work instead of the strategic projects that actually move the business forward. Traditional self-service portals haven't solved this. They're rigid, frustrating, and often create more problems than they resolve.

Ivanti Neurons AI Self-Service Agent is different. We’ve all seen chatbots, but this is something else. It’s a true conversational AI agent. It converses, investigates, resolves and escalates only when it needs to. The first release focuses on intelligent knowledge search, incident escalation and the ability to request something from IT using natural language. It feels as easy as texting a friend.

This initial release delivers three things done exceptionally well: intelligent knowledge search, incident escalation when knowledge isn't enough, and the ability to request from a service catalog without the complexity of self-service portal forms.

We understand that time, speed, and accuracy are non-negotiable in the digital era and have built the capabilities with that in mind. The AI Self-Service Agent engages in natural conversation, asks the right questions, queries across internal and approved external sources, and surfaces verified answers. If this process alone doesn't resolve the issue, the agent escalates and captures a structured incident from the conversation without requiring the user to repeat their request, ensuring a frictionless user experience.

This solution is built on an AI framework designed to grow with it as we execute our full vision for autonomous endpoint management.

Driving real, measurable outcomes that matter most

This launch directly advances strategic outcomes for our customers: improving IT productivity, improving digital employee experience, and bringing teams and business functions together across one unified platform. Here’s what that looks like:

For the business, that means measurable productivity gains, lower cost per ticket, and IT operating as a driver of strategic outcomes rather than an operational bottleneck.

Autonomy requires a foundation you can trust

What makes our approach to autonomous AI trustworthy and attainable is that the AI Self-Service Agent is built on a system of record as part of the Ivanti Neurons Platform. This ensures that:

Our agentic AI doesn't improvise (that is, hallucinate.) It operates from accurate discovery data, validated asset information, and governed workflows.
It knows what devices exist, who owns them, what software is permitted and what policies apply.
It maintains durable state and enforces accountability across every action it takes.

The operating model is simple, but powerful: Continuously detect issues before they impact users. Decide using trusted data from the system of record. Act through governed automation within defined boundaries.

This is the difference between AI that generates answers and AI that organizations can trust in production, at enterprise scale.

The future we're building

This launch is both a milestone and a foundation for what’s next. We're building autonomous capabilities on the system of record that AI itself depends on. That makes our platform more resilient, our customer relationships more durable and the value we deliver stronger over time.

The future of IT is anticipatory, self-driven and strategic. IT leaders aren't reactive ticket-takers. They're orchestrators of intelligent, self-healing infrastructure. Autonomous agents handle the routine, learn continuously and escalate the complex to human experts — all within governance guardrails that the system of record enforces.

We've spent years building toward this moment. I'm proud of what our team has delivered, and I'm even more excited about what comes next.

Digital Sovereignty and Sovereign Cloud: Protecting EU Cloud Data for Operational Resilience

Fri, 17 Apr 2026 12:30:01 Z

Traditional data protection followed a straightforward principle: Data stored in country A is protected by the laws of country A; data stored in country B is protected by the laws of country B. But in today’s global economy, where your data physically resides no longer determines which governments can demand access to it.

Cloud infrastructure brought new jurisdictional complexity. The physical location of data centers, the nationality of the cloud provider's headquarters, and the entity controlling operations can each create competing jurisdictional claims, potentially allowing multiple governments to demand access to the same data.

What is digital sovereignty?

This challenge has a name: digital sovereignty. Digital sovereignty is the principle that organizations maintain complete control over their data within their home jurisdiction's legal framework. This idea has become a necessity for organizational resilience as businesses work in a more fractured, less trusting geopolitical world. Private and public organizations need secure access to cloud-based platforms that are compliant with local regulatory requirements and shielded from the known or unknown geopolitical risks their region faces.

How the U.S. CLOUD act impacts EU data residency

The 2018 US CLOUD (Clarifying Lawful Overseas Use of Data) Act further cemented these concerns for EU organizations. This law empowers US law enforcement to compel any US-based cloud provider to produce data stored anywhere globally — regardless of the data's physical location or the customer's nationality.

Both the US CLOUD act and the Foreign Intelligence Surveillance Act (FISA) have given firms in the European Union cause for concern. Through these two policies, US authorities could access data contained within cloud platforms of any US-headquartered organization, even when the cloud data center is stationed in another country.

For EU‑based companies, using US‑based tools triggers specific GDPR obligations because personal data leaves the EU. And since the EU–US Privacy Shield was invalidated (known as “Schrems II”), EU companies need other protections. Standard Contractual Clauses (SCCs) remain valid but are conditional and complex as they require case-by-case review.

A subsequent Data Privacy Framework has been introduced since, but underlying trust among the nations involved only goes so far. These dynamics increased pressure to ensure data protection, and so sovereign cloud solutions were needed to ensure operational resiliency.

Ivanti Neurons for MDM – Sovereign Edition: built for EU cloud sovereignty

For our partners and customers in the EU, Ivanti Neurons for MDM Sovereign Edition addresses these requirements through fundamentally different architecture and operations. Located in Germany and independently operated, this solution was designed to align with the Cloud Sovereignty Framework of the European Commission and has been evaluated by the highly reputable cyberintelligence.institute, where their expert assessment explained:

“The Ivanti Sovereign Cloud demonstrates a high level of European control in the areas of data processing, security and compliance governance. In its current configuration, the Ivanti Sovereign Cloud achieves at least SEAL 2 certification, meaning that data sovereignty is ensured in all areas. Furthermore, the Ivanti Sovereign Cloud meets the requirements for SEAL 3 certification in many relevant areas, thus achieving digital resilience.”

You can read the full technical assessment to learn more.

Achieving data sovereignty compliance with confidence

Neurons for MDM – Sovereign Edition – EU provides European firms with a strategic foundation for their IT and Security platform from a trusted leader, while maintaining local jurisdictional protections for risk management. This means public and private entities can continue their digital transformation with the confidence that their cloud data will remain secure while their operations gain resilience.

Next steps? Read our whitepaper, Sovereign Cloud as a Strategic Necessity for European Organizations, to discover how Ivanti Neurons for MDM Sovereign Edition achieves and exceeds SEAL 2 certification and provides the sovereign cloud architecture European organizations need to maintain data sovereignty while enabling secure digital transformation.

April 2026 Patch Tuesday

Tue, 14 Apr 2026 22:51:36 Z

The lead up to Patch Tuesday has been interesting. We had a Google Chrome zero-day (CVE-2026-5281) that was patched on April 1, an Adobe Acrobat Reader zero-day (CVE-2026-34621) late in the day on Friday April 10, and several older CVEs that were added to the CISA KEV list yesterday (April 13). All of this amidst a lot of industry buzz about Anthropic Mythos and Project Glasswing.

What is the correlation between these events and Project Glasswing you ask? Most of the discussions around Mythos have been focused on where it will be used and the ramifications.

Finding exploitable flaws in code can be a powerful tool for good when used by the vendor writing the code before it is released. However, it will also be used by researchers and threat actors to find flaws in code that is already released and that is where my speculation is directed.

Consider the knock-on effects of a massive model like Mythos and what it will mean near term and longer term for the software that companies consume. Near term you will have the big players using a solution like this to release more secure code. As researchers and threat actors adopt more robust AI models to identify exploitable flaws this will result in more coordinated disclosures (good), zero-day exploits (bad) and n-day exploits (bad). All of this will result in more frequent, and more importantly, urgent software updates.

Many organizations currently struggle to keep up with priority updates resolving exploited vulnerabilities when they occur outside of their normal monthly maintenance. I suspect most organizations were not aware of the Adobe Acrobat zero-day exploit until the CISA KEV update yesterday. This means that threat actors had another 2-3 days of free reign to exploit CVE-2026-34621 before most organizations became aware and many of those organizations will likely handle the update as part of their regular maintenance that is starting today on Patch Tuesday.

Browser security updates are a weekly occurrence. Many other applications that users are utilizing regularly release updates on a continuous cadence, not a set monthly release date. This means many of the user targeted exploits are going to occur in software that is releasing outside of the average organizations maintenance schedules and that frequency is about to increase. It is hard to say if that increase is going to be 1.5x or 5x, but rest assured that the increase will be noticeable and will exacerbate a challenge that most organizations already struggle with – timely patch management.

Enter Exposure Management. This is really a mindset and maturity change as much as a technology evolution. The mindset change requires us to consider a world where we need to make the decisions up front and monitor those decisions. This is called defining your Risk Appetite and monitoring your Risk Posture. Doing this effectively matures an organizations’ response to risks and makes remediation activities much more clear cut.

The technology evolution requires the traditional vulnerability assessment technologies to integrate into a broader ecosystem where asset visibility or system of record comes together with vulnerability assessment and vulnerability intelligence solutions to refine when risks require more immediate action vs waiting for your regular maintenance activities to occur. Most important is the need for this tech stack to be integrated with your AEM (Autonomous Endpoint Management) platform as this is where remediation predominantly (and automatically) occurs.

Now, back to our regularly scheduled Patch Tuesday update. Microsoft has resolved 169 CVEs this month which is a massive patch Tuesday lineup. April Patch Tuesday is the second-largest Patch Tuesday on record behind the October 2025 Patch Tuesday which resolved 175 CVEs. The lineup includes one zero-day exploit (CVE-2026-3220) and one public disclosure (CVE-2026-33825) and breaks down into 8 Critical, 156 Important, 3 Moderate and 1 Low severity.

The zero-day CVE is in Microsoft SharePoint and the public disclosure is in Microsoft Defender making those two updates the most urgent for this month in addition to the Adobe Acrobat and Google Chrome updates leading up to Patch Tuesday.

Microsoft’s known exploited vulnerabilities

Microsoft resolved a Server Spoofing Vulnerability in Microsoft SharePoint (CVE-2026-32201). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 6.5, but it has been confirmed to be exploited in the wild. An attacker who successfully exploits this vulnerability can view sensitive information and make changes to the disclosed information. The vulnerability affects SharePoint server Subscription Edition, SharePoint Server 2019 and SharePoint Server 2016. A risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned.

Microsoft’s publicly disclosed vulnerabilities

Microsoft resolved an Elevation of Privilege Vulnerability in Microsoft Defender (CVE-2026-33825). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 7.8, but has been publicly disclosed. The CVE lists exploit code maturity as Proof-of-Concept which puts this at a higher risk of exploitation. An attacker could use this vulnerability to allow an authorized attacker to elevate their privileges to SYSTEM on the local machine.

Ivanti security advisories

Ivanti has released one security update for April. The update affects Ivanti Neurons for ITSM and resolves two CVEs. More details and information about mitigations can be found in the April Security Advisory.

Third-party vulnerabilities

Adobe has released twelve updates this month, eleven of which released on Patch Tuesday and the zero-day update for Acrobat that released on Friday, April 10. 54 CVEs were resolved with a breakdown of 39 Critical, 13 Important and 2 Moderate. APSB26-43 resolved the zero-day exploit (CVE-2026-34621).

April update to-do list

Adobe Acrobat (CVE-2026-34621) and Google Chrome (CVE-2026-5281) each had zero-day exploits leading up to Patch Tuesday. Ensure that you are prioritizing remediation of these two products to the latest version.
Microsoft SharePoint includes a zero-day exploit (CVE-2026-32201) and should be investigated as a priority especially if you have known update challenges with your SharePoint environments.
The Microsoft Windows OS update this month resolves 133 CVEs (depending on edition) and includes 4 Critical CVEs. This update will resolve a significant number of findings across your environment.

April 2026 Security Update

Tue, 14 Apr 2026 14:08:24 Z

Ivanti releases standard security patches on the second Tuesday of every month. Our vulnerability management program is central to our commitment to maintaining secure products. Our philosophy is simple: discovering and communicating vulnerabilities, and sharing that information with defenders, is not an indication of weakness; rather it is evidence of rigorous scrutiny and a proactive vulnerability management program. By aggressively seeking to identify and address vulnerabilities, our aim is to get ahead of threat actors to ensure our customers can take the steps needed to protect their environments.

We believe that responsible transparency helps protect our customers, and that CVE disclosures are an essential and effective tool to communicate software vulnerabilities. The purpose of assigning a CVE is to provide a beacon to security teams and signal the need for urgent updates.

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Neurons for ITSM (on-premises and cloud).

It is important for customers to know:

We have no evidence of these vulnerabilities being exploited in the wild.
These vulnerabilities do not impact any other Ivanti solutions.
Customers using the cloud version of Ivanti Neurons for ITSM do not need to take any action as the fix was applied on 12 December 2025 to all cloud environments.

More information on these vulnerabilities and detailed instructions on how to remediate the issues can be found in this Security Advisory.

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Not All Agents Are Created Equal: Getting Agentic AI Right for IT

Wed, 08 Apr 2026 13:00:06 Z

Three months ago, a CIO told me her organization had “already deployed agents.” Her endpoint team assumed she meant the telemetry clients on every managed laptop. Her service desk thought she meant AI chatbots. Meanwhile, her security architect heard “autonomous decision-making.” They were all right and all talking past each other.

This is the agent confusion problem. It sounds like a semantics issue, but it creates real misalignment when teams try to get serious about implementing agentic AI. So, let’s untangle it.

Three types of “agents” for IT — and how they fit together

1. Endpoint agents

Endpoint agents are the lightweight clients that have run silently on managed devices for decades — collecting telemetry, executing policies, applying patches. If you run a modern endpoint management platform, they’re already across your fleet doing the quiet, continuous work. They're your infrastructure layer: always listening and reporting but not making decisions.

2. Automation bots and workflows

Automation bots and workflows handle the repetitive, structured processes IT runs on: proactive issue identification, self-healing, password resets, account unlocks, software provisioning, approval chains. These aren’t legacy limitations to apologize for. A well-built password reset bot is fast, predictable and exactly right for that job. They're your execution layer: reliable, auditable and purpose-built.

3. AI agents

AI agents are something genuinely different. Where endpoint agents collect data and automation bots execute tasks, AI agents coordinate both. Orchestrated by large language models (LLMs), they understand intent, reason across context from multiple systems, plan multi-step actions and decide when to escalate an issue that requires human expertise.

But here’s the nuance that matters: a well-designed AI agent doesn’t replace the automation bot; it calls it. When an employee asks to reset their password through a conversational interface, the AI handles the dialogue, verifies identity, applies policy logic and then triggers the existing workflow to execute. Intelligence orchestrating automation. That’s the architecture worth building toward. Add endpoint telemetry, and the picture gets richer.

Here’s what this looks like in practice:

An employee messages: “My laptop has been crawling since the last patch.”

The AI agent:

Interprets the intent, recognizes this as a performance issue potentially triggered by a recent change.
Pulls real-time CPU load, disk usage and startup process data from the endpoint layer.
Triggers a targeted remediation. Not a guess. A data-informed, auditable action.

That’s what self-healing IT looks like at the conversational layer.

What makes agentic AI for ITSM work

Getting agentic AI for IT service management right comes down to a few critical foundations.

Start with clean, current knowledge

An AI agent is only as good as what it knows and what context it has. Before enabling any agentic capability, audit your knowledge base and ask these key questions:

Is it current?
Is it tagged by use case?
Is it maintained after major changes?

Outdated knowledge leads to wrong outputs that quickly destroy employee trust. That said, these same AI agents can be used to accelerate knowledge creation, too. Every resolved ticket is a draft article. Every question the agent can't confidently answer is a knowledge gap it just surfaced for you. The agent becomes a contributor to your knowledge base, not just a consumer of it.

Provide context

Knowledge alone isn’t enough. Agents need real-time context across your entire IT environment. This includes device data from your CMDB, role and access information from HR systems and ticket history from ITSM. With this context layer, it’s possible to move from a smart-sounding bot to an agent that can close the loop.

Set governance guardrails

Having control and AI guardrails is not optional. Be deliberate about what the agent handles autonomously, what needs a human approval step and what always escalates. Having a human in the loop isn’t about being overly cautious. Rather, it’s a deliberate, intelligent design. For anything security-sensitive like MFA changes, privilege adjustments or data access requests, the agent should surface the decision, not make it unilaterally. Companies must build those thresholds from the start, not try to retrofit them later.

Change management

Even with the perfect setup, deployment fails when companies don’t consider change management.

Your service desk team needs a clear mental model of what the agent handles and where they take over. You might think of it like any other division of labor: you don't want overlap. You don't want humans burning cycles on tasks the agent can knock out instantly, and you definitely don't want the agent making calls where policy says a human needs to be in the loop. Clean boundaries keep both sides working at their highest value.

Your employees need to trust that context won’t be lost mid-conversation when an issue is escalated from agent to human. Immediately letting agents do more than foundational support is how a promising pilot becomes a painful rollback. Start narrow and earn the right to expand.

Here’s what success looks like

To prove ROI with agentic AI, organizations should focus on operational metrics that reflect real impact and can be improved through better orchestration.

Ticket deflection shows how effectively agents resolve common requests end to end without human involvement. Auto-remediation highlights when systems can diagnose issues and take approved corrective action, reducing manual effort and queue volume. Mean Time to Resolution (MTTR) reflects how much the system shortens the path from request to outcome by removing handoffs and tool switching.

Together, these metrics indicate whether agentic AI is truly reducing work, not just shifting it. But the most important measure is end-user satisfaction (CSAT). Speed without satisfaction simply creates faster friction.

The best agentic AI is invisible. Employees ask for help, get what they need, and move on without noticing the workflows, checks, or automated actions behind the scenes. Organizations that achieve success design agentic systems intentionally, with clear guardrails and a strong understanding of how autonomy reshapes operations.

Next steps

If you are evaluating the role of self‑service agentic AI in your IT ecosystem, a conversational entry point is often the most practical place to begin. Consolidating incident creation, service requests, knowledge access, and status checks into a single interface can reduce friction for employees while still respecting policies and existing workflows.

This approach lays the groundwork for a broader agentic platform. For IT leaders under pressure to do more with less, this is the moment to deliberately define how AI should operate, where autonomy adds value, and where guardrails are required.

Ready to take the next step in your agentic AI journey? Get our whitepaper for the framework, maturity model and implementation roadmap you need to succeed.

See It All or Risk It All: The Truth About IT Visibility

Mon, 06 Apr 2026 12:00:02 Z

In everyday life, ignoring what you cannot see may feel harmless. In IT, it creates a false sense of security and a costly illusion.

Although many organizations use some form of asset discovery, 2026 security research from Ivanti reveals that more than 1 in 3 IT professionals (38%) report having insufficient data about devices accessing their networks, and 45% say they lack adequate information about shadow IT. This lack of visibility leaves critical assets at risk of going undetected and unmanaged.

Yet hybrid environments now span offices, homes, clouds and data centers. As devices, identities, cloud workloads and SaaS tools move across these spaces, many of them fall outside the scope of traditional discovery methods. Unmanaged laptops linger on the network. SaaS tools are adopted without oversight. Cloud resources appear and disappear before the CMDB is updated. The result is an environment filled with assets that are present, influential and completely unseen.

The cost of partial visibility is far greater than most organizations realize. Any asset that is not tracked or understood becomes a source of risk, unplanned spending and operational inefficiency.

The scope of this challenge is clearly illustrated in Ivanti’s 2025 Securing the Borderless Digital Landscape Report:

3 in 4 IT workers say that personal device use, or BYOD, is a regular occurrence at their organization. However, just 52% of this same group say their organizations explicitly allow it.
At companies where BYOD is not permitted, 78% of employees disregard the prohibition entirely.

The issue of shadow technology is increasing even further with the exponential rise in AI use in the workplace. According to that same Ivanti study, nearly a third (32%) of people who use generative AI tools at work admit to keeping their use of AI a secret from their employer.

The good news: complete, continuous visibility is possible, and organizations that achieve complete visibility reduce operational costs, eliminate blind‑spot-driven risks and strengthen compliance readiness. Modern discovery approaches now give IT the ability to see every asset, understand its context and manage it with confidence.

The hidden costs of partial IT visibility

Many organizations assume that achieving visibility over “most” of their assets is good enough, yet when some assets are unseen and unmanaged, critical risks can be hiding right under your nose. Examples of common visibility blind spots include everything from undetected laptops that can appear intermittently on IT scanners, newly-acquired SaaS tools adopted without IT involvement, orphaned cloud workloads that never make it into the CMDB and over-provisioned identities that go unnoticed and unpremeditated.

When even a small portion of your environment remains unaccounted for, four big problems surface immediately:

1. Security weakens

Unseen or intermittently visible assets miss patches, skip scans and create openings for attackers. Blind spots slow incident response and make aligning patching priorities difficult. According to a 2026 global study from Ivanti, 38% of IT workers say inaccessible and siloed data causes difficulty tracking patch status and rollouts.

2. Compliance falters

Adding to these security challenges, that same report finds that 35% of IT organizations feel that data visibility gaps make it much more challenging for them to maintain compliance.

Audit evidence becomes fragmented across disconnected tools, spreadsheets and inboxes. Without the ability to confidently track where data lives, it becomes impossible to prove compliance.

3. Software spend leaks value

Even with SaaS management or inventory tools in place, incomplete usage and entitlement data cause overspending. Companies lose roughly 25% of their SaaS budgets to unused entitlements, redundant tools and underutilized licenses, according to Zylo’s 2025 SaaS Management Index.

Ivanti’s 2025 Technology at Work research found that nearly one in three IT workers (31%) say their organizations do not track unused/underused software licenses, possibly because they may not have a complete inventory of the total. Moreover, 39% of IT teams say that outdated hardware drives wasteful IT budget spend.

Every resource you cannot see — or cannot verify — quietly drain your budget.

4. Operations lose efficiency

Conflicting or incomplete data forces teams to recheck device information, chase outdated records and remediate issues on the wrong assets. This slows service delivery and increases rework.

Partial visibility doesn’t just obscure reality. It creates hidden risks, hidden costs and hidden delays.

Why IT visibility gaps continue to grow

Unfortunately, visibility gaps are widening for many companies. As headcounts, devices, identities and SaaS usage grow, it becomes increasingly difficult for IT teams to maintain complete visibility. Several factors contribute to growing visibility issues, including:

Shadow IT and SaaS sprawl accelerating faster than IT can keep up.
Cloud resources appearing and disappearing within minutes.
Remote and hybrid workers connecting to networks outside the corporate network.
Identity sprawl expanding across dozens of apps and platforms.
Legacy discovery tools capturing only a fraction of the environment.

These pressures compound quickly. Employees adopt convenient tools before IT can approve them. When devices, servers, or apps are created in Cloud environments and deleted in minutes, they can be missed by security checks and monitoring. As a result, these short-lived resources might not get patched or protected, creating blind spots that attackers could exploit before anyone notices. Remote workers may never even touch the corporate network. SaaS, identity and device ecosystems expand far faster than legacy discovery tools were designed to track. Without continuous, multi-source visibility, organizations fall behind almost immediately.

To close these widening gaps, organizations must shift from reactive, point‑in‑time inventories to a model built on continuous, contextual, real‑time visibility. This is where understanding and achieving true visibility over your entire IT estate becomes critical.

IT visibility is more than just an inventory

Real visibility is not a list of assets. It is complete, current and trusted intelligence that every team can act on. Total visibility requires identifying every device, SaaS app, identity, cloud workload, configuration and usage signal; no matter where it lives or how long it exists.

It also means understanding relationships: who owns an asset, what data it touches, its risk level, its compliance impact and whether it is actually being used. This is the foundation that turns discovery from information into operational control.

How complete visibility transforms workflows

Once visibility becomes continuous and contextual, the entire environment transforms. Modern IT environments require more than passive observation. As threats, workloads and assets scale at unprecedented speed, organizations need intelligent, automated actions to turn visibility into real outcomes. AI-driven insights and automated workflows empower teams to proactively address security threats, remediate issues and optimize operations without waiting for manual intervention.

With the right approach, organizations can move beyond partial visibility and finally see:

every device, application, identity and cloud workload.
normalized and reconciled data presented as a single source of truth.
vulnerabilities tied to the exact assets and owners affected.
automated workflows that trigger patching, quarantines, CMDB updates and ticket closure with proof.
discovery that spans agent, agentless, active and passive methods to cover every corner of the hybrid environment.

How every team benefits from unified asset visibility

With unified, reliable asset data, every team benefits:

Security can map exposures to real assets and respond faster.
IT operations can close the loop from discovery to remediation to verification.
Endpoint teams can enforce policies consistently.
ITAM employees can optimize spending using accurate usage and entitlement insights, eliminating waste.
Compliance teams can produce automated, audit-ready evidence without manual effort.

Achieving complete IT visibility today

This level of clarity is achievable today. By using modern discovery approaches that combine agent, agentless, active and passive methods, unified asset intelligence ensures that IT teams achieve complete visibility, even as environments become more complex and distributed.

Unified asset intelligence ingests up-to-date data from every corner of the organization, including devices, identities, SaaS applications, cloud workloads and network signals. This data is normalized and consolidated into a single, trusted source of truth.

Instead of managing partial or fragmented inventories from multiple tools, organizations gain a real-time, holistic view. Each asset is accurately represented with its key details and context, removing blind spots and allowing teams to confidently secure and manage the entire environment; eliminating guesswork, reducing risk and restoring control.

See how Ivanti Neurons for Discovery can deliver complete visibility to your environment.

Inventory to Intelligence: How AI and Automation Improve Endpoint Visibility

Fri, 03 Apr 2026 13:00:09 Z

Endpoint visibility has always been foundational to IT and security. You can’t secure, patch or support what you can’t see.

But as environments have become more distributed and complex, what visibility means has evolved. It’s no longer enough to know that a device exists — IT teams and organizations as a whole need to understand its health, its risk posture and its impact on both security and user experience.

This is where AI and endpoint automation start to make a practical difference. By moving endpoint visibility from static inventory to continuous intelligence, organizations can shift from reactive discovery to proactive, even autonomous operations.

Why traditional discovery practices fall short

Traditional discovery practices were built for a very different IT reality. Their approach is designed for relatively static environments, clearly defined perimeters and manual processes. That strategy doesn’t scale well in today’s hybrid, cloud-first world.

Manual discovery workflows often produce incomplete or outdated inventories. Ivanti’s 2026 Autonomous Endpoint Management Advantage Report reinforces this reality: Only 52% of organizations report using an endpoint management solution today, leaving many environments with limited centralized visibility and persistent blind spots across unmanaged or shadow IT.

In practice, this fragmentation shows up in very familiar ways. Teams often juggle multiple inventories, one from an on-prem client management tool, another from an MDM platform and yet another from identity or access systems, leaving gaps that widen as environments grow more complex.

Common challenges in manual device discovery

Manual discovery relies heavily on human input, which introduces inconsistency and error. As environments grow more distributed, these processes struggle to evolve with them, making it difficult to keep inventories accurate as devices are added, reassigned or accessed remotely. Reconciling changes across large estates becomes time-consuming and brittle, increasing the likelihood that devices fall out of view entirely.

Over time, these limitations compound. Discovery becomes episodic rather than continuous, and visibility lags behind reality. By the time inventories are reconciled, the environment has already changed.

Visibility gaps and security risks

These gaps aren’t theoretical. Ivanti’s research shows that many organizations still struggle with foundational endpoint visibility even after deploying multiple management tools. Endpoint data exists across scanners, MDM platforms and access systems, but it is rarely centralized, continuously updated, or trusted across teams. As a result, shadow IT, unmanaged devices and unknown access paths remain persistent sources of security and compliance risk.

Blind spots create real risk. Many organizations struggle to identify which devices are vulnerable or even actively accessing their environments.

When teams can’t reliably understand device exposure or access patterns, security decisions are made using incomplete or outdated data, increasing risk and delaying remediation. In fact, the above-mentioned Ivanti report highlights how common these blind spots are:

45% of organizations report challenges identifying shadow IT
41% struggle to identify vulnerabilities across devices
35% say data blind spots make it difficult to determine patch compliance.

Device discovery vs. device health monitoring

Discovery is only the first step. Knowing that a device exists doesn't tell you whether it's secure, compliant or even functioning properly. That’s where device health monitoring becomes critical.

Discovery tells you what’s present. Health monitoring adds the context that actually matters, from performance and configuration drift to overall security posture. Research from Ivanti’s 2025 Securing the Borderless Digital Landscape report underscores how significant these visibility gaps remain: Two out of five (38%) of IT professionals say they lack sufficient data about devices accessing the network, and 45% report insufficient visibility into shadow IT.

BYOD and edge devices, especially, are a concern. These can be online and still pose significant risk. It may be missing critical patches, running outdated software, drifting from configuration standards or suffering performance issues that impact users.

Presence data answers the question, “Is it there?” Health data answers, “Is it safe, compliant, and usable?” Without health insights, organizations are effectively managing endpoints in the dark.

Key indicators of endpoint health

To manage endpoints proactively, organizations need continuous visibility into key health indicators.

This includes:

Operating system and application versions
Patch and antivirus status
Configuration drift
Overall security posture

User experience signals such as crashes, latency and performance degradation also provide early warning signs that something isn’t right.

Modern platforms unify these signals into a single view, allowing IT and security teams to understand not just what devices exist, but how they're performing and where risk is emerging.

The risk of tracking only device presence

When organizations focus only on device presence, they expose themselves to both security and operational risks. Visibility without context leads to delayed detection, missed compliance requirements and reactive management.

Negative impacts on security and compliance

Tracking presence alone increases the likelihood that malware, misconfigurations or policy violations go undetected. Devices that are not enrolled in management or out of compliance may still access sensitive resources, creating gaps in enforcement. When access decisions aren’t tied to device state, enforcement becomes inconsistent by default.

Strong endpoint visibility, access and security ensure that only managed and compliant devices can reach sensitive systems and data.

Tying access to management and compliance status is critical. Conditional access, VPN and zero trust controls are only effective when visibility and enrollment are enforced consistently across endpoints.

Patch management is one of the areas where limited visibility creates the most operational strain. Our IT and security research shows that many IT teams struggle to track patch status across their full endpoint estate and to stay compliant as environments become more distributed. For example, of those we surveyed,

38% of IT and security professionals say they have difficulty tracking patch status and rollouts.
35% of teams struggle to stay compliant.

These challenges aren’t about patch availability alone. They stem from gaps in visibility into device state, ownership and real-world exposure, making it difficult to prioritize and verify remediation.

Operational inefficiencies

From an operational perspective, limited visibility leads to inefficiency. IT teams spend time troubleshooting issues that automation could resolve, chasing devices that should have been discovered automatically, and reacting to incidents rather than preventing them.

Without health data, teams are forced into a firefighting mode, responding to problems after they impact users instead of addressing them proactively.

This is exactly where AI and automation can begin to change the equation.

How AI and endpoint automation improve endpoint visibility

AI and automation turn endpoint visibility from a one-time discovery exercise into a continuous, self-sustaining capability. They enable teams to unify data, detect anomalies and maintain accurate inventories without manual effort.

Unified telemetry across multiple sources

Modern endpoint management platforms with AI and automation capabilities consolidate telemetry from discovery, UEM, MDM, patching, vulnerability and security tools into a unified, continuously updated view. This unified telemetry eliminates the need to reconcile siloed inventories and provides a shared, reliable view for both IT and security.

By normalizing data across desktop, mobile, server and IoT devices, organizations gain holistic visibility that supports faster, more confident decision-making.

Our autonomous endpoint management (AEM) research also shows that organizations make the most progress when endpoint visibility is treated as a shared objective. Teams that track metrics such as time to discovery, percentage of fully managed endpoints and exposure duration through shared dashboards are better able to align IT and security around the same data. This shared visibility turns endpoint management from siloed reporting into a coordinated, data-driven process.

AI-Powered automation and autonomous bots

Automation plays a critical role in keeping visibility current. AI-powered bots can automatically rediscover devices, reconcile duplicates, update ownership and location and detect anomalies across the environment.

When agents stop reporting or profiles break, automated workflows can repair or reinstall them without human intervention. This ensures that visibility doesn’t degrade over time and reduces the operational burden on IT teams.

Self-healing workflows for IT productivity

Self-healing workflows extend automation to the endpoint itself. Common issues such as failed updates, stopped services or configuration drift can be detected and resolved automatically, often before users notice a problem.

Endpoint automation enables these self-healing workflows to operate continuously in the background, resolving common issues without waiting for human intervention.

By resolving these issues without tickets, organizations reduce downtime, improve user experience and free IT staff to focus on higher-value initiatives. In fact, over two-thirds of IT teams today believe that AI and automation in ITSM will allow them to deliver better service experiences and give them more time to support business objectives.

Broader impact on security, productivity and user experience

When AI and automation are integrated into endpoint visibility, the benefits extend beyond IT operations. Security posture improves and users experience fewer disruptions — and productivity increases.

By combining endpoint visibility and control, organizations can reduce risk while still supporting productivity and flexible operating models.

Closing visibility gaps

AI-driven insights eliminate blind spots by continuously monitoring endpoint activity and health. Instead of relying on periodic scans or manual checks, organizations maintain real-time awareness of their endpoint environment.

This continuous visibility transforms endpoint management from a static inventory project into a living, breathing capability that adapts as the environment changes.

Improving IT operations and end-user satisfaction

Automation reduces ticket volume and accelerates resolution times, while predictive analytics help prevent downtime before it impacts users. Ring deployments, maintenance windows and self-service catalogs allow changes to be delivered with minimal disruption.

When users experience faster support and fewer interruptions, resistance to endpoint management drops and adoption improves. Over time, this creates a healthier feedback loop where visibility, automation and user experience reinforce each other instead of competing.

This is where autonomous endpoint management takes organizations next. Visibility becomes continuous instead of episodic. Automation keeps inventories accurate, health signals current and risk visible in real time.

With shared data and clear ownership, IT and security teams stop reacting to issues after the fact and start managing endpoints proactively. That shift from inventory to intelligence is what enables autonomous endpoint management, and it’s quickly becoming the standard for modern IT operations.

How AI-Driven Automation Solves Patch Management Silos

Thu, 02 Apr 2026 15:37:11 Z

"We see 10,000 critical vulnerabilities!"

"We patched everything last week!"

This conversation happens in enterprise IT departments every single day. Security teams present dashboards filled with red alerts. IT teams show deployment reports at 98% success. Both teams are looking at real data. Both are absolutely correct. And both are totally blind to what's actually happening across the endpoint environment.

This isn't a people problem — your teams aren't incompetent. It's not a process problem — your workflows aren't broken. It's a technology problem: you're asking two teams to manage the same risk using systems that show them different realities.

Security teams are given one version of reality through vulnerability scanners and threat intelligence. Meanwhile, IT teams see things differently when looking at their device management and patch deployment reports.

The tricky part is that both views can be correct in isolation and still be misleading in practice. That's how you end up in the familiar stalemate: security reports thousands of critical vulnerabilities; IT reports that patches are successfully deployed. The disconnect lives in the gap between those systems.

Why IT and security are misaligned on patching

Most organizations approach patching misalignment between IT and security by improving communication between IT and security. They schedule more meetings. They create escalation paths. They implement SLAs. And six months later, they're having the exact same argument with better PowerPoint slides.

Here's what nobody wants to admit: you can't collaborate your way out of a data fragmentation problem. When IT and security are working from fundamentally different inventories of what exists, what's vulnerable and what's been fixed, adding more coordination overhead just slows down an already broken process.

This is why the same conversation plays out again and again inside many organizations. Both teams are confident in their data, and both are “right” within the narrow context of the tools they rely on.

And that’s the problem. While both views are “right,” neither reflects the full lifecycle of risk. Vulnerability data doesn’t always reflect whether affected devices are managed or reachable. Patch reports don’t always account for unmanaged, misclassified or newly discovered endpoints that still have access to corporate resources. What’s missing is a reliable answer to the only question that actually matters: which endpoints are exposed right now?

Technology silos create conflicting realities

Most enterprises manage endpoints through a hodgepodge of systems that have evolved independently over time, each capturing only a fragment of reality.

One system may surface critical exposure without knowing whether the device is being managed. Another may confirm successful remediation without accounting for newly discovered or misclassified endpoints that still have access. The result? No reliable way to trace risk from detection through deployment to actual exposure.

Consider this: the average organization manages only 60% of their edge devices, according to Ivanti's Securing the Borderless Digital Landscape Report. That means 40% of potential entry points exist outside IT's view and outside their patch workflows. Security sees them. IT doesn't. That's your vulnerability gap. Without that continuity, teams are forced to reconcile partial views manually. Data gets debated instead of acted on.

Different data views lead to friction

Imagine it’s Monday morning: Security discovers a critical zero-day in a widely used VPN client. They send an urgent alert to IT: "30,000 vulnerable endpoints detected — patch immediately."

IT checks their deployment console: "VPN client already updated across 28,000 devices last Thursday."

Both statements are true. Security is scanning the entire network — including contractor laptops, BYOD devices and systems that briefly connected to the VPN but aren't under IT management. IT patched everything in their device inventory.

Meanwhile, 2,000 genuinely vulnerable endpoints remain exposed because they exist in Security's view but not IT's. The patch that should have taken 24 hours now requires three days of manual reconciliation.

When IT and security operate from different data sources, misaligned vulnerability management priorities are inevitable. Security teams focus on vulnerability counts, severity scores and exploit intelligence. IT teams prioritize deployment success, system stability and user impact. Both perspectives are necessary, but without a shared frame of reference, they pull in different directions.

What follows isn’t just tension; it’s decision paralysis. Remediation slows while teams reconcile inventories, validate findings and argue about scope. Vulnerabilities remain open longer than they should, not because patches aren’t available, but because there’s no single view that connects detection, deployment and exposure.

The risk of misaligned patching priorities

Misalignment slows collaboration, but more so, it creates measurable risk that extends well beyond internal friction.

Ivanti’s Autonomous Endpoint Management research reflects this challenge in practice:

38% of IT professionals report difficulty tracking patch status.
35% struggle to meet remediation timelines due to incomplete endpoint visibility.

When vulnerabilities remain open longer than necessary, the window of exposure grows. Attackers don’t wait. The CISA KEV catalog reveals the difficult truth: 30% of vulnerabilities being actively exploited right now were originally disclosed more than five years ago.

That's not a patching problem; it’s a visibility problem. Organizations aren't ignoring available patches; they're missing the endpoints that still need them.

Prolonged exposure windows and breach risk

Fragmentation stretches exposure windows in subtle ways. Devices that were never enrolled in management platforms, such as shadow BYOD, unsecured contractor devices or remote endpoints outside the traditional perimeter, often go unnoticed.

Research from Ivanti shows that only one in three employers have implemented zero trust network access for remote workers, leaving significant gaps in visibility across distributed environments. Newly discovered endpoints appear after patch reports are generated. Systems drift out of compliance between scan cycles. Each delay compounds the risk, extending the time attackers have to weaponize known weaknesses.

Common post-patch issues and IT ticket overload

Even when patches are deployed on schedule, manual patching often creates downstream issues. Failed updates, broken agents, performance problems and unexpected reboots trigger support tickets and emergency fixes. What starts as a security task quickly becomes an operational drain.

IT teams spend time resolving predictable failures instead of improving endpoint posture. Security teams see delays as unresolved risk. Users associate patching with disruption. That friction persists across teams, even when their goals are aligned.

Transforming patch management with autonomous endpoint management

AI and automation address the core disconnects in patch management by unifying visibility and reducing manual coordination. When endpoint discovery, vulnerability data, device health and patch status are correlated into a unified view, IT and security teams can work from the same facts instead of reconciling partial data across tools.

Autonomous endpoint management (AEM) brings clarity to the confusion by using AI intelligence and automation to give IT and security a single, continuously updated view of endpoints, their health and their exposure.

How AI improves patching decisions

AI improves patching decisions by prioritizing vulnerabilities based on real-world risk rather than severity scores alone. By factoring in exploit activity, asset criticality and exposure context, teams can align on what to patch first and focus effort where it will reduce risk fastest.

With autonomous endpoint management, that same Monday morning scenario plays out differently:

The vulnerability is detected, and AI immediately cross-references it against a unified endpoint inventory. It identifies 1,560 devices running the vulnerable version, including 217 devices that were previously unmanaged.

Automated patch workflows simultaneously: enroll the unmanaged devices, prioritize patching based on exposure risk and asset criticality. They then schedule deployment during low-usage windows, and begin ring-based rollout.

By the time the security team sends the alert, IT already has a real-time dashboard showing remediation in progress — with the same device count, the same exposure data and the same prioritization logic. No reconciliation necessary.

How automation accelerates remediation

Automation then turns those decisions into action. Patch workflows can be orchestrated end to end: identifying affected devices, deploying updates and validating remediation without constant manual intervention.

AI-powered intelligent patch scheduling minimizes user impact by aligning deployments with device usage patterns, maintenance windows and operational constraints. Ring-based rollouts allow patches to be validated on smaller groups before wider deployment, reducing disruption while accelerating remediation. The result is faster patching, less downtime and a more predictable process for both teams.

Self-healing workflows detect and resolve common issues automatically, such as restarting services, reinstalling agents or correcting misconfigurations. These workflows prevent avoidable incidents before they turn into support tickets.

From data debates to unified intelligence and shared visibility

AI-driven platforms unify endpoint visibility by correlating discovery data, vulnerability context, device health and patch status into a single endpoint record, with enrollment and access controls ensuring that devices are continuously discovered and managed throughout their lifecycle. IT and security teams see the same devices, the same exposure and the same remediation status in real time.

This unified intelligence eliminates debates over whose data is correct and replaces them with agreement on which risks to address first. By integrating remediation into broader endpoint workflows, teams reduce manual effort and maintain consistent patch outcomes at scale. By integrating remediation into broader endpoint workflows, teams reduce manual effort and maintain consistent patch outcomes at scale.

Shared patch ownership: powering IT and security collaboration

AI and automation only improve patch management when they’re paired with shared ownership. When IT and security teams operate from the same endpoint data and remediation workflows, accountability shifts from defending individual reports to jointly reducing exposure.

A data-driven patch process starts with mutual goals. Instead of tracking success in isolated tools, organizations align IT and security around common metrics that reflect real-world risk and operational impact. This shared measurement creates clarity on priorities and removes ambiguity around ownership.

Effective collaboration depends on metrics both teams trust and act on together. Common KPIs include:

Mean Time to Remediate (MTTR): How quickly critical vulnerabilities are resolved
Patch compliance rates: Across both managed and previously unmanaged endpoints
Exposure duration: How long high-risk vulnerabilities remain open
Endpoint visibility: Percentage of devices fully discovered and managed

These metrics shift conversations from patch volume to measured risk outcomes and help teams focus on outcomes instead of activity.

Joint ownership requires workflows that span the entire patch lifecycle. AI-driven platforms support this by automating routine tasks while surfacing exceptions that require human judgment.

IT and security leaders define guardrails for automation, including approval thresholds, testing requirements and rollout constraints. Within those boundaries, automation executes remediation consistently and at scale, without constant manual coordination. Over time, trust in the process grows, coordination overhead decreases, and patching becomes a cooperative operational responsibility rather than a point of friction.

Visit our solutions page to discover how Ivanti's autonomous endpoint management solutions give IT and security teams the unified visibility they need to eliminate patching silos and close vulnerabilities faster.

Stop The Real Costs of Paper Documentation

Thu, 26 Mar 2026 12:00:06 Z

Proof of condition — it’s been around for decades and serves to verify the integrity of everything from material goods to heavy equipment and myriad assets in between. A paper process from the beginning, it has been accompanied by photographs, rubber stamps, and signatures along the way.

Still, hard to believe that a quarter way through the 21st century, with ubiquitous mobile device options, so many of these processes continue to reside on clipboards. And this paperwork can take hours, days or more to move from point of documentation to a recipient who can act on information reported within.

Even in the best of cases, an inspection sheet walked from a loading dock to a warehouse managers office or a logistics dispatcher will take a few minutes – — minutes that could mean the subject of said documentation has changed custody or even left the facility for its next stop in the supply chain.

Discover the savings

With supply chain costs continuing to rise, where can operations teams find savings by moving away from these paper documents to digital forms?

Proof of Condition: Time and money are lost when damaged goods arrive at the loading dock and given that over 10% of all unit loads have some degree of damage when they arrive at the DC, those real costs add up fast. The inverse is equally true, so avoiding chargebacks by documenting product/pallets were delivered in good condition protects shipper integrity and mitigates risk of fraudulent returns at each step along the chain.

Pre-trip Inspections: Performing a pre-trip inspection is not only prudent, but often required. However, it’s only as good any actions taken from the inspection. If that paper inspection is only reviewed after the vehicle has left the yard, costly breakdowns or roadside inspections could shut down deliveries – — and therefore revenue.

Safety Inspections: These come in a variety of flavors – — from the forklift or pallet jack inspection at the start of a work shift, to documenting injury incidents or near-misses, these are essential to worker safety, and also may be required documentation that needs to be readily available for audit.

Digitally transform the experience (and savings!)

Above are just a few common areas where operations teams benefit from moving to digital forms. Some, and I point to the Proof of Condition documentation as the example, offer an immediate opportunity to measure the value in financial terms. Avoiding chargebacks is a clear way to help the bottom line.

In other cases, the savings are more cost-avoidance. When a pre-trip inspection identifies risk, and that risk is addressed before the vehicle leaves the dock, goods are delivered on time and fines (or worse) are avoided. The same can also be said about ensuring work equipment is in good operating condition before a worker is put in danger.

Take a look at this infographic (and share it with your team) for further proof of where digitizing documentation offers savings. Then, explore a process consultation with your Ivanti Wavelink supply chain partner to get started with digital forms. Within the Velocity platform, workflows can include Velocity Forms as a required step of the process – — such as forcing completion of a proof of condition statement, including photos, as part of the incoming inspection process when goods roll off the truck onto the loading dock.

Closing the gap between documentation completion and document action is a key reason to trash paper and move to digital forms. Information is routed to the appropriate recipients for review in a timely, relevant and actionable manner – — essential to controlling costs in operations when every second counts.

March 2026 Patch Tuesday

Tue, 10 Mar 2026 21:01:35 Z

March Patch Tuesday resolves 79 CVEs, of which three are Critical and 76 are Important. There are two publicly disclosed CVEs this month, but none exploited. Microsoft has also released an Edge update resolving nine Chrome CVEs. The public disclosures include a Denial-of-Service vulnerability in .Net and an Elevation of Privilege vulnerability in SQL Server. Both disclosures are listed as Unproven for Exploit Code Maturity indicating the disclosures did not include any code samples.

Adobe and Mozilla have released updates as part of the March Patch Tuesday including eight updates from Adobe resolving a total of 80 CVEs, 21 of which are rated Critical. Mozilla Firefox 148.0.2 released resolving three high severity CVEs.

Microsoft’s publicly disclosed vulnerability

Microsoft resolved an Elevation of Privilege vulnerability in SQL Server (CVE-2026-21262). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 8.8, but it has been publicly disclosed. An attacker who successfully exploited this vulnerability could gain SAL sysadmin privileges. The vulnerability affects SQL Server 2016 and later editions.

Microsoft resolved an Denial of Service vulnerability in .NET (CVE-2026-26127). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 7.5, but it has been publicly disclosed. An attacker could cause an out-of-bounds read in .NET allowing an unauthorized attacker to deny service over a network. The vulnerability affects .NET 9 and 10 on Windows, Mac OS and Linux as well as NuGet 9 and 10 packages.

Third-party vulnerabilities

Adobe has released eight updates this month resolving a total of 80 CVEs, 21 of which are rated Critical. Adobe Commerce is the highest priority this month with a Priority 2 rating. Other affected products include Adobe Illustrator, Substance 3D Painter, Acrobat and Acrobat Reader, Premier Pro, Experience Manager, Substance 3D Stager, and DNG SDK.

Mozilla has released an update for Firefox 148.0.2 resolving three High severity vulnerabilities.

March update to-do list

The Microsoft OS and Office updates will resolve the majority of the CVEs resolved this month in two easy updates.

Mozilla Firefox, Microsoft Edge and Google Chrome are all released frequently. Prioritize browser updates on a weekly or daily basis to reduce risks continuously with minimal risk of impact.

March 2026 Security Update

Tue, 10 Mar 2026 14:13:58 Z

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Desktop and Server Management (DSM).

It is important for customers to know:

We have no evidence of this vulnerability being exploited in the wild.
This vulnerability does not impact any other Ivanti solutions.

More information on this vulnerability and detailed instructions on how to remediate the issues can be found in this Security Advisory.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Ivanti Innovators Hub (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Who Owns Endpoint Management? Defining Security and IT Governance

Thu, 05 Mar 2026 13:30:01 Z

Endpoint management is one of the most critical — and most contested — areas of enterprise governance. Every organization depends on endpoints, yet many still struggle to answer a fundamental question: who actually owns these devices?

In many environments, IT and security teams are both confident they’re doing the right thing, yet still talk past each other. Security looks at a scanner and sees 10,000 critical vulnerabilities; IT looks at a patch report and sees everything deployed. They're both right, but they're speaking different languages.

The result is stalled risk remediation efforts, policy friction and growing frustration. Teams debate whose data is accurate instead of closing gaps. When endpoint management is governed jointly, with shared visibility and accountability, teams can shift their focus from reconciling data to improving execution.

As endpoint environments scale, governance also depends on automation. AI-powered capabilities can help normalize data across siloed tools, surface unmanaged devices, and highlight asset visibility gaps, making shared ownership possible without relying on manual reconciliation.

Why endpoint management ownership matters

Endpoints are where users work, where data is accessed and where many security incidents begin. When ownership of endpoint management is unclear, fissures start to appear.

Ivanti’s Autonomous Endpoint Management Advantage report shows that these visibility gaps are widespread and consequential. Just over half of organizations report using endpoint management solutions that provide centralized visibility, meaning many teams still struggle to see their full device landscape. These blind spots extend beyond unmanaged IT devices.

45% of security and IT professionals cite shadow IT as a key data gap.
41% report difficulty identifying vulnerabilities.
38% can’t reliably tell which devices are even accessing their network.

Most organizations believe they know what’s on their network, until they turn on proper discovery. The reality is that device lists are usually siloed: one from your MDM, another from on-prem tools and something else from the identity provider.

As a result, basic questions become hard to answer: which devices are fully managed, which are compliant and which can access sensitive resources without controls.

AI-powered automation can help continuously correlate endpoint data across management, identity and endpoint security solutions, reducing blind spots that manual processes routinely miss.

But visibility is only valuable when it’s shared and governed. You can’t secure, patch or support what you can’t see. Without a shared, trusted view and clear governance of endpoints, well-intentioned efforts still lead to friction, delays and increased risk. That’s why endpoint management is ultimately a governance problem, not just a technical one.

Security isn’t the only issue with these blind spots. Patching is slowed, support gets complicated and policy enforcement is undermined. When IT and security teams rely on different datasets, disagreements over risk and remediation are inevitable.

Clear ownership changes that dynamic. When endpoint management is governed jointly, with shared visibility and accountability, organizations are better positioned to move from debating data to closing gaps. Endpoint management becomes a foundation for consistent policy enforcement, faster remediation and better collaboration across teams.

Common points of friction between IT and security teams

Most friction between IT and security doesn’t come from bad intent. It comes from misalignment.

Our autonomous endpoint management research also suggests this misalignment isn’t abstract; it’s measurable and costly. We found that:

56% of IT professionals say wasteful IT spend is a problem.
And 39% point to inefficient tech support as an area of waste.

Nearly nine in ten respondents also report that siloed data negatively impacts IT operations, driving inefficient use of resources, reduced collaboration and elevated risk of non-compliance.

In practice, this misalignment tends to surface in a few consistent and recurring friction points:

Fragmented tooling

Fragmented tooling is a major barrier. Many organizations juggle an older on-prem client tool, a separate MDM for mobile and a different solution for patches. The result is tech sprawl that makes the problem worse.

As this disconnect plays out in practice, security and IT teams often rely on different tools and datasets to assess the same endpoints, leading to very different conclusions about risk and remediation status.

AI-driven analysis can add context across these datasets, helping IT and security teams interpret exposure through a shared lens rather than competing reports.

User impact

User impact is another source of tension. Endpoint controls are often seen as restrictive, raising concerns about performance, downtime or privacy, especially on bring-your own (BYOD) devices. IT teams are left balancing enforcement with user experience, while security pushes for stricter controls.

Resource constraints

Resource constraints make this harder. Teams are wary of introducing new platforms or policies that appear complex or disruptive, especially when they’re already stretched thin.

Without clear governance, these issues lead to inconsistent enforcement, stalled remediation and shadow policy decisions. Endpoint management stays reactive. But the good news is that this is solvable.

Balancing security requirements and business flexibility

One of the hardest challenges in endpoint management is balancing security with business flexibility. Security teams want consistent controls to reduce risk. Business leaders want minimal disruption and the freedom to work without friction. IT teams are often caught in the middle.

When this balance isn’t clearly defined, endpoint policies become a source of conflict. Strict controls applied universally can slow productivity, frustrate users and encourage workarounds. Too much flexibility, on the other hand, increases exposure and makes enforcement inconsistent.

The real issue is that organizations fail to agree upfront on what’s mandatory and where flexibility is acceptable. Without that clarity, organizations negotiate policy decisions ad hoc and react to incidents instead of managing risk proactively.

Effective endpoint governance reframes the conversation. By defining baseline requirements upfront and aligning them to risk, organizations can protect critical assets while still supporting different user needs and operating models. This shift allows security and IT to move from constant trade-offs to structured decision-making. That's when the relationship fundamentally changes from friction to alignment.

Who should own endpoint governance?

Endpoint governance can't sit with a single team. It requires shared ownership across IT, security and the business.

In successful organizations, endpoint governance is shaped by a group that includes IT operations, security and key business stakeholders. This group defines decision rights, agrees on priorities and establishes a common policy framework that everyone operates within.

Security brings risk context and threat awareness. IT brings operational insight and user impact considerations. Business leaders provide perspective on workflows, productivity and acceptable levels of disruption. When these perspectives are aligned early, endpoint policies are easier to enforce and less likely to be bypassed.

Governance clarifies accountability. It answers questions like who decides what's mandatory, how exceptions are handled and how conflicts are resolved. With that structure in place, endpoint management becomes a coordinated program rather than a series of isolated decisions.

Defining risk remediation priorities and timelines

Effective endpoint governance depends on clear agreement around risk remediation priorities and timelines. Without that agreement, IT and security teams often talk past each other, prioritizing volume instead of focusing on what matters most.

The problem with patching is prioritization, and Ivanti’s autonomous endpoint management research confirms this isn't just a theoretical problem but a measurable operational challenge:

39% of IT teams struggle to prioritize risk remediation and patch deployment.
38% have difficulty tracking patch status and rollouts.
And 35% struggle to stay compliant with patching.

These are all outcomes that stem largely from visibility gaps and inconsistent tooling, making it harder to focus remediation efforts.

Traditional approaches rely on CVSS scores and long spreadsheets that don't reflect real-world risk at all. Context matters: whether a device is Internet-facing, who uses it, what data it touches and how likely exploitation is, with AI-powered analysis helping teams assess that context continuously at scale.

Governance helps shift remediation from a volume-driven exercise to a risk-based one. By defining patching timelines, escalation paths and ownership upfront, organizations can align IT and security around shared priorities. Instead of debating which issues to address first, teams can focus on execution.

Clear timelines reduce friction by making remediation predictable instead of reactive. This consistency improves accountability, shortens exposure windows and builds trust between teams.

Non-negotiables vs. flexibility zones

One of the most important outcomes of endpoint governance is clarity around what's required and where flexibility is allowed.

Non-negotiables are the baseline. This includes disk encryption, specific patch management timelines and mandatory enrollment before a device can touch sensitive data. Defining these controls upfront removes ambiguity and ensures a consistent security posture.

Flexibility zones acknowledge that not all endpoints are the same. Different teams, roles and operating models may require tailored policies, especially in environments with BYOD, contractors or frontline workers. Governance defines where exceptions are permitted, how they are approved and how risk is managed when flexibility is granted.

Without this distinction, organizations either over-restrict users or allow uncontrolled exceptions. With it, endpoint management becomes both enforceable and adaptable.

Security teams know which controls cannot be compromised, while IT and the business retain the flexibility needed to support productivity. This balance makes endpoint governance enforceable and practical.

Building trust through shared dashboards and transparency

Even the best endpoint governance framework breaks down without shared visibility. When IT and security teams operate from different dashboards and reports, trust erodes and shadow decisions take root.

These disconnects are often rooted in fragmented data pipelines, where endpoint information is incomplete, outdated or inconsistently updated across tools and systems. Shared dashboards only change that dynamic when they are built on continuously updated, reconciled data. Autonomous endpoint management, powered by AI, helps make this possible by automatically correlating endpoint signals across discovery, compliance, vulnerability and remediation data sources.

When both teams rely on the same data — covering device inventory, compliance status, vulnerability exposure and remediation progress — conversations become grounded in facts rather than assumptions. Disagreements shift from “Whose data is right?” to “What issue should we tackle next?”

Data transparency changes the culture from finger-pointing to IT and security collaboration. Instead of security saying they’ve found more unmanaged laptops, the conversation becomes: “We have a visibility gap – how do we close it?”

Joint IT and security metrics such as time to discovery, percentage of fully managed endpoints and exposure duration create a common language for decision-making. AI-driven automation helps keep those metrics accurate and current. Shared dashboards reinforce accountability.

When progress and gaps are visible to all stakeholders, endpoint governance stops being an abstract policy discussion and becomes a measurable, collaborative effort. This visibility is what turns governance from intent into execution.

Measuring the effectiveness of endpoint governance

Endpoint governance only works if organizations can measure whether it’s actually reducing risk and improving operations. Without clear KPIs and accessible data, governance quickly becomes a policy exercise rather than a practical discipline.

In practice, effective measurement spans visibility, risk and operational performance.

Visibility and coverage metrics

Effective measurement starts with visibility. These metrics show whether endpoints are governed in practice, not just on paper.

Percentage of endpoints that are fully managed
Time to discover new or previously unknown devices
Number and persistence of unmanaged or unknown endpoints

AI-powered automation supports continuous measurement here by tracking trends in coverage and policy drift over time rather than relying on point-in-time reports.

Risk and exposure metrics

Risk-based metrics help teams move beyond volume and focus remediation on what matters most.

Exposure time for critical vulnerabilities
Devices with the highest risk based on context and access
Alignment of remediation activity to real-world exploitability

These metrics help IT and security teams prioritize actions that have clear business impact, rather than chasing patch counts or compliance percentages alone.

Operational performance metrics

Operational metrics indicate whether endpoint governance is improving day-to-day execution and user experience.

Reductions in endpoint-related security incidents
Faster onboarding and offboarding of users and devices
Fewer support tickets tied to endpoint configuration or patching issues

Over time, improvements in these indicators show whether automation, self-healing and policy enforcement are delivering measurable value.

Endpoint governance KPIs must be reviewed jointly, with IT and security looking at the same data and course-correcting as needed. This reinforces accountability and enables continuous improvement. As environments evolve, policies, priorities and controls should evolve with them. Endpoint governance isn’t static — it’s an ongoing process that adapts as risk, technology and business needs change.

Defining ownership to scale endpoint management

Endpoint management doesn’t fail for lack of technology. It fails when ownership is unclear and governance is fragmented.

As endpoints continue to diversify and work becomes more distributed, the question of who owns endpoint management can no longer be left ambiguous. Security, IT and the business all have a stake, and effective governance brings those perspectives together under a shared framework.

When organizations establish clear ownership, define non-negotiables and operate from a shared view of endpoints, AI-powered automation helps endpoint management shift from reactive firefighting to proactive risk reduction. Shared dashboards, agreed-upon remediation timelines and continuous measurement replace ad hoc decisions and shadow policies.

Success comes from treating endpoint management as a unifying, automation-first program. In practice, the pattern is clear: when visibility, shared ownership and governance come together, endpoints shift from a friction point to a foundation for resilience and collaboration.

Trusted Ownership: How Ivanti Application Control scales beyond allowlisting

Wed, 25 Feb 2026 14:25:15 Z

Application control is one of those security topics where many people carry old assumptions. Traditional allowlisting feels safe but quickly becomes a maintenance burden. Blocklisting feels reactive and incomplete. And while tools like Microsoft AppLocker led many to believe that strict allowlisting is the gold standard, modern attacks have proven otherwise. Attackers increasingly rely on legitimate, signed tools — used in the wrong context — to bypass list-based controls entirely.

So when organizations evaluate Ivanti Application Control or Ivanti Neurons for App Control and encounter Trusted Ownership, it may initially resemble blocklisting because explicit blocks are possible. In reality, Trusted Ownership is a far broader and far lighter operationally inspired‑ enforcement model that controls execution based on origin, not just identity.

Instead of managing expanding lists, it enforces security on who has placed software on the system, aligning cleanly with modern software distribution practices and zero trust principles. It’s best understood not as another list mechanism, but as a provenance inspired enforcement model that controls execution based on origin, not just identity.

That shift in thinking leads to a better question for modern application control: not only what a file is, but how it got there.

Beyond lists: why provenance control now matters

The question of how a file arrived on the system is at the core of provenance control. Instead of trusting files based on publisher, path or hash alone, provenance control evaluates the origin and process that introduced them. Who wrote the file to disk? Through which mechanism? Did the installation follow a controlled IT workflow? This evaluation shifts application control from object trust to process trust, creating a far stronger security boundary.

In Ivanti Application Control, provenance control is implemented as Trusted Ownership. Any file placed by a trusted owner is allowed; anything introduced by a user is denied by default. This applies consistently across executables, DLLs, installers and scripts. Because identities like SYSTEM, TrustedInstaller and Administrators are trusted by default, software delivered through standard deployment channels such as MS Intune, MECM, Ivanti Endpoint Manager (EPM)or other enterprise tools runs immediately without rule maintenance or exceptions.

This marks a fundamental break from classic allowlisting. AppLocker rules live or die based on exact publisher, path or hash definitions. It doesn't evaluate installation origin and doesn't automatically trust your deployment mechanisms. Software delivered by Intune still requires a preexisting allow rule, often relying on broad defaults that permit the Program Files or Windows directories.

That distinction matters because modern attacks increasingly weaponize legitimate tools in improper contexts. Provenance control neutralizes much of that risk by enforcing trust in how software arrives, not just what it is. It aligns with zero trust principles, reduces supply chain exposure, and dramatically narrows opportunities for Living off the Land (LotL) abuse by default.

Once you understand the importance of origin, the next question becomes: how do you enforce it at scale?

The answer: apply provenance consistently across all the ways software executes and all the ways it is delivered.

Beyond Blocklists: Broad coverage built for modern software deployment

Provenance control shifts application security away from managing endless lists and toward validating the process by which software arrives on the system. Once you adopt this perspective, it becomes clear that Trusted Ownership is not a blocklist approach. It's an origin-based trust boundary that behaves very differently from traditional allowlisting.

A common misconception is that Trusted Ownership resembles blocklisting because administrators sometimes add targeted deny rules for well-known Windows tools. In practice, these deny rules are defensive hardening measures against Living off the Land techniques. Every serious application control method uses such targeted restrictions. The core of Trusted Ownership is the opposite of blocklisting. Software delivered through a controlled and trusted process is permitted by default, while user-introduced content is denied by default.

A more important differentiator is coverage. Many organizations that rely on classic allowlists end up focusing almost entirely on executable files. They often avoid applying the same enforcement to DLLs, scripts and MSI packages because these file types make rule maintenance far more complex. This creates gaps that modern attackers frequently exploit.

Trusted Ownership avoids these gaps by applying the same origin-based enforcement to the full execution chain. Executables, DLLs, scripts, MSI installers and related components are evaluated through the same trust model. Because trust is determined by who introduced the file, you do not need separate policies for each file type. A script in the Downloads folder, a DLL created in a temporary build directory or an EXE executed from a user profile all receive the same default deny treatment when they originate outside a controlled installation process.

This trust model also aligns naturally with how modern endpoint management platforms deliver software. Solutions such as Intune, MECM, Ivanti Neurons for MDM, Ivanti Endpoint Manager and similar systems typically install applications using the SYSTEM identity or another trusted service account.

Since these identities are already Trusted Owners, software deployed through these channels runs immediately without creating allow rules, maintaining file paths or updating policies. Only when you intentionally use alternative installation accounts, such as custom DevOps agents or scripted installations in user context, do you need to identify that identity as a Trusted Owner.

The result is a model with broad and consistent coverage across all relevant file types. It works seamlessly with modern software distributions and avoids the operational overhead associated with classic allowlists that focus mainly on executable files.

Trusted Ownership places trust not in individual objects but in the controlled processes through which software is delivered, creating a more scalable and more secure approach to application control.

Where WDAC (App Control for Business) fits in

Microsoft maintains two application control technologies: AppLocker and App Control for Business (formerly WDAC). Although both still exist, Microsoft is clear about their roles. AppLocker helps prevent users from running unapproved applications, but it does not meet the servicing criteria for modern security features and is therefore categorized as a defense-in-depth mechanism rather than a strategic security control.

Microsoft’s forward path for application control is App Control for Business and explicitly states that AppLocker is feature-complete and no longer under active development, beyond essential security updates. This means all new capabilities are delivered only in WDAC and not in AppLocker.

App Control for Business introduces the Managed Installer concept. This allows Windows to automatically trust applications installed through designated deployment platforms such as Intune or MECM. Trust is derived from the distribution channel rather than individual files, reducing rule maintenance significantly.

This aligns closely with Ivanti Application Control’s Trusted Ownership model. Both approaches trust software based on the controlled process that installed it rather than on discrete file attributes. However, Trusted Ownership applies this concept in a simpler and more operationally accessible way. Ivanti trusts identities such as SYSTEM and designated service accounts without requiring complex policy layers, XML definitions or deep WDAC expertise.

Ivanti hears from many organizations that they struggle to operationalize WDAC. WDAC policies require careful design, lengthy testing in audit mode, driver and kernel exception management and ongoing maintenance of multiple policy sets. This often leads organizations to combine WDAC with AppLocker to cover both low-level enforcement and day-to-day user space control and end up with administrative overhead.

Ivanti Application Control offers a unified alternative. Through Trusted Ownership, Trusted Vendors and digital signature validation, it delivers a provenance-based default deny model with consistent coverage across executables, DLLs, scripts and MSI packages.

Instead of maintaining two MS control planes with different scopes, organizations manage a single, streamlined policy that enforces trust based on how software is introduced into the system. This provides many of the practical goals customers attempt to achieve with a combined WDAC and AppLocker deployment, but with lower operational complexity and one cohesive trust model.

LOLBins and argument-level control

With broad coverage established, the issue then becomes how to handle the legitimate tools already on every machine that attackers like to abuse.

Modern attackers often avoid using traditional malware and instead rely on the tools already present on every Windows device. These Living off the Land tools (LOLBins) are legitimate and necessary for normal operations, which makes them difficult to block without affecting productivity. Traditional allowlisting struggles here because broad blocking breaks workflows, while broad allowing leaves dangerous gaps.

A provenance-based model such as Trusted Ownership changes this dynamic. Even if an attacker attempts to use a built-in tool, the content they try to run usually does not come from a trusted installation process. Since Ivanti evaluates the origin of that content, most misuse attempts fail automatically. The tool may be legitimate, but the content it is asked to run is not, and Trusted Ownership stops it before it executes.

It is also important to understand not only which tools run but what they are being asked to do. Many interpreters and runtimes, such as PowerShell, Python, or Java, can be perfectly safe in one context and risky in another. A business application may rely on Java to start a specific, approved process, while a user downloaded JAR file is an entirely different scenario.

Ivanti handles this through a layered approach. A JAR file is first evaluated using Trusted Ownership, which blocks it immediately if it was introduced by a user rather than through a controlled deployment process. Beyond that, administrators can create simple allow rules that specify exactly which Java commands are permitted, ensuring that only legitimate Java based applications run while attempts to launch unapproved JAR files are quietly denied.

The same principle applies across other tools as well. Policies can approve the exact behavior your organization needs while blocking activities that fall outside those boundaries. This avoids broad, brittle rules and keeps daily work running smoothly.

The result is a balanced and modern approach. Trusted Ownership stops untrusted content by default. Focused hardening aligns with government and community best practices for reducing living off the land abuse and intent aware controls ensure that legitimate processes continue to function without opening doors for attackers.

This approach closely aligns with current community and government guidance on mitigating living off the land techniques. Agencies such as CISA, NSA, FBI and the Australian Cyber Security Centre emphasize reducing opportunities for attackers to use built-in tools by controlling how they are used and restricting the untrusted content they act upon. Their joint guidance highlights that LOTL attacks depend on abusing native tools and stresses the need for controls that limit this misuse without blocking legitimate system processes.

Ivanti’s model reflects this guidance. Trusted Ownership automatically blocks the untrusted content that attackers rely on, while a small number of focused restrictions address the small set of tools that require extra care.

Trusted Ownership in action: Real-world scenarios

Here are a few operational examples of how Ivanti Application Control and Trusted Ownership work in practice.

A portable application is copied into the user profile. Ivanti blocks it because it is user-owned. AppLocker only blocks if there are matching rules. Without the right path or publisher rules, the behavior can differ.
An email attachment launches a PowerShell script from Downloads. Ivanti denies it because of user ownership. AppLocker depends on script rules and, on block events, forces PowerShell into Constrained Language Mode, which will still run the script.
Abuse of OS tools such as rundll32 or mshta. Both models need targeted deny hardening. Ivanti combines this with provenance control which generally reduces the number of exceptions you need. AppLocker relies on curated deny sets and requires periodic tuning.
A vendor update ships new signed files. Ivanti allows the update when it arrives via the trusted deployment channel due to Trusted Ownership. AppLocker can accommodate this with publisher rules, but signature reuse across multiple products or unusual install paths often leads to extra maintenance and broader trust than intended.
A user downloads a JAR and tries to run it with Java. Ivanti blocks the attempt because the JAR is user-introduced and fails Trusted Ownership. If needed, admins can allow only the exact approved invocation by matching the full command line. AppLocker cannot match arguments and relies on publisher, path or hash rules.

Conclusion

Provenance control shifts application control from a management problem to a trust model. Instead of trusting individual files, it trusts the process by which software arrives on a system, making security both scalable and workable.

Trusted Ownership fits squarely into this approach. It is neither a blocklist nor a classic allowlist, but a model where software that arrives through a controlled IT process is allowed by default, while everything outside that process is denied by default. By enforcing on origin and ownership rather than on ad hoc files, Ivanti Application Control and Ivanti Neurons for App Control align far better with modern attack techniques and today’s software distribution.

If you keep treating application control as a list management exercise, you will feel the administrative burden. If you treat it as a trust boundary, you gain scalability, security, and operational workability.

How to Implement an AI Governance Framework Using Safe, Ethical and Reliable AI Guardrails

Tue, 24 Feb 2026 13:00:02 Z

In my time at Ivanti, I've witnessed firsthand how AI acts as a force multiplier across enterprise organizations. When deployed strategically, AI accelerates decision-making and operational execution at scale in a way that teams simply can't sustain manually. However, without clear and enforceable AI guardrails, implementing AI opens organizations up to serious new risks.

Ivanti’s 2026 State of Cybersecurity Report highlights a growing disconnect I’ve observed across the industry: optimism about AI is rising, yet governance and preparedness are not keeping pace. Currently, just 50% of organizations say they have formal guardrails in place to guide the deployment and operation of AI systems and agents.

As adoption accelerates faster than governance, I'm seeing organizations face growing internal risks — shadow AI use, inconsistent data quality, biased outputs and uneven employee training to name a few.

From where I sit — spanning legal, security and HR — I can tell you this: AI governance isn't an abstract compliance exercise. It's a core requirement for trust, accountability and control.

The state of enterprise AI: a risky Wild West

Responsible AI at scale requires deliberate governance with enforceable guardrails for all employees. Ignore that, and shadow AI use will continue to grow. Our 2025 Technology at Work research report revealed that 46% of office workers use AI that aren't employer-provided. Even more concerning, nearly a third of employees (32%) keep their use of AI tools at work a secret from their employers.

Too many organizations are deploying AI without an overarching governance, and the consequences of this approach are real. Organizations can expose sensitive data. They can violate regulatory obligations. It could potentially erode market trust. A team deploys an AI platform without proper guardrails, and suddenly you have biased outputs or degraded performance. Without human oversight, AI systems generate inaccurate recommendations or trigger inappropriate actions. That creates dangerous false confidence in AI-driven outcomes.

What is an AI governance framework?

An AI governance framework is the blueprint for how we design, deploy and oversee AI systems across their lifecycle. Its purpose is to align AI use with business objectives, legal obligations and enterprise risk tolerance — with transparency and accountability built in from day one.

At Ivanti, our framework clarifies:

Who is accountable for AI decisions and outcomes
How risks are identified, assessed and mitigated
What guardrails must be in place before AI systems go live
How AI performance, behavior and impact are monitored over time

In practice, governance enables scale. Clear frameworks let us move beyond fragmented pilots and operationalize AI across the enterprise. Without it, adoption stalls.

Our position is simple: governance doesn't block innovation. It makes innovation sustainable.

3 layers of AI guardrails in an AI governance framework

As part of Ivanti’s AI Governance Council, I've learned that a comprehensive framework requires multiple layers of guardrails. Each addresses a different category of risk. Together, they form the foundation for safe, reliable AI use.

Technical Guardrails

Technical guardrails keep AI systems within predefined safety and operational parameters.

Data guardrails: Data guardrails protect data integrity and ensure AI systems are trained and operated on trusted inputs. These guardrails are typically owned by data and security teams, who establish standards for data sourcing, validation, access controls and ongoing quality monitoring. Poor data quality remains a major barrier to effective AI deployment, particularly in security, where incomplete, biased or unvalidated data can skew outcomes and degrade detection accuracy over time.

Model guardrails: Model guardrails address robustness, explainability, and bias detection to ensure AI systems behave as intended over time. These guardrails are typically designed by security, data science and platform teams, who define testing requirements for drift, bias and performance degradation before deployment and continuously thereafter, especially as models are retrained or exposed to changing operational data.

Application and output guardrails: application and output guardrails validate AI-generated outputs, particularly in decision-support or automated response scenarios. These guardrails are typically implemented by security and operations teams, who define approval thresholds, escalation paths, and human-in-the-loop controls. Without them, systems may generate inaccurate recommendations or take inappropriate actions, reinforcing false confidence in automation.

Infrastructure guardrails: infrastructure guardrails protect the systems that host and support AI workloads and are typically owned by IT and security teams. These teams enforce secure deployment practices, access controls, logging and auditability across cloud and on-prem environments, while ensuring AI services are integrated into existing security monitoring and incident response workflows.

Ethical guardrails

Ethical guardrails align AI behavior with organizational standards and define accountability when AI affects people, customers or business outcomes.

Ivanti’s AI Governance Council plays a central role here. We navigate the “gray areas” of autonomous agents. We bring together legal, security, HR, and business leaders to define acceptable use, escalation paths and accountability. When should humans intervene? How are decisions audited? Who ultimately owns the outcome when things go wrong?

When that governance is missing, the consequences escalate quickly.

Recent incidents show the cost of unclear ethical guardrails. For example, Grok, an AI chatbot developed by xAI, drew widespread criticism after generating unconsented and inappropriate images of real individuals. The failure was not only technical — it was governance-related due to ethical boundaries that weren’t sufficiently defined.

The same issue arises inside enterprises. When AI blocks a user account, flags an employee, or restricts customer access, we must know who owns the decision if it's wrong. Whether AI is used in security, HR or customer-facing systems, the ethical principles are consistent. Governance ensures accountability is defined before automation causes harm.

Regulatory and legal guardrails

Regulatory and legal guardrails ensure AI use complies with evolving global regulations, sector rules and data protection laws. Because these requirements change rapidly, teams can't operate in functional silos.

Legal must lead AI governance early. At Ivanti, we work closely with security and IT to interpret obligations and translate them into enforceable controls. Success depends on aligning from the outset to ensure compliance requirements are embedded into AI design and deployment.

Recent incidents show why regulatory guardrails cannot be an afterthought. European and UK regulators confirmed that Clearview AI’s facial recognition operations, built on scraping billions of images, were subject to privacy laws like GDPR and took enforcement actions based on violations, showing the legal risk organizations face when governance doesn’t align with regulatory expectations.

The lesson is clear. Legal and product development teams must work together early to embed regulatory obligations into AI design, deployment and operations. Governance ensures compliance requirements are enforced by default, not retroactively after regulatory scrutiny begins.

AI governance vs. AI risk management risk

Governance and risk management are closely related but distinct. Here's my take: governance sets the rules and accountability structures. Risk management focuses on identifying and mitigating specific AI-related threats throughout the system lifecycle.

Common AI risks include data leakage, bias, unreliable outputs, over-reliance on automated decisions and security weaknesses introduced through unmanaged tools or integrations. As AI systems become more autonomous, these risks compound.

Integrating AI risk mitigation into governance ensures risks are not addressed in isolation. We evaluate them alongside business impact, operational resilience and organizational risk appetite. This lets us prioritize controls where they matter most and avoid blanket restrictions that slow progress without reducing risk.

Challenges in scaling AI governance

Many organizations start with narrow AI pilots in individual teams. Scaling to enterprise-wide adoption introduces new challenges

Silos are the fastest way to undermine governance. Security, IT, legal and business teams often operate on conflicting assumptions. We need shared ownership across teams. As my colleague Sterling Parker explains, a successful vision requires involving stakeholders across the business to prevent "AI sprawl."

This transition demands a human-centric operating model. Our governance body clearly defines where AI can amplify existing roles, where additional training is required and where human oversight remains essential. Continuous feedback from employees helps ensure AI is applied where it delivers value without creating gaps in accountability or trust. We prioritize upskilling to replace fear with active adoption.

Our cybersecurity research shows that mature organizations approach these challenges differently. Organizations that rank themselves as the most advanced in cybersecurity (Level 4s) are nearly 3x as likely to use comprehensive AI guardrails compared to organizations with an intermediate level of cybersecurity maturity (Level 2s).

They invest early in governance, align leadership around shared frameworks and treat AI as a strategic capability rather than a collection of tools. These organizations are far more likely to operationalize AI across the enterprise while maintaining trust and control.

How to implement responsible AI

Building the framework is table stakes. Execution is where AI governance lives.

Start with clear policies on acceptable use and escalation. These must be practical and tied directly to your existing risk structures.

Governance must be accessible. Responsible AI is an enterprise-wide mandate, not a specialist silo. Targeted training ensures every user understands their role in upholding these guardrails.

Take a governed approach to AI enablement. “Governed enablement” assumes AI is already in use across the enterprise and defines where and how it can operate safely. It requires continuous monitoring and enforcement to ensure systems remain aligned with policy as usage and risks evolve. This is an ongoing discipline, not a one-time project.

The future of responsible AI starts now

AI is reshaping how organizations operate at a pace that cannot be ignored. The question is no longer whether to adopt it, but how to scale it safely. Organizations with strong governance scale without sacrificing trust. Those that delay widen the gap between threat and preparedness.

At Ivanti, we're committed to building AI governance that enables innovation while protecting what matters most — our people, our customers, and our operations. This is critical work and the time to act is now.

To learn more about the AI deployment gap and how leading organizations are closing it, explore Ivanti's 2026 State of Cybersecurity Report.

How CEOs Want CISOs to Communicate Cybersecurity Risk Management Strategy

Tue, 17 Feb 2026 13:00:01 Z

Most CEOs can recite their quarterly benchmarks and revenue down to the decimal point, but ask them about their organization's cyber risk exposure, and the answers become more vague. It's not that today’s CEOs don’t care about security — cybersecurity ranks among the top concerns for boards and executive teams. The problem runs deeper: a fundamental breakdown in how security risks are explained to business leaders that overlooks the impacts on their business outcomes.

Lack of competence is not the cause of most communication issues between CISOs and CEOs. They stem from a familiar problem: the curse of knowledge. The curse of knowledge is a common challenge where experts — in this case security leaders — might assume that everyone in the room has a baseline understanding of technical information and terminology, so they fail to break down complex risks into plain language and elaborate on real-world context.

Ivanti’s 2026 State of Cybersecurity Report underscores this disconnect. Nearly six in 10 security professionals say their teams are only moderately effective at communicating risk exposure to executive leadership.

When CEOs and CISOs don’t speak the same language, critical business vulnerabilities can be obscured by technical jargon. When communication breaks down, organizations waste time and money on misdirected investments while gaps in protection go unnoticed until a breach forces the conversation.

With threat levels rising, AI-enabled attacks are becoming more sophisticated, and data breaches make headlines weekly. The stakes for clear communication between CISOs and executive leadership have never been higher.

To understand why this communication gap persists, we need to examine both the fundamental challenges and the metrics being used to measure success.

Why cyber risk communication fails: the curse of knowledge

That disconnect between CEOs and CISOs isn’t caused by a lack of data. If anything, it’s the opposite. From the CEO's seat, the challenge isn’t attention or intent. Rather, it’s seeing dashboards, metrics, acronyms and severity scores without understanding the impact of these results on the whole business.

Security leaders need to assume that many in the room don’t understand the implications of terms like CVSS scores, attack surfaces and zero-day vulnerabilities. CEOs want more than dashboards filled with metrics, acronyms and severity scores.

Cybersecurity briefings need to go a step further and demonstrate the financial, legal, and reputational implications of these results for the business. A CISO might report "587 critical vulnerabilities detected this month" when what the CEO actually needs to know is: "Which of these threaten our ability to serve customers and what's our plan to address them?"

Cybersecurity KPIs that matter to CEOs

Useful KPIs clearly connect vulnerability management efforts to business risk. However, our cybersecurity research finds that the most used KPIs used by security teams fail to reflect risk context.

Currently, only half of companies (51%) track cybersecurity exposure scores or other risk-based indexes. Many security teams still rely on process metrics such as mean time to remediate (47%) or percentage of exposures remediated (41%).

Metrics like MTTR, patch velocity and percentage remediated matter to security teams, but they measure operational efficiency, not business exposure or potential financial impact. In isolation, they can look reassuring while obscuring the real question: are we managing our risk effectively?

These metrics, which focus on speed and coverage, may look positive on their own, but don’t do much to show whether current remediation efforts actually improve risk posture. It matters less how quickly vulnerabilities are remediated and how many are addressed. What matters more is whether the right problems are being addressed.

Shared understanding between security teams and the board and C-Suite requires grounding inscrutable metrics in real-life stakes. For CEOs, this means aligning with your CISO on the most important risks to your specific organization — are you a financial institution that frequently faces sophisticated fraud schemes, strict compliance requirements like PCI-DSS and SOX and the constant threat of ransomware targeting customer financial data? Are you a healthcare organization grappling with securing an expanding network of connected medical devices while maintaining rigorous compliance standards to protect sensitive patient data?

Let’s illustrate the difference between an executive security briefing that relies only on technical metrics vs. one that adds context and business impact.

What the CISO says:

"We discovered 11,000 vulnerabilities.”
"MTTR is down to 15 days from 25 days."
"We achieved an 88% remediation rate on critical CVEs."

What the CEO actually needs to know:

"We’ve identified ten critical vulnerabilities that could impact revenue-generating systems."
"If attacked today, we can restore critical operations in six hours compared to 48 hours last year."
"This protection enables us to pursue EU expansion without additional compliance risk."

Building an executive-level risk appetite framework

Executive communication depends on shared frameworks and a common point of reference for how risk is defined, measured and discussed. To eliminate inconsistencies and confusion, all stakeholders should be involved in creating and enforcing a risk appetite framework.

A major goal of these conversations is helping business leaders understand that the goal of the cybersecurity program isn't to be completely “risk free” — it’s impossible for any modern organization to become completely risk free. In other words, CEOs must be able to distinguish between their risk appetite and risk posture.

1. Risk appetite: how much risk their business is currently willing to tolerate in pursuit of its overarching goals.

2. Risk posture: the reality of the organization’s current risk exposure.

Most organizations now recognize the need to formalize how much cyber risk they’re willing to accept. Ivanti’s research shows more than 80% of organizations have a documented risk appetite framework.

However, fewer than half of the organizations say these frameworks are closely followed in day-to-day operations. When frameworks exist on paper but don't guide actual decisions, it is highly likely that your organization’s risk appetite and risk posture are not aligned.

How exposure management bridges the communication gap

Exposure management is a risk-based approach that continuously identifies, prioritizes and validates the scope of potential threats across the entire attack surface. Practicing exposure management helps unite security and executive leaders around a single, comprehensive strategy that reorients cybersecurity around business-critical risk.

Instead of treating all vulnerabilities as equal, exposure management focuses on identifying and prioritizing the organization's highest risks by asking:

Which current exposures are threat actors exploiting in the wild?
Which assets need to be prioritized based on current business operations?
Which assets, if compromised, would have the greatest impact in terms of reputational, customer, or legal damages?

Ivanti’s research report shows that nearly two-thirds of organizations now invest in exposure management, and leadership understanding has increased year over-year. But execution still lags: Only about a quarter of organizations rate their ability to assess risk exposure as excellent.

To close that gap and operationalize exposure management effectively, CISOs should anchor executive communication around three principles

1. Translate technical signals into business context. Instead of reporting vulnerability counts, explain which exposures affect revenue-generating systems, customer data or regulated environments.

2. Prioritize emerging threats by impact, not volume. Executives don’t need to track every new attack technique. They need to understand which situations could materially disrupt the business and how prepared the organization is to respond.

3. Use scenarios, not spreadsheets. Narratives that connect cause, impact and outcome, backed by data, help leaders internalize risk and make faster decisions.

This approach shifts your risk mitigation strategy from reactive defense to proactive decision-making.

The path forward

When executives and security leaders speak the same language, the curse of knowledge can be broken and cybersecurity becomes a strategic enabler that protects business value, enables growth and turns security strength into competitive advantage.

The curse of knowledge can be broken — one translated metric, one business-focused conversation, and one clear decision at a time.

February 2026 Patch Tuesday

Tue, 10 Feb 2026 21:58:44 Z

February Patch Tuesday includes recent out-of-band updates from Microsoft between January 17th and 29th, including multiple bug fixes and a fix for a zero-day exploit in Microsoft Office. In addition, Microsoft announced the phased disablement of NTLM precede the February 2026 Patch Tuesday release.

For the February Patch Tuesday release, Microsoft has resolved 57 unique CVEs. Six CVEs are flagged as Exploited and three of those are Publicly Disclosed as well. Add the out-of-band (OOB) zero-day and you have a lineup of CVEs that need some attention.

January Out-of-Band Releases

The first OOB release on January 17th resolved a credential prompt failure when attempting remote desktop or remote appliance connections. The second round of OOB updates occurred on January 24th and 26th resolving application crashes in Outlook and OneDrive, and system hibernation/shut down issues. And finally, the third OOB update on January 26th was a zero-day vulnerability CVE-2026-21509, a Microsoft Office Security Feature bypass vulnerability.

Microsoft plans phased NTLM disablement

Microsoft released their plan for the phased disablement of New Technology LAN Manager (NTLM) in the latest operating systems starting now in 2026 and beyond. The NTLM authentication protocol was introduced back in 1993 and has since been superseded by Kerberos protocols, which are far more secure. However, NTLM has remained the fallback when Kerberos is unavailable despite being deprecated and having weak algorithms.

Phase one introduces additional auditing to help identify where NTLM may still be running and changing it out where you can. Starting now, Microsoft recommends using advanced NTLM auditing already available in Server 2025, and Windows 11 24H2 and newer. Phase two begins with major OS updates coming later this year. This update will address the ‘pain points’ or blockers by removing multiple fallback scenarios where Kerberos reverts back to NTLM.

And finally in phase three, NTLM will be disabled by default. The code will still be there, but you will need to explicitly re-enable it if absolutely needed. This three-phase approach will happen quickly, so plan appropriately to replace NTLM in your environment and take a giant security step forward. The ‘NTLM disabled by default’ phase will occur with the next major Server update.

Microsoft’s exploited vulnerability 

On January 29th, Microsoft resolved a Security Feature Bypass vulnerability in Microsoft Office (CVE-2026-21509). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 7.8, but it has been confirmed to be exploited in the wild. An attacker can send a user a malicious Office file and convince them to open the file to exploit the vulnerability. A risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned.

Microsoft resolved an Elevation of Privilege vulnerability in Remote Desktop Services (CVE-2026-21533). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 7.8, but it has been confirmed to be exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The vulnerability affects Windows 10 and later editions of the OS. A risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned.

Microsoft resolved an Elevation of Privilege vulnerability in Desktop Window Manager (CVE-2026-21519). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 7.8, but it has been confirmed to be exploited in the wild. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. The vulnerability affects all currently supported and ESU supported versions of Windows OS. A risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned.

Microsoft resolved a Security Feature Bypass vulnerability in MSHTML Framework (CVE-2026-21513). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 8.8, but it has been confirmed to be exploited in the wild. An attacker who successfully exploited this vulnerability could bypass a security feature over a network. The vulnerability affects Windows 10 and later editions of the OS. A risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned.

Microsoft resolved a Security Feature Bypass vulnerability in Windows Shell (CVE-2026-21510). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 8.8, but it has been confirmed to be exploited in the wild. An attacker who successfully exploited this vulnerability could bypass a security feature over a network. The vulnerability affects all currently supported and ESU supported versions of Windows OS. A risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned.

Microsoft resolved an Security Feature Bypass vulnerability in Microsoft Word (CVE-2026-21514). The vulnerability is rated Important by Microsoft and has a CVSS v3.1 score of 7.8, but it has been confirmed to be exploited in the wild. An attacker can bypass a security feature locally due to a reliance on untrusted inputs. A risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned.

Microsoft resolved a Denial of Service vulnerability in Windows Remote Access Connection Manager (CVE-2026-21525). The vulnerability is rated Moderate by Microsoft and has a CVSS v3.1 score of 6.2, but it has been confirmed to be exploited in the wild. A null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. The vulnerability affects all currently supported and ESU supported versions of Windows OS. A risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned.

Ivanti security advisories 

Ivanti has released one security update for February. The update affects Ivanti Endpoint Manager and resolves two new CVEs and 11 medium severity CVEs that were disclosed in late 2025. More details and information about mitigations can be found in the February Security Advisory.

In addition, there was a security advisory on January 29th for Ivanti Endpoint Manager Mobile (EPMM) that had a limited number of customers impacted at time of disclosure. Ivanti urges all customers using the on-prem EPMM product to promptly install the Security Update. The security advisory, additional technical analysis, and an Exploitation Detection script co-developed with NCSC-NL can be found in the January Security Advisory.

Third-party vulnerabilities  

Adobe has released nine updates this month resolving 43 CVEs, 27 of which are Critical. All nine updates are rated Priority three by Adobe.

February update to-do list

Windows OS and Microsoft Office updates are priority this month resolving six new and one OOB zero-day exploits.

Review Microsoft phased disablement of NTLM announcement and documentation to start planning for the deprecation and disablement of NTLM.

February 2026 Security Update

Tue, 10 Feb 2026 15:05:16 Z

To that end, today Ivanti is disclosing vulnerabilities in Ivanti Endpoint Manager (EPM).

It is important for customers to know:

We have no evidence of this vulnerability being exploited in the wild.
This vulnerability does not impact any other Ivanti solutions.

More information on this vulnerability and detailed instructions on how to remediate the issues can be found in this Security Advisory.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Ivanti Innovators Hub (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.

Your New Hub for Success Is Here: Explore Innovators Hub Today

Fri, 06 Feb 2026 05:00:03 Z

Today marks an important milestone in our journey to make your Ivanti support experience effortless, intuitive and all in one place: Ivanti Innovators Hub is now live! This isn’t just a refresh; it’s a major step forward — delivering a smarter, unified destination where support, resources and community meet your needs, your way.

One destination, everything you need

With this launch, the Ivanti Success Portal and the Ivanti Community are now consolidated into the new Ivanti Innovators Hub. No more switching between sites. Now, all your resources, case management tools and knowledge content are unified within one streamlined experience at hub.ivanti.com. You’ll have full access to the user and account management, resource libraries and case submission capabilities you’ve relied on. User registration and login will remain at success.ivanti.com.

Smarter support with the Innovators Hub chatbot

We’re pleased to bring you a streamlined chatbot experience within the Innovators Hub. When you need help, the chatbot will first prompt you to select a product and describe your question or issue. It then searches our forums, knowledge articles and technical documentation to generate a relevant answer — helping you find a solution instantly, right within the chat.

If the suggested answer solves your problem, you can simply move on — no need to create a support case. If not, the chatbot gives you the option to ask another question or continue to case creation. If you proceed, the chatbot automatically carries over the details you’ve provided (like product and query) into the case form, so you only need to fill in the remaining required fields before submitting.

This workflow helps ensure every user gets fast, self-service support when possible, while still making it simple to escalate unresolved issues to our team. The chatbot is prompt-based and guides you step-by-step, so you can resolve issues quickly and spend less time searching for answers.

A modern home and a fresh start

With this launch, you’ll also notice we’ve refreshed our web address: visit hub.ivanti.com (instead of forums.ivanti.com). This reflects the new, unified vision for Ivanti support, community and knowledge —clearly signaling that a new, modern experience awaits you.

What’s next

Looking ahead to March, we’re preparing to further enhance your Innovators Hub experience. Expect new features focused on personalization, engagement, and intuitive tools — all designed with your feedback in mind to make every support interaction effortless and simple.

Thank you for your partnership and advocacy as we launch this new chapter. The goal of the Ivanti Innovators Hub is simple: to give you one trusted home for support, learning and community — because your success is our mission. I encourage you to explore the new Hub today and share your feedback as we continue to build together.

January 2026 EPMM Security Update

Thu, 29 Jan 2026 19:05:22 Z

At Ivanti, responsible transparency is a cornerstone of our commitment to customer security and trust. We have a long-standing commitment to provide information that allows our customers and the broader security ecosystem to take proactive measures to safeguard their environments, while mitigating the risks of a rapidly evolving and highly sophisticated threat landscape.

To this end, we are issuing an important security update addressing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). More information can be found in the Security Advisory. At the time of disclosure, we are aware of a very limited number of customers whose solution has been exploited.

The issue affects only the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products.

We urge all customers using the on-prem EPMM product to promptly install the Security Update.

As we respond to this situation, we are making the following information available to defenders now:

Our Security Advisory, which describes the nature of the vulnerabilities and detailed remediation instructions for customers.
A Technical Analysis that includes affected endpoint specifics and log analysis guidance to support investigation and forensics.

We have a longstanding commitment to responsibly share information through Ivanti channels, as well as through coordination with government agencies and trusted security partners, to help defenders assess risk, prioritize remediation, and deploy defenses effectively. In this case, we determined that early proactive release of technical details concurrent with the patch aligns with responsible disclosure and arms defenders to best mitigate potential exploitation.

Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Success portal (login credentials required).

Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.