The security industry has spent the last year talking about models, copilots, and agents, but a quieter shift is happening one layer below all of that: Vendors are lining up around a shared way to describe security data. The Open Cybersecurity Schema Framework (OCSF), is emerging as one of the strongest candidates for that job.

It gives vendors, enterprises, and practitioners a common way to represent security events, findings, objects, and context. That means less time rewriting field names and custom parsers and more time correlating detections, running analytics, and building workflows that can work across products. In a market where every security team is stitching together endpoint, identity, cloud, SaaS, and AI telemetry, a common infrastructure long felt like a pipe dream, and OCSF now puts it within reach.

OCSF in plain language

OCSF is an open-source framework for cybersecurity schemas. It’s vendor neutral by design and deliberately agnostic to storage format, data collection, and ETL choices. In practical terms, it gives application teams and data engineers a shared structure for events so analysts can work with a more consistent language for threat detection and investigation.

That sounds dry until you look at the daily work inside a security operations center (SOC). Security teams have to spend a lot of effort normalizing data from different tools so that they can correlate events. For example, detecting an employee logging in from San Francisco at 10 a.m. on their laptop, then accessing a cloud resource from New York at 10:02 a.m. could reveal a leaked credential.

Setting up a system that can correlate those events, however, is no easy task: Different tools describe the same idea with different fields, nesting structures, and assumptions. OCSF was built to lower this tax. It helps vendors map their own schemas into a common model and helps customers move data through lakes, pipelines, security incident and event management (SIEM) tools without requiring time consuming translation at every hop.

The last two years have been unusually fast

Most of OCSF’s visible acceleration has happened in the last two years. The project was announced in August 2022 by Amazon AWS and Splunk, building on worked contributed by Symantec, Broadcom, and other well known infrastructure giants Cloudflare, CrowdStrike, IBM, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and Zscaler.

The OCSF community has kept up a steady cadence of releases over the last two years

The community has grown quickly. AWS said in August 2024 that OCSF had expanded from a 17-company initiative into a community with more than 200 participating organizations and 800 contributors, which expanded to 900 wen OCSF joined the Linux Foundation in November 2024. 

OCSF is showing up across the industry

In the observability and security space, OCSF is everywhere. AWS Security Lake converts natively supported AWS logs and events into OCSF and stores them in Parquet. AWS AppFabric can output OCSF — normalized audit data. AWS Security Hub findings use OCSF, and AWS publishes an extension for cloud-specific resource details. 

Splunk can translate incoming data into OCSF with edge processor and ingest processor. Cribl supports seamless converting streaming data into OCSF and compatible formats.

Palo Alto Networks can forward Strata sogging Service data into Amazon Security Lake in OCSF. CrowdStrike positions itself on both sides of the OCSF pipe, with Falcon data translated into OCSF for Security Lake and Falcon Next-Gen SIEM positioned to ingest and parse OCSF-formatted data. OCSF is one of those rare standards that has crossed the chasm from an abstract standard into standard operational plumbing across the industry.

AI is giving the OCSF story fresh urgency

When enterprises deploy AI infrastructure, large language models (LLMs) sit at the core, surrounded by complex distributed systems such as model gateways, agent runtimes, vector stores, tool calls, retrieval systems, and policy engines. These components generate new forms of telemetry, much of which spans product boundaries. Security teams across the SOC are increasingly focused on capturing and analyzing this data. The central question often becomes what an agentic AI system actually did, rather than only the text it produced, and whether its actions led to any security breaches.

That puts more pressure on the underlying data model. An AI assistant that calls the wrong tool, retrieves the wrong data, or chains together a risky sequence of actions creates a security event that needs to be understood across systems. A shared security schema becomes more valuable in that world, especially when AI is also being used on the analytics side to correlate more data, faster.

For OCSF, 2025 was all about AI

Imagine a company uses an AI assistant to help employees look up internal documents and trigger tools like ticketing systems or code repositories. One day, the assistant starts pulling the wrong files, calling tools it should not use, and exposing sensitive information in its responses.

Updates in OCSF versions 1.5.0, 1.6.0, and 1.7.0 help security teams piece together what happened by flagging unusual behavior, showing who had access to the connected systems, and tracing the assistant’s tool calls step by step. Instead of only seeing the final answer the AI gave, the team can investigate the full chain of actions that led to the problem.

What’s on the horizon

Imagine a company uses an AI customer support bot, and one day the bot begins giving long, detailed answers that include internal troubleshooting guidance meant only for staff. With the kinds of changes being developed for OCSF 1.8.0, the security team could see which model handled the exchange, which provider supplied it, what role each message played, and how the token counts changed across the conversation.

A sudden spike in prompt or completion tokens could signal that the bot was fed an unusually large hidden prompt, pulled in too much background data from a vector database, or generated an overly long response that increased the chance of sensitive information leaking. That gives investigators a practical clue about where the interaction went off course, instead of leaving them with only the final answer.

Why this matters to the broader market

The bigger story is that OCSF has moved quickly from being a community effort to becoming a real standard that security products use every day. Over the past two years, it has gained stronger governance, frequent releases, and practical support across data lakes, ingest pipelines, SIEM workflows, and partner ecosystems.

In a world where AI expands the security landscape through scams, abuse, and new attack paths, security teams rely on OCSF to connect data from many systems without losing context along the way to keep your data safe.

Nikhil Mungel has been building distributed systems and AI teams at SaaS companies for more than 15 years.

Welcome to the VentureBeat community!

Our guest posting program is where technical experts share insights and provide neutral, non-vested deep dives on AI, data infrastructure, cybersecurity and other cutting-edge technologies shaping the future of enterprise.

Read more from our guest post program — and check out our guidelines if you’re interested in contributing an article of your own!

It’s easier now to stay connected wherever you are, but getting to that point is still complicated. Wireless plans for phones and home internet plans are typically two separate things, with some crossover or discounts if you get them from the same provider.

AT&T OneConnect puts wireless and home service together in one bundle, with unlimited mobile data for up to 10 voice lines and gigabit broadband at home. However, it’s limited to new AT&T customers only. Here’s how the details break down.

OneConnect offers three pricing tiers, billed monthly:

• Individual — $90: One member, one voice line, up to three data devices and one household with 1Gbps internet.

• Duo — $120: Two members, two voice lines, up to six data devices and one household with 1Gbps internet.

• Family — $225: Unlimited members, up to 10 voice lines, up to 10 data devices and one household with 1Gbps internet.

One notable detail is that the OneConnect subscription prices listed above include taxes and fees, a practice that’s quickly becoming increasingly rare among major carriers. On many plans, including AT&T’s newest wireless plans, those costs are added on top.

For comparison, an AT&T bundle for two people with unlimited wireless and gigabit-speed home internet would cost about $225, including two lines on the AT&T Premium 2.0 plan and AT&T Internet 1000 fiber at $65. For one person, a single Premium 2.0 wireless plan costs $90, plus $65 for home fiber. (It’s also important to note that speeds and availability vary depending on your location.) 

As with any new connection plan, you’ll want to scrutinize the details so you know what you’re getting into.

For instance, OneConnect is currently limited to new customers; existing AT&T customers have no migration path to combine their broadband and wireless services under this digital umbrella. According to an AT&T spokesperson, “Once we gather customer feedback and validate the experience with our initial cohort, we will make OneConnect available to as many customers as possible.”

It’s also entirely BYOD — or ‘bring your own device’: “Limited to bring your own eSIM compatible, unlocked smartphones, tablets, and wearables,” reads the fine print on AT&T’s press statement. There are no phone deals tied to OneConnect, although the spokesperson didn’t rule out that possibility in the future.

Unlike AT&T’s standalone wireless plans, OneConnect follows a one-size-fits-all model. One benefit of AT&T mobile service is that each person on an account can select their own plan. For instance, a parent might choose AT&T Premium 2.0, while a teen could opt for the cheaper but more limited AT&T Value 2.0.

Other major carriers offer home internet and mobile service bundles, but they’re not packaged in the same way. Verizon and T-Mobile, for example, provide discounts if you’ve signed up for both types of plans. 

AT&T is betting that account owners will want a simpler, bundled service instead of two separate plans. With unlimited talk, texting, data and AT&T’s Active Armor service for filtering out unwanted calls and texts, that’s a size that does seem to fit all.

Lucid Group finished 2025 on an upswing — building twice as many EVs as the previous year and reporting a 55% uptick in sales. Then the first quarter of 2026 arrived.

The company, which makes the Air sedan and Gravity SUV, reported Friday that it sold 3,093 vehicles in the first quarter, a 42% drop from the previous quarter and about 0.5% lower than the same period last year. It had built many more, about 5,500 in total.

Lucid said the sales dip, and the gap between production and deliveries, is not a demand problem. Instead, the company blames a supplier quality issue with its second-row seats, which disrupted deliveries of the Lucid Gravity for 29 days.

The supplier issue also prompted Lucid to recall more than 4,000 Gravity SUVs. Lucid told the National Highway Traffic Safety Administration that it discovered some of the anchors for the SUV’s second-row seat belts were not properly welded.

Lucid spokesperson Nick Twork confirmed to TechCrunch that the decrease in sales was tied to problems with the supplier. He said that due to an unapproved change made by a supplier, the company issued a stop on Gravity sales that lasted most of February to ensure proper vehicle quality before restarting them. Twork made a point of noting Lucid’s more recent success, saying that “following eight record quarters, we showed strong results in both January and March which very nearly achieved year-over-year growth on their own.” 

Lucid said in its securities filing Friday that the issue has been addressed, and the company seems confident that disruption won’t affect its production goals.

Lucid reaffirmed its previously announce production guidance of between 25,000 and 27,000 vehicles this year. Lucid built 18,378 EVs in 2025. That would represent an increase of as much as 47% from last year.

Lucid’s seat supplier troubles come as the company prepares to start building its first vehicle on a new lower-cost platform aimed at the mass market. Lucid has said that first vehicle will cost around $50,000, a price point that will put it in direct competition with the upcoming Rivian R2 SUV, as well as existing products like the Tesla Model Y, Tesla Model 3, and Chevrolet Equinox EV.

Database credentials remain one of the most common attack vectors in enterprise breaches, yet most organisations still manage them through shared spreadsheets, hardcoded connection strings, or standalone credential vaults with no session oversight. Keeper Security, the Chicago-based cybersecurity company best known for its password management platform, is attempting to close that gap with KeeperDB, a new capability that embeds database access controls directly into its privileged access management (PAM) platform.

The product was announced at RSA Conference 2026 in San Francisco, where Keeper also collected 18 industry awards across categories including password management, privileged access management, and zero-trust security.

What KeeperDB actually does

KeeperDB adds a vault-native database access interface to KeeperPAM, Keeper’s unified privileged access management platform. In practical terms, this means developers, database administrators, and security teams can connect to MySQL, PostgreSQL, Oracle, and Microsoft SQL Server databases directly from the Keeper Vault, without exposing credentials in plaintext or relying on separate database management tools.

Every database session is governed by centralised policies, with full session recording for audit and compliance purposes. The idea is straightforward: if organisations already store their passwords, secrets, and privileged credentials in Keeper, database access should live there too, rather than requiring a separate tool with its own credential store.

“KeeperDB represents a natural evolution of our zero-trust architecture,” said Darren Guccione, CEO and co-founder of Keeper Security. “By embedding database access directly into the vault, we eliminate the credential sprawl that creates risk in most enterprise environments.”

The credential sprawl problem

The challenge KeeperDB addresses is well documented. Database credentials in most organisations are scattered across configuration files, environment variables, CI/CD pipelines, and individual developer machines. When an employee leaves or a credential is compromised, tracking down every instance of that credential becomes an exercise in archaeology.

Traditional database access tools compound the problem. Each tool maintains its own connection profiles and saved credentials, creating multiple copies of sensitive information outside any centralised governance framework. For organisations subject to SOC 2, HIPAA, PCI DSS, or similar compliance requirements, this fragmentation makes audit preparation significantly more time-consuming.

KeeperDB’s approach consolidates database access under the same zero-knowledge encryption and policy engine that already governs passwords, SSH keys, API tokens, and remote desktop sessions in KeeperPAM. Credentials are never exposed to users in plaintext, access is granted based on role-based policies, and every query session is recorded.

Proxy mode for existing workflows

Recognising that many teams have established workflows with existing database clients, Keeper is also introducing KeeperDB Proxy. This companion feature allows developers to continue using their preferred tools (pgAdmin, MySQL Workbench, DBeaver, and similar clients) while routing connections through Keeper’s infrastructure. The proxy maintains centralised policy enforcement, credential protection, and session visibility without requiring teams to abandon their existing tooling.

This is a pragmatic concession. Asking database administrators to switch from tools they have used for years is a reliable way to generate friction and reduce adoption. By offering both a native vault interface and a proxy mode, Keeper is betting that organisations will adopt whichever path creates the least disruption.

A broader PAM strategy

KeeperDB is the latest addition to a platform that has expanded considerably beyond its password management origins. KeeperPAM now includes password and passkey management, secrets management for DevOps and CI/CD pipelines, privileged session management with recording, remote browser isolation, secure remote desktop and SSH access via Keeper Connection Manager, and now database access.

The company’s strategy is to consolidate multiple point solutions into a single platform with a single credential store and a single policy engine. For managed service providers (MSPs), Keeper announced a revamped 2026 partner programme in February with tiered discounts and expanded enablement resources, suggesting that the mid-market and channel are key growth targets alongside direct enterprise sales.

The F1 connection

Keeper’s RSAC presence coincided with the company’s broader visibility push. Now in its third season as the official cybersecurity partner of the Atlassian Williams F1 Team, Keeper launched a global advertising campaign in March 2026 featuring driver Alex Albon. The campaign, filmed during pre-season testing in Bahrain, draws parallels between the real-time data protection required in Formula 1 operations and the identity-first security model that Keeper promotes for enterprise environments.

Williams uses KeeperPAM to protect passwords, infrastructure secrets, and privileged accounts both at its Grove headquarters and trackside, where race strategy, telemetry, and engineering systems depend on tightly controlled access to sensitive data.

What this signals

The broader trend KeeperDB reflects is the continued consolidation of identity and access management tools. Organisations that once maintained separate solutions for password management, secrets management, privileged access, remote connectivity, and database access are increasingly looking for unified platforms that reduce complexity and the number of credential stores to protect.

Keeper is not the only vendor pursuing this strategy. CyberArk, BeyondTrust, and Delinea have all expanded their PAM platforms in recent years. What distinguishes Keeper’s approach is its zero-knowledge architecture (meaning Keeper’s own servers cannot access customer data) and its consumer-grade user experience, which the company argues drives higher adoption rates than traditional enterprise PAM tools.

KeeperDB is available now for KeeperPAM customers, with support for MySQL, PostgreSQL, Oracle, and Microsoft SQL Server. KeeperDB Proxy is expected to follow in a subsequent release.

For once, we can avoid debating in the comments what constitutes a “cyberdeck”, because [LCLDIY] does not refer to his cyberpunk masterpiece as such — he calls it a laptop. Considering the form factor is more like an all-in-one with a built-in laser projection keyboard, that’s arguably an even more controversial label to use, but as stylish this build is, it’s what’s inside it that interests us most.

No, not the cash-register motherboard that serves as the brain, though that has got to be worth some hacker cred. No, it’s the graphics card [LCLDIY] designed to drive 10″ electroluminescent (EL) displays that really has us interested. EL screens have a unique and beautiful glow that many find captivating, but we don’t see them all that often for two reasons. One is price: if you can’t find them surplus, they’re not cheap. The other is driving them, which [LCLDIY]’s project helps with, because the graphics card is open source.

The card is PCI, so you’ll need an adapter to plug it into a modern PCIe slot, or you’d have to redesign the thing. Since this isn’t elegant-engineering-a-day, we know which we’d do. The card is based on the CHIPS65548/5 chip, which means you should be able to find driver support under Linux and Windows. [LCLDIY] seems to be using Windows 2000, but that might just be because it’s all been downhill since then.

If the cyberpunk laptop wasn’t enough inspiration, [LCLDIY] also created a giant-scale Game Boy using the same 10″ screen and DIY graphics card. The soft glow of the EL display is particularly suited to the low-res nature of the retro games, as it’s not entirely unlike a CRT. You can see it in action–both builds!– in videos embedded below.

The last time somebody posted an EL display here, they had to build the driver board for it, too.

We’ve all been there at one point or another; you unlock your iPhone with the intention of checking the weather or sending a quick text, only to be greeted by a sea of little red circles. 

They’re everywhere, screaming for your attention like a digital toddler until you open the app and clear it. It’s a core part of the iOS experience, sure, but after years of staring at these tiny stress-inducers, I’ve had enough. The problem? I can’t really do much about it. 

App badges are my worst enemy

The problem with app badges is that they are designed to be addictive. They’re pitched as helpful reminders, but in reality, they’re designed to draw you into an app to see what’s “new,” even when there’s nothing of substance actually waiting for you. 

Every time I unlock my iPhone and see a bunch of badges on my home screen, I’m immediately distracted. Instead of doing what I actually set out to do, I find myself mindlessly scrolling through a feed just to make the number go away.

Advertisement

Advertisement

It’s even more infuriating when the badges refuse to leave. We’ve all dealt with that one stubborn app – it’s the Oura app for me at the moment, oddly enough – where you’ve cleared every notification, read every message, and checked every update, yet the badge remains. 

For a company that prides itself on “clean” design, the home screen often looks like a messy desk covered in red Post-it notes.

No, I’m not going to disable them one by one

Now, I know what the power users among you are going to say, “Just go into Settings and turn them off!” And yes, technically, you can. 

But, there’s the catch: Apple forces you to do it on an app-by-app basis. I have hundreds of apps installed on my iPhone, and the idea of diving into the notification settings for every single one of them to toggle off “Badges” leaves me in a cold sweat – and besides, it’d take the better part of an afternoon.

Advertisement

It begs the question: why isn’t there a system-wide toggle? Apple gives us “Silence Unknown Callers” and “Focus” modes to reclaim our digital sanity, yet it won’t give us a single master switch to kill the red dots. It’s a bizarre omission when you really think about it, especially for an operating system that is supposed to be the very pinnacle of user-friendliness.

Advertisement

Android fixed the issue years ago

What makes this even harder to swallow is that our friends over in the Android camp solved this ages ago. 

On most Android skins, app badges (or “dots”) are intrinsically linked to the notification shade. If you swipe away a notification because you’ve seen it and decided it’s not important, the badge on the app icon vanishes too. A system that, in my mind, makes a lot of sense.

On iOS, the badge and the notification centre live in two completely different worlds. You can clear your entire lock screen, but those red circles will stay pinned to your icons until you manually open the app. 

Advertisement

At the very least, Apple should give us the option to mirror that Android-style functionality in the Settings menu for those of us who find the current system a little bit archaic.

It probably won’t change any time soon

As much as I’d love to be optimistic, I’m not holding my breath. With the reveal of iOS 27 scheduled for WWDC in early June, the rumour mill is buzzing about the long-awaited reveal of the Gemini-powered Siri and even more powerful AI features, but a badge overhaul is nowhere to be found.

Advertisement

Badges have been a staple of the iPhone since the very beginning, and despite Apple redesigning the notification system multiple times over the last decade, they’ve remained largely untouched. It seems Apple is perfectly happy with the status quo, even if it means our home screens remain a cluttered, distracting mess for the foreseeable future. 

Advertisement

Please, Apple, prove me wrong.