ReSure is introducing an important change to how access to the platform is controlled.
This change reflects a material shift in the cyber threat environment and is directly relevant to how we protect the sensitive information our clients manage in ReSure, including insurance and leasing renewals, risk exposure data, policy terms, claims costs and asset valuations.
That information has always required careful stewardship. The threat environment it operates in has now changed materially.
Why this is changing
In April 2026, Anthropic announced Project Glasswing.
Their frontier AI model identified thousands of critical, previously unknown security vulnerabilities across major operating systems and web browsers, autonomously and without human involvement. Some had survived decades of expert review. One had reportedly been missed by five million automated tests.
This was not a theoretical exercise. These were real, exploitable flaws in widely used software.
This is not a future risk. It is a present one. The security model many organisations still rely on was designed for a world where attackers were human: slow, expensive and limited in number. That world is changing rapidly. AI-driven tools can now probe digital environments continuously, at machine speed and at very low cost. The time between vulnerability discovery and attempted exploitation is shrinking dramatically.
The assumption that now needs to change is simple: Network access is no longer a right. It is a privilege that must be earned and verified before any connection is made.
How ReSure is responding
ReSure is responding directly to this shift.
The platform we run on, entityOS, is moving to a restricted network model in which only pre-registered, known IP addresses and verified certificates can reach ReSure services at all. Anonymous connections, including AI-driven scanning tools, are rejected at the network boundary before reaching any application, API or data.
This approach is designed to reduce exposure before an unauthorised request can interact with the platform.
What will change
As part of this rollout, ReSure users will be asked to pre-register their organisation’s IP addresses ahead of enforcement.
This will be a simple, one-time process:
- ReSure will provide your organisation with a unique security code
- Your administrator will visit the registration portal, available shortly
- They will enter the security code and the organisation’s IP address
- That address will then be added to the ReSure allowlist
Once this is complete, users will continue to access ReSure exactly as they do today, with no change to normal workflow.
Any IP address not on the approved list will be unable to reach the platform, regardless of whether valid login credentials are held.
If IP addresses change in future, for example due to remote working arrangements or an office move, administrators will be able to update them through the same portal without needing to contact support.
A different model of access
We recognise that this represents a change in how many organisations think about access to a cloud platform. The old assumption was that a service being reachable was the normal state. The new assumption is the opposite: a service that cannot be reached by an unknown caller is not broken. It is working correctly. Controlled access is not a restriction. It is a security feature.
For more on the broader security thinking behind this change, see entityOS’s article The Moment.
What happens next
We will be in touch shortly with client operations teams to provide unique registration codes and step-by-step instructions.
In the meantime, if you have any questions about this change or would like to discuss what it means for your organisation’s broader security posture, please contact the ReSure team.