Tag: governance
-
KI”‘Cyberangriffe nehmen zu, Governance und Know-how hinken hinterher
Begrenzte Transparenz bei KI”‘Cyberangriffen: 35″¯% der europäischen Unternehmen können nicht beurteilen, ob sie bereits von KI”‘gestützten Cyberangriffen betroffen waren ein Zeichen für erhebliche Defizite in Erkennung und Monitoring. Steigende Bedrohung bei sinkender Erkennungsfähigkeit: KI”‘gestützte Phishing”‘ und Social”‘Engineering”‘Angriffe sind deutlich schwerer zu erkennen (71″¯%), das Vertrauen in klassische Sicherheitsmethoden nimmt ab. Größte wahrgenommene Risiken durch… First…
-
CISOs: Align cyber risk communication with boardroom psychology
Tags: breach, business, ciso, compliance, control, cyber, cybersecurity, data, finance, governance, psychology, resilience, risk, threat, updateStop reporting risk as a technical status update: Executives do not need a master class in threat modeling. They need to know what the business stands to lose.Risk has to be framed in terms boards already use to weigh other enterprise decisions: financial exposure, operational disruption, compliance consequences, legal risk and the cost of delay.…
-
Ten years later, has the GDPR fulfilled its purpose?
Tags: access, ai, breach, business, china, cio, compliance, data, data-breach, dora, finance, flaw, framework, GDPR, governance, government, international, jobs, law, mobile, office, privacy, regulation, risk, service, technology, tool, trainingFernando Maldonado, technology advisor at Foundry. MuleSoft. Gray areas remain: Still, if anything has been demonstrated in the decade since its entry into force, it’s that the GDPR still has a long way to go.Miguel Recio, president of APEP.IA (Spanish Professional Association for Privacy), argues that some of the limitations that have been exposed about the…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide…
-
Poisoned truth: The quiet security threat inside enterprise AI
It takes surprisingly little poison to corrupt: Bad internal data is the immediate problem. But the external supply chain may be even harder to control.Research by Anthropic, the UK AI Security Institute, and the Alan Turing Institute discovered that as few as 250 maliciously crafted documents can poison LLMs of any size.That creates a massive…
-
World Passkey Day 2026 : Warum Passkeys zur wichtigen Waffe gegen KI-Hacker werden
Mit der zunehmenden Integration autonomer KI-Agenten verändert sich auch die Identitätssicherheit grundlegend. Unternehmen benötigen künftig eine Governance-Struktur mit KI-Agenten Verwaltung First seen on infopoint-security.de Jump to article: www.infopoint-security.de/world-passkey-day-2026-warum-passkeys-zur-wichtigen-waffe-gegen-ki-hacker-werden/a45002/
-
Proof of Concept: Anatomy of a Breach – Cyber Readiness
Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures. In part one of the Anatomy of a Breach series, Equifax’s Jeremy Koppen and Rapid7’s Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses. First…
-
Proof of Concept: Anatomy of a Breach – Cyber Readiness
Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures. In part one of the Anatomy of a Breach series, Equifax’s Jeremy Koppen and Rapid7’s Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses. First…
-
AI Security vs AI Governance Explained
Understand the difference between AI security and AI governance and why both fail without identity and SaaS control. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/ai-security-vs-ai-governance-explained/
-
The Shadow AI Governance Crisis: Why 80% of Fortune 500 Companies Have Already Lost Control of Their AI Infrastructure
80% of Fortune 500 companies now run active AI agents. Only 10% have a clear strategy to manage them. Here is what the other 90% face – and the 5-part framework that fixes it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/the-shadow-ai-governance-crisis-why-80-of-fortune-500-companies-have-already-lost-control-of-their-ai-infrastructure/
-
The Half of Agent Security You’re Not Governing
The governance of AI agents faces a fundamental asymmetry: while MCP servers provide structured logs, the “Skills” that drive agent reasoning remain forensic black holes. As high-risk capabilities”, such as arbitrary code execution and state changes”, become prevalent in nearly 60% of enterprise deployments, traditional models like the “Rule of Two” are failing to prevent…
-
Security agencies draw red lines around agentic AI deployments
Tags: access, advisory, ai, automation, awareness, cisa, control, data, governance, injection, international, monitoring, risk, risk-management, toolContinuous monitoring with human-in-the-loop control: While the first half of the advisory focused on limiting what agents can do, the second was about watching what they actually do, reacting quickly when things go sideways.”Operators should implement continuous monitoring and auditing to maintain awareness of AI agent operation and ensure traceability for decisions and actions,” CISA…
-
Kontrollverlust in der KI-Transformation Warum autonome Agenten zwingend IAM und Sicherheit brauchen
Okta veröffentlicht die Ergebnisse seines jährlichen Reports <>. Zentrale Erkenntnis:, weltweit stufen 99 Prozent der Führungskräfte in der obersten Führungsebene das Identity and Access-Management (IAM) als wichtig für die KI-Transformation ein; 90 Prozent fehlt aber nach wie vor eine umfassende Strategie zur Steuerung autonomer Agenten. Schlimmer noch: Lediglich 58 Prozent nennen die Governance […] First…
-
TXOne Networks erweitert OT-Sicherheitsportfolio um Sennin-Plattform für Risikobewertung und Governance
Sennin stärkt TXOne Complete, das ‘Discover. Assess. Protect”-Framework des Unternehmens durch spezielle Funktionen für die Bewertung und Programm-Governance. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/txone-networks-erweitert-ot-sicherheitsportfolio-um-sennin-plattform-fuer-risikobewertung-und-governance/a44949/
-
Best Oracle GRC Alternatives for Oracle E-Business Suite: Replacing AACG, CCG, TCG and PCG
Many organizations still rely on Oracle GRC Advanced Controls for Oracle E-Business Suite”, including AACG, CCG, TCG and PCG”, as the backbone of their access governance, continuous controls monitoring, and compliance efforts. That was a reasonable choice for a long time. But the world those tools were built for”, on-premise ERP, slower change cycles, and…
-
AI agents can bypass guardrails and put credentials at risk, Okta study finds
Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
-
AI agents can bypass guardrails and put credentials at risk, Okta study finds
Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
-
AI agents can bypass guardrails and put credentials at risk, Okta study finds
Phishing the agent: Why AI guardrails aren’t enough, a report on tests conducted by cloud identity and access management (IAM) company Okta Threat Intelligence, which uncovered all of the problems cited above, and more.Their research focused on OpenClaw, a model-agnostic multi-channel AI assistant which has seen explosive growth inside enterprises since appearing in late 2025.…
-
eco-Kommentar zu den Eckpunkten des Digitalhaushalts der Bundesregierung
Tags: governanceFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/eco-kommentar-eckpunkte-digitalhaushalt-bundesregierung
-
Palo Alto Networks Targets AI Agent Gateway With Portkey Buy
Startup Acquisition Adds Centralized Policy Control Over Agent Communications. Palo Alto Networks plans to acquire Portkey to centralize AI agent communications through a gateway that enforces runtime security, identity controls and governance, addressing rising risks from autonomous agents with broad system access and fragmented enterprise visibility. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/palo-alto-networks-targets-ai-agent-gateway-portkey-buy-a-31574
-
Networks of Browser Extensions Are Spyware in Disguise
Modern browser extensions and ad blockers are legally collecting and reselling user data, including streaming habits and B2B sales intelligence, under the guise of “analytics.” This unregulated “legal spyware” creates massive security gaps as employees unwittingly leak corporate URLs, SaaS dashboards, and research activity to third-party databases. With the rise of AI-native browsers and personal…
-
Shadow AI risks deepen as 31% of users get no employer training
Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/01/shadow-ai-risks-it-oversight/
-
Shadow AI risks deepen as 31% of users get no employer training
Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/01/shadow-ai-risks-it-oversight/