Collecting Cyber-News from over 60 sources

Tag: governance

When responsible disclosure becomes unpaid labor

Feb 2, 2026 9:13 AM

Tags: ai, bug-bounty, ciso, cloud, compliance, control, credentials, cve, cvss, cybersecurity, data, email, exploit, finance, flaw, governance, healthcare, incident response, infrastructure, jobs, open-source, ransom, risk, security-incident, service, software, threat, tool, update, vulnerability, warfare

supposed to function and how it increasingly does in practice. Enter the gray zone of ethical disclosure: The result is a growing gray zone between ethical research and adversarial pressure. Based on years of reporting on disclosure disputes, that gray zone tends to emerge through a small set of recurring failure modes.Silent treatment and severity…
Das nächste große Security-Schlachtfeld

Feb 2, 2026 5:13 AM

Tags: ai, chatgpt, computer, computing, cyber, cybersecurity, cyersecurity, encryption, framework, governance, Hardware, resilience, training, usa

Wenn Quantum Computing und KI in der Praxis zusammenkommen, bricht ein neues Zeitalter an auch und vor allem in Sachen Cybersecurity.In den letzten Jahren hat künstliche Intelligenz (KI) ihre Tentakel über die globale Technologielandschaft ausgebreitet. Das verdeutlicht unter anderem auch der zunehmende Einsatz von Automatisierung und autonomen Technologien in diversen Branchen und Sektoren. Und während…
What future trends will define Agentic AI governance

Jan 31, 2026 9:15 PM

Tags: ai, cloud, cybersecurity, framework, governance

How Are Non-Human Identities Shaping Cloud Security? What does it take to bridge the gap between security and R&D teams when managing non-human identities in cloud environments? Non-human identities (NHIs) are pivotal in modern cybersecurity frameworks, acting as machine identities that ensure secure interaction between different technological entities. Understanding their role and maintaining effective security……
ISMG Editors: Real-Time Vishing Is Breaking MFA

Jan 31, 2026 9:15 PM

Tags: ai, attack, governance, mfa

Also: Why AI Agents Are Colliding, What Good Governance Ought to Look Like. In this week’s panel, four ISMG editors discussed real-time vishing attacks that are defeating MFA, the growing problem of AI agents making conflicting decisions inside of enterprises and why the next phase of AI adoption depends on governance, accountability and control. First…
Why AI Use in Healthcare Requires Continuous Oversight

Jan 31, 2026 9:15 PM

Tags: ai, framework, governance, healthcare, intelligence

Artificial intelligence use in healthcare is only as safe and accurate as the governance and trust frameworks surrounding it, particularly in clinical environments where errors or hallucinations can directly impact patient care, said Dave Bailey, vice president at consultancy Clearwater. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/ai-use-in-healthcare-requires-continuous-oversight-i-5521
Tenable Tackles AI Governance, Shadow AI Risks, Data Exposure

Jan 31, 2026 9:15 PM

Tags: ai, compliance, data, governance, risk

The Tenable One AI Exposure add-on discovers unsanctioned AI use in the organization and enforces policy compliance with approved tools. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/tenable-tackles-ai-governance-shadow-ai-risks-data-exposure
AI Compliance Tools: What to Look For FireTail Blog

Jan 30, 2026 8:42 PM

Tags: ai, antivirus, api, attack, automation, backdoor, business, cloud, compliance, control, credit-card, data, defense, email, finance, framework, GDPR, governance, grc, guide, identity, injection, intelligence, jobs, LLM, login, malicious, mitre, network, nist, okta, remote-code-execution, risk, risk-management, siem, software, threat, tool, training, unauthorized, vulnerability

Jan 30, 2026 – Alan Fagan – Quick Facts: AI Compliance ToolsManual tracking often falls short: Spreadsheets cannot track the millions of API calls and prompts generated by modern AI systems.Real-time is required: The best AI compliance tools monitor live traffic, not just static policy documents.Framework mapping matters: Firetail automatically maps activity to the OWASP…
MCP security: How to prevent prompt injection and tool poisoning attacks

Jan 30, 2026 4:22 PM

Tags: access, ai, api, attack, authentication, automation, best-practice, business, ceo, communications, control, credentials, data, defense, detection, email, endpoint, exploit, framework, github, governance, guide, incident response, infrastructure, injection, least-privilege, LLM, malicious, monitoring, network, radius, risk, service, siem, software, sql, supply-chain, threat, tool, unauthorized, vulnerability

The Model Context Protocol (MCP) has quickly become the open protocol that enables AI agents to connect securely to external tools, databases, and business systems. But this convenience comes with security risks. MCP servers store sensitive credentials, handle business logic, and connect to APIs. This makes them prime targets for attackers who have learned to…
KI-Governance, Datensouveränität und Dynamic Trust prägen 2026 – Vier Trends machen Cybersicherheit 2026 zum strategischen Faktor

Jan 30, 2026 9:21 AM

Tags: ai, cyersecurity, governance

First seen on security-insider.de Jump to article: www.security-insider.de/cybersicherheit-trends-2026-dynamic-trust-a-64d95b93d2d70461c3948e752bf41137/
Measuring Agentic AI Posture: A New Metric for CISOs

Jan 30, 2026 5:21 AM

Tags: access, ai, api, attack, breach, business, ciso, cybersecurity, data, data-breach, defense, endpoint, finance, governance, identity, injection, intelligence, metric, radius, risk, strategy, update, waf

In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers indicate to the Board how quickly we respond when issues arise. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
Roughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits

Jan 30, 2026 5:21 AM

Tags: access, ai, breach, business, ceo, ciso, control, corporate, data, finance, framework, governance, Internet, LLM, network, risk, technology, threat, tool, training

51% have connected AI tools to work systems or apps without the approval or knowledge of IT;63% believe it’s acceptable to use AI when there is no corporate-approved option or IT oversight;60% say speed is worth the security risk;21% think employers will simply “turn a blind eye” as long as they’re getting their work done.And…
The Agentic AI Posture Score: A New Metric for CISOs

Jan 29, 2026 6:25 PM

Tags: ai, api, attack, breach, business, ciso, cybersecurity, data, data-breach, defense, endpoint, finance, governance, identity, injection, metric, radius, risk, strategy, threat, update, waf

In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers tell the Board how fast we react when things go wrong. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised,…
EU’s answer to CVE solves dependency issue, adds fragmentation risks

Jan 29, 2026 12:21 PM

Tags: access, ai, china, cisco, cve, cyber, cybersecurity, data, dos, exploit, finance, governance, grc, infrastructure, intelligence, international, nvd, open-source, risk, service, software, threat, tool, vulnerability, vulnerability-management

Coordinated disclosure: Nik Kale, principal engineer and product architect at Cisco Systems, says GCVE’s main challenge comes from building a platform that the security community can rely on for coordinated disclosure and remediation.”Viability depends far more on governance than on the data itself,” Kale says. “That includes clear attribution rules, transparent CNA processes, predictable decision-making,…
Kritik am Kritis-Dachgesetz: “Flickenteppich” befürchtet

Jan 29, 2026 11:24 AM

Tags: cyberattack, germany, governance, infrastructure, kritis

Der Gesetzesentwurf der Bundesregierung zum Schutz kritischer Infrastruktur reicht nach Meinung des Deutschen Städtetag nicht aus.Der Deutsche Städtetag hält den zur Abstimmung im Bundestag anstehenden Vorschlag der Koalition zum Schutz kritischer Infrastruktur für unzureichend. Der Entwurf von Union und SPD sieht für Unternehmen der kritischen Infrastruktur wie etwa große Energieversorger oder Verkehrsunternehmen strengere Verpflichtungen zum…
NSFOCUS Unveils Enhanced AI LLM Risk Threat Matrix for Holistic AI Security Governance

Jan 29, 2026 9:23 AM

Tags: ai, cyber, data, governance, LLM, network, risk, threat

SANTA CLARA, Calif., Jan 29, 2026 Security is a prerequisite for the application and development of LLM technology. Only by addressing security risks when integrating LLMs can businesses ensure healthy and sustainable growth. NSFOCUS first proposed the AI LLM Risk Threat Matrix in 2024. The Matrix addresses security from multiple perspectives: foundational security, data security,…The…
KI-Identitäten außer Kontrolle: Massive Governance-Lücken in deutschen Unternehmen

Jan 29, 2026 7:21 AM

Tags: ai, germany, governance, usa

Künstliche Intelligenz ist längst kein Zukunftsthema mehr. Sie agiert in Arbeitsumgebungen bereits heute autonom. Das ist auf der einen Seite ein Riesenvorteil, auf der anderen Seite jedoch schwierig überwachbar. Eine neue internationale Umfrage, beauftragt von Saviynt und in Deutschland, Großbritannien und den USA durchgeführt, zeigt: KI-Identitäten greifen bereits tief in kritische Systeme ein [1]…. First…
AI Use by CISA Chief Alarms Cyber Officials

Jan 29, 2026 12:21 AM

Tags: ai, chatgpt, cisa, compliance, cyber, cybersecurity, governance, infrastructure, tool

CISA Defends Director’s Use of AI Tool Despite Internal Compliance Review. Cybersecurity and Infrastructure Security Agency Acting Director Madhu Gottumukkala uploaded sensitive documents to ChatGPT under a temporary, approved exception, prompting internal alerts and reigniting concerns over the agency’s AI governance and leadership judgement. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-use-by-cisa-chief-alarms-cyber-officials-a-30620
AI tools break quickly, underscoring need for governance

Jan 28, 2026 6:21 PM

Tags: ai, governance, tool, vulnerability

In a new report, the security firm Zscaler said it identified severe vulnerabilities in every enterprise tool it tested — sometimes on its first prompt. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-vulnerabilities-governance-zscaler/810718/
Stop Staring at JSON: How GenAI is Solving the API >>Context Crisis<<

Jan 28, 2026 5:21 PM

Tags: ai, api, attack, authentication, banking, business, credentials, credit-card, data, endpoint, governance, mobile, organized, risk, soc, threat, tool

There is a moment that happens in every SOC (Security Operations Center) every day. An alert fires. An analyst looks at a dashboard and sees a UR: POST /vs/payments/proc/77a. And then they stop. They stare. And they ask the question that kills productivity: “What does this thing actually do?” Is it a critical payment gateway?…
Always-on privileged access is pervasive, and fraught with risks

Jan 28, 2026 11:22 AM

Tags: access, api, automation, cloud, credentials, cybersecurity, framework, governance, iam, risk, saas, service

Paradigm shift ahead: Forrester analyst Geoff Cairns stresses the cybersecurity risks at play when organizations do not rein in excessive credential use. “Persistent standing privilege, yes, I think that is rampant,” he says. “It is something that attackers can target and then leverage to move laterally through systems and create havoc. The elevated privilege makes that…
Delegation is a risk decision every leader makes, not an ops choice

Jan 28, 2026 10:21 AM

Tags: access, ai, awareness, breach, business, communications, compliance, control, finance, governance, infrastructure, jobs, resilience, risk, risk-assessment, service, tool

Airlines and booking platforms, overwhelmed by volume and operational pressure, delegated financial decision-making to automated systems that could issue credits, delay refunds, or apply preset rules at scale.In many cases, those systems operated exactly as configured. They stayed within internal thresholds, followed approved logic, and reduced immediate operational load. The problem surfaced later. Customers challenged outcomes.…
Cryptographic Agility for Contextual AI Resource Governance

Jan 28, 2026 6:21 AM

Tags: ai, governance

Master cryptographic agility for AI resource governance. Learn how to secure Model Context Protocol (MCP) with post-quantum security and granular policy control. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/cryptographic-agility-for-contextual-ai-resource-governance/
Transfer learning and governance help bridge healthcare AI divide

Jan 28, 2026 6:21 AM

Tags: ai, data, governance, healthcare, international

Singapore researchers show how adapting pre-trained AI models can solve data scarcity issues in countries with limited resources. Separately, they have proposed forming an international consortium to build consensus on AI governance in medicine First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637650/Transfer-learning-and-governance-help-bridge-healthcare-AI-divide
Privacy Is Fueling the CIO’s AI Agenda

Jan 28, 2026 1:21 AM

Tags: ai, cio, cisco, data, governance, intelligence, privacy, risk

Cisco Research Shows How AI Is Reshaping Data Privacy and Governance. Enterprise data privacy and governance are undergoing fundamental shifts as the promised speed and efficiency of artificial intelligence come crashing into the realities of data risk and regulatory uncertainty. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/privacy-fueling-cios-ai-agenda-a-30610
AI is Now Default Enterprise Accelerator: Takeaways from ThreatLabz 2026 AI Security Report

Jan 27, 2026 10:25 PM

Tags: access, ai, attack, automation, chatgpt, compliance, control, data, detection, finance, google, governance, infrastructure, injection, insurance, intelligence, malicious, malware, microsoft, ml, monitoring, RedTeam, risk, saas, social-engineering, supply-chain, tactics, technology, threat, tool, vulnerability, zero-trust

Artificial intelligence and machine learning (AI/ML) are no longer emerging capabilities inside enterprise environments. In 2025, they became a persistent operating layer for how work gets done. Developers ship faster, marketers generate more content, analysts automate research, and IT teams rely on AI to streamline troubleshooting and operations. The productivity gains are real, but so…
4 Probleme, die CISOs behindern

Jan 27, 2026 5:23 PM

Tags: ai, business, ciso, cloud, compliance, cyberattack, cybersecurity, cyersecurity, data, framework, governance, risk, risk-management, skills, strategy, tool, vulnerability-management

Lesen Sie, welche strategischen Probleme CISOs bei ihren Aufgaben behindern.Viele Sicherheitsverantwortliche glauben, dass ein Cybervorfall unvermeidlich ist unklsar ist lediglich der Zeitpunkt. Diese Überzeugung spiegelt sich in der gängigen Redewendung wider, dass es nicht darum geht, ‘ob”, sondern ‘wann” ein Angriff erfolgt.Eine wachsende Zahl von CISOs rechnet jedoch eher früher als später mit einem Vorfall:…
Keeper Security Expands Its Zero-Trust Privileged Access Controls Into Slack

Jan 27, 2026 4:21 PM

Tags: access, control, governance, zero-trust

Keeper Security’s new Slack integration extends secure, policy-driven access governance into the platform. Slack serves as one of the most popular and widely used collaboration platforms in the world for organisations of all sizes. It has a strong adoption across EMEA, especially in the European markets including the UK, with high engagement across major hubs…
Overcoming AI fatigue

Jan 27, 2026 2:21 PM

Tags: access, ai, awareness, business, ciso, cloud, control, data, finance, governance, incident response, jobs, metric, monitoring, privacy, risk, strategy, supply-chain, technology, tool, training, zero-trust

before it becomes fully entrenched in every corner of the business. It’s a rare opportunity, one we shouldn’t waste. A big part of the confusion comes from the word “AI” itself. We use the same label to talk about a chatbot drafting marketing copy and autonomous agents that generate and implement incident response playbooks. Technically,…
Datenschutz im KI-Zeitalter: Von der Compliance-Pflicht zur strategischen Security-Governance

Jan 27, 2026 11:24 AM

Tags: ai, compliance, governance, resilience

Datenschutz ist zu einem zentralen Faktor für IT-Sicherheit, digitale Resilienz und unternehmerisches Vertrauen geworden. Angesichts der immer leistungsfähigeren KI-System werden auch die datenschutzrechtlichen und sicherheitsstrategischen Herausforderungen immer größer. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/datenschutz-im-ki-zeitalter-von-der-compliance-pflicht-zur-strategischen-security-governance/a43465/
4 issues holding back CISOs’ security agendas

Jan 27, 2026 9:21 AM

Tags: access, ai, application-security, attack, business, ciso, cloud, compliance, control, cyber, cybersecurity, data, endpoint, framework, governance, intelligence, jobs, monitoring, network, resilience, risk, risk-assessment, risk-management, sans, service, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-management

2. Inability to keep pace with AI innovation and adoption: Executives and employees alike have been rushing to adopt artificial intelligence, enticed by expectations that AI will transform workflows and save time, money, and effort.But CISOs for the most part have not kept pace with their business colleagues’ rate of AI adoption.According to a survey…