Tag: governance

Microsoft Copilot Agent Policy Flaw Lets Any User Access AI Agents

Aug 25, 2025 8:54 AM

Tags: access, ai, control, cyber, flaw, framework, governance, microsoft, unauthorized

Microsoft has disclosed a critical flaw in its Copilot agents’ governance framework that allows any authenticated user to access and interact with AI agents within an organization”, bypassing intended policy controls and exposing sensitive operations to unauthorized actors. At the core of the issue is the way Copilot Agent Policies are enforced”, or, more accurately,…
Warum Chatkontrolle zum Scheitern verurteilt ist oder noch Schlimmeres droht

Aug 25, 2025 5:54 AM

Tags: governance

Die EU diskutiert seit Jahren über Chatkontrolle. Jetzt hat die Bundesregierung ihre Haltung geändert: Statt Nein sagt sie nur noch »unentschlossen«. Damit wächst die Gefahr, dass die EU den riskanten Vorschlag beschließt. Chatkontrolle widerspricht nicht nur den europäischen Datenschutzgesetzen, sondern es wird auch praktisch nicht funktionieren. Im besten Fall bleibt das Gesetz wirkungslos, aber im……
Featured Chrome extension FreeVPN.One caught capturing and transmitting user data

Aug 22, 2025 3:54 PM

Tags: access, api, browser, ceo, chrome, corporate, credentials, data, data-breach, endpoint, finance, governance, healthcare, india, malicious, mobile, monitoring, privacy, risk, technology, threat, tool, vpn, vulnerability, vulnerability-management

Unmanaged extensions expose enterprises: Such incidents highlight how unmanaged browser extensions can act as covert data exfiltration channels, exposing sensitive corporate information. Enterprises usually deploy licensed, corporate-grade VPNs that are safe and accompanied by monitoring and access controls. But employees often install free VPN extensions for personal use.”This poses as a major threat to industries…
The Triple Threats CISOs cannot ignore: A Perfect Storm of Digital Frontlines, Dark AI and Quantum Leaps

Aug 22, 2025 6:54 AM

Tags: ai, ciso, computer, computing, corporate, cyber, cybersecurity, data, deep-fake, email, encryption, firewall, fraud, governance, incident response, intelligence, malicious, penetration-testing, phishing, resilience, risk, scam, service, siem, soc, social-engineering, technology, threat, tool, training, vulnerability

Adrian Hia, Managing Director for Asia Pacific at Kaspersky.Smart Security Operations Centers (SOCs) that leverage AI and real-time analytics to monitor, respond, and adapt to these complex new threats are critical. Adrian Hia further shared, “When incidents occur, response becomes critical. Every minute equates to dollars lost. organisations in Southeast Asia are increasingly relying on…
Anthropic Folds Claude Code Into Business Plans With Governance Tools

Aug 22, 2025 12:54 AM

Tags: ai, api, business, compliance, governance, tool

Anthropic added Claude Code to its Team and Enterprise subscriptions, alongside a new Compliance API that helps IT leaders enforce governance and track AI coding activity. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-anthropic-claude-code-business-plan-governance/
Microsoft 365 Adds New Feature for Admins to Manage Link Creation Policies

Aug 21, 2025 3:54 PM

Tags: ai, control, cyber, governance, microsoft

Microsoft announced on August 20, 2025, a significant enhancement to its Microsoft 365 administrative capabilities with the introduction of new tenant-level controls for managing org-wide sharing links for user-built Copilot agents. This feature, scheduled for general availability in mid-September 2025, represents a critical step forward in enterprise governance for AI-powered collaboration tools. Enhanced Administrative Control…
Why AI Agents and MCP Servers Just Became a CISO’s Most Urgent Priority

Aug 21, 2025 2:56 PM

Tags: ai, api, attack, breach, ciso, control, data, detection, exploit, framework, governance, infrastructure, LLM, risk, technology, threat, tool, update, waf

Over the last year, I’ve spent countless hours with CISOs, CTOs, and security architects talking about a new wave of technology that’s changing the game faster than anything we’ve seen before: Agentic AI and Model Context Protocol (MCP) servers. If you think AI is still in the “cool demos and pilot projects” stage, think again.…
The End of Tribal Knowledge: Why Contextual Policy Is the Foundation for Agentic AI Development

Aug 21, 2025 5:54 AM

Tags: ai, data, governance, risk, software
New security features beef up Google Cloud Platform

Aug 19, 2025 6:54 PM

Tags: access, ai, attack, authentication, cloud, compliance, computing, control, credentials, data, defense, detection, encryption, finance, google, governance, group, iam, incident response, intelligence, least-privilege, monitoring, network, privacy, RedTeam, risk, service, soar, soc, technology, threat, tool, unauthorized, update, vulnerability, waf, zero-trust

CSO in an email.”One of the biggest security improvements that we’re announcing is within our AI Protection solution [part of a customer’s GCP Security Command Center]. As organizations rapidly adopt AI, we’re developing new capabilities to help them keep their initiatives secure.”These include new capabilities for automated discovery of AI agents and Model Context Protocol…
KI-Agenten breiten sich aus aber Governance-Lücken gefährden Vertrauen der Verbraucher

Aug 19, 2025 4:54 PM

Tags: ai, governance

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/ki-agenten-ausbreitung-governance-luecken-gefahr-verbraucher-vertrauen
FireTail at Black Hat USA 2025: Finalist in the Startup Spotlight FireTail Blog

Aug 19, 2025 11:54 AM

Tags: ai, control, data, governance, risk, risk-assessment, risk-management, startup, unauthorized, usa

Aug 18, 2025 – Lina Romero – Title: FireTail at Black Hat USA 2025: Finalist in the Startup Spotlight FireTail was one of just four finalists competing at Black Hat’s Startup Spotlight this year. FireTail was one of four startups selected as a finalist in the Black Hat USA 2025 Startup Spotlight Competition. This week…
Wie CISOs von der Blockchain profitieren

Aug 19, 2025 6:58 AM

Tags: access, ai, api, blockchain, ciso, compliance, framework, governance, identity, LLM, network, saas, sbom, software, tool, zero-trust

Die Blockchain macht Trust verifizierbar.Sicherheitsvorfälle gehen nicht nur auf eine Kompromittierung der internen Systeme zurück. Sie hängen regelmäßig auch damit zusammen, dass:Privileged-Access-Protokolle fehlen,SaaS-Audit-Trails nicht vertrauenswürdig sind, oderLieferketten kompromittiert werden.Die Blockchain kann dabei helfen, diese realen Probleme zu lösen und Manipulationssicherheit, Datenintegrität und Trust zu gewährleisten. Im Kern ist Blockchain ein System von Datensätzen, die über…
Bridging the AI model governance gap: Key findings for CISOs

Aug 18, 2025 6:54 AM

Tags: ai, ciso, governance

While most organizations understand the need for strong AI model governance, many are still struggling to close gaps that could slow adoption and increase risk. The findings … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/18/ciso-ai-model-governance/
Workday research: 75% of employees will work with artificial intelligence, but not for it

Aug 12, 2025 5:12 PM

Tags: ai, governance, intelligence, technology

Workday research finds 75% of workers like AI as a teammate, but only 30% want AI to be the boss. Trust in the technology may grow with use, but human focus, clear roles and governance are key First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366629115/Workday-research-75-of-employees-will-work-with-artificial-intelligence-but-not-for-it
Digitale Souveränität für Deutschland vorerst unerreichbar

Aug 12, 2025 12:12 PM

Tags: access, ai, bsi, chatgpt, china, cloud, computer, cyersecurity, encryption, germany, google, governance, government, hacker, injection, Internet, risk, strategy, update, usa

BSI-Präsidentin Plattner: “Wir haben technologische Abhängigkeiten an ganz vielen Stellen.” Jan WaßmuthSeine Abhängigkeit von Cloud-Lösungen, KI-Modellen und anderen Tech-Produkten aus dem Ausland wird Deutschland nach Einschätzung des Bundesamtes für Sicherheit in der Informationstechnik (BSI) so bald nicht überwinden. Da der Staat seine digitalen Systeme und Daten bis auf weiteres nicht ohne Input aus dem außereuropäischen…
From Risk to ROI: How Security Maturity Drives Business Value

Aug 12, 2025 10:12 AM

Tags: access, ai, breach, business, cloud, compliance, control, cyber, cybersecurity, data, detection, encryption, exploit, finance, framework, GDPR, governance, government, healthcare, incident response, infrastructure, insurance, intelligence, monitoring, nist, privacy, ransomware, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, threat, tool, unauthorized, vulnerability

From Risk to ROI: How Security Maturity Drives Business Value madhav Tue, 08/12/2025 – 04:30 Cyber threats are like moving targets”, constantly evolving and increasingly pervasive. In a hyper-connected world, no individual, industry, or organization is immune. The threat landscape presents a serious and persistent challenge for governments, businesses, critical infrastructure, and individuals alike. Many…
Credit Karma leader shares AI governance lessons learned

Aug 12, 2025 12:12 AM

Tags: ai, data, fintech, governance, lessons-learned

Start slow and break things — that’s how the head of data and AI at the fintech says enterprises should start building AI governance frameworks. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366628735/Credit-Karma-leader-shares-AI-governance-lessons-learned
CSO hiring on the rise: How to land a top security exec role

Aug 11, 2025 10:12 AM

Tags: access, ai, attack, breach, business, cio, ciso, cloud, compliance, cyber, cybersecurity, data, defense, finance, governance, government, healthcare, identity, incident, incident response, infrastructure, insurance, jobs, military, network, regulation, resilience, risk, saas, service, skills, software, strategy, technology, threat, training

Wide-scale AI adoption shaking up skills sought: In terms of the skills wanted of today’s CSO, Fuller agrees that AI is the game-changer.”Organizations are seeking cybersecurity leaders who combine technical depth, AI fluency, and strong interpersonal skills,” Fuller says. “AI literacy is now a baseline expectation, as CISOs must understand how to defend against AI-driven…
AMD und Nvidia Regierung wird mit 15 Prozent am China-Umsatz beteiligt

Aug 11, 2025 9:12 AM

Tags: ai, china, governance, government, nvidia

AMD und Nvidia dürfen erste AI-Chips nach China schicken. Ein Novum dabei: 15 Prozent der China-Einnahmen gehen wohl direkt an Washington. First seen on computerbase.de Jump to article: www.computerbase.de/news/wirtschaft/amd-und-nvidia-us-regierung-wird-mit-15-prozent-am-china-umsatz-beteiligt.93832
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
13 Produkt-Highlights der Black Hat USA

Aug 8, 2025 12:12 PM

Tags: access, ai, api, application-security, business, chatgpt, cisco, cloud, compliance, credentials, crowdstrike, cybersecurity, data, detection, google, governance, Hardware, identity, leak, LLM, malware, marketplace, microsoft, monitoring, network, openai, phishing, risk, saas, service, soc, threat, tool, usa, vulnerability, zero-trust

Das Mandalay Bay Convention Center wird zur Black Hat USA zum Cybersecurity-Hub 2025 lag der Fokus dabei insbesondere auf Agentic und Generative AI.Zur Black-Hat-Konferenz haben sich auch 2025 Tausende von Sicherheitsexperten in Las Vegas zusammengefunden, um sich über die neuesten Entwicklungen im Bereich Cybersecurity zu informieren und auszutauschen. Der thematische Fokus lag dabei in erster…
So sparen CISOs, ohne die Sicherheit zu torpedieren

Aug 8, 2025 7:11 AM

Tags: business, ciso, compliance, cyber, cyberattack, cybersecurity, detection, governance, Hardware, iam, intelligence, jobs, risk, risk-management, software, strategy, threat, tool, vulnerability

Geht’s dem Security-Budget an den Kragen, ist der Spielraum für CISOs denkbar gering.Vor etlichen Jahren fand sich David Mahdi, heute CISO Advisor beim IAM-Spezialisten Transmit Security, in einer Situation wieder, vor der wohl jedem Sicherheitsentscheider graut: Die Budgets sollten mitten im Jahr drastisch gekürzt werden ohne die Möglichkeit, irgendetwas aufzuschieben. “Das war damals eine unkontrollierbare…
So sparen CISOs, ohne die Sicherheit zu torpedieren

Aug 8, 2025 7:11 AM

Tags: business, ciso, compliance, cyber, cyberattack, cybersecurity, detection, governance, Hardware, iam, intelligence, jobs, risk, risk-management, software, strategy, threat, tool, vulnerability

Geht’s dem Security-Budget an den Kragen, ist der Spielraum für CISOs denkbar gering.Vor etlichen Jahren fand sich David Mahdi, heute CISO Advisor beim IAM-Spezialisten Transmit Security, in einer Situation wieder, vor der wohl jedem Sicherheitsentscheider graut: Die Budgets sollten mitten im Jahr drastisch gekürzt werden ohne die Möglichkeit, irgendetwas aufzuschieben. “Das war damals eine unkontrollierbare…
Black Hat 2025 Recap: A look at new offerings announced at the show

Aug 8, 2025 5:11 AM

Tags: access, ai, api, application-security, automation, chatgpt, cisco, cloud, compliance, control, crowdstrike, dark-web, data, detection, google, governance, group, identity, intelligence, LLM, malware, microsoft, monitoring, network, openai, password, risk, saas, service, soc, software, threat, tool, vulnerability, zero-trust

Snyk secures AI from inception: Snyk’s new platform capability, Secure at Inception, includes real-time security scanning that begins at the moment of code generation or execution. It offers visibility into generative AI, agentic, and model context protocol (MCP) components in software, and also features a new, experimental scanner for detecting AI-specific MCP vulnerabilities.Secure AI Inception…
We’re a Major Player in the 2025 IDC MarketScape for CNAPP. Here’s Why That Matters for Your Cloud Security.

Aug 7, 2025 7:11 PM

Tags: access, attack, automation, business, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, governance, iam, identity, incident response, infrastructure, metric, radius, risk, strategy, threat, tool, vulnerability, vulnerability-management

“With a strong focus on CNAPP through Tenable Cloud Security and exposure management with Tenable One, Tenable provides visibility and control over hybrid attack surfaces, including on-premises, cloud, and hybrid environments,” according to the report. To successfully tackle your cloud security challenges, you need a partner that understands the landscape and offers you a powerful,…
Project Ire: Microsoft’s autonomous AI agent that can reverse engineer malware

Aug 7, 2025 3:11 PM

Tags: ai, attack, ceo, cloud, compliance, computing, control, cybersecurity, defense, detection, exploit, finance, governance, government, healthcare, infrastructure, LLM, malicious, malware, microsoft, programming, risk, service, siem, soar, soc, software, threat, tool, training

Real-world testing: In real-world tests on 4,000 “hard-target” files that had stumped automated tools, Project Ire flagged 9 malicious files out of 10 files correctly, and a low 4% false positive rate.This makes Project Ire suitable for organizations that operate in high-risk, high-volume, and time-sensitive environments where traditional human-based threat triage is insufficient.Rawat added that…
Überwachung des KI-Markts – Datenschützer mahnt Handeln der Bundesregierung bei KI an

Aug 7, 2025 10:11 AM

Tags: ai, governance

First seen on security-insider.de Jump to article: www.security-insider.de/datenschuetzer-mahnt-handeln-der-bundesregierung-bei-ki-an-a-9f14929fe46f3bae5be823e01debbd32/
Act Now: $100M in FY25 Cyber Grants for SLTTs Available Before August 15

Aug 6, 2025 11:11 PM

Tags: attack, breach, cisa, cloud, compliance, cyber, cyberattack, cybersecurity, data, defense, governance, government, identity, incident response, infrastructure, iot, metric, network, ransomware, resilience, risk, service, technology, threat, tool, training, vulnerability

With over $100 million on the table in FY25 cybersecurity grants, state, local and tribal governments have until August 15, 2025 to apply to secure critical cyber funding to strengthen their defenses. On August 1st, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) announced the FY 2025 Notice…