Tag: governance
-
Automatisch, sicher, DSGVO-konform: So lösen IT-Admins das Problem der Kontaktsynchronisation auf Diensthandys!
Abbildung 1 Bildquelle: magnific In vielen Unternehmen liegen die nativen Kontakte-Apps auf Diensthandys brach. Mitarbeitende verlieren daher Zeit mit der Suche nach Kontaktinformationen in Outlook, Intranet- oder Excel-Listen. Für IT-Verantwortliche ist das jedoch mehr als ein Komfortproblem es ist ein Risiko für Governance und Security. Die »Mobile Gap«: Das unsichtbare Effizienz-Leck Fehlende Kontaktsynchronisation… First seen…
-
Wettbewerbsfähig im Wandel: Vier IT-Trends, die 2026 den Unterschied machen
2026 wird IT zur strategischen Führungsaufgabe: KI, Cloud-Souveränität, Cybersecurity und Enterprise Networking entscheiden direkt über Wettbewerbsfähigkeit, Resilienz und Innovationsgeschwindigkeit. KI entwickelt sich vom Einzeltool zur zentralen Steuerungsplattform für Kernprozesse; zugleich machen regulatorische Anforderungen wie der EU AI Act Governance, Transparenz und Kompetenzaufbau zur Pflicht. Souveräne Multi- und Hybrid-Cloud-Modelle werden zum Standard, weil Unternehmen regulatorische Sicherheit,……
-
Go-Ahead for AI Chip Sales to 10 Chinese Firms Raise Alarms
Reports: Trump Administration Approval of Nvidia H200 Sales Poses Frontier AI Risks. Trump administration discussions on AI governance with China are colliding with reports that Washington may permit expanded Nvidia H200 chip sales to Chinese firms, fueling concerns that U.S. technology access could accelerate Beijing’s frontier AI and military-linked ambitions. First seen on govinfosecurity.com Jump…
-
Checkbox Assessments Aren’t Fit to Measure Risk
Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/checkbox-assessments-aren-t-fit-to-measure-to-risk
-
Microsoft turns Copilot Studio into an AI agent control center
The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/14/copilot-studio-security-governance-updates/
-
What CISOs need to land a board role
Tags: business, ciso, control, corporate, cyber, cybersecurity, finance, governance, government, intelligence, jobs, resilience, risk, skills, strategy, trainingTips for CISOs aiming for a board role: For CISOs interested in contributing to global vendor boards, Morelli advises focusing on becoming a partner, not just a customer. This requires the ability to articulate how a product’s evolution impacts the risk profile of an entire sector.For non-industry or public boards, CISOs must be comfortable contributing…
-
Palo Alto Networks bets on identity security for autonomous AI with Idira launch
Tags: ai, attack, business, ceo, ciso, cloud, credentials, cybersecurity, governance, identity, injection, intelligence, least-privilege, mfa, network, RedTeam, risk, soc, threat, tool, vulnerabilityCISOs navigate AI risks: For enterprises, the launch reflects a broader industry shift toward identity-centric cybersecurity models as organizations deploy generative AI tools, autonomous agents, and cloud-native applications at scale.Analysts say the growing number of non-human identities is creating operational and security challenges because many existing identity systems were originally built to manage employees and…
-
Guardrail Technologies launches Traffic Light for Code & AI; first security technology to verify & secure AI code and the people creating it
PARK CITY, Utah (May 5, 2026);—;Guardrail Technologies, the leading provider of AI security and governance software for enterprises building with AI,;today announced the launch of Traffic Light for Code & AI™, which verifies both the code AI generates and the people… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/spons/guardrail-technologies-launches-traffic-light-for-code-aitm-first-securit/819953/
-
How Can SMBs Keep Up With AI Governance?
SMBs are struggling to balance rapid AI adoption with governance, security, and shadow AI risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/how-can-smbs-keep-up-with-ai-governance/
-
Identity security firm SailPoint discloses GitHub repository breach
SailPoint disclosed a GitHub repository breach on April 20. The company contained the incident and said no customer data was affected. SailPoint is a cybersecurity company that provides identity security and identity governance solutions for enterprises. Its products help organizations manage and control user access to systems, applications, and sensitive data. SailPoint revealed a cybersecurity…
-
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
Part of a broader AI supply chain targeting: HiddenLayer, in its advisory, said that it identified six additional Hugging Face repositories uploaded under a separate account that used nearly identical loader logic and shared infrastructure with the campaign.The researchers also linked elements of the operation to earlier software supply-chain attacks involving npm typosquatting campaigns and…
-
AI security is repeating endpoint security’s biggest mistake
Tags: access, ai, api, automation, business, control, data, detection, edr, endpoint, governance, incident response, injection, LLM, monitoring, open-source, radius, risk, saas, sbom, soc, strategy, technology, threat, tool, updateMost AI security is still at the posture phase: Look at where most organizations are with AI security today. Model cards, AI-specific SBOMs, input and output filters, prompt injection guardrails and access controls around model APIs. These are valuable controls, but they reflect a posture-based approach. To truly enhance security, organizations must recognize the importance…
-
8 guiding principles for reskilling the SOC for agentic AI
Tags: ai, automation, business, ciso, cyber, cybersecurity, data, governance, incident response, jobs, penetration-testing, sans, skills, soc, technology, tool, training, update, vulnerability, vulnerability-managementSet the tone from the top: The second principle for reskilling security teams for agentic AI is all about leadership.As Baker says, CISOs must set the tone. That means building a culture of rapid experimentation, iteration, and innovation. “Fail fast and move forward,” he says.A key aspect of CISO leadership is understanding the needs of…
-
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution
Tags: ai, attack, authentication, breach, cloud, control, credentials, data, data-breach, defense, exploit, framework, governance, identity, infrastructure, Internet, LLM, malicious, monitoring, network, risk, service, supply-chain, threat, tool, vulnerability, zero-trustThe epistemological chasm: What renders MCP vulnerabilities particularly vexatious is the fundamental asymmetry they exploit between machine cognition and human oversight.Tool poisoning attacks insert malevolent instructions into tool metadata that LLMs process with complete fidelity but that remain utterly invisible to human operators. The machine perceives everything; its ostensible supervisors perceive nothing. We have unwittingly…
-
fsnotify Maintainer Access Change Sparks Supply Chain Security Concerns
A dispute over maintainer access in the widely used Go library fsnotify has triggered temporary supply chain concerns after contributors were removed from the project’s GitHub organization and recent releases came under scrutiny. While no evidence suggests that any version of fsnotify has been compromised, the incident highlights how governance ambiguity in critical open source projects can…
-
Baden-Württemberg: Grün-Schwarz streicht den Datenschutz zusammen
Die neue Regierung unter Cem Özdemir will fast die Hälfte der Stellen beim Landesdatenschutzbeauftragten streichen. First seen on golem.de Jump to article: www.golem.de/news/baden-wuerttemberg-gruen-schwarz-streicht-den-datenschutz-zusammen-2605-208528.html
-
KI”‘Cyberangriffe nehmen zu, Governance und Know-how hinken hinterher
Begrenzte Transparenz bei KI”‘Cyberangriffen: 35″¯% der europäischen Unternehmen können nicht beurteilen, ob sie bereits von KI”‘gestützten Cyberangriffen betroffen waren ein Zeichen für erhebliche Defizite in Erkennung und Monitoring. Steigende Bedrohung bei sinkender Erkennungsfähigkeit: KI”‘gestützte Phishing”‘ und Social”‘Engineering”‘Angriffe sind deutlich schwerer zu erkennen (71″¯%), das Vertrauen in klassische Sicherheitsmethoden nimmt ab. Größte wahrgenommene Risiken durch… First…
-
CISOs: Align cyber risk communication with boardroom psychology
Tags: breach, business, ciso, compliance, control, cyber, cybersecurity, data, finance, governance, psychology, resilience, risk, threat, updateStop reporting risk as a technical status update: Executives do not need a master class in threat modeling. They need to know what the business stands to lose.Risk has to be framed in terms boards already use to weigh other enterprise decisions: financial exposure, operational disruption, compliance consequences, legal risk and the cost of delay.…
-
Ten years later, has the GDPR fulfilled its purpose?
Tags: access, ai, breach, business, china, cio, compliance, data, data-breach, dora, finance, flaw, framework, GDPR, governance, government, international, jobs, law, mobile, office, privacy, regulation, risk, service, technology, tool, trainingFernando Maldonado, technology advisor at Foundry. MuleSoft. Gray areas remain: Still, if anything has been demonstrated in the decade since its entry into force, it’s that the GDPR still has a long way to go.Miguel Recio, president of APEP.IA (Spanish Professional Association for Privacy), argues that some of the limitations that have been exposed about the…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
How orphaned applications are quietly fueling your shadow IT problem
Tags: access, ai, api, awareness, business, cloud, compliance, control, credentials, data, finance, framework, governance, infrastructure, monitoring, risk, security-incident, service, threat, tool, updateOperational and financial overhead: Orphaned applications continue consuming licenses and infrastructure while cluttering configuration management databases (CMDBs). They introduce undocumented dependencies that skew asset management and complicate troubleshooting.Security exposure: Applications without active ownership are rarely reviewed. This means updates are missed, underlying components are no longer maintained, and access paths remain open far longer than intended.Hidden data…
-
Your AI Agents Are Already Inside the Perimeter. Do You Know What They’re Doing?
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of governance policy controls.” Enterprise leaders can request access to the Gartner Market Guide…
-
Poisoned truth: The quiet security threat inside enterprise AI
It takes surprisingly little poison to corrupt: Bad internal data is the immediate problem. But the external supply chain may be even harder to control.Research by Anthropic, the UK AI Security Institute, and the Alan Turing Institute discovered that as few as 250 maliciously crafted documents can poison LLMs of any size.That creates a massive…
-
World Passkey Day 2026 : Warum Passkeys zur wichtigen Waffe gegen KI-Hacker werden
Mit der zunehmenden Integration autonomer KI-Agenten verändert sich auch die Identitätssicherheit grundlegend. Unternehmen benötigen künftig eine Governance-Struktur mit KI-Agenten Verwaltung First seen on infopoint-security.de Jump to article: www.infopoint-security.de/world-passkey-day-2026-warum-passkeys-zur-wichtigen-waffe-gegen-ki-hacker-werden/a45002/
-
Proof of Concept: Anatomy of a Breach – Cyber Readiness
Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures. In part one of the Anatomy of a Breach series, Equifax’s Jeremy Koppen and Rapid7’s Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses. First…
-
Proof of Concept: Anatomy of a Breach – Cyber Readiness
Security Leaders From Equifax, Rapid7 on Identity Security and Visibility Failures. In part one of the Anatomy of a Breach series, Equifax’s Jeremy Koppen and Rapid7’s Christiaan Beek examine why familiar security gaps still lead to breaches. Experts discuss ways to improve readiness in the face of identity-driven attacks, visibility failures and governance weaknesses. First…
-
AI Security vs AI Governance Explained
Understand the difference between AI security and AI governance and why both fail without identity and SaaS control. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/ai-security-vs-ai-governance-explained/