Tag: training
-
Shadow AI: When Everyone Becomes a Data Leak Waiting to Happen
Shadow AI leaks data to uncontrolled external systems and spreads virally across organizations, requiring user training and compliant alternatives rather than prohibition. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/shadow-ai-when-everyone-becomes-a-data-leak-waiting-to-happen/
-
Shadow AI vs Managed AI: What’s the Difference? FireTail Blog
Tags: access, ai, api, attack, breach, chatgpt, ciso, cloud, computer, control, credentials, credit-card, data, data-breach, framework, google, injection, intelligence, Internet, law, LLM, malicious, mitre, monitoring, network, password, phishing, phone, risk, software, switch, threat, tool, training, vulnerabilityMar 04, 2026 – – Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a “Paved Path”: It uses approved, secure versions…
-
How to know you’re a real-deal CSO, and whether that job opening truly seeks one
Tags: access, ai, breach, business, communications, compliance, control, cyber, data, data-breach, finance, framework, governance, incident response, infosec, insurance, jobs, metric, privacy, radius, risk, skills, strategy, threat, training, vulnerabilityStriking the right balance of experience and responsibility: Mark G. McCreary, partner and chief AI and IT security officer at Boston-based legal firm Fox Rothschild LLP, has seen both extremes: security being completely sidelined and security professionals given excessive, unjustified authority.In some firms, a newly appointed CSO might be positioned as a gatekeeper without the…
-
7 factors impacting the cyber skills gap
Tags: ai, attack, automation, breach, business, ciso, control, cyber, cybercrime, cybersecurity, data, defense, detection, group, incident response, intelligence, jobs, risk, service, skills, strategy, technology, threat, tool, training, vulnerability2. Emerging technologies: New technologies, particularly AI, are contributing to a cyber landscape that’s evolving so quickly it’s hard for even highly skilled cybersecurity professionals to pace, says Dan Lohrmann, CISO at enterprise strategy and consulting firm Presidio.AI-driven threats keep moving the target, allowing cybercriminals to attack with unprecedented levels of speed and agility, Lohrmann…
-
A scorecard for cyber and risk culture
Tags: access, automation, awareness, breach, business, compliance, control, credentials, cyber, finance, governance, identity, jobs, metric, mitigation, phishing, risk, service, strategy, tool, trainingWhen someone asks for an exception.When a change goes in late.When an alert fires at 2 a.m.When a junior analyst spots something odd and wonders if it’s worth escalating.When an executive wants speed, and the team wants safety. Ownership means people act like the risk is partly theirs. They don’t outsource judgment to “security.” They…
-
How CISOs can build a resilient workforce
Tags: ai, automation, ciso, communications, cyber, cybersecurity, data, infrastructure, jobs, monitoring, network, risk, service, skills, soc, software, strategy, technology, threat, tool, trainingBurnout leads to job dissatisfaction: Burnout is an ongoing concern for many CISOs and their teams, especially when unpredictable events can trigger workload spikes, burnout can escalate fast. “It’s something that can overwhelm pretty quickly,” Ford says.Industry surveys continue to flash red on persistent burnout that leads to job dissatisfaction. The ISC2 study found almost…
-
Microsoft boss on AI content: ‘Nobody wants anything that is sloppy’
Sometimes the ‘S’ word slips through even the best media training First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/microsoft_boss_on_ai_content/
-
Former Air Force officer arrested for conspiring with hacker to provide flight training to Chinese military
Gerald Eddie Brown, 65, was arrested in Jeffersonville, Indiana on Thursday after spending nearly three years living in China and allegedly providing combat aircraft training to pilots in the Chinese Air Force. First seen on therecord.media Jump to article: therecord.media/former-air-force-officer-arrested-for-working-with-hacker-flight-training-china
-
SMBs Struggle to Translate Cybersecurity Investment into Real-World Resilience, Study Finds
Small and medium-sized businesses (SMBs) continue to face significant cyber risk despite growing investment in cybersecurity tools and training, according to new research from privacy company Proton AG. The company’s SMB Cybersecurity Report 2026, based on a survey of 3,000 business leaders across six global markets, including the UK, found that one in four SMBs…
-
US artificial intelligence developers accuse Chinese firms of stealing their data
Artificial intelligence developers are accusing Chinese firms of stealing their intellectual property following a spate of ‘distillation attacks’, despite their own alleged theft of training data First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639367/US-artificial-intelligence-developers-accuse-Chinese-firms-of-stealing-their-data
-
The farmers and the mercenaries: Rethinking the ‘human layer’ in security
Tags: access, attack, authentication, awareness, ciso, control, cybersecurity, defense, detection, intelligence, jobs, monitoring, risk, soc, threat, tool, trainingThe evidence is already in: This isn’t a theoretical complaint, it shows up in research on how real SOCs work. A study by the University of Oxford based on surveys and interviews with SOC practitioners found they “confirmed the high” false-positive rates of tools in use, and that many “false positives” are actually benign triggers…
-
5 trends that should top CISO’s RSA 2026 agendas
Tags: access, ai, attack, authentication, backup, business, cio, ciso, cloud, conference, control, corporate, cryptography, cyber, cybersecurity, data, defense, detection, edr, finance, framework, governance, group, healthcare, identity, incident response, intelligence, network, okta, resilience, risk, saas, service, skills, software, strategy, tactics, technology, threat, tool, training, update, vulnerability, zero-trustCTEM in the spotlight: In another evolutionary trend, most organizations are moving beyond scanning for software snafus to continuous threat exposure management (CTEM). By doing so, security teams hope to get a full picture of all assets, as well as their configurations, locations, software vulnerabilities, ownership, and business criticality.Armed with this data, CTEM platforms look…
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
Poisoning AI Training Data
All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot dogs.” Every word is a lie. I claimed (without evidence) that competitive hot-dog-eating is a popular hobby among tech reporters and based my…
-
Anthropic Facing Allegations from Musk Over Large”‘Scale Data Misuse
Tech billionaire Elon Musk has publicly condemned the artificial intelligence firm Anthropic, accusing the company of massive data theft and hypocrisy. This confrontation follows Anthropic’s recent claims that competing Chinese artificial intelligence models unlawfully extracted training data from its flagship Claude model. The Distillation Controversy Earlier this week, Anthropic published a report accusing Chinese AI…
-
TDL 016 – Speed, Risk, and Responsibility in the Age of AI – Rafael Ramirez
Tags: access, ai, antivirus, automation, awareness, business, ciso, cloud, control, country, cyber, data, defense, detection, dns, firewall, governance, government, hacker, ibm, incident response, intelligence, Internet, law, linkedin, login, mfa, microsoft, network, risk, saas, service, skills, software, startup, strategy, technology, threat, tool, training, update, vulnerability, windows, zero-trustSummary In a recent episode of The Defenders Log, host David Redekop sat down with cyber security expert Rafael Ramirez to navigate the rapidly shifting landscape of AI security. As we move deeper into 2026, the duo explored how artificial intelligence has evolved from simple chatbots into powerful, autonomous “agentic” systems. The Double-Edged Sword of…
-
Must-Have Investments for Security-Aware Productive Teams
Explore must-have investments that boost team security, productivity, and collaboration with the right tools, training, and infrastructure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/must-have-investments-for-security-aware-productive-teams/
-
NDSS 2025 Try to Poison My Deep Learning Data? Nowhere To Hide Your Trajectory Spectrum!
Session 12D: ML Backdoors Authors, Creators & Presenters: Yansong Gao (The University of Western Australia), Huaibing Peng (Nanjing University of Science and Technology), Hua Ma (CSIRO’s Data61), Zhi Zhang (The University of Western Australia), Shuo Wang (Shanghai Jiao Tong University), Rayne Holland (CSIRO’s Data61), Anmin Fu (Nanjing University of Science and Technology), Minhui Xue (CSIRO’s…
-
How synthetic data can help solve AI’s data crisis
As AI demand outpaces the availability of high-quality training data, synthetic data offers a path forward. We unpack how synthetic datasets help teams overcome data scarcity to build production-ready AI. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-synthetic-data-can-help-solve-ais-data-crisis/
-
HackerOne ‘updating’ Ts&Cs after bug hunters question if they’re training AI
CEO lauds security researchers, insists they’re not ‘inputs’ First seen on theregister.com Jump to article: www.theregister.com/2026/02/18/hackerone_ai_policy/
-
A new approach for GenAI risk protection
Solution 1: GenAI enterprise model: Implement enterprise licenses for approved GenAI solutions (such as ChatGPT Enterprise or Microsoft CoPilot 365, which is integrated into existing O365 tenants). Enterprise GenAI solutions typically include a robust set of built-in security tools that allow organizations to secure their data and implement DLP controls within the enterprise GenAI solution…
-
The new paradigm for raising up secure software engineers
Tags: ai, application-security, awareness, ceo, ciso, compliance, control, cyber, data, governance, login, risk, skills, software, threat, tool, training, vulnerabilityThreat modeling as a core competency: This system-level thinking should also elevate the need for greater developer fluency in threat modeling, says Yasar. He notes that threat modeling has historically been difficult for product security and engineering teams to operationalize at scale. One of the longstanding barriers to practical threat modeling was the knowledge required…
-
Next Gen Spotlights: Trailblazing A Mindful, People-First Approach to Cyber QA with Cyber Innovations Ltd.
Cyber Innovations is a UK-based cyber company specialising in human-centred cyber resilience. Cyber Innovations have developed research-backed training, tools and frameworks designed to help organisations respond more effectively to cyber incidents, while reducing cognitive overload, limiting human error and minimising longer-term impacts on staff wellbeing. Cyber Innovation’s early work, particularly the development of CyGamBIT, was…
-
CISO Julie Chatman offers insights for you to take control of your security leadership role
Tags: access, ai, attack, awareness, breach, business, ciso, control, crowdstrike, cyber, cybersecurity, deep-fake, email, finance, firewall, government, healthcare, infrastructure, law, military, office, phishing, risk, service, skills, supply-chain, technology, threat, training, updateFirst, the hopes-and-dreams budget: What would it take to close all the known gaps and operate proactively?Second, the could-live-with-this budget: What’s realistic and gets you to acceptable risk levels?Third, the I-think-I’m-going-to-resign budget: Because you can see a breach coming and you don’t want your name attached to it.You probably won’t end up at that last…
-
CISO Julie Chatman offers insights for you to take control of your security leadership role
Tags: access, ai, attack, awareness, breach, business, ciso, control, crowdstrike, cyber, cybersecurity, deep-fake, email, finance, firewall, government, healthcare, infrastructure, law, military, office, phishing, risk, service, skills, supply-chain, technology, threat, training, updateFirst, the hopes-and-dreams budget: What would it take to close all the known gaps and operate proactively?Second, the could-live-with-this budget: What’s realistic and gets you to acceptable risk levels?Third, the I-think-I’m-going-to-resign budget: Because you can see a breach coming and you don’t want your name attached to it.You probably won’t end up at that last…
-
Finding a common language around risk
Tags: ceo, cio, ciso, corporate, cyber, cybersecurity, defense, framework, governance, guide, intelligence, lessons-learned, metric, monitoring, phishing, ransomware, risk, risk-management, service, strategy, supply-chain, technology, threat, tool, training, updateBuilding one culture from three languages: The Organizational Risk Culture Standard (ORCS) offers something most frameworks miss: it treats culture as the foundation, not the afterthought. You can’t bolt culture onto existing processes and call it done. Culture is how people actually think about risk when no one is watching. It’s the shared beliefs that…