Tag: training
-
When AI Finds a Way Out: The Alibaba Incident and Why Zero Trust Matters More Than Ever
Tags: access, ai, control, cybersecurity, data-breach, detection, firewall, flaw, identity, malware, network, software, threat, training, zero-trustThe incidentIn cybersecurity, the most important lessons rarely come from theory, but reality.A recent incident involving an experimental AI agent in the Alibaba ecosystem is one of those moments that forces us to pause and rethink some of our core assumptions. During what should have been just model training, the Alibaba AI agent began behaving…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
CMMC compliance in the age of AI
Tags: access, ai, automation, awareness, business, compliance, control, data, detection, email, governance, government, grc, metric, risk, tool, trainingThe primary readiness gap: data scope awareness: Central to preparation is gaining a complete understanding of the data subject to CMMC 2.0 controls. Many organizations are still struggling to define the full scope of systems, workflows and third-party relationships that process or store CUI. When contractors conduct detailed CMMC-focused data inventories, it’s common that they’ll…
-
AI Security Risks: How Enterprises Manage LLM, Shadow AI and Agentic Threats FireTail Blog
Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, conference, control, cybersecurity, data, data-breach, detection, email, endpoint, exploit, finance, framework, gartner, GDPR, governance, guide, infrastructure, injection, LLM, malicious, microsoft, monitoring, network, nvidia, office, regulation, risk, saas, software, threat, tool, training, vulnerabilityApr 08, 2026 – – Quick Facts: Enterprise AI Security Most enterprises are running AI at scale before their security teams have visibility into it. Shadow AI (unsanctioned AI tools spreading department by department) is now the most common entry point for data leakage. Agentic AI introduces a new category of risk: autonomous systems that…
-
LLM-generated passwords are indefensible. Your codebase may already prove it
Temperature is not a remedy: A reflexive objection from practitioners familiar with LLM configuration holds that increasing sampling temperature would attenuate these distributional biases by flattening the probability landscape from which characters are drawn. Irregular’s empirical results are unambiguous in refuting this intuition. Testing conducted at temperature 1.0, the maximum setting on Claude, produces no…
-
Google study finds LLMs are embedded at every stage of abuse detection
Online platforms are running large language models at every stage of LLM content moderation, from generating training data to auditing their own systems for bias. Researchers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/07/google-llm-content-moderation/
-
Escaping the COTS trap
IAMGRCIGAThreat detection platformMost enterprises like them because:They already “work.”They deploy easily and quickly.Reduced long-term expenditure as promised by vendors.At a glance, these benefits are compelling. The challenges arise when the software becomes more than a tool and starts shaping the architecture itself. Emerging dynamics: AI and the next wave of lock-in: Artificial intelligence represents both…
-
12 cyber industry trends revealed at RSAC 2026
Tags: access, ai, application-security, authentication, awareness, business, ciso, cloud, control, cyber, cybersecurity, data, deep-fake, defense, detection, edr, endpoint, firewall, gartner, governance, identity, infrastructure, insurance, metric, microsoft, monitoring, mssp, phishing, programming, risk, risk-management, service, siem, skills, soc, software, startup, technology, threat, tool, trainingLegacy security vendors have the inside track on AI, for now: As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors, at least in the short term. This may buy legacy security vendors a bit, but not much time.Remember what happened in the cloud…
-
Are We Training AI Too Late?
Ask the Expert: Cybersecurity teams need to expand their field of view to include new, unique threat sources, rather than relying on past, proven threat actors. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-analytics/are-we-training-ai-too-late
-
9 ways CISOs can combat AI hallucinations
Tags: access, ai, breach, ciso, compliance, control, corporate, cybersecurity, data, defense, encryption, flaw, framework, GDPR, governance, identity, metric, penetration-testing, regulation, risk, soc, tool, trainingTreat AI outputs as drafts, not finished products: One of the biggest risks is over-trusting AI, according to security experts. Coté says her organization changed its policy so AI-generated content cannot go straight into compliance documentation without a human review.”The moment your team starts treating an AI-generated answer as a finished work product, you have…
-
Malware detectors trained on one dataset often stumble on another
Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the malware arriving … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/cross-dataset-malware-detection-research/
-
8 ways to bolster your security posture on the cheap
Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
-
6 key takeaways from RSA Conference 2026
Tags: ai, api, attack, ceo, cio, ciso, compliance, conference, control, cyber, cybersecurity, data, framework, google, governance, government, identity, infrastructure, injection, intelligence, jobs, LLM, office, RedTeam, regulation, risk, saas, service, technology, threat, tool, trainingSecuring the AI stack: Yes, but the threat surface has grown: The first technical priority I offered for CISOs in my conference preview was securing the AI stack, RAG workflows, LLM data pipelines, vector databases, and model APIs, on the basis that prompt injection, training data poisoning, and model inversion attacks were no longer theoretical.The…
-
Cybersecurity AI Awareness Training for Texas Government Agencies: How Kratikal’s Threatcop Meets the DIR Mandate
The last few big cyberattacks on government organizations all have one thing in common. They started because of something a person did wrong, not because of technology. These cyberattacks occur when an employee clicks a link in an email or answers a strange phone call. Sometimes they even give away information by mistake. So technology……
-
8 steps CISOs can take to empower their teams
Once when we were rolling out a well-known EDR tool, I knew the settings weren’t tight enough, nor were the received updates applied fast enough. So I asked two people to own this, come up with suggestions for tightening the screws, and guarantee a successful rollout on multiple OSes in parallel. The phased approach took…
-
The CISO’s guide to responding to shadow AI
Tags: ai, breach, business, ciso, cybersecurity, data, governance, guide, mitigation, privacy, risk, strategy, technology, tool, training, updateUnderstand why AI is being used: If CISOs want to manage shadow AI effectively, they need to understand why it keeps popping up. The immediate reaction may be to shut down the use of shadow AI, but there must be more to the response than that.”Our focus is understanding why they’re using it, educating them…
-
AI Has Created a New Attack Surface and Encryption Is Not Enough
Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
-
AI Has Created a New Attack Surface and Encryption Is Not Enough
Tags: access, ai, attack, ciso, cryptography, cybersecurity, data, data-breach, defense, encryption, endpoint, exploit, framework, injection, intelligence, leak, LLM, microsoft, mitigation, network, risk, service, side-channel, sql, training, vulnerability<div cla Executive Insight For decades, enterprises relied on strong encryption to protect sensitive data in transit, and encryption used to be the end of the conversation. If an organization could say “we use TLS 1.3 and modern cipher suites,” that was enough to reassure boards, regulators, and customers that data in transit was…
-
AI is breaking traditional security models, Here’s where they fail first
AI triage redefines the security team’s role : As AI systems increasingly triage vulnerabilities with high confidence, security teams face a subtle but consequential shift in responsibility. People no longer debate whether AI can reduce noise. It demonstrably can. The harder question is which responsibilities remain with security teams once triage is automated. Are they accountable for…
-
Training an AI agent to attack LLM applications like a real adversary
Most enterprise software development teams now ship AI-powered applications faster than traditional penetration testing can keep up with. A security team with 500 applications … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/25/novee-ai-pentesting-agent/
-
Why your phishing simulations aren’t building a security culture
Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/25/security-culture-training-video/
-
Training effective models without the annotation budget
Learn how to bypass costly annotation workflows by using LLM-generated labels and lightweight fine-tuning to build high-quality NER models with minimal human input. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/training-effective-models-without-the-annotation-budget/
-
Autonomous AI adoption is on the rise, but it’s risky
Big risk, big reward: Herein lies the rub: AI experts see huge potential advantages with autonomous AI, with the possibility of creating huge workplace efficiencies, but the risks are substantial.Riley acknowledges both security concerns and the potential for agentic AI to take actions that users didn’t anticipate. While users haven’t yet seen autonomous AI able…
-
QA: “If It’s Not Secure, You Can’t Trust It”
Dewayne Hart brings frontline cyber experience to a field increasingly defined by speed, risk and constant change. A former U.S. Navy Chief Petty Officer with over two decades in defence systems and leadership training, he now works at the intersection of cybersecurity, business strategy and workforce readiness. As founder of Secure Managed Instructional Systems, Hart…
-
QA: “If It’s Not Secure, You Can’t Trust It”
Dewayne Hart brings frontline cyber experience to a field increasingly defined by speed, risk and constant change. A former U.S. Navy Chief Petty Officer with over two decades in defence systems and leadership training, he now works at the intersection of cybersecurity, business strategy and workforce readiness. As founder of Secure Managed Instructional Systems, Hart…