< ciso
brief />
Tag Banner

All news with #ai compliance tag

26 articles

CREST launches AI charter for cybersecurity use

🔒 Over 70 cybersecurity organisations have signed the new CREST AI Charter, launched on July 9, committing to nine principles governing AI-enabled cybersecurity activities. The charter covers accountability and governance, transparency of use, documentation and auditability, boundaries and control, data handling and sovereignty, security and confidentiality, secure development, supply chain assurance and resilience. Signatories will maintain human oversight, document AI use, disclose data practices and implement secure development and supply chain controls. CREST intends the charter as a self-regulatory foundation to drive standards and harmonisation across industry and regulators.
read more →

AI Governance Needs New Rules and Enterprise Leadership

🔒 This piece argues that the AI era is fundamentally different from prior technology waves and that organisations must adopt holistic, enterprise-wide governance rather than treating AI as solely a cybersecurity issue. The author emphasizes operational integrity, transparency, accountability, and the need for guardrail-style governance to enable safe innovation. It urges leaders to start building practical governance frameworks now and to involve CEOs, boards, and business units alongside security teams.
read more →

Bill would require mandatory AI incident reporting

📝 A proposed AI Incident Reporting Act would obligate developers of designated high-capability models to report major safety and security incidents to the Commerce Department. Reports would be required within seven days of discovery, with 48-hour notifications to congressional leaders for imminent or ongoing serious harm. The bill tasks the Secretary of Commerce with defining capability thresholds and grants the department investigative and enforcement powers, including fines up to $2 million per violation.
read more →

Debating a Sovereign AI Wealth Fund for Public Good

📝 The authors critique Senator Bernie Sanders’s proposal for a US sovereign wealth fund that would take large equity stakes in AI firms. They agree on the need for public influence and redistribution of AI-generated wealth but warn public ownership can entangle government incentives with corporate profit. Instead, they recommend taxation (e.g., datacenter or AI token taxes) and a public AI option like Switzerland’s Apertus to promote transparency, sustainability and democratic control.
read more →

White House EO Aligns AI Policy with Cybersecurity

🔒 The White House Executive Order on advanced AI seeks practical public–private coordination to address AI-driven cyber risks while preserving innovation. It prioritizes voluntary model assessments, improved federal defenses, faster vulnerability discovery and remediation, and expanded cybersecurity talent. Successful implementation will hinge on operationalizing AI-assisted defense, translating insights into timely guidance and mitigations, and supporting resource-constrained critical infrastructure operators.
read more →

US issues voluntary frontier AI pre-release review order

🛡️ The Trump administration has issued an executive order establishing a voluntary framework for developers of powerful AI models to submit a "covered frontier model" to US agencies for up to 30 days of cybersecurity review before wider release. The order explicitly forbids mandatory licensing or preclearance, tasks NSA, CISA and NIST with creating a classified benchmark to define covered models, and directs agencies to harden federal systems and expand AI-enabled defensive tools for smaller operators. It also creates an AI cybersecurity clearinghouse under the Treasury and leaves effectiveness dependent on possible future congressional action.
read more →

GDPR’s legacy and the coming AI regulatory battles

📰 Over eight years GDPR set global data-protection norms, notably the 72-hour breach notification standard, but nearly 40% of announced EU fines by value are annulled or under appeal. Experts say large tech firms contesting fines isn’t surprising and that rulings provide practical guidance for compliance teams. As the EU’s AI Act and proposed GDPR reforms arrive, regulators must shore up procedural robustness while organisations adapt governance to evolving AI risks.
read more →

AI-Enabled Sanctions Evasion Raises Governance Risks

🛡️ New RUSI research warns that adversaries, notably North Korea and Iran, are moving from AI-assisted to AI-enabled sanctions evasion and proliferation financing. The report highlights AI’s ability to mass-produce fraudulent documents, automate shell-company administration, and analyze blockchain flows to evade detection. Experts urge enterprises to adopt behavior-based analytics, defensive AI, stronger identity verification and updated training to counter these evolving threats.
read more →

Measuring AI Security: Limits of Benchmarks and Assurance

🔒 AI security cannot be reduced to a single benchmark. Over the past 30 years software security evolved from black‑box penetration testing to white‑box analysis and process-driven standards such as BSIMM, and the report argues that AI requires a similar assurance-first approach. Benchmarks fail to capture emergent, systemic properties, so organizations should clean up their WHAT piles, adopt risk-based processes, and accept that there is no simple security meter for AI.
read more →

AI Adoption Outpaces Safety Policies, Raising Systemic Risk

🛡️ New ISACA research finds AI tools are widely used in organizations, but governance is lagging. Ninety percent of digital trust professionals say employees use AI, yet only 38% report a formal, comprehensive AI policy while 25% have none at all. The poll highlights rising Shadow AI risks, with 56% unsure how long it would take to halt an AI system and only 20% having shutdown procedures, increasing exposure to data breaches and privacy failures.
read more →

Why AI Projects Stall After the Demo: Operational Gaps

🔍 Demos often hide the operational friction that causes many AI initiatives to stall once they move into production. What succeeds in a controlled presentation—clean data, crafted prompts, and fast isolated responses—rarely maps to fragmented security and IT environments with noisy inputs, latency constraints, and numerous edge cases. Teams that validate tools against real workflows, measure accuracy and latency under load, prioritize deep integration, clarify cost models, and embed governance early are far more likely to turn a promising demo into sustained production value.
read more →

Closing the Gap Between AI Adoption and Security in 2026

🔒 The 2026 AI Cybersecurity Summit addresses the widening gap between rapid AI adoption and lagging security by focusing on practical, deployment-stage risk management. Speakers and sessions will explore visibility, governance, and layered protections across GenAI tools, custom models, APIs, and agentic systems. Attendees will receive operational guidance to secure AI as it moves from experimentation to production. The summit emphasizes integrating security, infrastructure, and operations to reduce accumulating risk.
read more →

EC-Council Adds Four AI Certifications and CISO v4

🔐 EC‑Council launched its Enterprise AI Credential Suite, introducing four role-aligned certifications—Artificial Intelligence Essentials (AIE), Certified AI Program Manager (CAIPM), Certified Offensive AI Security Professional (COASP), and Certified Responsible AI Governance & Ethics (CRAGE)—alongside an updated Certified CISO v4. The suite is structured around the proprietary Adopt, Defend, Govern (ADG) framework to build practical capability across AI adoption, security, and governance. EC‑Council positions the expansion as a response to growing AI risk exposure and a pronounced workforce reskilling gap.
read more →

Buyer’s Guide: Governing Real-Time AI Usage Control

🔒 The Buyer’s Guide for AI Usage Control warns that AI adoption has far outpaced visibility and governance, producing a widening gap as AI is embedded across SaaS, browsers, copilots, extensions and shadow tools. It reframes the problem as an interaction issue rather than solely a data or app problem, and positions AI Usage Control (AUC) as a distinct governance layer that must discover and enforce policy at the moment of interaction. The guide outlines four operational stages—Discovery, Interaction Awareness, Identity & Context, and Real-Time Control—and stresses that architectural fit, operational overhead, and user experience are decisive factors when selecting a solution.
read more →

Google's AI crawler policy and publisher control debate

⚖️ Cloudflare welcomes the UK CMA’s consultation on proposed conduct requirements for Google but argues the measures do not go far enough to protect publishers and competition. Cloudflare’s analysis shows Googlebot accesses substantially more unique pages than other AI crawlers, giving Google an entrenched advantage that can undercut publisher revenue. The company urges mandatory crawler separation so sites can permit search indexing while blocking use of content for generative AI, restoring publisher choice and enabling fairer market competition.
read more →

Microsoft Named Leader in IDC AI Governance Report

🔒 Microsoft was named a Leader in the 2025–2026 IDC MarketScape for Worldwide Unified AI Governance Platforms, recognizing its integrated approach to governing generative, agentic, and traditional ML across hybrid and multicloud environments. The company emphasizes centralized control, observability, and automated compliance through Microsoft Foundry, Agent 365, Purview, Entra, and Defender. Backed by the Responsible AI standard and an Office of Responsible AI, Microsoft highlights built-in transparency, fairness, explainability, and real-time security protections for regulated enterprises.
read more →

SEC Committee’s Proposed AI Disclosure Rule: Details Matter

🏛️ The SEC Investor Advisory Committee has proposed a rule that would require public companies to analyze and disclose material AI efforts, including choices not to deploy or underinvest in AI. The draft would let issuers self-define “AI” and then consistently apply that definition across filings, disclosures, and governance documents. Legal and industry observers say the mandate could force boards and executives to scrutinize AI use and governance more closely, but they warn that inconsistent definitions, boilerplate language, and gaps such as shadow IT could render filings less useful to investors.
read more →

Preventing AI Technical Debt Through Early Governance

🛡️ Organizations must build AI governance now to avoid repeating past technical debt. The article warns that rapid AI adoption mirrors earlier waves — cloud, IoT and big data — where innovation outpaced oversight and created security, privacy and compliance gaps. It prescribes pragmatic controls like classification and ownership, baseline cybersecurity, continuous monitoring, third‑party due diligence and regular testing. The piece also highlights the accountability vacuum from agent AIs and urges business‑led governance and clear executive responsibility.
read more →

AI Requires Difficult Choices: Regulatory Paths for Democracy

🧭 The piece argues that AI forces a societal reckoning similar to the arrival of social media: it can amplify individual agency but also concentrate control and harm democratic life. The authors identify four pivotal choices for executives and courts, Congress, states, and everyday users—centering on legal accountability, privacy and portability, reparative taxation, and consumer product choices. They urge proactive, aligned policy and civic action to avoid repeating past mistakes and to steer AI toward public-good outcomes.
read more →

How AI Is Reshaping Enterprise GRC and Risk Control

🔒 Organizations must update GRC programs to address the rising use and risks of generative and agentic AI, balancing innovation with compliance and security. Recent data — including Check Point's AI Security Report 2025 — indicate roughly one in 80 corporate requests to generative AI services carries a high risk of sensitive data loss. Security leaders are advised to treat AI as a distinct risk category, adapt frameworks like NIST AI RMF and ISO/IEC 42001, and implement pragmatic controls such as traffic-light tool classification and risk-based inventories so teams can prioritize highest-impact risks without stifling progress.
read more →