< ciso
brief />
Tag Banner

All news with #ai governance tag

296 articles

CREST launches AI charter for cybersecurity use

🔒 Over 70 cybersecurity organisations have signed the new CREST AI Charter, launched on July 9, committing to nine principles governing AI-enabled cybersecurity activities. The charter covers accountability and governance, transparency of use, documentation and auditability, boundaries and control, data handling and sovereignty, security and confidentiality, secure development, supply chain assurance and resilience. Signatories will maintain human oversight, document AI use, disclose data practices and implement secure development and supply chain controls. CREST intends the charter as a self-regulatory foundation to drive standards and harmonisation across industry and regulators.
read more →

Gemini Enterprise for Education Named a Commander

🚀 Gemini Enterprise for Education has been named a Commander in the Tambellini StarChart™: 2026 AI Agents for Administrative Efficiency—Agent Platforms, ranking first in innovation and usability. The platform unifies Gemini models, agent-building tools, enterprise search, governance controls, and Google Cloud infrastructure to help institutions automate administrative workflows, support students, and enable research. Customers such as UC Riverside and Purdue report measurable operational and educational benefits from the integrated, governed agentic solution.
read more →

The modern CISO is becoming the next CFO

🛡️ The role of the CISO is evolving from a technical operator into a broad, enterprise-level executive responsible for cyber resilience, regulatory compliance, AI governance and business risk. As cyber risk becomes business risk, organizations are expanding security leadership—adding deputy CISOs and specialized teams—while keeping centralized accountability. The author argues the CISO should report independently (e.g., to the CEO, COO or CRO) and that AI increases the need for clear human accountability.
read more →

Agentic AI Exposes Zero Trust Blind Spots

🤖 Stephen Wilson of HashiCorp describes agentic AI as “really smart kindergartners” — capable of execution but lacking judgment. This mismatch strains traditional zero trust models that authenticate humans and grant privileges gradually, because agents can be created and destroyed rapidly. Organizations often respond by lowering controls, risking incidents such as accidental deletion of production data. Wilson argues this will force necessary long-term improvements like zero standing privilege and dynamic credentials while keeping humans "on the loop."
read more →

Operationalizing agentic AI: From assistants to operators

🤖 Stephen Wilson of HashiCorp explains how enterprise AI is evolving from human-assisted tools to autonomous agents and operators, and why governance must mature accordingly. He describes three adoption patterns—AI as assistant, AI as agent, and AI as operator—and details the increasing needs for identity, access controls, auditability, and accuracy at each stage. As organizations grant agents more autonomy, security controls must expand from user-level boundaries to team and organizational governance.
read more →

AI Governance Needs New Rules and Enterprise Leadership

🔒 This piece argues that the AI era is fundamentally different from prior technology waves and that organisations must adopt holistic, enterprise-wide governance rather than treating AI as solely a cybersecurity issue. The author emphasizes operational integrity, transparency, accountability, and the need for guardrail-style governance to enable safe innovation. It urges leaders to start building practical governance frameworks now and to involve CEOs, boards, and business units alongside security teams.
read more →

NCA warns parents on risks of AI-generated content

🔒 The National Crime Agency (NCA) and Internet Watch Foundation (IWF) have launched a campaign to warn parents about the dangers of oversharing images and videos of their children online. The IWF reported a dramatic rise in AI-generated child sexual abuse material in 2025, prompting social media outreach and new guidance to help parents manage image consent and protect children. The campaign includes advice on privacy settings, discussing consent with family and schools, and steps to take if abuse is suspected.
read more →

AI Reveals a Validation Gap in Cybersecurity Skills

🔍 The article argues that cybersecurity faces a validation gap rather than a simple skills shortage, stressing that theoretical training and certifications can’t replicate real-world experience. It highlights risks from rapid AI deployment without governance, and notes many organizations lack visibility into AI breaches. The author advocates building continuous, hands-on cyber ranges with AI Proving Grounds, realistic environments, and post-exercise analysis to nurture and validate talent.
read more →

AWS Artifact adds AI-driven Assurance Assistant

🔍 AWS Artifact now offers Assurance Assistant, an AI-powered feature that provides citation-backed answers to security and compliance questions about AWS services. It supports single-question mode and bulk questionnaire uploads (XLSX) including CAIQ, SIG, and custom DDQs. Responses include citations from SOC reports, ISO certifications, and C5 attestations and can be exported with or without citations. Two new IAM managed policies control access: AWSArtifactComplianceInquiriesReadOnlyAccess and AWSArtifactComplianceInquiriesFullAccess.
read more →

2026 Cybersecurity Assessment Reveals Resilience Gap

🔍 The 2026 Bitdefender Cybersecurity Assessment surveyed 1,200 IT and security professionals across six countries and found striking contradictions between awareness and operational resilience. Leaders often overestimate visibility into AI use, while frontline staff report gaps. Organizations agree reducing the attack surface is critical but face policy, resource, and disruption concerns. Many report pressure to conceal breaches despite acknowledging the importance of transparency.
read more →

AI Transforms Capabilities of Video Surveillance

🛰️ The Financial Times reports on how AI is transforming video surveillance, drawing on examples from Israel, Iran and Russia. These AI tools let analysts ask natural-language questions of video streams rather than rely on limited preset searches. Analysts can now search for behaviors—such as two people exchanging a bag, repeated vehicle movements, or changes in appearance—creating new investigative possibilities. Officials call this shift a major advancement in surveillance capability.
read more →

Shadow AI: Timing, Not Just Tools

🛡️ Most AI policies are written for the future while employees use AI now, creating a temporal gap that produces shadow AI. Security often learns of risky interactions only after prompts, uploads, or actions have occurred, making after-the-fact visibility insufficient. Effective governance must reach the moment of use, combining permission with contextual judgment and offering fast, practical controls that match employee workflows.
read more →

2026 Agent Confidence Index: Builders’ Trust Map

📊 The 2026 Agent Confidence Index summarizes findings from a survey of 300 technical experts across AI, data, and cloud domains, identifying where AI agents are already trusted and where confidence remains nascent. The analysis highlights high-confidence wins—automated report generation, boilerplate code creation, certificate renewal, and monitoring—while noting complex tasks like service mesh configuration remain frontier challenges. The piece frames trust, human oversight, and lifecycle evaluations as essential to safe delegation and enterprise adoption.
read more →

Guardian Agents: The Next Layer of Identity

🛡️ This guide examines how agentic AI shifted enterprise identity risks and why existing IAM controls fall short. It explains how AI agents inherit human permissions, traverse systems at machine speed, and create an expanding population of autonomous identities often deployed without security review. The piece outlines the guardian agent concept: a purpose-built runtime control layer that inventories agents, baselines behavior, detects anomalies, and enforces least-privilege at execution time to close the governance gap.
read more →

Bill would require mandatory AI incident reporting

📝 A proposed AI Incident Reporting Act would obligate developers of designated high-capability models to report major safety and security incidents to the Commerce Department. Reports would be required within seven days of discovery, with 48-hour notifications to congressional leaders for imminent or ongoing serious harm. The bill tasks the Secretary of Commerce with defining capability thresholds and grants the department investigative and enforcement powers, including fines up to $2 million per violation.
read more →

Mythos and Frontier AI: Practical Implications for CISOs

🔎 The article argues that frontier AI models like Mythos are a signal of shifting cyber economics rather than an immediate, novel threat. It emphasizes that longstanding security fundamentals—asset visibility, patching, identity controls and resilient operations—remain the primary defenses. The author advocates using AI to accelerate analysis, prioritize remediation and close persistent control gaps rather than replacing skilled practitioners or prompting reactive, headline-driven spending.
read more →

Ten years of the GDPR: mixed outcomes and lessons

📄 Ten years after the GDPR came into force, data protection is far more established across Europe and beyond, raising consumer awareness and making privacy a competitive factor for businesses. Record fines against major tech firms underline enforcement seriousness, even as many penalties remain disputed. Companies increasingly view the regulation as burdensome and legally uncertain, complicating innovation, notably in AI development.
read more →

Bedrock models gain FedRAMP High and DoD IL-4/5 approval

🚨 Amazon Bedrock now offers OpenAI GPT, OpenAI GPT OSS, and NVIDIA Nemotron models approved for FedRAMP High and DoD CC SRG IL-4/IL-5 in AWS GovCloud (US), enabling compliant generative AI deployments for federal and public sector customers. These models run on Mantle, Bedrock’s distributed inference engine, providing serverless, high-performance inference with zero operator access and OpenAI API compatibility. Agencies and enterprises with stringent compliance needs can use Bedrock in GovCloud to build and scale secure AI applications.
read more →

AI Liability and the Publisher–Carrier Distinction

📰 The German court found Google liable for AI-generated search summaries, rejecting defenses that users should verify AI output themselves. This ruling highlights the historical distinction between carriers and publishers and argues that AI summaries act like editorial content. Past cases, like Air Canada’s chatbot ruling, reinforce that organizations are responsible for their AI agents. The decision could force companies to improve AI accuracy or curtail certain commercial uses.
read more →

Balancing AI Oversight and Rapid Enterprise Innovation

🚦CIOs face intense pressure to deploy AI quickly while managing novel risks and proving ROI. Leaders must balance speed with governance, building guardrails that enable innovation without creating bottlenecks. Organizational design — with clear separation between adopters and oversight — plus risk-based decision frameworks and vendor due diligence are essential. Practical maturity models and governed platforms help scale AI safely across the enterprise.
read more →