< ciso
brief />
Tag Banner

All news with #ai governance tag

298 articles · page 2 of 15

AI Liability and the Publisher–Carrier Distinction

📰 The German court found Google liable for AI-generated search summaries, rejecting defenses that users should verify AI output themselves. This ruling highlights the historical distinction between carriers and publishers and argues that AI summaries act like editorial content. Past cases, like Air Canada’s chatbot ruling, reinforce that organizations are responsible for their AI agents. The decision could force companies to improve AI accuracy or curtail certain commercial uses.
read more →

Balancing AI Oversight and Rapid Enterprise Innovation

🚦CIOs face intense pressure to deploy AI quickly while managing novel risks and proving ROI. Leaders must balance speed with governance, building guardrails that enable innovation without creating bottlenecks. Organizational design — with clear separation between adopters and oversight — plus risk-based decision frameworks and vendor due diligence are essential. Practical maturity models and governed platforms help scale AI safely across the enterprise.
read more →

Five Eyes urge CSOs to update cyber risk strategies now

🔒 The Five Eyes cybersecurity agencies warn that rapidly advancing AI capabilities are already reshaping offensive and defensive cyber operations and urge CSOs to treat cyber risk as core business risk. They recommend prioritizing secure-by-design practices, defense in depth, rapid patching, reduced attack surface, stronger identity controls, and testing breach responses. Some experts call the guidance too general or overdue but agree it reinforces the need for executive alignment and urgent action.
read more →

Anthropic’s Fable and the State of AI Safety

📰 On June 9, Anthropic released the Fable model; days later the US classified it as a dangerous munition and used export controls to block foreign access, prompting Anthropic to cut access entirely. Fable is a constrained variant of Mythos and reportedly excels at finding and exploiting vulnerabilities, but similar capabilities have been replicated using smaller models with improved harnesses. The core issue is not a single model but rising general AI capability and the lack of collective, global governance to manage associated risks.
read more →

Security considerations for adopting Claude in SMBs

🔒 As SMBs adopt Claude, security leaders must quickly map which Claude products and plans are appropriate and control the blast radius. Understand plan differences—Team vs Enterprise—and apply an agile approval process for provisioning. Risk-rank features, phase enablement, and tightly manage API keys and access. Maintain data governance, monitor web search egress, and complement Anthropic controls with internal tooling and vendor collaboration.
read more →

Estonia Proposes Government IDs for AI Agents

🛡️ The Estonian AI Council proposes government-backed digital identities for AI agents to define delegated powers and responsibilities. Prime Minister Kristen Michal emphasized that clear attribution, rights, and accountability are essential as AI increasingly acts on behalf of people and organizations. The ID could specify permissions such as data viewing, document editing, or making payments with defined limits. Estonia aims to leverage its digital ID leadership and become the first country to formalize agent identities.
read more →

US Government's Expanding Use of AI Raises Oversight Questions

📰 The Trump administration disclosed an inventory of 3,611 active or planned AI use cases across the federal government, a 70% increase from the Biden-era list, including controversial proposals ranging from grant screening to inmate risk assessment and nuclear reactor control. The brief disclosures lack meaningful context, public consultation, and consistent impact labeling, limiting oversight. The authors argue for rigorous transparency, public comment, and risk assessment frameworks, citing France and Canada as stronger models, while acknowledging some beneficial uses like machine translation.
read more →

Five AI Risk Frameworks to Shore Up Critical Gaps

🧭 Organizations integrating AI find legacy risk frameworks insufficient and are turning to AI-specific guidance. New standards and frameworks offer structured approaches for governance, technical controls, threat modeling, and regulatory alignment. Options include ISO/IEC 42001, NIST AI RMF, ENISA FAICP, ISO/IEC 23894, and Google’s SAIF, each addressing different priorities and maturity levels. Choosing the right framework depends on organizational needs and resource constraints.
read more →

AWS Security Agent Adds AI Threat Modeling

🔍 AWS Security Agent, now part of AWS Continuum, introduces an AI-powered threat modeling capability in public preview that automatically generates threat models from design documents or source code. The agent analyzes application architecture, data flows, and trust boundaries to identify threats across all six STRIDE categories and recommends mitigations. Developers can integrate the agent into IDEs such as Kiro and Claude Code for early design-phase assessments, while security teams can perform pre-deployment reviews. The feature is available in all regions supported by AWS Security Agent at no extra cost during the preview.
read more →

AWS streamlines Foundational Technical Review process

✅ AWS Partner Central now accepts SOC 2 Type II audit reports or AWS Well-Architected Framework Reviews (WAFR) to complete the Foundational Technical Review (FTR) in minutes. The process uses AI-powered validation to provide immediate approval or actionable feedback, accelerating access to the qualified software badge, APN program eligibility, co-selling, and funding benefits. Partners with SOC 2 can submit third-party reports; those without can submit WAFR reports from the AWS Well-Architected Tool. The service provides specific AI-generated remediation steps when issues are found, and FTR is available to all partners for solutions deployed on AWS and with AWS Partner Revenue Measurement enabled.
read more →

Experts Urge US to Reconsider Ban on Anthropic Models

🛡️ Over 50 cybersecurity professionals have urged the US government to lift its export-control directive that suspended access to Anthropic’s Mythos 5 and Fable 5 LLMs. The directive, issued on June 12, led Anthropic to suspend access to both models while it complies with the government order, which cited national security concerns tied to alleged guardrail bypass research. The signees argue the ban removes valuable defensive capabilities and call for a transparent, scientific AI risk-assessment process.
read more →

Sovereign Cloud Alone Won’t Solve AI Risk

🔒 European enterprises tested sovereign cloud under regulatory pressure and found residency alone doesn’t equal control. Vendors offer sovereignty features, but practitioners at EIC 2026 emphasized that identity governance — not just data location — determines operational sovereignty for AI workloads. Weak identity controls, especially for non-human AI agents, undermine claims of control despite customer-managed keys or regional data centers.
read more →

Public Sector Security: AI as the New Battlefield

🛡️ At Check Point Engage Public Sector 2026, leaders and practitioners convened to examine how AI is transforming cyber defense and offense for government organizations. Panels highlighted that AI enables automated, fast, and scalable attacks while also becoming core infrastructure for missions. Speakers urged a shift from reactive models to proactive, prevention-first strategies, emphasizing visibility, governance, and workforce controls to secure AI adoption.
read more →

Open Knowledge Format: Portable AI Knowledge Standard

📘 Today Google Cloud introduces the Open Knowledge Format (OKF), an open, vendor-neutral specification that formalizes the LLM-wiki pattern into a portable directory of markdown files with YAML frontmatter. OKF v0.1 defines a small set of conventions so different producers’ wikis can be consumed by agents without translation. The spec is intentionally minimal — one required type field per concept — and is accompanied by reference producer and consumer implementations and sample bundles.
read more →

Debating a Sovereign AI Wealth Fund for Public Good

📝 The authors critique Senator Bernie Sanders’s proposal for a US sovereign wealth fund that would take large equity stakes in AI firms. They agree on the need for public influence and redistribution of AI-generated wealth but warn public ownership can entangle government incentives with corporate profit. Instead, they recommend taxation (e.g., datacenter or AI token taxes) and a public AI option like Switzerland’s Apertus to promote transparency, sustainability and democratic control.
read more →

AI Reveals Cybersecurity’s Missing Health Model

🩺 The author argues that cybersecurity has operated like an emergency room—reactive and crisis-driven—while AI exposes the need for a preventative, continuous-health model. Current frameworks (NIST, MITRE) describe controls and adversaries but not organizational health; the proposed Clinical Cybersecurity Framework treats the enterprise as a living system with vital signs, continuous monitoring, and governance for new risks like AI. This shift reframes the CISO role toward reporting condition and building adaptive capacity.
read more →

Three strategic takeaways from Microsoft Build 2026

🔍 This post summarizes three business-focused takeaways from Microsoft Build 2026 for leaders evaluating AI adoption. It explains how Microsoft is shifting from standalone models to a shared enterprise intelligence layer—Microsoft IQ—that connects business data and processes across systems. The article highlights Azure’s agent platform and Foundry updates for production-grade deployment, governance, and performance, emphasizing that AI is expected to deliver measurable outcomes now.
read more →

Looker Dashboard Agents Bring Conversational BI

🔍 Looker introduces dashboard agents in preview to enable conversational, in-dashboard exploration of BI data. The agent leverages the dashboard’s filters, cross-filters, and curated tiles to provide context-aware answers and can access underlying Explores for additional detail. Analysts can configure the agent with natural-language instructions to align responses with business logic, and the system surfaces intermediate reasoning, cited tiles, and applied filters to build user trust. Admins enable the feature in Looker 26.08.11+ via the Gemini settings.
read more →

Conditions SRE Teams Require Before Trusting AI

🔍 AI agents can help SRE teams with incident response, triage and automation, but trust is granted only when agents demonstrate reliability under real-world stress. Teams need robust observability, explicit guardrails, human-in-the-loop workflows and explainability so recommendations are evidence-backed rather than speculative. Progressive autonomy, post-incident evaluation and compatibility with existing tools are essential for safe adoption.
read more →

Practical defenses for unauthorized workplace AI

🛡️ This article outlines how enterprises can detect and block unauthorized AI tools—ranging from public chatbots like ChatGPT and Claude to meeting recorders and local model runners. It recommends monitoring NGFW/web-filter logs, EDR/EPP and MDM tools, browser policies, DNS reroutes, and application allowlists. The guidance covers detection indicators (domains, executables, SNI, calendar invites) and concrete lockdown steps (category blocks, policy toggles, OAuth restrictions). Emphasis is placed on offering approved alternatives and using layered controls rather than outright bans.
read more →