< ciso
brief />
Tag Banner

All news with #ai governance tag

298 articles · page 3 of 15

Anthropic’s Claude Fable 5 and Mythos 5 Launch

🛡️ Anthropic released Claude Fable 5 publicly on June 9, pairing it with a twin, Claude Mythos 5, that retains strong cybersecurity capabilities for vetted defenders. Fable 5 routes flagged cyber, bio, chemistry, and distillation requests to the weaker Opus 4.8 using safety classifiers, while Mythos 5 keeps those abilities available under trusted access. Both models are priced per input/output tokens and included on paid plans through June 22 before moving to usage credits.
read more →

Measuring the Business Value of Generative AI

🧭 The post explains how technology and finance leaders can demonstrate the business value of generative AI to secure funding and drive adoption. It highlights the DORA: ROI of AI-assisted software development report and its findings, including the common J-curve of early adoption, causes of temporary productivity decline, and the need to budget for a learning phase. The article also describes an interactive ROI calculator and resources to build a defensible AI investment case.
read more →

Widespread AI Coding Use Outpaces Governance

🛠️ Nearly all software teams now use AI coding assistants, yet fewer than a third have formal governance in place. A UserEvidence survey for Black Duck of 831 developers and DevOps pros in March 2026 found 97% adoption but only 30% with full oversight. Popular tools include GitHub Copilot (83%) and Claude Code (63%). Teams report faster releases and an average of eight hours saved per developer weekly, but many face downstream friction in reviews, testing and rework.
read more →

White House EO Aligns AI Policy with Cybersecurity

🔒 The White House Executive Order on advanced AI seeks practical public–private coordination to address AI-driven cyber risks while preserving innovation. It prioritizes voluntary model assessments, improved federal defenses, faster vulnerability discovery and remediation, and expanded cybersecurity talent. Successful implementation will hinge on operationalizing AI-assisted defense, translating insights into timely guidance and mitigations, and supporting resource-constrained critical infrastructure operators.
read more →

Amazon Connect adds AI agent trace visibility

🔍 Amazon Connect Customer now provides AI agent traces for self-service voice interactions, letting operators inspect how AI agents reasoned, acted, and responded during conversations. The feature displays step-by-step traces alongside full transcripts in the Connect web UI so teams can confirm correct behavior, diagnose failures, or spot tool and parameter issues. It is available in all AWS Regions that support Amazon Connect Customer AI Agents and is documented in the Amazon Connect Customer Administrator Guide.
read more →

Hands-on: Microsoft’s Intelligent Terminal for Windows

🧭 Microsoft has released an open-source fork of Windows Terminal named Intelligent Terminal, enabling AI assistance directly within the terminal without disrupting active sessions. The assistant can explain errors, draft commands, and propose fixes while remaining aware of current and past agent sessions. Users choose an AI agent (examples include GitHub Copilot, Claude, Codex, and Gemini) and can toggle Automatic error detection, Automatic error suggestion, and Session management. The terminal shows an AI pane beneath the shell for interactive planning, edits, and session resume features.
read more →

Cloudflare AI Gateway Adds Dollar-Based Spend Limits

🛡️ Cloudflare announces spend controls in AI Gateway, plus a closed beta for identity-driven budgets and routing using Cloudflare Access and existing identity providers. The update introduces dollar-denominated budgets, real-time cost tracking, and options to block or route requests when limits are reached. Identity integration enables per-user and per-team attribution and policies to manage who can access which models and how much they may spend.
read more →

Lloyds’ Practical Playbook for Agentic AI Security

🛡️ Lloyds Banking Group treats agentic AI as an engineering problem to be designed, constrained and tested at scale. At OWASP’s GenAI Security Summit, Lloyds’ security leads explained an “AI safe adoption” strategy spanning lifecycle governance, an internal agent marketplace, and multidisciplinary feature teams. Key challenges include agent identity, runtime observability and automated red‑teaming, while prioritizing low‑risk, high‑value use cases for customers.
read more →

OWASP Agentic AI Security Maturity Model Released

🛡️ The Open Worldwide Application Security Project (OWASP) published a new agentic AI security maturity framework in the GenAI Security Project paper "State of Agentic AI Security and Governance" on June 3, and introduced it at Infosecurity Europe 2026 on June 4. The Enterprise Adoption Maturity Model maps deployments (from shadow AI to multi-agent systems) against governance maturity (from ad hoc to continuous oversight). It provides a decision tool to identify mismatches and prescribes either tailored controls for agentic systems or constrained agent permissions until governance catches up.
read more →

How to disable AI features across major platforms

🛡️ This article provides practical, step-by-step tactics for detecting and disabling built-in AI features in popular enterprise platforms including Microsoft Copilot, Google Gemini, Chrome, and Apple Intelligence. It covers detection via logs and admin consoles, recommended policy settings in Microsoft 365, Group Policy, Chrome Enterprise, Google Workspace, and MDM profiles for Apple, plus network-level blocks and caveats about potential feature breakage. The guidance emphasizes granular controls, SKU management, and layered protections such as NGFW/web-filter rules and application control.
read more →

OpenAI Proposes Federal Evaluations for Frontier AI

🔎 OpenAI proposed mandatory federal evaluations for the most capable AI models before public release while arguing regulators should not have authority to approve or block deployments. The company urged pre-release assessments by the Center for AI Standards and Innovation (CAISI) alongside audits, transparency reports, incident reporting, and whistleblower protections. OpenAI framed this approach as a middle ground that enhances government visibility and preserves developer responsibility for release decisions.
read more →

US issues voluntary frontier AI pre-release review order

🛡️ The Trump administration has issued an executive order establishing a voluntary framework for developers of powerful AI models to submit a "covered frontier model" to US agencies for up to 30 days of cybersecurity review before wider release. The order explicitly forbids mandatory licensing or preclearance, tasks NSA, CISA and NIST with creating a classified benchmark to define covered models, and directs agencies to harden federal systems and expand AI-enabled defensive tools for smaller operators. It also creates an AI cybersecurity clearinghouse under the Treasury and leaves effectiveness dependent on possible future congressional action.
read more →

Building an Agentic Enterprise System for AI

🧭 Microsoft outlines a shift from isolated AI tools to a unified, enterprise-grade agent platform that runs real work. The post emphasizes a single integrated system spanning Azure, GitHub, Microsoft IQ, Foundry, Agent 365, and Microsoft 365 to build, contextualize, run, govern, and improve agents. It stresses secure-by-design governance, model choice, continuous improvement through feedback and tuning, and production-grade runtimes. The approach centers developers and enterprise context to make agents trustworthy and scalable.
read more →

Trump revives cybersecurity-focused AI directive

🔐 President Trump signed an executive order, “Promoting Advanced Artificial Intelligence Innovation and Security,” to bolster cybersecurity and create voluntary government-industry cooperation on advanced AI models. The directive accelerates deployment of AI-enabled defenses, establishes an AI cybersecurity clearinghouse, and mandates classified benchmarking of frontier-model cyber capabilities. It emphasizes voluntary review and explicitly rejects mandatory licensing, while directing agencies to extend protections to federal, state, and critical infrastructure systems.
read more →

Microsoft Discovery GA and App Preview for R&D

🧭 Microsoft announces the general availability of Microsoft Discovery, a platform for building and governing agentic AI workflows tailored to scientific and engineering R&D. The release includes a preview of the Microsoft Discovery app, a local desktop experience for researchers and small teams to explore hypotheses, literature, and iterative experimentation. The platform emphasizes evidence preservation, traceability, governance, and integration with existing tools and institutional data to support repeatable, transparent scientific workflows.
read more →

Bayer overhauls security awareness for AI era

🧭 At Infosecurity Europe 2026, Bayer CISO Kevin Jones outlined a shift from checklist-based guidance to psychology-first security awareness to counter AI-enabled social engineering. The firm mandates behavior-focused training, ties AI access to role-based modules, and gates agent development behind completion. Bayer is moving SOCs toward supervised automation and updating supplier contracts and governance to enforce AI transparency and controls.
read more →

UK Firms Prioritise AI Threats and Preparedness

🔍 New research from ManageEngine reveals UK IT and business leaders view AI-powered cyber-attacks as their top risk over the next 12 months, with 43% identifying it as the single biggest threat. The survey of 1,500 decision-makers across five European markets shows 41% of UK respondents plan to prioritise spending on tackling AI and advanced threats. Despite strong detection rates, UK organisations report increasing incidents, skills gaps and recovery challenges, alongside rising investment in resilience and governance.
read more →

SEC 10-K Cybersecurity Trends and Governance 2025

📝 This article analyzes the new SEC 10-K cybersecurity disclosure section (1.C) across the top 200 S&P companies, summarizing governance, reporting lines, standards, and trends between 2024 and 2025. It highlights that the CISO remains the principal cybersecurity role, with the CIO commonly as the reporting executive and audit committees most frequently overseeing cyber risk. The piece also reviews common practices such as TPRM, proactive testing, human-centric training, AI risks, and the author’s AI-assisted data collection and analysis methods.
read more →

GDPR’s legacy and the coming AI regulatory battles

📰 Over eight years GDPR set global data-protection norms, notably the 72-hour breach notification standard, but nearly 40% of announced EU fines by value are annulled or under appeal. Experts say large tech firms contesting fines isn’t surprising and that rulings provide practical guidance for compliance teams. As the EU’s AI Act and proposed GDPR reforms arrive, regulators must shore up procedural robustness while organisations adapt governance to evolving AI risks.
read more →

LayerX Report Reveals Concentrated Enterprise AI Risk

🔍 The LayerX Security State of AI Usage Report 2026 finds enterprise AI risk is concentrated among a small set of power users and a few dominant platforms, while usage fragments across personal accounts, browser extensions, embedded copilots, and connectors. The study shows ChatGPT still dominates conversations, Copilot M365 is growing, and consumer AI like Gemini is often used via personal accounts. Shadow AI now spans a long tail of under-the-radar tools and extensions that evade corporate visibility and governance.
read more →