< ciso
brief />
Tag Banner

All news with #ai governance tag

297 articles · page 5 of 15

New ISO/IEC 42001:2023 Compliance Guide for AIMS on AWS

🔒 AWS published a practical compliance guide, ISO/IEC 42001:2023 on AWS, to help organizations design and operate an Artificial Intelligence Management System (AIMS) using AWS services. The guide maps ISO 42001 clauses 4–10 and the Annex A controls to AWS services and architectural patterns, and it explains scoping, shared responsibility, and audit readiness. It highlights automation, evidence collection, monitoring, and responsible AI features to reduce effort in preparing for certification.
read more →

Five Guides to Production-Ready AI Agents at Scale

🤖 At Google Cloud Next '26, Google introduced the Gemini Enterprise Agent Platform to help teams build, deploy, scale, govern, and optimize autonomous AI agents in production. The series highlights long-running state management in Agent Runtime, a layered Agent Governance Stack, orchestration patterns in the Agent Development Kit (ADK), integration standards, and prebuilt blueprints in Agent Garden.
read more →

AI Adoption Outpaces Safety Policies, Raising Systemic Risk

🛡️ New ISACA research finds AI tools are widely used in organizations, but governance is lagging. Ninety percent of digital trust professionals say employees use AI, yet only 38% report a formal, comprehensive AI policy while 25% have none at all. The poll highlights rising Shadow AI risks, with 56% unsure how long it would take to halt an AI system and only 20% having shutdown procedures, increasing exposure to data breaches and privacy failures.
read more →

White House Weighs Pre-Release Checks for High-Risk AI

🛡️ The White House is privately discussing whether advanced AI models that could enable cyberattacks should undergo government-led or formal pre-release reviews before public deployment. The talks were prompted by Anthropic’s Mythos, which the company says has identified thousands of high-severity vulnerabilities, and by comparable capabilities from other labs. Officials are weighing options including formal vetting and targeted testing for higher-risk systems. No policy has been finalized and no timeline has been set.
read more →

Agencies Set Clear Limits on Agentic AI Deployments

🔒 A joint advisory from CISA and international partners urges organizations to treat agentic AI cautiously, enforcing strong authentication, Secure by Design principles, and staged rollouts. The guidance stresses least privilege, inventories of agent capabilities, and protections against prompt injection and data exposure. It also recommends continuous monitoring with human-in-the-loop controls, DevSecOps practices, and regular incident-response testing to reduce privilege creep, tool misuse, and other emergent risks.
read more →

Guide: Secure Adoption of Agentic AI — CISA and Partners

🔒 CISA, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC), and U.S. and international partners published Careful Adoption of Agentic Artificial Intelligence Services, a joint guide describing cybersecurity challenges and mitigations for agentic AI. The document warns that agentic AI can expand attack surface, cause privilege creep, produce behavioral misalignment, and obscure event records while offering automation benefits to critical infrastructure and defense sectors. It targets developers, vendors, and operators with actionable recommendations — including avoiding broad or unrestricted access to sensitive data and systems, beginning with low‑risk, non‑sensitive use cases, and explicitly accounting for agentic AI in organizational security models and risk posture.
read more →

Re-permissioning to curb excessive AI agent autonomy

⚖️ Re-permissioning aligns AI agents' access with clear operational needs so they execute tasks safely rather than accumulate unnecessary powers that enable unauthorized actions. As agents evolve from responders into execution engines, interoperability standards like MCP and agent-to-agent flows expand reach but also multiply where things can go wrong. Organizations should enforce continuous permission audits, mandatory human-in-the-loop checks for sensitive operations, strict least-privilege context sharing, and vet integrations, libraries and third parties while running tabletop prompt-injection exercises to validate controls and prevent data exposure or integrity-impacting changes.
read more →

Securing and Governing AI Agents Through an AI Gateway

🔒 Palo Alto Networks announced its intent to acquire Portkey and integrate Portkey’s AI Gateway into Prisma AIRS to provide a centralized control plane for agentic AI. The combined platform will offer a unified API to thousands of LLMs, an agent registry, semantic routing, caching and runtime protections such as Agent Artifact scanning and automated red teaming. Integration with CyberArk is intended to enforce agent identity and least‑privilege controls. The goal is to enable enterprises to move autonomous workloads from development to production with consistent governance and minimal performance tradeoffs.
read more →

Designing Trust and Safety for Amazon Bedrock Apps

🛡️ This article outlines AWS guidance for integrating trust, safety, and responsible-AI practices into applications built on Amazon Bedrock. It defines core responsible AI dimensions—such as safety, controllability, fairness, explainability, security and privacy, robustness, governance, and transparency—and maps them to lifecycle stages: design, deployment, and operations. It recommends observability and guardrail tools like Amazon CloudWatch and Bedrock Guardrails for monitoring, abuse detection, configurable content filters, and hallucination controls, and describes an abuse response process for coordination with AWS Trust & Safety.
read more →

SageMaker AI introduces automated inference recommendations

🔧 Amazon SageMaker AI now provides inference recommendations that automate optimization and benchmarking to deliver validated, deployment-ready configurations. Customers supply their own generative models, define expected traffic patterns, and set a performance objective — optimize for cost, minimize latency, or maximize throughput. SageMaker analyzes model architecture, benchmarks across multiple instance types using NVIDIA AIPerf, and returns metrics such as time to first token, inter-token latency, request latency percentiles, throughput, and cost projections. The capability is available today in seven AWS Regions.
read more →

Building the AI Foundation for Public Sector Partners

🚀 Google Public Sector is launching coordinated initiatives to help partners build, certify, and bring AI solutions to government customers faster. The program includes a federal startup accelerator in collaboration with NVIDIA for AI-focused ISVs, an expanded ISV ATO Accelerator offering up to $1M in funding, and a new Distributor Channel Private Offer with Carahsoft. These efforts target procurement, compliance, and legacy environment barriers to speed deployment of mission-critical AI.
read more →

Unchecked AI Agents Drive Widespread Enterprise Incidents

⚠️ Research from the Cloud Security Alliance (CSA) and Token Security warns that unchecked AI agents have caused widespread cybersecurity incidents across enterprises in the past year. The report finds many organizations overestimate agent visibility — 68% claim high visibility while 82% discovered unknown agents — leading to data exposure, operational disruption and financial losses. It highlights weak lifecycle governance, particularly around decommissioning, and calls for unified controls across discovery, policy, monitoring and decommissioning.
read more →

Why AI Projects Stall After the Demo: Operational Gaps

🔍 Demos often hide the operational friction that causes many AI initiatives to stall once they move into production. What succeeds in a controlled presentation—clean data, crafted prompts, and fast isolated responses—rarely maps to fragmented security and IT environments with noisy inputs, latency constraints, and numerous edge cases. Teams that validate tools against real workflows, measure accuracy and latency under load, prioritize deep integration, clarify cost models, and embed governance early are far more likely to turn a promising demo into sustained production value.
read more →

CISOs Evolve into Enterprise Risk and Business Strategists

🔒 Nitin Raina’s move from IT operations to Thoughtworks’ global CISO and global head of enterprise risk illustrates a fast-growing trend: CISOs increasingly lead enterprise risk programs. Since 2020 Raina has built an ERM function that links strategic, operational, and cybersecurity risks through assessments, gap analyses, and controls. Industry reports show most CISOs now share accountability for operational business risk and are responsible for AI governance, making GRC and risk quantification central to executive and board trust.
read more →

AWS Deadline Cloud launches AI troubleshooting assistant

🔎 AWS Deadline Cloud now includes an AI-powered troubleshooting assistant that analyzes failed render jobs to diagnose root causes and recommend fixes. The assistant examines logs and metrics for issues like missing assets, software errors, configuration mismatches, and resource constraints, drawing on a pre-trained knowledge base covering Deadline Cloud and popular DCC apps. It runs inside your AWS account via Amazon Bedrock and is available in all regions that support Deadline Cloud.
read more →

White House Enables Federal Access to Anthropic's Mythos

🔒The White House Office of Management and Budget is preparing protections to allow federal agencies to use a modified version of Anthropic's Claude Mythos model, according to an internal memo reported by Bloomberg. OMB CIO Gregory Barbaccia told Cabinet departments the agency is coordinating with model providers, industry partners, and the intelligence community to establish guardrails before potential release. The move comes while the Department of Defense's supply-chain risk designation against Anthropic remains in force, leaving the vendor barred from defense contracts.
read more →

Most 'AI SOCs' Only Speed Triage — Execution Matters

🛡️ Vendors increasingly market "AI SOCs" that promise autonomous triage, investigation, and response, but in production many solutions primarily accelerate triage by summarizing alerts, enriching events, and recommending next steps rather than completing remediation. The toughest operational challenges stem from fragmented work across tools, tickets, identity, endpoint, and cloud systems. Real impact requires embedding AI inside deterministic, auditable workflows that execute end‑to‑end and keep humans in the loop for judgment and accountability.
read more →

Insurers Retreat from Covering AI-Generated Outputs

🛡️ Several major insurers are quietly limiting or excluding coverage for losses tied to AI-generated outputs across cybersecurity and errors-and-omissions policies. Carriers cite inability to trace model reasoning and nondeterministic outputs, prompting policy carve-outs, declinations for AI vendors, and premium increases for AI use. Underwriters are probing customers' AI governance and distinguishing governed deployments from experimental systems.
read more →

Five Trends Shaping AI-Powered Cybersecurity Resilience

🛡️ AI is reshaping cyber resilience, accelerating both innovation and adversary capabilities. Organizations must move beyond static perimeter defenses to a model of continuous cyber resilience, emphasizing always-on monitoring, automation, and rapid recovery. Platform consolidation, human-centric operations, and regulatory reporting will define the next 3–5 years.
read more →

Europe Largely Excluded from Anthropic's Mythos Access

🔒 European regulators have been largely frozen out of early access to Anthropic's new Mythos model, Politico reports. Anthropic's Project Glasswing has initially restricted testing to select U.S. technology firms — notably Apple, Microsoft and Amazon — so partners can evaluate and mitigate security risks. The UK’s AI Security Institute has been permitted to test Mythos and acted on findings, while Germany has opened dialogue but not gained access, prompting concerns about private-sector control over a potent security-focused AI.
read more →