< ciso
brief />
Tag Banner

All news with #ai governance tag

297 articles · page 7 of 15

Microsoft, NVIDIA Expand Azure AI Infrastructure and Foundry

🚀 Microsoft and NVIDIA announced deeper integration at NVIDIA GTC, extending Microsoft Foundry to support NVIDIA Nemotron models and to simplify building production agents. New Azure AI infrastructure optimized for inference and reasoning will bring Vera Rubin NVL72 into liquid‑cooled datacenters and add initial support on Azure Local. Foundry Agent Service, Control Plane observability and a Voice Live API preview aim to accelerate prototype‑to‑production paths, while Fabric–Omniverse links and a public Physical AI Toolchain support simulation‑to‑operations workflows.
read more →

Shadow AI Is Everywhere — Find and Secure It Today

🔍 Nudge Security provides continuous discovery, monitoring, and governance for shadow AI, delivering a Day One inventory of every AI app and account introduced into an organization. A lightweight IdP integration analyzes machine-generated SaaS emails (without storing content) to detect account creation, password changes, and security setting updates. An optional browser extension monitors AI conversations, flags sensitive data and file uploads, visualizes data flows, and issues real-time nudges and configurable alerts to guide users toward approved tools and enforce acceptable use.
read more →

Canada Should Build a Nationalized Public AI Platform

🇨🇦 The Carney administration's $2‑billion Sovereign AI Compute Strategy forces a fundamental choice about where AI value and control will reside. Bruce Schneier warns that initiatives like OpenAI's “OpenAI for Countries” could simply transfer benefits and authority to U.S. tech firms, citing the Tumbler Ridge incident and private secrecy. He advocates for a publicly funded, transparent national AI—modeled on Switzerland's Apertus—to serve healthcare, education, transit, and democratic oversight rather than private profit.
read more →

Five-Step Strategy to Manage Shadow AI Risks for the Enterprise

🛡️AI adoption has outpaced controls, creating widespread "shadow AI" risk that can expose sensitive data, distort decisions and create compliance gaps. The article recounts an incident where a product manager accidentally pasted production API keys into a public model, triggering outbound alerts. It presents a five-step program grounded in the NIST AI Risk Management Framework: inventory and discover AI use, standardize assessments, deploy layered defenses (DLP and AI monitoring), enforce human-in-the-loop checks, and tie risk reduction to business value.
read more →

Gemini for Government Adds Agent Designer on GenAI.mil

🤖Agent Designer is now available within Gemini for Government on GenAI.mil, enabling Department of Defense civilian and military personnel to build customized AI agents for unclassified tasks using natural language. This no-/low-code platform lets users automate repetitive, multi-step administrative workflows—such as drafting meeting read‑aheads, extracting action items, or breaking projects into task checklists—without programming skills. Google Public Sector is supporting the rollout with training and office hours run in partnership with the U.S. Chief Digital and Artificial Intelligence Office to accelerate adoption and responsible use.
read more →

Preparing Your SOC for Agentic AI: Four Key Actions

🤖 Organizations must prepare SOCs for agentic AI by reskilling staff, redesigning processes, and instituting governance to ensure safe autonomous operations. The piece explains that AI is already augmenting alert triage, enrichment, IOC validation and initial containment, and could soon handle more complex tasks like incident investigation and response. It recommends new roles—content engineers, data architects and orchestration platform engineers—and stresses auditability, least-privilege, red-teaming and clear approval thresholds for autonomous actions.
read more →

Anthropic vs. Pentagon: AI Supply, Ethics, and Policy

⚖️ The Pentagon’s removal of Anthropic from US defense contracts, and the swift substitution by OpenAI, marks a high-profile clash over AI use for military and surveillance purposes. Anthropic refused DoD terms that would permit mass surveillance or fully autonomous weapons, provoking political backlash and a presidential order halting its federal partnerships. OpenAI has agreed to supply classified systems, raising questions about vendor politicization and how safety commitments will be enforced. The episode underscores procurement power, potential legal battles, and the limits of corporate ethical posturing.
read more →

EC-Council Adds Four AI Certifications and CISO v4

🔐 EC‑Council launched its Enterprise AI Credential Suite, introducing four role-aligned certifications—Artificial Intelligence Essentials (AIE), Certified AI Program Manager (CAIPM), Certified Offensive AI Security Professional (COASP), and Certified Responsible AI Governance & Ethics (CRAGE)—alongside an updated Certified CISO v4. The suite is structured around the proprietary Adopt, Defend, Govern (ADG) framework to build practical capability across AI adoption, security, and governance. EC‑Council positions the expansion as a response to growing AI risk exposure and a pronounced workforce reskilling gap.
read more →

New RFP Template for AI Usage Control and Governance

🔒 A new RFP Guide for Evaluating AI Usage Control and AI Governance Solutions provides security teams with a practical framework to convert vague AI-governance goals into measurable procurement criteria. It emphasizes interaction-level inspection — governing the moment a prompt is typed or a file is uploaded — rather than cataloging every shadow app. The template forces vendors to demonstrate browser- and client-side visibility, real-time enforcement, and contextual policy controls. A scoring model across eight domains helps CISOs avoid legacy checkbox tools and evaluate readiness for agentic, browser-native workflows.
read more →

GraphML and Digital Twins for Autonomous Telco Networks

🔗 Google Cloud describes using graph-based digital twins and GraphML to enable autonomous telecommunications networks that self-configure, self-optimize, self-heal and self-secure with minimal human intervention. The post outlines an integrated stack combining tf-GNN and NetAI's fine-tuned GNNs to model live topology and dependencies as input for deterministic root-cause analysis. A MasOrange PoC at MWC 2026 showcases managed AIOps driven by these models.
read more →

AI Agents as Identity Dark Matter: Governance Risks

🔐 The article explains how Model Context Protocol (MCP)-driven AI agents are rapidly moving from chat assistants into enterprise workflows, creating an emergent class of non-human identities that often evade traditional IAM controls. It warns these agents gravitate to low-friction credentials—local accounts, long-lived tokens, and API keys—creating pervasive “identity dark matter.” The piece recommends pairing agents with human sponsors, enforcing dynamic, context-aware access, centralizing visibility and auditability, and applying consistent governance across hybrids to prevent privilege drift and regulatory blind spots.
read more →

Standardized IAM Context Keys for AWS-Managed MCP Servers

🔐 AWS introduced standardized IAM context keys for its managed remote Model Context Protocol (MCP) servers so AI agents can operate with existing IAM credentials while enabling distinct governance controls. The two keys — aws:ViaAWSMCPService (boolean) and aws:CalledViaAWSMCP (string) — let you allow or deny MCP-initiated actions and restrict access to specific MCP servers. AWS will also simplify public endpoint authorization so AI calls use standard IAM permissions (no separate MCP actions) and plans to add VPC endpoint support for private-network enforcement and two-stage authorization.
read more →

From Vibe Checks to Continuous Evaluation for AI Agents

🔎 Manual 'vibe checks' are unreliable for production AI agents; this article recommends adopting continuous evaluation (CE) to guard against regressions, hallucinations, and unseen edge cases. It outlines a practical engineering approach—separating discovery and defense modes—and demonstrates implementation patterns using Agent Development Kit (ADK), Vertex AI evaluation services, and Cloud Run. The guidance covers dataset design, automated rubrics, tool-trajectory metrics, shadow deployments, CI/CD gating, and distributed tracing to establish robust, auditable agent behavior.
read more →

AWS Completes First ISO/IEC 42001:2023 Surveillance Audit

🔒 In November 2025, AWS completed its first surveillance audit for ISO/IEC 42001:2023 — the Artificial Intelligence Management System standard — with no findings. This follows AWS’s November 2024 announcement that several AI services, including Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe, were accredited under the standard. The successful no-findings outcome provides independent validation of AWS’s ongoing commitment to responsible AI practices and gives customers added assurance when building and operating AI applications on AWS.
read more →

PayPal Completes Historic Migration to BigQuery for AI

🚀 PayPal completed a multi-year, large-scale migration of more than 300 petabytes of analytics data into BigQuery on Google Cloud to create a unified data foundation for generative AI. The initiative consolidated disparate platforms — including Teradata, Hadoop, Redshift, and Snowflake — and reduced vendor complexity. PayPal automated migration tasks, used live dashboards, and integrated FinOps to maintain zero business downtime while enabling faster queries and much fresher data for AI model training.
read more →

National Cyber Resilience in the AI Era: A Leadership Guide

🔐 This practical Q&A guide helps leaders translate evolving threats into actionable resilience measures. It highlights why national cyber security urgency has increased as adversaries shift from theft to persistent, disruptive positioning that can affect fuel, hospitals, elections, markets, and public trust. The brief recommends adoption of NIST frameworks, Zero Trust principles, and AI governance to mitigate cloud, OT, and supply chain risks. Leaders receive concise operational steps to align policy, technology, and cross‑sector coordination.
read more →

Cost of Insider Incidents Surges Driven by Shadow AI

🔍 DTEX's Cost of Insider Risks 2026 report, produced with the Ponemon Institute, finds employee negligence — driven in part by shadow AI — caused 53% of the average $19.5m loss per organization. Malicious incidents accounted for $4.7m and phishing-related 'outsmarted' employees $4.5m. The study warns undocumented AI, personal webmail and file sharing create exposure and urges behavioral intelligence, identity-centric controls and AI governance to reduce incidents.
read more →

Is AI Good for Democracy? Arms Races, Power, Policy

⚖️ Bruce Schneier contends that AI is reshaping democratic engagement by creating widespread, domain-specific arms races—from academic publishing and courts to media, hiring, and public comment systems. These dynamics advantage well-resourced corporate actors while pressuring governments to adopt automated tools to manage scale. Schneier urges both tactical citizen use of AI and stronger regulatory responses to prevent concentrated power and preserve civic voice.
read more →

EC-Council Expands AI Certifications, Adds CISO v4

🔐 EC-Council launched the Enterprise AI Credential Suite, introducing four role-based AI certifications alongside an updated Certified CISO v4 to strengthen executive readiness. The programs target a growing skills gap—cited as $5.5 trillion in unmanaged AI exposure and a 700,000-person U.S. reskilling shortfall—and align with U.S. AI workforce priorities. The suite maps to an Adopt. Defend. Govern. framework and includes Artificial Intelligence Essentials, CAIPM, COASP, and CRAGE to operationalize secure, responsible AI.
read more →

NIST AI Agent Standards Initiative Aims for US Leadership

🧭 NIST has launched the AI Agent Standards Initiative via the Center for AI Standards and Innovation (CAISI) to create a roadmap for developing interoperable, trustworthy autonomous AI agents. The effort will gather public input through an RFI (responses due March 9) and sector-specific listening sessions in April, and emphasizes industry-led standards, open-source work, and international engagement. Critics caution the process may be too slow to keep pace with agentic AI adoption and emerging threats.
read more →