All news with #ai governance tag

⚠️ The NSA, together with the Australian Signals Directorate and allied security agencies, published the Principles for the Secure Integration of Artificial Intelligence in Operational Technology to highlight emerging risks as AI is applied to safety-critical OT networks. The guidance flags adversarial prompt injection, data poisoning, AI drift, hallucinations, loss of explainability, human de-skilling and alert fatigue as primary concerns. It urges operators to adopt CISA secure design practices, maintain accurate asset inventories, consider in-house development tradeoffs, and apply rigorous oversight before deploying AI in OT environments.

🔒 Microsoft is expanding Azure with on‑premises, edge, and hybrid options to deliver AI, resilience, and operational sovereignty. Azure Local provides integrated compute, storage, and networking on customer premises with GA features like Microsoft 365 Local and NVIDIA Blackwell GPUs, plus previews for disconnected operations and multi‑rack scale. Coupled with Azure IoT, Microsoft Fabric, and Azure Arc management enhancements, the updates enable near‑real‑time analytics, secure device identity, and a unified control plane for distributed estates. The goal is to accelerate AI and analytics while preserving data residency, continuity, and compliance for regulated or mission‑critical environments.

🧭 Google announces generally available automated metadata generation in the Google Data Cloud, using Dataplex Universal Catalog and Gemini to convert profiling and schema context into human-readable table and column descriptions. The capability integrates with BigQuery, stores generated descriptions for search and governance, and is accessible via an API. It aims to reduce "metadata debt," accelerate time-to-insight, and provide reliable grounding for AI agents, while still encouraging human review for key business definitions.

🔒 The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Signals Directorate’s Australian Cyber Security Centre published a joint guide outlining four principles to safely integrate AI into operational technology (OT). The guidance emphasizes educating personnel, assessing AI uses and data risks, establishing governance, and embedding safety and security. It focuses on ML, LLMs, and AI agents while remaining applicable to other automation approaches. CISA and international partners encourage OT owners and operators to adopt these risk-informed practices to protect critical infrastructure.

🔒 CISA and the Australian Signals Directorate released joint guidance, Principles for the Secure Integration of Artificial Intelligence in Operational Technology, to help critical infrastructure owners and operators balance AI benefits with OT safety and reliability. The guidance focuses on ML, LLMs, and AI agents while remaining applicable to traditional statistical and logic-based systems. It emphasizes four core areas—Understand AI, Assess AI Use in OT, Establish AI Governance, and Embed Safety and Security—and recommends integrating AI considerations into incident response and compliance activities.

🪓 Security teams face a pivotal moment as AI becomes embedded across products while core decision-making remains opaque and vendor‑controlled. The author urges building and tuning small, controlled AI‑assisted utilities so teams can define training data, risk criteria, and behavior rather than blindly trusting proprietary models. Practical skills — basic Python, ML literacy, and active model engagement — are framed as essential. The piece concludes with an invitation to a SANS 2026 keynote for deeper, actionable guidance.

🏆 The 2025 CSO 30 Awards celebrate cybersecurity leaders blending technology, culture and measurable impact. A panel of judges recognised achievements across categories such as AI and Digital Excellence, Rising Star, Diversity and Inclusion and CSO of the Year. Highlights include Greg Emmerson’s automation and canary tooling at Applegreen, Chris Bardell’s response advances at Royal Papworth Hospital, and Craig Hickmott’s human-first transformation at the British Heart Foundation. The programme emphasises workforce development, responsible AI and organisational resilience.

🧭 The piece argues that AI forces a societal reckoning similar to the arrival of social media: it can amplify individual agency but also concentrate control and harm democratic life. The authors identify four pivotal choices for executives and courts, Congress, states, and everyday users—centering on legal accountability, privacy and portability, reparative taxation, and consumer product choices. They urge proactive, aligned policy and civic action to avoid repeating past mistakes and to steer AI toward public-good outcomes.

🤖 The 2025 State of AI Data Security Report shows AI is widespread in business operations while oversight remains limited. Produced by Cybersecurity Insiders with Cyera Research Labs, the survey of 921 security and IT professionals finds 83% use AI daily yet only 13% have strong visibility into how systems handle sensitive data. The report warns AI often behaves as an ungoverned non‑human identity, with frequent over‑access and limited controls for prompts and outputs.

🧾 Google removed a promotional X post for NotebookLM after users noted an AI-generated infographic closely mirrored a stuffing recipe from the blog HowSweetEats. The card, produced using Google’s Nano Banana Pro image model, reproduced ingredient lists and structure that matched the original post. After being called out on X, Google quietly deleted the promotion; the episode highlights broader concerns about AI scraping and attribution. The company also confirmed it is testing ads in AI-generated answers alongside citations.

📊 Amazon Connect now delivers built‑in analytics and monitoring for AI agents across self‑service and agent assist experiences. Administrators can use customizable dashboards to track key metrics such as number of AI‑led interactions, hand‑off rates, conversation turns, and average handle time, and to compare agent versions to find optimal configurations. The release also exposes AI agent traces via APIs and enables rule‑based automation to trigger alerts or actions when conditions like low sentiment transfers occur.

🤖 Smart Answers is a generative AI chatbot embedded across CSO articles to help security professionals ask questions, discover content, and explore IT and leadership topics. The tool provides pre-made topic prompts, follow-up suggestions, and links to source articles and background material. It was developed with partner Miso.ai, uses only editorial content from the publisher's German-language brands, and flags when it cannot answer or relies on older (pre-2020) material.

🗳️ The essay argues that while AI poses risks to democratic processes, it is also being used to strengthen civic engagement and government function across diverse contexts. Four case studies—Japan, Brazil, Germany, and the United States—illustrate practical deployments: AI avatars for constituent engagement, judicial workflow automation, interactive voter guides, and investigative tools for watchdog journalism. The authors recommend public AI like Switzerland’s Apertus as a democratic alternative to proprietary models and stress governance, transparency, and scientific evaluation to mitigate bias.

🔒 Chief information security officers face a new class of supply-chain risk driven by generative AI. Traditional GRC — quarterly questionnaires and compliance reports — now lags threats like shadow AI and model drift, which are invisible to periodic audits. The author recommends a GenAI-powered GRC: contextual intelligence, continuous monitoring via a digital trust ledger, and automated regulatory synthesis to convert technical exposure into board-ready resilience metrics.

🛡️ Gartner warns that by 2030 more than 40% of organizations will experience security and compliance incidents caused by employees using unauthorized AI tools. A survey of security leaders found 69% have evidence or suspect public generative AI use at work, increasing risks such as IP loss and data exposure. Gartner urges CIOs to set enterprise-wide AI policies, audit for shadow AI activity and incorporate GenAI risk evaluation into SaaS assessments.

⚠️ This guide outlines the principal risks generative AI (GenAI) poses to organizations, categorizing concerns into internal projects, third‑party solutions and malicious external use. It urges inventories of AI use, application of risk and deployment frameworks (including ISO, NIST and emerging EU standards), and continuous vendor due diligence. Practical steps include governance, scoring, staff training, basic cyber hygiene and incident readiness to protect data and trust.

🔔 AWS has published one new Responsible AI lens and updated Generative AI and Machine Learning lenses to guide safe, secure, and production-ready AI workloads. The guidance addresses fairness, reliability, and operational readiness while helping teams move from experimentation to production. Updates include recommendations for Amazon SageMaker HyperPod, Agentic AI, and integrations with Amazon SageMaker Unified Studio, Amazon Q, and Amazon Bedrock. The lenses are aimed at business leaders, ML engineers, data scientists, and risk and compliance professionals.

🧠 Microsoft details a broad expansion of its database portfolio and deeper integration with Microsoft Fabric to simplify data architectures and accelerate AI. Key launches include general availability of SQL Server 2025, GA of Azure DocumentDB (MongoDB-compatible), the preview of Azure HorizonDB, and Fabric-hosted SaaS databases for SQL and Cosmos DB. OneLake mirroring, Fabric IQ semantic modeling, expanded agent capabilities, and partner integrations (SAP, Salesforce, Databricks, Snowflake, dbt) are positioned to deliver zero-ETL analytics and operational AI at scale.

🗳️ This essay examines how AI could reshape political campaigning by enabling scaled forms of relational organizing and new channels for constituent dialogue. It contrasts the connective affordances of Facebook in 2008, which empowered person-to-person mobilization, with today’s platforms (TikTok, Reddit, YouTube) that favor broadcast or topical interaction. The authors show how AI assistants can draft highly personalized outreach and synthesize constituent feedback, survey global experiments from Japan’s Team Mirai to municipal pilots, and warn about deepfakes, artificial identities, and manipulation risks.

🔒 Organizations must update GRC programs to address the rising use and risks of generative and agentic AI, balancing innovation with compliance and security. Recent data — including Check Point's AI Security Report 2025 — indicate roughly one in 80 corporate requests to generative AI services carries a high risk of sensitive data loss. Security leaders are advised to treat AI as a distinct risk category, adapt frameworks like NIST AI RMF and ISO/IEC 42001, and implement pragmatic controls such as traffic-light tool classification and risk-based inventories so teams can prioritize highest-impact risks without stifling progress.