< ciso
brief />
Tag Banner

All news with #ai risk management tag

57 articles · page 3 of 3

Google: Cyber-Physical Attacks to Rise in Europe 2026

🚨 Google Cloud Security's Cybersecurity Forecast 2026 warns of a rise in cyber-physical attacks across EMEA targeting energy grids, transport and digital infrastructure. The report highlights increased state-sponsored espionage from Russia and China and anticipates these operations may form hybrid warfare combined with information operations to erode public trust. It also flags supply-chain compromises of managed service providers and software dependencies, and notes that cybercrime — including ransomware aimed at ERP systems — will remain a major disruptive threat to ICS/OT. Analysts further expect adversaries to increasingly leverage AI and multimodal deepfakes.
read more →

AI as Strategic Imperative for Modern Risk Management

🛡️ AI is a strategic imperative for modernizing risk management, enabling organizations to shift from reactive to proactive, data-driven strategies. Manfra highlights four practical AI uses—risk identification, risk assessment, risk mitigation, and monitoring and reporting—and shows how NLP, predictive analytics, automation, and continuous monitoring can improve coverage and timeliness. She also outlines operational hurdles including legacy infrastructure, fragmented tooling, specialized talent shortages, and third-party risks, and calls for leadership-backed governance aligned to SAIF, NIST AI RMF, and ISO 42001.
read more →

Agentic AI: Reset, Business Use Cases, Tools & Lessons

🤖 Agentic AI burst into prominence with promises of streamlining operations and accelerating productivity. This Special Report assesses what's practical versus hype, examining the current state of agentic AI, the primary deployment challenges organizations face, and practical lessons from real-world success stories. It highlights business processes suited to agentic agents, criteria for evaluating development tools, and how LinkedIn built a platform. The report also outlines near-term expectations and adoption risks.
read more →

Practical AI Tactics for GRC: Opportunities and Risks

🔍 Join a free expert webinar that translates rapid AI advances into practical, actionable tactics for Governance, Risk, and Compliance (GRC) teams. The session will showcase real-world examples of AI improving compliance workflows, early lessons from agentic AI deployments, and the common risks teams often overlook. Expect clear guidance on mitigation strategies, regulatory gaps, and how to prepare your team to make AI a competitive compliance advantage.
read more →

Trump Administration Expands Social Media Visa Surveillance

🔍The Brookings report details the Trump administration’s expanded social media surveillance to identify and punish foreign nationals for public speech. Agencies historically gathered millions of handles, but Secretary of State Marco Rubio has promoted a zero-tolerance “Catch and Revoke” policy that uses AI to flag conduct deemed contrary to national interest. Rubio said about 300 visas—mainly student and visitor visas—were revoked, and a State Department cable now requires student applicants to set accounts public for vetting.
read more →

UK Firms Lose Average $3.9M to Unmanaged AI Risk in UK

⚠️ EY polling of 100 UK firms finds that nearly all respondents (98%) experienced financial losses from AI-related risks over the past year, with an average loss of $3.9m per company. The most common issues were regulatory non-compliance, inaccurate or poor-quality training data and high energy usage affecting sustainability goals. The report highlights governance shortfalls — only 17% of C-suite leaders could identify appropriate controls — and warns about the risks posed by unregulated “citizen developer” AI activity. EY recommends adopting comprehensive responsible AI governance, targeted C-suite training and formal policies for agentic AI.
read more →

AI Ethical Risks, Governance Boards, and AGI Perspectives

🔍 Paul Dongha, NatWest's head of responsible AI and former data and AI ethics lead at Lloyds, highlights the ethical red flags CISOs and boards must monitor when deploying AI. He calls out threats to human agency, technical robustness, data privacy, transparency, bias and the need for clear accountability. Dongha recommends mandatory ethics boards with diverse senior representation and a chief responsible AI officer to oversee end-to-end risk management. He also urges integrating audit and regulatory engagement into governance.
read more →

AI and the Future of American Politics: 2026 Outlook

🔍 The essay examines how AI is reshaping U.S. politics heading into the 2026 midterms, with campaign professionals, organizers, and ordinary citizens adopting automated tools to write messaging, target voters, run deliberative platforms, and mobilize supporters. Campaign vendors from Quiller to BattlegroundAI are streamlining fundraising, ad creation, and research, while civic groups and unions experiment with AI for outreach and internal organizing. Absent meaningful regulation, these capabilities scale rapidly and raise risks ranging from decontextualized persuasion and registration interference to state surveillance and selective suppression of political speech.
read more →

Cybersecurity Awareness Month 2025: Knowledge Is Power

🔐 October marks Cybersecurity Awareness Month, underscoring that the human element is the first and most critical line of defense against cyberthreats. Cybercriminals exploit social engineering and increasingly rely on AI-driven tools to create believable, hyper-personalized scams and deepfakes. Watch the video with ESET Chief Security Evangelist Tony Anscombe for practical insights, and consider ESET's cybersecurity awareness training to strengthen individual and organizational resilience.
read more →

Five Essential Cybersecurity Tips for Awareness Month

🔒 October is Cybersecurity Awareness Month, a timely reminder that prevention-first strategies are essential as digital threats evolve rapidly. This piece presents five practical tips organizations and individuals can implement — from user training and multi-factor authentication to regular patching and least-privilege access — and stresses the rising risk of AI-driven attacks and the need for layered defenses.
read more →

Boards Should Be Bilingual: AI and Cybersecurity Strategy

🔐 Boards and security leaders should become bilingual in AI and cybersecurity to manage growing risks and unlock strategic value. As AI adoption increases, models and agents expand the attack surface, requiring hardened data infrastructure, tighter access controls, and clearer governance. Boards that learn to speak both languages can better oversee investments, M&A decisions, and cross-functional resilience while using AI to strengthen defense and competitive advantage.
read more →

Adapting Enterprise Risk Management for Generative AI

🛡️ This post explains how to adapt enterprise risk management frameworks to safely scale cloud-based generative AI, combining governance foundations with practical controls. It emphasizes the cloud as the foundational infrastructure and identifies differences from on‑premises models that change risk profiles and vendor relationships. The guidance maps traditional ERMF elements to AI-specific controls across fairness, explainability, privacy/security, safety, controllability, veracity/robustness, governance, and transparency, and references tools such as Amazon Bedrock Guardrails, SageMaker Clarify, and the ISO/IEC 42001 standard to operationalize those controls.
read more →

Enabling Enterprise Risk Management for Generative AI

🔒 This article frames responsible generative AI adoption as a core enterprise concern and urges business leaders, CROs, and CIAs to embed controls across the ERM lifecycle. It highlights unique risks—non‑deterministic outputs, deepfakes, and layered opacity—and maps mitigation approaches using AWS CAF for AI, ISO/IEC 42001, and the NIST AI RMF. The post advocates enterprise‑level governance rather than project‑by‑project fixes to sustain innovation while managing harm.
read more →

Agentic AI Risks and Governance: A Major CISO Challenge

⚠️ Agentic AI is proliferating inside enterprises, embedding autonomous agents into development, customer support, process automation, and employee workflows. Security experts warn these systems create substantial visibility and governance gaps: organizations often do not know where agents run, what data they access, or how independent their actions are. Key risks include risky autonomy, uncontrolled data sharing among agents, third-party integration vulnerabilities, and the potential for agents to enable or mimic multi-stage attacks. CISOs should prioritize real-time observability, strict governance, secure-by-design development, and cross-functional coordination to mitigate these threats.
read more →

Three-Part Framework to Measure AI Value and Impact

🚀 This Cloud blog post from Google Cloud Consulting presents a practical three-part framework to quantify the business value of AI initiatives. It asks teams to define success across four value-driver categories, transparently specify Total Cost of Ownership (TCO), and state an explicit ROI. A worked example — an e-commerce customer-service chatbot — shows quantified monthly benefits versus estimated managed-service costs, demonstrating rapid payback and sustained positive cash flow.
read more →

Amazon ECS adds Amazon Q Developer task definition AI

🤖 Amazon ECS now offers generative AI assistance from Amazon Q Developer to streamline task definition creation and updates in the AWS Management Console. Developers can use an inline chat to generate, explain, or refactor task definition JSON, inject suggestions at any point, and accept or reject proposed edits. Inline suggestions are enhanced to let Amazon Q Developer autocomplete whole blocks of sample code in addition to property-based hints. The capability is available where Amazon Q Developer is offered and can be enabled or disabled via the console code editor settings or controlled with IAM permissions.
read more →

Black Hat USA 2025: Culture, AI, and Cyber Risk Debates

📣 At Black Hat USA 2025, founder Jeff Moss and veteran researcher Mikko Hypponen framed the conference around the interplay of technology, corporate culture, and measurable cyber risk. Moss asked whether companies let technology shape culture or adapt technology to preserve values, warning that AI-driven customer service can damage brand trust when poorly implemented. Hypponen argued that security failures often reflect system gaps—malicious links should be stopped before reaching users—and cautioned that apparent success (when nothing happens) can lead to complacency and cyclical underinvestment.
read more →