Cloud Security Alliance
Known vulnerabilities behind most application security incidents
Eight in ten organizations took an application security hit during the past year tied to a vulnerability their team had already cataloged, according to a survey of 902 IT and …
The exploit gap is closing, and your patch cycle wasn’t built for this
The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working …
Testing reveals Claude Mythos’s offensive capabilities and limits
Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute …
Who owns AI agent access? At most companies, nobody knows
AI agents are operating across production enterprise environments at scale, and the identity infrastructure managing their access has not kept up with their deployment. A …
AI agents behave like users, but don’t follow the same rules
Security and governance approaches to autonomous AI agents rely on static credentials, inconsistent controls, and limited visibility. Securing these agents requires the same …
AI is flooding IAM systems with new identities
Most organizations view AI identities through the same lens used for other non-human identities, such as service accounts, API keys, and chatbots, according to The State of …
Governance maturity defines enterprise AI confidence
AI security has reached a point where enthusiasm alone no longer carries organizations forward. New Cloud Security Alliance research shows that governance has become the main …
New framework sets baseline for SaaS security controls
Managing security across dozens or even hundreds of SaaS apps has become a major headache. Each tool has its own settings, permissions, and logs, and most third-party risk …
The cybersecurity myths companies can’t seem to shake
Cybersecurity myths are like digital weeds: pull one out, and another quickly sprouts in its place. You’ve probably heard them before: Macs don’t get viruses, we’re too small …
How to build AI into your business without breaking compliance
AI is supposed to make businesses faster, smarter, and more competitive, but most projects fall short. The Cloud Security Alliance (CSA) says the real issue is companies …
Only 3% of organizations have a dedicated budget for SaaS security
Mid-market organizations are grappling with managing the large volume of SaaS applications, both sanctioned and unsanctioned, with actual numbers often exceeding expectations, …
AI is becoming the weapon of choice for cybercriminals
This article highlights key findings from 2024 reports on AI and GenAI technologies, focusing on their potential and major challenges. Overreliance on GenAI to develop …
Featured news
Resources
Don't miss
- Attackers are exploiting FortiSandbox vulnerabilities
- SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)
- Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)
- Reachability makes AI threat modeling worth the trust
- EU Cybersecurity Act 2.0: When good regulation goes bad