strategy
What the EU AI Act requires for AI agent logging
The EU AI Act is 144 pages long. The logging requirements that matter for AI agent developers sit across four articles that keep referencing each other. Here’s what they say, …
Wi-Fi roaming security practices for access network providers and identity providers
Public Wi-Fi roaming networks carry authentication credentials across multiple administrative boundaries, and the protocols governing that process vary widely in their …
The exploit gap is closing, and your patch cycle wasn’t built for this
The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working …
Zero trust at year two: What nobody planned for
In this Help Net Security video, Jim Alkove, CEO of Oleria, walks through where zero trust programs typically stand one to two years in. Most organizations have made gains in …
What managing partners should ask AI vendors before signing any contract
In this Help Net Security interview, Kumar Ravi, Chief Security & Resilience Officer at TMF Group, argues that over-privileged access and weak workflow controls pose more …
Trust, friction, and ROI: A CISO’s take on making security work for the business
In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature security programs …
Why I’m done calling humans the weakest link
Cybersecurity has long suffered from a people problem, but not in the way we often hear about. As industry that is based on enabling communication across the globe via the …
The art of making technical risk make sense to executives
In this Help Net Security video, Jay Miller, CISO at Paessler, explains how security leaders can communicate technical risk to executives and board members in terms they …
Why risk alone doesn’t get you to yes
I have been in security rooms for years, from military operations centers to corporate boardrooms. In all those years I can tell you that the hardest mission that most …
AI SOC vendors are selling a future that production deployments haven’t reached yet
Vendors selling AI-powered security operations platforms have built their pitches around a consistent set of promises: autonomous threat investigation, dramatic reductions in …
Why your phishing simulations aren’t building a security culture
Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training …
The AI safety conversation is focused on the wrong layer
Organizations have spent years accumulating fragmented identity systems: too many roles, too many credentials, too many disconnected tools. For a workforce of humans, that …
Featured news
Resources
Don't miss
- Vercel breached via compromised third-party AI tool
- AI platform ATHR makes voice phishing a one-person job
- SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines
- How to spot a North Korean fake in a job interview
- Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild