The Reasoning Revolution: When Logs Finally Explain "Why"
Blog Published: 10/22/2025
When did you last explain to your terminal why you were running that command? "Kurt, why did you create this entry in our Airtable?" Two months had passed. I had no memory of it. But Airtable's audit logs showed the entry was created using a token I'd configured for AI tools. That gave m...
Identity Security Posture Management
Blog Published: 11/03/2025
Identity Security Posture Management (ISPM) is a top priority in cybersecurity this year and it’s easy to see why. With 80% of data breaches linked to identity-related issues, organizations are stepping up their identity security game by adopting modern solutions to answer cybersec...
Prepping for Agentic AI: Why We Created the NHI Management Fundamentals Certification
Blog Published: 11/04/2025
In every conversation we have with CISOs, IAM leaders, and security practitioners, the same theme comes up: how can we adopt AI without making security an afterthought? As agentic adoption accelerates, identity security has shifted from an IT challenge to a board-level priority, comman...
Cloud Security Alliance Launches STAR for AI, Establishing the Global Framework for Responsible and Auditable Artificial Intelligence
Press Release Published: 10/23/2025
Seattle, WA — October 23, 2025 — The Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, today announced the official launch of STAR for AI, introducing the first global framework for AI assur...
How to Secure Hypervisors for NIST 800-171 Compliance: Addressing the Virtualization Blind Spot
Blog Published: 11/05/2025
Written by Chris Goodman, Vali Cyber. Understanding the Risk at the Core of Virtual Infrastructure Hypervisors form the foundation of virtual infrastructure. They orchestrate resources, manage virtual machines (VMs), and enable scalability—but their privileged position also ma...
Rethinking AI Security: Every Interaction is About Identity
Blog Published: 11/07/2025
Originally published by Permiso Security. The rise of artificial intelligence (AI) has been nothing short of revolutionary, but with every new frontier comes a unique set of challenges. For many organizations, the promise of AI is tempered by a growing unease about its security. The AI...
The Difference Between HITRUST and the National Institute of Standards and Technology (NIST)
Blog Published: 11/12/2025
Understanding the nuances between HITRUST and NIST can significantly impact your organization’s approach to information security and compliance. Understanding HITRUST: What It Is and Its Significance The Health Information Trust Alliance, commonly known as HITRUST, is a not-for-pr...
How CISOs Can Strengthen AI Threat Prevention: A Strategic Checklist
Blog Published: 11/12/2025
AI technologies have become deeply embedded across modern enterprises, driving efficiency, automating workflows, and transforming business operations. Yet, as adoption accelerates, organizations are facing new and often unforeseen security challenges. The rapid rise of AI has introduced crit...
The Layoff Aftershock No One Talks About: The NHIs Left Behind
Blog Published: 11/26/2025
Just recently, Microsoft and Intel announced nearly 13,000 layoffs combined. Those headlines reignited conversations about workforce reductions, restructuring, and the human cost of automation and AI. But beneath the noise lies a quieter, more persistent threat — one that doesn’t make headl...
SSCF v1.0: The Standard That Simplifies SaaS Security
Blog Published: 11/19/2025
SaaS solutions power everything from HR to analytics, CRM to marketing automation. Yet despite their convenience, the security guarantees customers actually receive remain inconsistent and opaque. Most enterprise security programs still rely on vendor attestations (SOC 2, ISO 27001), questi...
Least Privilege Demands that Identity Goes Beyond IAM Teams to App, Data & Security Teams
Blog Published: 11/17/2025
In today’s digital landscape, identity has evolved from being a narrowly defined IT problem into a critical, organization-wide priority for cybersecurity teams. Historically, managing identity was a challenge handled predominantly by the IT department, which was tasked with granting and revo...
Why AI Won't Replace Us: The Critical Role of Human Oversight in AI-Driven Workflows
Blog Published: 12/03/2025
The inevitable follow-up question I receive after telling someone I work with artificial intelligence (AI) is some version of the question, “So, will AI take my job?” This reaction isn't surprising. Microsoft's 2024 Workplace Learning Report shows nearly half of workers worry AI might replace...
Navigating the Liminal Edge of AI Security: Deconstructing Prompt Injection, Model Poisoning, and Adversarial Perturbations in the Cognitive Cyber Domain
Blog Published: 12/01/2025
Abstract Artificial Intelligence (AI) is radically transfiguring the cybersecurity landscape, fomenting a paradigm where emergent attack vectors demand acute vigilance and intellectual agility. Today, threat actors are orchestrating exfiltration and chaos by exploiting vulnerabiliti...
One Day of Experience Building Agents
Blog Published: 11/25/2025
I am constantly bombarded on LinkedIn by AI news: a new protocol specification is out, here people are automating everything with agents, here are agents replacing a whole team of highly experienced neurosurgeons, etc. I look at this with fascination, but also with some scepticism (especiall...
The 99% Solution: MFA for Hypervisor Security
Blog Published: 11/18/2025
Originally published by Vali Cyber. Written by Nathan Montierth. Hypervisor attacks are accelerating, and the cost is catastrophic. Recent ransomware incidents targeting ESXi environments have cost organizations hundreds of millions of dollars in recovery and downtime. In...
Introducing Cognitive Degradation Resilience (CDR): A Framework for Safeguarding Agentic AI Systems from Systemic Collapse
Blog Published: 11/10/2025
Written by: Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups Hammad Atta, Founder & AI Technology Advisor, Qorvexconsulting Research Dr. Zeeshan Baig, Global Partner, AI Threat Modeling & Security, Qorvexconsulting Research Dr. Yasir Mehmood, AI ...
Scattered Spider and the Finance Sector: Ransomware Tactics Banks Can’t Afford to Ignore
Blog Published: 11/10/2025
Originally published by Vali Cyber. The financial sector is built on trust, speed, and constant availability. But one of today’s most aggressive cyber groups, Scattered Spider, has developed tactics that put those foundations at risk. Their playbook is precise: social engineering → identit...
Beyond Generative AI – My Journey to Expert-Guided AI
Blog Published: 10/31/2025
Introduction I wrote my first data-driven guidance and measurement app when I founded my first software company three decades ago. Back then, AI was described as a “knowledge-based system!” It became obvious that if I wanted to create an AI-assisted implementation for my cybersecu...
VDI, DaaS, or Local Secure Enclaves? A CCM‑Aligned Playbook for BYOD in 2025
Blog Published: 11/04/2025
Securing remote and hybrid work on unmanaged devices has never been about one silver‑bullet product. It’s about choosing a control pattern that fits your risk surface, then proving that choice with auditable evidence. In 2025, that means aligning device‑agnostic access with Zero Trust princi...
Streamlining Cloud Compliance Audits Using AI and Automation
Blog Published: 11/05/2025
Written by Ashwin Chaudhary, CEO, Accedere. If you’ve ever been part of a cloud compliance audit, you will know the drill of countless spreadsheets, endless evidence collection, and a lot of back-and-forth emails that can trench both time and patience. Now, imagine if half of that audit p...
