Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
Card testing is hitting revenue, not just fraud. What should payment companies do now? Register for this March 10 webinar →

All Articles

Home
All Articles
Agentic AI Security: New Dynamics, Trusted Foundations

Blog Published: 12/18/2025

Contributed by Aiceberg.   Agentic AI - Why should you care? Agentic AI isn’t just another tech buzzword it represents a fundamental shift in how intelligent systems operate, make decisions, and interact with the world. As AI agents become more autonomous, they introduce both powerfu...

Governance Maturity Is Strongest Predictor of AI Readiness and Responsible Innovation, According to Study from Cloud Security Alliance and Google Cloud

Press Release Published: 12/18/2025

Organizations are continuing to move from experimentation to meaningful operational use SEATTLE – Dec. 18, 2025 –The State of AI Security and Governance Survey Report, a new study from the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud,...

Why Agentic AI Matters for the Future of Cybersecurity

Blog Published: 01/06/2026

As the cybersecurity landscape transforms, the rise of agentic AI is changing how organizations think about machine identities, or Non-Human Identities (NHIs). What happens when machines, powered by autonomous AI, become key actors in your digital ecosystem? The simple answer: you need to re...

AI Security Governance: Your Maturity Multiplier

Blog Published: 12/18/2025

Most organizations are no longer asking whether to use AI. The question now is whether they can secure it. In CSA’s latest survey report, The State of AI Security and Governance, a clear pattern emerges. Organizations with strong AI security governance are: Moving faster Experimenting ...

How to Build a Trustworthy AI Governance Roadmap Aligned with ISO 42001

Blog Published: 01/07/2026

As artificial intelligence continues to become widely embedded in critical business decisions, strategies, and processes, it increasingly faces growing scrutiny from regulators, customers, and the public. While AI offers unprecedented opportunities for operational enhancements and innovation,...

Introducing the AI Maturity Model for Cybersecurity

Blog Published: 01/08/2026

The AI Maturity Model for Cybersecurity is the most detailed guide of its kind, grounded in real use cases and expert insight. It empowers CISOs to make strategic decisions, not just about what AI to adopt, but how to do it in a way that strengthens their organization over time and achieves ...

Best Practices to Achieve the Benefits of Agentic AI in Pentesting

Blog Published: 01/13/2026

Agentic AI systems take penetration testing to a level far beyond traditional methods. In the words of a former Synack Red Team member and security engineer, Max Moroz, “Traditional pentesting is like checking your locks and windows once a year while a swarm of AI-powered burglars are c...

Reimagining the Browser as a Critical Policy Enforcement Point: A Zero Trust Security Architecture for Modern Enterprises

Blog Published: 01/14/2026

Contributed by HCL Technologies.   Executive Summary The browser has evolved into the contemporary security perimeter. Every SaaS authentication, developer console, administrative portal, and AI-driven research tool converges within browser tabs, making it a primary attack surface. ...

Securing the Future: AI Strategy Meets Cloud Security Operations

Blog Published: 01/09/2026

  Introduction: A Brief History of AI and Its Cybersecurity Impact Artificial Intelligence (AI) has evolved from theoretical concepts in the 1950s to transformative technologies embedded in every facet of modern enterprise. From Alan Turing’s foundational work to the rise of generative...

Closing the Zero Trust Governance Gap: Why Automation is Essential

Blog Published: 01/12/2026

When you think about Zero Trust—particularly what it means in terms of access controls and where to start strengthening your security posture—what comes to mind? For many organizations, the answer focuses on perimeter security: multi-factor authentication (MFA), segmentation, device posture,...

Your Cloud May Be Secure, But Are Your Backups? Lessons From The EY Incident

Blog Published: 01/12/2026

Cloud teams often obsess over production systems: hardening workloads, tightening IAM, refining detection rules, and closing misconfigurations before attackers can use them. But there’s another environment hiding in plain sight: your backup storage. The recent discovery of a 4TB publicly acc...

What Actually Makes an Agentic AI Solution Scalable?

Blog Published: 01/20/2026

Agentic AI is reshaping how organizations build, deploy, and secure intelligent systems. But as these agents automate workflows, make decisions, and initiate actions across cloud environments, something critical happens behind the scenes: Every AI agent becomes a Non-Human Identity (NHI). ...

How Organizations are Addressing Cloud Investigation and Response

Blog Published: 01/22/2026

The importance of cloud investigation and incident response are compounded by an expanded attack surface in the cloud, lack of advanced tooling to upskill teams, and increasing regulatory pressure from compliance regulations. This blog dives into these challenges and explores potential solut...

Scoping a Privacy Information Management System (PIMS) With ISO 27701:2025

Blog Published: 01/21/2026

ISO 27701 is a globally recognized standard for establishing a privacy information management system (PIMS), outlining the requirements and supporting controls that should be fulfilled and implemented. Compliance with ISO 27701 indicates that an organization has implemented a system to mana...

AAGATE: A NIST AI RMF-Aligned Governance Platform for Agentic AI

Blog Published: 12/22/2025

Written by: Ken Huang, CEO, DistributedApps.AI, CSA Research Fellow Kyriakos "Rock" Lambros, CEO, RockCyber Jerry Huang, Fellow at Kleiner Perkins Yasir Mehmood, Independent Researcher, Germany Hammad Atta, CEO, Qorvex Consulting & Roshan Consulting Joshua Beck, Application Secu...

The Breach That Did Not Need a Hacker: How Ordinary Identity Gaps Create Extraordinary Damage

Blog Published: 01/27/2026

Security teams spend enormous time preparing for attackers who exploit zero-days, break through firewalls, or launch sophisticated phishing campaigns. Yet the breach at FinWise Bank demonstrates a different and more unsettling truth. Not every incident requires a hacker. Sometimes the most d...

Agentic AI Pen Testing: Speed at Scale, Certainty with Humans

Blog Published: 01/26/2026

Autonomous agents can expand coverage and compress cycle times. Agentic AI is clearly changing security testing for the better.  But speed without judgment creates false confidence. The right model is AI‑first and human‑validated: let agents do the heavy lifting, then use seasoned rese...

Securing AI in CMMC Level 2 Environments: A Strategic Guide for CISOs and Cloud Security Engineers

Blog Published: 01/23/2026

Leveraging generative AI and machine learning can offer huge productivity gains – even for organizations handling sensitive Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). However, embedding AI into processes in a CMMC Level 2 environment introduces new...

AI Agents and How They Are Used in Pentesting

Blog Published: 02/05/2026

AI agents are increasingly used in penetration testing. Agents can add considerable value by reducing the time and effort required to complete some testing tasks manually. For example, an agent can autonomously initiate an nmap scan on a target web application IP address. Companies are u...

Minimizing Permissions for Cloud Forensics: A Practical Guide to Tightening Access in the Cloud

Blog Published: 02/09/2026

Most cloud environments struggle to strike the right balance between security and accessibility. This blog breaks down why traditional approaches to cloud forensics often fail and outlines practical, security-first strategies to solve the access dilemma. You’ll learn how to enable effective ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
213
214
215
217
219
220
Last »