Bridging the Gap Between Cloud Security Controls and Adversary Behaviors: A CSA–MITRE CTID Collaboration
Blog Published: 02/02/2026
As cloud adoption accelerates across industries, the complexity and volume of cloud-specific threats have grown in parallel. Security professionals are increasingly turning to standardized frameworks and methodologies to guide their defense strategies. The MITRE ATT&CK® framework&n...
Non-Human Identity Governance: Why IGA Falls Short
Blog Published: 02/05/2026
Identity Governance and Administration (IGA) has long been a pillar of access management. It works well for employees and contractors whose identities are anchored in HR systems, follow predictable lifecycles, and change relatively slowly. In those environments, organizations have histo...
The Great Divide: How AI Is Splitting the Cybersecurity Landscape
Blog Published: 02/12/2026
As we move deeper into 2026, we’re officially past the point of asking if AI will transform cybersecurity. The only question now is whether your organization will be ready when it does. 2025 marked the year that AI moved from industry buzzword to active battlefield. Now, the gap between org...
Zero Trust for Agentic Pipelines That Touch Cloud Production
Blog Published: 02/27/2026
Introduction Zero Trust security originally focused on people and was designed to protect systems from risky user behavior and compromised devices. Most controls assumed that a human was sitting behind a keyboard and making decisions. Well, that model no longer reflects reality in ...
The Agentic Trust Framework: Zero Trust Governance for AI Agents
Blog Published: 02/02/2026
This blog post presents the Agentic Trust Framework (ATF), an open governance specification designed specifically for the unique challenges of autonomous AI agents. For security engineers, enterprise architects, and business leaders working with agentic AI systems, ATF provides a structured ...
How CSA STAR Helps Cloud-First Organizations Tackle Modern Identity Security Risks
Blog Published: 02/13/2026
Cloud-first strategies have completely changed how organizations operate. Teams can launch infrastructure in minutes instead of weeks, rely heavily on SaaS applications, and collaborate from anywhere in the world. This flexibility and speed have unlocked enormous business value, but they’ve a...
Logic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability Class in Agentic Systems
Blog Published: 02/09/2026
Written by: Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups Hammad Atta, Founder & AI Technology Advisor, Qorvexconsulting Research Dr. Yasir Mehmood, AI 5G & IoT Systems Security Introduction: The Hidden Risk in Agen...
React2Shell Reflections: Cloud Insights, Finance Sector Impacts, and How Threat Actors Moved So Quickly
Blog Published: 02/23/2026
Introduction Last month’s disclosure of CVE 2025-55812, known as React2Shell, provided a reminder of how quickly modern threat actors can operationalize newly disclosed vulnerabilities, particularly in cloud-hosted environments. The vulnerability was discovered on December 3, 2025...
How to Secure AI in the Enterprise: A Practical Framework for Models, Data, and Agents
Blog Published: 03/03/2026
Introduction: Why securing AI is now a security priority AI adoption is at the forefront of the digital movement in businesses, outpacing the rate at which IT and security professionals can set up governance models and security parameters. Adopting Generative AI chatbots, autonomous ...
Forensics or Fauxrensics: Five Core Capabilities for Cloud Forensics and Incident Response
Blog Published: 03/17/2026
Introduction The speed and scale at which new cloud resources can be spun up has resulted in uncontrolled deployments, misconfigurations, and security risks. It has had security teams racing to secure their business’ rapid migration from traditional on-premises environments to the cl...
New Survey from Cloud Security Alliance, Strata Identity Finds That Enterprises Are in a “Time-to-Trust” Phase, As They Build Foundations for AI Autonomy
Press Release Published: 02/05/2026
Agentic workforce is scaling faster than identity and security frameworks can adapt SEATTLE – Feb. 5, 2026 –The latest survey report from the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, has fo...
Applying MAESTRO to Real-World Agentic AI Threat Models: From Framework to CI/CD Pipeline
Blog Published: 02/11/2026
Every security team I talk to is having the same conversation right now. Their developers are shipping AI agents — coding assistants, autonomous workflows, LLM-powered tools that can browse the web, execute code, query databases, and send emails on behalf of users. The agents live in produc...
Why Zero Trust Needs to Start at the Session Layer
Blog Published: 02/19/2026
Most of us grew up professionally in a world where “secure access” meant encrypt the tunnel and harden what’s exposed. VPNs, TLS/mTLS, WAFs, EDR, patching, detection, response... the whole modern stack is built around the assumption that the network and its endpoints are visible. Security s...
Token Sprawl in the Age of AI
Blog Published: 02/18/2026
If your organization is experimenting with AI agents, copilots, or AI services accessed via API, you’ve probably created more identities than you intended. These non-human identities (service accounts and their associated API keys, tokens, etc.) keep modern systems talking to each other. CS...
The Visibility Gap in Autonomous AI Agents
Blog Published: 02/24/2026
AI agents are quickly becoming autonomous digital actors embedded in enterprise workflows. Unfortunately, as organizations scale from dozens to hundreds of agents across clouds, platforms, and business units, the identity foundations inherited from human IAM are beginning to strain under new ...
Breaking Down the SOC 2 Trust Services Criteria: Privacy
Blog Published: 02/18/2026
Unpack the critical role of privacy within the five SOC 2 trust services criteria (TSC) and how organizations can leverage compliance to build trust and resilience in a data-driven world. In this post, you’ll learn: The pillars of privacy in SOC 2 Key components and requirements Privacy ...
RBI’s .bank.in Mandate: A New Trust Anchor for Digital Banking — and Why It’s Only the Beginning
Blog Published: 02/24/2026
India’s banking system is undergoing a critical shift in how digital trust is established. With the rise of phishing, impersonation fraud, and look-alike banking websites, the Reserve Bank of India (RBI) introduced a decisive measure: all banks must migrate customer-facing digital bank...
AI Security: IAM Delivered at Agent Velocity
Blog Published: 02/17/2026
This is the first blog in a seven-part series on identity security as AI security. TL;DR: AI agents can expand an organization’s attack surface by 100 times, not by doing more but by doing it faster. In July 2025, a Replit AI agent deleted 1,206 database records in seconds,...
AI Security: When Authorization Outlives Intent
Blog Published: 02/25/2026
This is the second blog in a seven-part series on identity security as AI security. TL;DR: A silent breach rippled through the SaaS world in August 2025: demanding no ransomware demand, no splashy defacement. Just stolen credentials, quietly forgotten and dangerously alive. The t...
Agentic AI and the New Reality of Financial Security
Blog Published: 02/26/2026
Agentic AI is no longer experimental. It’s already operating inside production environments, automating workflows, moving data, calling APIs, and making decisions at machine speed. For organizations in financial services, healthcare, and cloud-native engineering, this shift is redefining what...
