Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
CSAIChaptersEventsBlog
Join the Tenable Exposure Management Conference in Boston from May 19–21 to explore modern exposure management and AI risk. Register for EXPOSURE 2026 →

All Articles

Home
All Articles
OpenClaw Threat Model: MAESTRO Framework Analysis

Blog Published: 02/20/2026

Executive Summary This document applies MAESTRO Framework (7-layer Agentic AI Threat Model) to the OpenClaw codebase, identifying specific threats at each layer and detailing mitigation strategies based on the actual implementation.   Layer 1 – Foundation Models Threats Identifie...

What is a Risk Engineer?

Blog Published: 03/02/2026

I've spent my career as an elite security researcher hunting vulnerabilities. My job has always been to think like an attacker: find the gaps and exploit the loopholes. When I bring that same mindset to third-party risk, I find exactly what I expect: companies are treating their biggest atta...

CCM v4.1 Transition Timeline

Blog Published: 02/19/2026

This blog was published on February 19, 2026 with the latest information regarding the release of CCM v4.1. On January 28, CSA released version 4.1 of the Cloud Controls Matrix (CCM), succeeding CCM v4.0.13. This latest version strengthens the framework by incorporating requirements arising...

Securing the Modern Cloud: 5 Best Practices for Protecting Multi-Cloud Workloads

Blog Published: 03/02/2026

In the landscape of modern enterprise IT, cloud security posture management (CSPM) often takes center stage by focusing on the underlying multi-cloud infrastructure and detecting misconfigurations. However, infrastructure is only half of the equation. To achieve comprehensive security, organi...

How Attackers Are Weaponizing AI to Create a New Generation of Ransomware

Blog Published: 03/04/2026

Artificial intelligence is reshaping the cyber threat landscape as attackers have already begun weaponizing AI to dramatically accelerate phishing, reconnaissance, payload development, and attack execution. To better understand this new reality, Josh Tomkiel, Managing Director on Schellman’...

Building a Declarative Governance Framework for the Agentic Era

Blog Published: 03/05/2026

Agentic systems are quickly moving from experimentation to production. Autonomous agents now access enterprise data, trigger actions, and operate across cloud, SaaS, and unstructured environments—often without direct human involvement. This evolution introduces a new governance cha...

Core Collapse

Blog Published: 02/26/2026

  How AI is blowing cybersecurity apart, taking us back to our beginnings, and reforging our foundations. A star dies slowly. Then all at once. A star lives billions of years in tension. Thermal energy from fusion in its core pushes outward against gravity pulling inward. It burns thr...

Where to Start with Zero Trust in Cellular Networks

Blog Published: 03/09/2026

If you’ve ever tried to “do Zero Trust” in a cellular environment, you’ve probably hit the same wall: the scope is enormous. You’re not securing one enterprise network. You’re dealing with user equipment, a distributed RAN, transport, a cloud-native 5G core, OSS/BSS platforms, and the underl...

7 Cloud Security Lessons from the AWS Crypto Mining Campaign

Blog Published: 03/09/2026

Cloud security incidents are often explained as the result of sophisticated hacks or unknown vulnerabilities. In reality, many of the most damaging cloud incidents today don’t involve breaking anything at all. They involve using what already exists—legitimate access, trusted systems, and over...

Checkbox TPRM is Dead. Start Engineering Risk.

Blog Published: 03/16/2026

  Key Takeaways Checkbox TPRM can't handle third-party sprawl: When integrated vendors fail, your business fails—questionnaires and reports won't prevent that. Shift from Box Checker to Risk Engineer: Analyze actual vendor connections, run targeted tests, and take action to stop thr...

The State of Cloud and AI Security in 2026

Blog Published: 03/13/2026

TL;DR: As decentralized AI agents and complex identity fabrics redefine the digital perimeter in 2026, shift from static patching to continuous exposure management to maintain resilience.   Key Takeaways You are managing a perimeter that has shifted from human users to a 100-to-1 ra...

AI in GRC: Friend, Foe, or FOMO?

Blog Published: 03/12/2026

Everyone wants AI. No, scratch that; everyone needs AI. At least, that’s what leaders are concluding after seeing all the analyst reports, attending all the conferences, and reading all the industry news. The FOMO is real, and it’s creating a kind of organizational whiplash. Top-down pressur...

When PHI Meets Shadow AI

Blog Published: 03/10/2026

Healthcare security teams have gotten used to a certain kind of “shadow” problem. Shadow IT was bad enough with unsanctioned apps, unmanaged storage, and random SaaS accounts holding sensitive data. But generative AI has changed the shape of the risk. To quote our latest research, “achieving...

Designing Prompt Injection-Resilient LLMs

Blog Published: 03/17/2026

Enterprises didn’t adopt LLMs because they wanted a new security headache. They adopted them because GenAI is transforming workflows amazingly quickly. But as we emphasize in our new Zero Trust publication, these same systems also escalate data privacy risks. Traditional perimeter-based secu...

How AI is Simplifying Multi-Framework Cloud Compliance for CSA STAR Assessments

Blog Published: 03/06/2026

As organizations continue to embrace digital transformation, they are increasingly relying on multi-cloud environments to drive innovation, agility, and scalability. But with these benefits come significant challenges, particularly when it comes to compliance. Managing regulatory requirements...

AI Security: When Your Agent Crosses Multiple Independent Systems, Who Vouches for It?

Blog Published: 03/11/2026

This is the third blog in a seven-part series on identity security as AI security. TL;DR: AI agents routinely cross organizational boundaries, accessing independent systems across different trust domains. Yet each domain validates credentials in isolation, leaving no shared defen...

Understanding ISO 42001: Responsible AI Governance in an Evolving Regulatory Landscape

Blog Published: 03/18/2026

In this blog post, Danny Manimbo, subject matter expert on AI governance standards and Managing Principal of Schellman's ISO and AI services, covers what ISO 42001 is and why it exists, as well as the types of organizations it was designed for, how it addresses AI governance issues, and the ...

How to Remediate at Scale in DSPM: Why Ticketing Is Not Enough

Blog Published: 03/19/2026

Data security posture management (DSPM) has rapidly become essential for understanding where sensitive data lives and how it’s exposed. But as DSPM adoption grows, organizations are running into a hard reality: visibility alone doesn’t reduce risk—remediation does. Many teams...

Securing the Agentic Control Plane: A New Foundation for Trust in AI

Blog Published: 03/20/2026

Over the past decade, we’ve watched cloud computing reshape infrastructure, Zero Trust redefine security architecture, and artificial intelligence begin to influence nearly every aspect of business and society. Each of these shifts introduced new risks, but also new control mechanisms tha...

Cloud Security Alliance Launches CSAI Foundation With Mission of “Securing the Agentic Control Plane”

Press Release Published: 03/23/2026

New 501(c)3 non-profit debuts at RSA Conference 2026 to govern autonomous AI agent ecosystems through risk intelligence, certification, and executive trust programs RSAC (SAN FRANCISCO) — March 23, 2026 — The Cloud Security Alliance (CSA), the world’s leading not-for-profit organization ...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
216
217
218
220
222
223
Last »