1Campaign: A New Cloaking Platform Helping Attackers Abuse Google Ads
Blog Published: 03/23/2026
1Campaign is a new cloaking platform that helps attackers bypass Google Ads screening, evade security researchers, and keep phishing and crypto drainer pages online longer. Varonis Threat Labs uncovered 1Campaign, a full-service cloaking platform built to help threat actors run malicious Go...
Control the Chain, Secure the System: Fixing AI Agent Delegation
Blog Published: 03/25/2026
This is the fourth blog in a seven-part series on identity security as AI security. TL;DR: Delegation chains are becoming high-leverage targets in autonomous systems. Each agent handoff multiplies access, and with almost all (97%) of non-human identities already carrying ...
Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data
Blog Published: 03/30/2026
Varonis Threat Labs discovered a way to bypass Copilot’s safety controls, steal users’ darkest secrets, and evade detection. Varonis Threat Labs uncovered a new attack flow, dubbed Reprompt, that gives threat actors an invisible entry point to perform a data‑exfiltration chain that bypass...
Cloud Security Alliance’s AI Controls Matrix (AICM) Named 2026 CSO Awards Winner
Press Release Published: 03/10/2026
Honored as the first framework built to address real-world generative AI risks SEATTLE, March 10, 2026 — The Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, is pleased to announce that its AI Contr...
Cloud Security Alliance’s Trusted AI Safety Expert (TAISE) Certificate Honored as Finalist of the 2026 SC Awards
Press Release Published: 03/19/2026
Comprehensive AI safety certification program earns finalist spot for Best Professional Certification Program SEATTLE, March 19, 2026 — The Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, is proud...
Islands of Agents: Why One IAM to Rule Them All Doesn't Work
Blog Published: 03/10/2026
This week I was at the [un]prompted AI security conference, put on by CSA’s very own Gadi Evron. It was an amazing event with stellar presentations and awesome networking. It was also a bit weird to be at a conference, wondering if everything we were learning and discussing would be out of d...
Cloud Security Alliance Expands Enterprise Membership Program to Directly Improve Member Security Outcomes
Press Release Published: 03/18/2026
New program provides structured expert guidance, hands-on workshops, and operational maturity roadmaps to help organizations translate CSA research into real-world security improvements SEATTLE, March 18, 2026 — The Cloud Security Alliance (CSA), the world’s leading not-for-profit organizatio...
From Guardrails to Governance: Why Enterprise AI Needs a Control Layer
Blog Published: 03/17/2026
Enterprise AI began with conversations. Early deployments centered on assistants that generated responses, summarized documents, and answered questions. In that context, the primary risk was what the system might say. Organizations focused on preventing hallucinations, blocking sensitive d...
Rethinking Authorization for the Age of Agentic AI
Blog Published: 03/19/2026
Why “Mean Time to Understand (MTU)” should become a core service level objective (SLO) for identity governance Abstract AI agents now operate at speeds and patterns fundamentally different from human users. They generate plans, select tools dynamically, and change course mid‑...
5 Retail Misconfigurations Attackers Exploit First
Blog Published: 03/26/2026
Attackers do not always rely on sophisticated exploits. In many retail breaches, the real opportunity comes from something much simpler: a misconfiguration that no one noticed. Recent retail exposures demonstrate how easily sensitive information can become accessible through overlooked SaaS ...
Code-to-Cloud Security: Embracing a Unified, Ecosystem-Wide View of Cyber Risk
Blog Published: 03/30/2026
TL;DR: A fragmented approach to security creates noise. Learn how a code-to-cloud strategy integrates disparate data into a unified view to pinpoint your most critical risks. Key code-to-cloud takeaways: Fragmented cloud-security point solutions often obscure true risk by creating data si...
When Saving on Kubernetes Costs Creates Security Debt: The FinOps Guardrails Most Teams Miss
Blog Published: 03/27/2026
Kubernetes has a habit of turning “we’re finally getting efficient” into “why are we suddenly fragile?” It usually starts innocently: FinOps flags idle capacity, a platform team trims requests, and someone posts a chart showing the spend dropping week over week. Then the weirdness begins. A ...
AI Security: When Agents Control Physical Systems, IAM Becomes Safety Infrastructure
Blog Published: 04/01/2026
This is the fifth blog in a seven-part series on identity security as AI security. TL;DR: In mid-September 2025 Chinese state actors weaponized Claude Code to conduct the first documented large-scale autonomous cyberattack. The operation targeted large tech companies, f...
The Three-Body Problem of Data, AI, and Identity: Why the Future of Security Depends on All Three
Blog Published: 04/02/2026
In physics, the “three-body problem” describes how the motion of three celestial objects – such as the Earth, Moon, and Sun – becomes unpredictable as their mutual gravitational interactions come into play. Each object affects the others in complex, often chaotic ways. Today’s enterprises fa...
The State of AI Cybersecurity 2026: Unveiling Insights from Over 1,500 Security Leaders
Blog Published: 04/02/2026
This year, organizations have been racing to implement generative and agentic AI tools at a breakneck pace. Darktrace asked over 1,500 security leaders about how they’re navigating these rapid technology shifts – and the challenges and opportunities enterprise AI presents. Introduct...
More Than Two-Thirds of Organizations Cannot Clearly Distinguish AI Agent from Human Actions as Over-Privileged Access Becomes Widespread, Cloud Security Alliance Study Finds
Press Release Published: 03/24/2026
Rapid AI agent expansion is exposing structural gaps in access control maturity, credential hygiene, and identity attribution RSAC (SAN FRANCISCO) – March 24, 2026 – Seventy-three percent of organizations expect AI agents to become vital within the next year, yet 68% can’t clearly ...
The Agentic Trust Deficit: Why MCP's Authentication Vacuum Demands a New Security Paradigm
Blog Published: 03/24/2026
We find ourselves staring into an abyss of our own construction, and the vertiginous depth of our collective negligence ought to give every security practitioner pause. Fourteen months ago, Anthropic unveiled the Model Context Protocol as the connective tissue between large language models an...
AI Identity Security Compliance Checklist
Blog Published: 04/08/2026
Agentic AI is redefining identity security. While 91% of organizations are deploying autonomous agents, nearly half lack formal oversight. To bridge this gap, enterprises must integrate agents into existing identity frameworks, applying the same rigorous standards used for humans. This check...
Post-Quantum Cryptographic Migration for Cloud-Native Zero-Trust Architectures: What CSA Members Need to Deploy Now
Blog Published: 04/06/2026
Written by Sunil Gentyala, Lead Cybersecurity and AI Security Consultant at HCLTech. Cloud PQC Migration Priority Matrix: Urgency vs Implementation Complexity for 11 cloud security components. Upper-left quadrant (DO FIRST) items are actionable within current quarter using ava...
How an Exposed AWS Access Key Can Lead to Full Account Takeover
Blog Published: 04/07/2026
Cloud breaches rarely begin with advanced exploits or unknown vulnerabilities. Most start with something far more ordinary: a misconfiguration. A recent real-world incident illustrates how quickly a single exposed credential can compromise an entire cloud environment. Attackers discovered AW...
