Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted AI & Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted AI & Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted AI & Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
STAR Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
AI Controls Matrix (AICM)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted AI & Cloud Consultant
CSAIChaptersEventsBlog
Learn why hybrid environments are now the norm and how to build a security architecture that embraces this. Register for the July 1st webinar →

All Articles

Home
All Articles
More Than Half of Organizations Experience AI Agent Scope Violations, Cloud Security Alliance Study Finds

Press Release Published: 04/16/2026

New research shows rapid AI adoption is outpacing governance, with unintended AI agent behavior becoming common across enterprises SEATTLE – April 16, 2026 – A new study conducted by the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, ...

New Cloud Security Alliance Survey Reveals 82% of Enterprises Have Unknown AI Agents in Their Environments

Press Release Published: 04/21/2026

Lack of visibility remains a top security risk with 65% of respondents reporting AI agent-related incidents in the past year SEATTLE – April 21, 2026 – A new survey report from the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero...

We are Fixing the Wrong Problem in Non-Human Identity Security

Blog Published: 04/23/2026

  Introduction: The Identity Everyone Ignores For over two decades, identity security has revolved around a simple assumption, “people are the risk.” We built programs to govern users, authenticate humans, de-provision employees, and enforce access reviews. That model worked until it d...

The Shadow AI Agent Problem in Enterprise Environments

Blog Published: 04/28/2026

Organizations say they have visibility into their AI agents. The data says otherwise. Consider CSA and Token Security’s new survey report, Autonomous but Not Controlled. At first glance, the numbers look reassuring. The majority of organizations (68%) say they have high visibility into AI...

Cloud Security LIVE 2026: Building Trust in the Age of AI-Driven Threats

Blog Published: 04/28/2026

The cloud security landscape isn't getting simpler. AI is reshaping how organizations build and operate, attack surfaces are expanding beyond traditional boundaries, and the pressure on security leaders to communicate risk, not just manage it,  has never been higher. Cloud Security LIVE...

An Actionable Guide to GDPR Compliance for Startups

Blog Published: 04/30/2026

The General Data Protection Regulation (GDPR) is the EU’s landmark law for data security and privacy, and is mandatory for any organization that processes the data of individuals within the EU. While GDPR compliance is a legal requirement, the framework also serves as a benchmark for ethical...

From Declaration to Detection: Sensing AI Behavior with the WBSC Probe Library

Blog Published: 04/27/2026

  When the Answer Is the Problem During a recent structured evaluation of two leading AI systems, I asked one a straightforward accountability question: provide evidence that people from low-income communities, indigenous groups, or the Global South had meaningful input into the va...

Attackers Don’t Need Zero-Days When Cloud Misconfigurations Are Everywhere

Blog Published: 04/29/2026

The most concerning cloud attack stories today are not about groundbreaking exploits. They are about scale. A threat group known as TeamPCP has quietly compromised tens of thousands of servers worldwide—not through sophisticated malware or unknown vulnerabilities, but by systematically huntin...

Identity and Authorization: The Operating System for AI Security

Blog Published: 04/29/2026

This is the seventh and final blog in a seven-part series on identity security as AI security. A Replit coding agent erased 1,206 customer records in seconds. In the Salesloft Drift breach, OAuth tokens sat active for months after workflows ended, compromising 700+ organi...

Runtime Is Where Cloud Security Really Counts: The Importance of Detection, Forensics and Real-Time Architecture Awareness

Blog Published: 05/04/2026

Cloud security has focused heavily on prevention, posture, and configuration. Real attacks don’t happen there. They unfold at runtime, across live workloads and identities, where visibility is limited and evidence disappears fast. This blog covers why runtime is the most critical layer to sec...

Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production

Blog Published: 05/05/2026

Why AI-driven security testing in the development lifecycle could help teams reduce noise, deploy faster, and build safer software. In April, Anthropic announced Project Glasswing, a $100 million initiative built around its unreleased Claude Mythos Preview model. The goal is ambitious: iden...

Agent Access Management (AAM): Why Governing AI and Non-Human Identities Requires a Data-First Security Model

Blog Published: 05/05/2026

AI agents, service accounts, automation workflows, and machine-to-machine processes are rapidly becoming first-class actors in the enterprise. These non-human identities no longer operate in the background — they access, move, transform, and act on sensitive data, often autonomously and at ma...

8 Dangerous Truths About Excessive Privileges in Cloud and SaaS Platforms

Blog Published: 05/06/2026

How many people in your organization have user access and privileges they don’t truly need? That question was central to a recent incident in France. Authorities there disclosed unauthorized access to the national bank account registry FICOBA after a threat actor used stolen credentials belon...

AI Governance Explained: Why It Matters and What Mature Programs Require

Blog Published: 05/07/2026

As organizations scale their use of AI systems in key business processes, customer-facing products, and high impact decisions, the question is no longer whether AI can deliver value, but whether it can be deployed in a way that is reliable, secure, fair, and sustainable over time. Sustainabl...

AI Agent Identity Is Being Solved Backwards - And the Window to Fix It Is Now

Blog Published: 05/08/2026

AI agents are processing transactions, analyzing medical records, and orchestrating enterprise workflows today, at scale. CSA, OWASP, and NIST have all formally recognized that traditional IAM is inadequate for these workloads. The problem has been named but the solutions being deployed are s...

Combatting the Top Three Sources of Risk in the Cloud

Blog Published: 05/18/2026

With cloud computing, organizations are storing data like intellectual property, trade secrets, Personally Identifiable Information (PII), proprietary code and statistics, and other sensitive information in the cloud. If this data were to be accessed by malicious actors, it could incur financ...

Achieving Complete SDLC Visibility and Security in a Multi-Cloud World

Blog Published: 05/11/2026

  TL;DR Unify your security posture across the entire software development lifecycle (SDLC) to eliminate blind spots, prioritize critical risks, and drive accountability in multi-cloud environments.   Key SDLC visibility takeaways: Fragmented environments require unified visi...

Identity in the Age of AI: Rethinking Zero Trust's First Pillar

Blog Published: 05/01/2026

  Part 2 of 7 in the CSA Series: AI and the Zero Trust Transformation. Read Part 1 here. Picture a Monday morning in early 2026. A regional finance team joins what looks like a routine video call. The CFO appears on screen with familiar mannerisms, the slight rasp of a weekend cold, ...

From Cloud to AI: Building Security Programs That Scale

Blog Published: 04/24/2026

At RSAC Conference 2026, Sean Martin caught up with Rich Mogull at the Cloud Security Alliance (CSA) booth for a candid on-site conversation about where enterprise security programs stand today -- and what it actually takes to keep pace with AI. Mogull, who joined CSA as Chief Analyst in Oct...

The Catastrophic Risk Annex: Next Gen AI Security Controls

Blog Published: 04/29/2026

AI technologies are entering a new phase defined by their growing systemic impact. Organizations today are already managing familiar AI risks: data leakage, bias, model drift, and misuse. But as AI systems become more capable, autonomous, and embedded in critical infrastructure, possible cat...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
219
220
221
223
225
226
Last »