CSAIChaptersEventsBlog
Join CSA, RSAC, and UNLV for a one-day summit in Las Vegas exploring how AI is reshaping enterprise cybersecurity →

CSA Research

Best practices, guidance, frameworks and tools to help the industry secure the cloud. Read our research to get your questions around cloud security answered.
Research

CSA Research is created by the industry for the industry and is both vendor-neutral and consensus driven. Our research is created by subject matter experts who volunteer for our working groups. Each working group focuses on a unique topic or aspect of cloud security, from IoT, DevSecOps, Serverless and more, we have working groups for over 20 areas of cloud computing. You can view a list of all active research working groups. To find out more about how our research is created and the process we follow you can view the CSA Research Lifecycle.

Contribute to CSA Research

Peer reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.

Latest Research

Agent Data Injection: A New Attack Class Beyond Prompt Injection

Agent Data Injection: A New Attack Class Beyond Prompt Injection

Release Date: 07/16/2026

How Corrupted Metadata Bypasses Existing Agent Defenses. Agent Data Injection: A New Attack Class Beyond Prompt Injection Key Takeaways Researchers from Seoul National University, the University of Illinois Urbana-Champaign, and Largosoft have identified Agent Data Injection (ADI), a distinct...
Gold Eagle: The White House's AI Vulnerability Clearinghouse

Gold Eagle: The White House's AI Vulnerability Clearinghouse

Release Date: 07/15/2026

What the New Federal Coordination Model Means for Critical Infrastructure Operators. Key Takeaways The White House announced Gold Eagle on July 15, 2026, a federal clearinghouse intended to consolidate vulnerability findings from government and industry sources, harmonize inconsistent severity...
Multi-Cloud KMS Recommendations

Multi-Cloud KMS Recommendations

Release Date: 07/15/2026

Cryptographic key and secrets management is essential for safeguarding sensitive data in cloud environments. While key management in single-provider implementations is relatively straightforward, managing keys across multiple service providers is significantly more complex. Differing governance...