Patrick Spencer, Author at Kiteworks

Indirect Prompt Injection Attacks Now in Production

Indirect Prompt Injection Goes Live: Why Guardrails Won’t Save You

by Patrick Spencer May 26, 2026May 26, 2026 | Cybersecurity Risk Management

Key Takeaways Indirect Prompt Injection Is Now Live. Attackers embed hidden instructions in web pages, documents, and emails that production AI agents read and execute, enabling data exfiltration without phishing...

The Unseen AI Governance Challenge of 2026

The AI You Can’t See: Why Visibility Has Become the Defining Governance Problem of 2026

by Patrick Spencer May 26, 2026May 26, 2026 | Cybersecurity Risk Management

Key Takeaways Zero Full AI Visibility. No CISOs report complete visibility into AI operations, with 66% acknowledging shadow AI across their organizations. Client-Side AI Emerges as New Frontier. AI scripts,...

The IMF Just Made AI Cyber Risk a Financial Stability Issue. Most Banks Are Not Ready

by Patrick Spencer May 25, 2026May 25, 2026 | Cybersecurity Risk Management

5 Key Takeaways The IMF reframed AI cyber risk as macro-financial risk. On May 7, 2026, the International Monetary Fund warned that AI-powered cyberattacks could trigger funding strains, raise solvency...

Financial Services: AI Governance's First Real Test

Financial Services Just Became the Test Case for Whether AI Governance Is Real

by Patrick Spencer May 20, 2026May 20, 2026 | Cybersecurity Risk Management

Key Takeaways High Breach Costs in Finance. The average cost of a financial-sector data breach reached $5.56 million per incident in 2025, second-highest among industries. Financial Motives Dominate Incidents. Roughly...

AI Governance in 2026: Why Boards That Wait Will Inherit an Ungovernable Mess

by Patrick Spencer May 20, 2026May 20, 2026 | Cybersecurity Risk Management

Key Takeaways Board Priority Gap. 54% of boards have not placed AI governance in their top five priorities, yet board engagement is the strongest predictor of governance maturity. Regulatory Deadline...

AI Agent Credentials: The Next Breach Risk

Agentic AI’s Identity Crisis: Why Machine Credentials Are Your Next Breach Vector

by Patrick Spencer May 20, 2026May 20, 2026 | Cybersecurity Risk Management

Key Takeaways AI Agents Get Over-Privileged Credentials. Enterprises grant machine identities broad access without applying human-level hygiene like rotation or least privilege. Forrester Predicts a Major Breach by End of...

Verizon DBIR 2026: Shadow AI Now a Top Insider Threat

by Patrick Spencer May 20, 2026May 20, 2026 | Cybersecurity Risk Management

The most consequential finding in the 2026 Verizon Data Breach Investigations Report has very little to do with attackers. It has to do with employees. In the twelve months covered...

Rockstar Snowflake Breach: Third-Party Data Security Lessons

What the Rockstar Games Snowflake Incident Means for Third-Party Data Security

by Patrick Spencer May 20, 2026May 20, 2026 | Third Party Risk

No valid response received from Grok API. Consider how this scenario unfolds. A gaming company grants a cloud analytics vendor access to its Snowflake data warehouse—a routine integration designed to...

2026 Global Data Privacy Compliance Essentials

Global Data Privacy Laws 2026: Cross-Jurisdiction Compliance Guide

by Patrick Spencer May 20, 2026May 20, 2026 | Regulatory Compliance

The global privacy landscape in 2026 has crossed a structural threshold. The International Lawyer’s Guide to Data Privacy Laws in 2026, published March 23, 2026, catalogs more than 50 jurisdictions...

Shadow AI: Everyday Prompts Trigger Hidden Data Leaks

Shadow AI: When Everyone Becomes a Data Leak Waiting to Happen

by Patrick Spencer May 19, 2026May 19, 2026 | Cybersecurity Risk Management

Key Takeaways Shadow AI Is Not Traditional Shadow IT. It requires only a browser and deadline, not coding skills, enabling any employee to leak data without realizing it. Existing Controls...

Legacy MFT Design Fuels Recurring Breaches

MFT Breaches Persist: Legacy Architecture Failures Exposed

by Patrick Spencer May 13, 2026May 13, 2026 | Cybersecurity Risk Management

The story of managed file transfer breaches in the 2020s is not the story of one bad vendor having a bad year. It is the story of a category-level architectural...

Beyond DSPM Discovery: Building Data Governance Control

DSPM Tells You Where the Data Is. Now What?

by Patrick Spencer May 13, 2026May 13, 2026 | Cybersecurity Risk Management

DSPM has moved from emerging category to mainstream security investment in eighteen months. Recent industry coverage indicates that approximately 30% of UK CISOs are purchasing DSPM solutions in 2026 to...

MOVEit Automation: Critical Flaws, Familiar MFT Risks

Another MOVEit Vulnerability. Same Pattern. Different Stakes.

by Patrick Spencer May 12, 2026May 22, 2026 | Cybersecurity Risk Management

On April 30, 2026, Progress Software disclosed two vulnerabilities in MOVEit Automation, the workflow and scheduling engine that thousands of organizations use to automate enterprise file transfers. The National Vulnerability...

AI Agent Incidents: Unchecked Risks Expose 65% of Organizations

by Patrick Spencer May 8, 2026May 12, 2026 | Cybersecurity Risk Management

The Cloud Security Alliance and Token Security published research on April 21, 2026, titled Autonomous but Not Controlled: AI Agent Incidents Now Common in Enterprises. The headline finding is blunt:...

A Third-Party AI Tool Quietly Opened the Door to Vercel’s Internal Systems

by Patrick Spencer April 21, 2026April 21, 2026 | Cybersecurity Risk Management

On April 19, 2026, cloud development platform Vercel disclosed a security incident involving unauthorized access to certain internal systems. The company’s own bulletin and follow-up statements from CEO Guillermo Rauch...

Security and Compliance Blog

Learn security strategies, compare vendors, and implement best practices to prevent breaches and compliance violations from risky third party communications.

Posts by Patrick Spencer

Indirect Prompt Injection Goes Live: Why Guardrails Won’t Save You

The IMF Just Made AI Cyber Risk a Financial Stability Issue. Most Banks Are Not Ready

Financial Services Just Became the Test Case for Whether AI Governance Is Real

Agentic AI’s Identity Crisis: Why Machine Credentials Are Your Next Breach Vector

Verizon DBIR 2026: Shadow AI Now a Top Insider Threat

Shadow AI: When Everyone Becomes a Data Leak Waiting to Happen

MFT Breaches Persist: Legacy Architecture Failures Exposed

DSPM Tells You Where the Data Is. Now What?

Another MOVEit Vulnerability. Same Pattern. Different Stakes.

AI Agent Incidents: Unchecked Risks Expose 65% of Organizations

Get started.