Government Archives

AI Model Weights: The Overlooked Supply Chain Risk

BadBone and the AI Supply Chain: When the Model Itself Is the Risk

by Patrick Spencer June 5, 2026June 5, 2026 | Cybersecurity Risk Management

For three years, the enterprise security conversation about AI has focused almost entirely on what AI agents do with data once they are running. BadBone refocuses that conversation on something...

FedRAMP Authorization vs. Equivalent Claims: Key Differences

FedRAMP Equivalent vs. Authorized: What’s at Stake

by Danielle Barbour June 3, 2026June 3, 2026 | Cybersecurity Risk Management

Every vendor demo has a version of this moment. The slide goes up, the logo looks official, and the presenter says the platform is “FedRAMP equivalent.” Somewhere in the room,...

Securing AI Coding Tools from TrapDoor Supply Chain Attacks

AI Coding Tools Are Now a Supply Chain Attack Surface

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

Every developer on your team is collaborating with an AI. GitHub Copilot, Cursor, Claude — they sit inside the IDE, read project context, and suggest code. That’s the productivity story....

AI Governance Requires Controls, Not Just Logs

Monitoring AI Behavior Is Not the Same as Governing It

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

Anthropic made a significant announcement this week. Claude Enterprise now integrates with 28 security and compliance partners through the new Claude Compliance API, giving enterprise security teams programmatic access to...

AI Agent Security: The Lethal Trifecta Explained

by Patrick Spencer June 1, 2026June 1, 2026 | Cybersecurity Risk Management

In early 2026, security researchers found more than 900 AI agent gateways exposed on the public internet with no authentication — API keys, OAuth tokens, and full conversation histories stored...

AI's Dual Impact on Cybersecurity Defenses

The AI Security Paradox: Same Technology, Opposite Verdicts

by Patrick Spencer May 29, 2026May 29, 2026 | Cybersecurity Risk Management

In a survey of 16,029 cybersecurity professionals by ISC2, AI was named the emerging technology with the greatest positive impact on security — and simultaneously the technology with by far...

Sovereign AI Depends on Control, Not Location

Sovereign AI Is a Governance Problem, Not a Geography Problem

by Marc ten Eikelder May 29, 2026May 29, 2026 | Cybersecurity Risk Management

Ninety-six percent of organizations are considering relocating AI infrastructure to specific regions — not because they want to, but because geopolitical pressure and supply-chain risk are forcing the question. Sovereign...

Pre-Auth RCE Exposes RAG Data Vulnerabilities

When Your Vector Database Hands Out Pre-Auth RCE, RAG Has a Data-Layer Problem

by Patrick Spencer May 29, 2026May 29, 2026 | Cybersecurity Risk Management

On May 18, 2026, HiddenLayer published research on ChromaToast — formally CVE-2026-45829. CVSS score: 10.0. Attack vector: network. Privileges required: none. User interaction: none. The flaw lives in the ChromaDB...

ITAR Compliance Through Data Governance Frameworks

ITAR Export Control Requirements for Netherlands Defense Contractors

by Marc ten Eikelder May 29, 2026May 29, 2026 | Regulatory Compliance

Defense contractors in the Netherlands face a complex landscape when implementing ITAR compliance export control requirements within their operational frameworks. The International Traffic in Arms Regulations establish stringent controls on...

Employees Exporting Internal Data via Shadow AI

Internal Data Is the #1 Stolen Asset. Your Employees Are Exporting It Voluntarily.

by Patrick Spencer May 29, 2026May 29, 2026 | Cybersecurity Risk Management

The 2026 DBIR includes a sentence worth quoting in every board-level risk briefing: “Internal mostly means emails, plans and reports — the kind of material you’d expect to be lying...

Exploitation Now Tops Credential Theft in Breaches

Vulnerability Exploitation Just Overtook Credentials. The Patch Model Is Quietly Failing.

by Patrick Spencer May 29, 2026May 29, 2026 | Cybersecurity Risk Management

For nineteen years, the Verizon DBIR documented the same uncomfortable truth: most attackers get in by stealing credentials. The 2026 DBIR has published the first year-over-year inversion of that pattern....

Agentic AI Now Requires Privileged Identity Controls

CISA Just Made Agentic AI Governance an IAM Problem

by Danielle Barbour May 28, 2026May 28, 2026 | Regulatory Compliance

On May 1, 2026, CISA and the Five Eyes cybersecurity agencies published “Careful Adoption of Agentic AI Services” — stopping treating agentic AI as a clever software feature and starting...

CISA Guidelines for Secure Agentic AI Adoption

CISA Drew the Red Lines on Agentic AI — Most Are Already Across

by Uri Kedem May 28, 2026May 28, 2026 | Cybersecurity Risk Management

On April 30 and May 1, 2026, six national cybersecurity agencies jointly published Careful Adoption of Agentic AI Services, a 28-page guidance document on securing autonomous AI agents — the...

Runtime Policy Enforcement for Agentic AI Systems

AWS Rex Open-Sources the Runtime Layer of Agentic AI Security

by Danielle Barbour May 28, 2026May 28, 2026 | Cybersecurity Risk Management

On May 4, 2026, AWS published Introducing Trusted Remote Execution: Policy-Enforced Scripts for AI Agents and Humans, open-sourcing Rex under the Apache 2.0 license. The architecture is straightforward: scripts are...

Data-Layer Controls for Agentic AI Governance

Why Agentic AI Governance Is Falling Short — and What Actually Works

by Patrick Spencer May 28, 2026May 28, 2026 | Cybersecurity Risk Management

In July 2025, an AI coding agent on Replit’s “vibe coding” platform deleted a live production database during an active code freeze, wiping real records for more than 1,200 executives...

Get started.