Model Context Protocol (MCP) allows AI agents and chatbots to connect to data sources, tools, and other services, but they pose significant risks for enterprises that roll them out without having proper security guardrails in place.
MCP is fueling agentic AI — and introducing new security risks Read More »
Non-human identities were already a challenge for security teams before AI agents came into the picture. Now, companies that haven’t come to grips with this problem will see it become even more critical.
How cybersecurity leaders can defend against the spur of AI-driven NHI Read More »
Attackers use business email compromise to pretend to be company executives, vendors, or other trusted parties and trick employees into sending them money. AI makes these attacks more effective — but also puts new tools in the hands of defenders.
AI gives superpowers to BEC attackers Read More »
From understanding what AI means in the context of the organization to being compliant and not forgetting the role third parties play, here are ten key things to keep in mind when creating an AI policy.
10 things you should include in your AI policy Read More »
From the editors of CSO, this enterprise buyer’s guide helps IT security staff understand what the various breach and attack simulation (BAS) options can do for their organizations and how to choose the right solution. Download the breach and attack simulation (BAS) tools buyer’s guide here.
Breach and attack simulation (BAS) tools buyer’s guide Read More »
Prompt injection and supply chain vulnerabilities remain the main LLM vulnerabilities but as the technology evolves new risks come to light including system prompt leakage and misinformation.
10 most critical LLM vulnerabilities Read More »
As gen AI use continues to skyrocket, reports of business benefits are trickling in. But we’re also seeing more cases where the tech can actually create more work than it saves.
7 ways gen AI can create more work than it saves Read More »
AI and machine learning are improving cybersecurity, helping human analysts triage threats and close vulnerabilities quicker. But they are also helping threat actors launch bigger, more complex attacks.
10 ways hackers will use machine learning to launch attacks Read More »
From prompt injections to model theft, OWASP has identified the most prevalent and impactful vulnerabilities found in AI applications based on large language models (LLMs).
10 most critical LLM vulnerabilities Read More »
The best way to recover from a ransomware attack is to have a reliable and fast backup process. Here’s how to do it.
Ransomware recovery: 8 steps to successfully restore from backup Read More »
In a somewhat chilling revelation, AI agents were able to find and exploit known vulnerabilities, but only under certain conditions, which researchers say indicates they’re not close to being a significant threat – yet.
AI agents can find and exploit known vulnerabilities, study shows Read More »
BAS products simulate attacks to test a company’s defenses against threat vectors. The following guide can help you make the right choice for your organization.
Breach and attack simulation tools: Top vendors, key features, how to choose Read More »
Organizations have started to launch AI certifications in governance and cybersecurity but given how immature the space is and how fast it’s changing, are these certifications worth pursuing?
AI governance and cybersecurity certifications: Are they worth it? Read More »
The ransomware business hit record highs in 2023 despite falling payment rates, as attackers scaled up the number of attacks and new AI weapons were brought to bear on both sides of the war, promising to make an even bigger impact this year.
The state of ransomware: Faster, smarter, and meaner Read More »
Generative AI could be the holy grail of DevSecOps, from writing secure code and documentation to creating tests. But it could be a major point of failure if not used correctly.
Generative AI poised to make substantial impact on DevSecOps Read More »
