The EU Code of Practice: Practical Governance for the AI-Governed Enterprise
The European Union published a voluntary Code of Practice for general-purpose AI, complementing its upcoming AI Act set to take effect August 2, 2025. Crafted by independent experts and stakeholders, the code emphasizes safety, transparency, security, and copyrighted content use. Signatories—potentially including major LLM providers—will benefit from reduced administrative burdens and clearer legal frameworks. The move signals the EU’s embrace of ‘secure-by-design’ AI while controlling risk, especially relevant for sectors managing sensitive data and vendor-produced AI systems.
Supply Chain Invisibility: The Silent Breach Catalyst
A new LevelBlue report reveals that only 23% of enterprises have high visibility into their software supply chains—even though 40% of CEOs consider it their top security risk . Poor visibility correlates with breaches: 80% of under‑informed organizations suffered incidents in the past year, versus 6% for those with strong visibility. Emerging regulations (EU Cyber Resilience Act, U.S. SBOM mandates) are accelerating action, but risk remains. Firms must embrace software bills of materials and integrate AI‑driven monitoring to reduce third‑party exposure.
Deepfake Governance Attacks: A New Frontier of Trust Exploitation
Deepfake governance attacks are evolving social-engineering weapons. Cloned voices bypass human trust, exploiting familiarity & honor-based workflows. This isn’t just a government threat; CEOs face it too. We need new authentication for communications & decision-making to combat this rising risk. Trust must be earned—every time.
Zero‑Trust for AI-First Workplaces: Lessons from Zscaler
Traditional network approaches still rely on IP allowlists, VPN access, and perimeter security to implicitly trust users once inside. With distributed workforces and AI-integrated SaaS platforms, attackers can pivot horizontally once internal. Every user or AI agent becomes a potential threat vector. Removing implicit trust means protecting each identity, session, and API.
The UBS Data Leak: A Wake-Up Call for Rethinking Third-Party Risk Management
In June 2024, global financial powerhouse UBS became the latest victim of a cyberattack—not due to a breach in its own defenses, but through a vulnerability in a third-party provider. The leak exposed sensitive employee data after a ransomware group, LockBit 3.0, targeted a third-party vendor that provided HR and payroll services.This incident is just […]
AI Governance: The Cornerstone of Cyber Resilience—Insights from Axios Boston
At the Axios Boston Security roundtable in June 2025, cybersecurity leaders converged to dissect AI’s impact on digital defense. Their verdict was unanimous: without formal governance frameworks, AI adoption amplifies risk rather than mitigates it . The Dual-Edged Sword of AI in SecurityAI models can rapidly process threat intelligence, identify novel malware signatures, and automate […]
Turning Human Vulnerabilities into Strategic Strengths in AI-Driven Cybersecurity
The paradox at the heart of modern cybersecurity is this: even as we deploy the most advanced AI models to detect anomalies in real time, a single voice-cloned phone call can render those defenses moot. The recent Scattered Spider attack on Qantas, which exposed data for up to 6 million customers through a compromised third-party […]
Get Ahead of The Curve: How CEOs & Boards Are Bearing Risk Liability
Let’s talk about the future as it relates to employment contracts in the C-suite. Gartner, Inc (“Gartner”) made their top eight cybersecurity predictions for 2022-2023 earlier this year, their 8th prediction on their list was that by 2026 half of C-level executives (Chief Executive Officers, Chief Technology Officers, & Chief Financial Officers) will have employment […]
The Importance of Third-Party Risk Management for Cybersecurity
In the last few decades, cybersecurity has become more and more mainstream for companies of all sizes. A large part of the reason for this rise is the increased frequency of third-party breaches. Many companies, especially larger multinational corporations, hire cybersecurity firms to protect their own servers and data. This has effectively mitigated many instances […]
The Latest Investments in Advanced Cybersecurity
As we have seen, in the past several years, cybersecurity attacks have risen dramatically and no company or industry is immune to the threats. Robust cybersecurity protocols are needed, and often the simplest solutions can be extremely effective when practiced diligently by everyone in an organization. Some industries are however in dire need of a […]
