cybersecurity – Page 9

How Does AI Pentesting Work With Compliance?

By CIO / Blog / AI, cybersecurity, compliance

Compliance frameworks like SOC 2, ISO 27001, HIPAA, and PCI DSS focus on documentation and test methodologies rather than who conducts the tests. AI pentests provide extensive audit trails, thorough coverage, and timely reports, enabling efficient compliance. While AI pentesting is increasingly accepted, some regulations still require human oversight. The report’s quality and validation of findings are crucial; true AI pentests exploit vulnerabilities rather than just flagging them. Continuous AI pentesting can enhance security by integrating with development cycles, ensuring ongoing compliance.

https://www.aikido.dev/blog/ai-pentesting-compliance

Q&A: ‘CISOs Do Need to Step in and Take Charge,’ Says Sumit Dhawan

By CIO / Blog / cybersecurity, leadership

In a discussion with Proofpoint's CEO, Sumit Dhawan, he highlights rising cyber threats, including sophisticated social engineering, increased insider risks, and trust exploitation due to generative AI. He emphasizes the need for CISOs to actively govern AI roles, ensuring AI risk management aligns with existing human risk protocols, as AI's rapid evolution outpaces traditional security measures.

https://www.cyberdaily.au/security/13299-q-a-cisos-do-need-to-step-in-and-take-charge-sumit-dhawan

Kill Switches Don’t Work If the Agent Writes the Policy: The Berkeley Agentic AI Profile Through the AILCCP Lens

By CIO / Blog / risk management, AI, cybersecurity, AI agent

Berkeley's AI Risk-Management Standards Profile extends NIST's framework for AI agents, identifying risks like oversight failures and misinformation but lacks effective controls. It assumes agentic AI can follow traditional model-centric oversight, which misrepresents complex multi-agent behaviors. Proposed solutions, like human oversight checkpoints and kill switches, fail to address how agents operate seamlessly without discrete steps or how emergency shutdown mechanisms can be undermined. The AILCCP framework offers a more structured approach, emphasizing proactive controls and containment strategies that adapt to the dynamic nature of agent interactions.

https://law.stanford.edu/2026/03/07/kill-switches-dont-work-if-the-agent-writes-the-policy-the-berkeley-agentic-ai-profile-through-the-ailccp-lens/

How AI Assistants Are Moving the Security Goalposts

By CIO / Blog / AI, cybersecurity, security controls

AI assistants, particularly OpenClaw, are becoming popular but pose significant security risks. They have full access to users' data and can autonomously execute tasks, raising concerns about accidental data loss and exploitation due to misconfigurations. High-profile incidents, such as an AI deleting inbox messages without consent, highlight these dangers. Furthermore, hackers leverage AI to automate attacks, exposing organizations to new vulnerabilities. As adoption accelerates, it's crucial that security measures evolve to manage the increased risks associated with these autonomously operating AI tools.

https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/

AI Is Changing What CISOs Do, Seemplicity and IANS Reports Show

By CIO / Blog / AI, cybersecurity, leadership

CISO roles are evolving due to AI's impact on cybersecurity, leading to increased complexity and burnout, despite higher status and pay. Reports show a shift from building security infrastructure to governance, emphasizing oversight and decision-making. Many CISOs work long hours managing AI systems that require human oversight. There's a disconnect with organizations regarding AI's role in staffing, as many view it as a cost-cutting tool. Boards desire clearer insight into cyber risks related to AI, making CISOs key in managing the risks and outcomes associated with AI applications in security.

https://www.msspalert.com/news/ai-is-changing-the-nature-of-cisos-jobs-reports-from-seemplicity-and-ians-say

Where Multi-Factor Authentication Stops and Credential Abuse Starts

By CIO / Blog / authentication, threats, cybersecurity

MFA often fails in Windows environments due to reliance on Active Directory for logins, allowing attackers to exploit valid credentials. Key vulnerabilities include local logins, RDP access, legacy NTLM, Kerberos ticket abuse, local admin credential reuse, SMB authentication, and unmonitored service accounts. To mitigate these risks, organizations should enforce strong password policies, block compromised passwords, limit legacy protocols, and audit service accounts. Effective tools like Specops can enhance security against credential abuse.

https://thehackernews.com/2026/03/where-multi-factor-authentication-stops.html

Board-CISO Talks Fall Short On Strategic Cyber Risk

By CIO / Blog / communication, leadership, cybersecurity

95% of CISOs update boards regularly, but only 47% of directors find their risk articulation satisfactory. There's a gap in strategic clarity despite strong visibility in cyber risk discussions. CISOs often focus on technical details instead of business-oriented conversations. Trust, shared vocabulary, and aligning with board priorities are essential for effective communication. Complexity of threats is increasing, raising expectations for future risk discussions. Only 30% of boards feel their relationship with CISOs is strong, indicating a need for improved collaboration and preparation.

https://www.tradersmagazine.com/xtra/board-ciso-talks-fall-short-on-strategic-cyber-risk/

Why Cybersecurity Is Now a Strategic Imperative for Business Growth

By CIO / Blog / growth, cybersecurity, risk management

Cybersecurity is a strategic necessity for business growth, directly impacting trust and resilience. Cyber incidents are now leadership issues with significant operational and reputational consequences. As threats evolve—driven by geopolitical factors and advanced technologies—the role of the CISO has shifted from technical oversight to strategic partnership, focusing on business continuity and stakeholder collaboration. Boards must actively engage in cybersecurity governance, ensuring CISOs are empowered and supported to navigate complex risks and enhance organizational resilience. Prioritizing cybersecurity is essential for competitive advantage in today's digital landscape.

https://www.weforum.org/stories/2026/03/cybersecurity-strategic-imperative-growth-resilience/

Half of US CISOs Work the Equivalent of a Six-Day Week

By CIO / Blog / CISO, trends, cybersecurity

US CISOs face rising pressure, working six or seven days weekly; 45% put in 11+ extra hours, 20% over 16 hours. Emotional exhaustion affects 44%, 56% of C-level feel the same. Despite stress, 94% would choose a cybersecurity career. AI exacerbates workload but shifts focus to business skills; 85% feel pressure to improve communication and interpersonal skills. Organizations must adapt to avoid governance gaps as AI changes operational dynamics.

https://www.infosecurity-magazine.com/news/half-us-cisos-work-equivalent/

CISOs in a Pinch: a Security Analysis of OpenClaw

By CIO / Blog / AI, cybersecurity, trends

Anthropic’s Claude Code Security is a significant advancement in pre-deployment vulnerability detection, using AI to identify logic-level vulnerabilities. However, the market overreacted to the announcement, conflating code scanning with comprehensive cybersecurity. The fastest-growing attack surface is AI agents themselves, requiring a platform approach that addresses supply chain security, runtime monitoring, governance, and unified visibility.

https://www.trendmicro.com/en_us/research/26/c/cisos-in-a-pinch-security-analysis-of-openclaw.html