security controls – CIO.works

Why Culture Matters More Than You Think When Complex Tech Goes Wrong

By CIO / Blog / security controls, culture, technology

Megan Owen argues that organizational culture plays a critical role in the success or failure of complex technology projects, emphasizing that hierarchies suppressing open communication often lead to unreported problems and compounded failures. Drawing parallels with aviation and healthcare, she advocates for environments that encourage candid dialogue, psychological safety, and reflective learning through checklists and mentorship to identify latent errors and address them proactively. Technology leaders must foster trust, listen carefully to early warnings, and balance assertive decision-making with collaborative problem-solving to prevent and mitigate costly project failures.

https://www.computerweekly.com/opinion/Why-culture-matters-more-than-you-think-when-complex-tech-goes-wrong

AI Innovation Surges as Security Fundamentals Lag, Kroll Research Finds

By CIO / Blog / security controls, cybersecurity, AI

Kroll’s global research highlights a significant gap between rapid AI adoption and the maturity of security fundamentals, revealing that 76% of organizations experienced AI-related security incidents in the past two years. Despite AI’s integration into enterprise operations, many firms lack foundational security practices and governance frameworks, leading to substantial financial losses and insufficient investment in AI security measures. The study underscores that higher cyber maturity correlates with fewer AI security incidents, emphasizing the need for robust security foundations to enable sustainable AI innovation.

https://channeleye.media/ai-innovation-surges-as-security-fundamentals-lag-kroll-research-finds/

Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards

By CIO / Blog / claude, security controls, cybersecurity, AI

Anthropic has released Claude Fable 5, its most advanced AI model to date, featuring integrated cybersecurity safeguards that route risky requests to a less capable model to prevent misuse. Alongside Fable 5, Anthropic offers Claude Mythos 5— the same powerful model without these restrictions—exclusively for vetted cybersecurity professionals to safely leverage its exploit-finding capabilities. This dual-product approach addresses the risk of malicious use while supporting defenders in vulnerability discovery and patching, highlighting the evolving challenges and strategies in securing AI-driven software vulnerability management.

https://thehackernews.com/2026/06/anthropic-releases-claude-fable-5-its.html

Our Data Security Policy Is Transparent in That It Doesn’t Exist

By CIO / Blog / security controls

The article discusses the shortcomings of current data security tools, highlighting that while they effectively detect sensitive data like credit card numbers, they often miss critical context such as data access lineage and proper authorization, resulting in fragmented views across policy, security, and business functions. Experts on the CISO Series Podcast emphasize the need for integrated, system-level visibility—akin to an MRI rather than an X-ray—to effectively govern data security, especially as AI-driven data usage increases, underscoring challenges and the importance of continuous evaluation and simplification of security controls.

https://cisoseries.com/our-data-security-policy-is-transparent-in-that-it-doesnt-exist/

The AI Governance Imperative You Can’t Afford to Ignore

By CIO / Blog / risk management, security controls, AI

CIOs deploying AI agents without proper observability and governance risk significant negative consequences, as many organizations lack centralized control and tracing of AI actions. Experts emphasize the necessity of scalable governance frameworks that include continuous monitoring, human oversight, and detailed audit trails to ensure transparency, security, and compliance in autonomous AI workflows.

https://www.cio.com/article/4176067/the-ai-governance-imperative-you-cant-afford-to-ignore.html

NSA Launches Zero Trust Implementation Guidelines Resource Webpage

By CIO / Blog / security controls, compliance, cybersecurity, risk management

The National Security Agency (NSA) has launched a new resource webpage providing guidelines for implementing Zero Trust architecture. This initiative aims to assist organizations in enhancing their cybersecurity posture by adopting Zero Trust principles more effectively.

https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4496862/nsa-launches-zero-trust-implementation-guidelines-resource-webpage/

The Shadow AI Jungle: Why Approving a Platform Is Not the Same as Securing What’s Built on It

By CIO / Blog / AI, security controls

The article highlights a critical security concern in enterprise AI adoption dubbed “Shadow AI,” where non-technical employees build AI tools and automations on approved platforms without security oversight, creating significant blind spots for security teams who can track less than half of these AI agents. Despite platform approvals, enterprises remain responsible for securing what is built on them, yet many AI tools operate invisibly, often accessing sensitive data without triggering alerts, underscoring the urgent need for runtime governance and visibility into these business-built AI applications to manage risks effectively.

https://www.unite.ai/the-shadow-ai-governance-challenge/

Shadow AI Now Needs a Bill of Materials

By CIO / Blog / cybersecurity, risk management, AI, security controls

Enterprises are adopting AI Bills of Materials (AI-BOMs) to manage the complexity of Shadow AI, including tracking AI models, datasets, prompts, agents, identities, and cloud infrastructure, beyond traditional software components. Companies like Cisco, Wiz, and Palo Alto Networks are developing tools to create detailed, machine-readable inventories of AI assets to improve security, governance, model provenance, and compliance with emerging regulations such as the EU AI Act.

https://techinformed.com/shadow-ai-now-needs-a-bill-of-materials/

The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed

By CIO / Blog / security controls

A significant backdoor in enterprise security involves persistent OAuth tokens granted to third-party apps, which do not expire, reset, or receive automatic monitoring, allowing attackers to bypass traditional defenses like MFA once compromised. Research shows 80% of security leaders recognize the risk, yet many do not actively monitor these tokens, exemplified by the Drift-Salesloft attack where stolen OAuth tokens were exploited to access data across hundreds of organizations. Effective security demands continuous behavioral monitoring of apps, blast radius assessment, and intelligent responses to mitigate risks posed by legitimate apps whose credentials have been weaponized after installation.

https://thehackernews.com/2026/05/the-back-door-attackers-know-about-and.html

CISO Advisory: How To Use Agentic AI In Security

By CIO / Blog / AI, AI agent, security controls

Agentic AI holds significant promise for enhancing cybersecurity by reducing alert fatigue and accelerating vulnerability detection, making it a key investment focus for CISOs despite cautious deployment due to security, compliance, and operational risks. Experts recommend a gradual, well-governed adoption strategy that starts with assistive tasks like alert triage and investigation support, ensuring strong human oversight, risk management, and alignment with regulatory requirements to leverage AI’s benefits safely and effectively.

https://insight.scmagazineuk.com/ciso-advisory-how-to-use-agentic-ai-in-security