CSA Blog

Why? What is our desired outcome? Such a simple question. Such a profound question. I’ve been contemplating writing this post for a while now, but struggled with the framing. Throughout 2025 I started moving from “talking about AI security” to helping advise organizations...

You probably weren’t using it anyway, so might as well cut the cruft and end a lesser-known attack vector. I’m a bit late to the party, but this morning I learned that AWS is ending support for a feature called “SSE-C” for encrypting data in S3 in April. Normally in security...

Part 1 of 7 in the CSA Series: AI and the Zero Trust Transformation The security landscape has shifted beneath our feet. Generative AI hasn't just added new tools to the defender's arsenal. It has fundamentally changed what attackers can do and how quickly they can do...

Written by: Ken Huang, CEO, DistributedApps.AI, CSA Research Fellow Kyriakos "Rock" Lambros, CEO, RockCyber Jerry Huang, Fellow at Kleiner Perkins Yasir Mehmood, Independent Researcher, Germany Hammad Atta, CEO, Qorvex Consulting & Roshan Consulting Joshua Beck, Application...

Introduction: A Brief History of AI and Its Cybersecurity Impact Artificial Intelligence (AI) has evolved from theoretical concepts in the 1950s to transformative technologies embedded in every facet of modern enterprise. From Alan Turing’s foundational work to the rise of...

The AI Maturity Model for Cybersecurity is the most detailed guide of its kind, grounded in real use cases and expert insight. It empowers CISOs to make strategic decisions, not just about what AI to adopt, but how to do it in a way that strengthens their organization over time...

As artificial intelligence continues to become widely embedded in critical business decisions, strategies, and processes, it increasingly faces growing scrutiny from regulators, customers, and the public. While AI offers unprecedented opportunities for operational enhancements...

Most organizations are no longer asking whether to use AI. The question now is whether they can secure it. In CSA’s latest survey report, The State of AI Security and Governance, a clear pattern emerges. Organizations with strong AI security governance are: Moving faster...

As the cybersecurity landscape transforms, the rise of agentic AI is changing how organizations think about machine identities, or Non-Human Identities (NHIs). What happens when machines, powered by autonomous AI, become key actors in your digital ecosystem? The simple answer...

Organizations are continuing to move from experimentation to meaningful operational use SEATTLE – Dec. 18, 2025 –The State of AI Security and Governance Survey Report, a new study from the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed...

Contributed by Aiceberg. Agentic AI - Why should you care? Agentic AI isn’t just another tech buzzword it represents a fundamental shift in how intelligent systems operate, make decisions, and interact with the world. As AI agents become more autonomous, they introduce...

Originally published by Gomboc.ai. In 2024, the dirty little secret was out: over 60% of AI-generated security fixes still had to be torn apart and rebuilt by engineers before they were safe to ship. That’s not “helping,” that’s creating rework. The reason? Guesswork dressed...

AWS re:Invent 2025 Shows What "Shift Left" Can Mean for AI Security Although I wasn’t at AWS re:Invent in person this year (only the second one I’ve missed since 2013), I sat at home closely following the early “pre:Invent” and official conference announcements. While it...

Introduction Over the past decade, manufacturing has emerged as one of the most heavily targeted industries for cyberattacks. These environments are inherently complex, built on layers of specialized and often non-standard technologies that rarely align with traditional...

Contributed by Aiceberg. Part 1 — Why Transparency Is the True Measure of Trust When a medical AI system once recommended denying a patient treatment, the doctors hesitated—but couldn’t explain why. The algorithm’s reasoning was invisible, locked inside a mathematical...