CSA Blog

Originally published by TrojAI. As GenAI systems become more complex and their use more widespread, the need to protect them is increasingly urgent. Unfortunately, traditional cybersecurity defenses are not designed to protect AI models, applications, and agents. Traditional...

Written by Ashwin Chaudhary, CEO, Accedere. If you’ve ever been part of a cloud compliance audit, you will know the drill of countless spreadsheets, endless evidence collection, and a lot of back-and-forth emails that can trench both time and patience. Now, imagine if half...

Securing remote and hybrid work on unmanaged devices has never been about one silver‑bullet product. It’s about choosing a control pattern that fits your risk surface, then proving that choice with auditable evidence. In 2025, that means aligning device‑agnostic access with...

Introduction I wrote my first data-driven guidance and measurement app when I founded my first software company three decades ago. Back then, AI was described as a “knowledge-based system!” It became obvious that if I wanted to create an AI-assisted implementation for...

Originally published by Vali Cyber. The financial sector is built on trust, speed, and constant availability. But one of today’s most aggressive cyber groups, Scattered Spider, has developed tactics that put those foundations at risk. Their playbook is precise: social engineering...

Written by: Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups Hammad Atta, Founder & AI Technology Advisor, Qorvexconsulting Research Dr. Zeeshan Baig, Global Partner, AI Threat Modeling & Security, Qorvexconsulting Research Dr. Yasir Mehmood, AI 5G & IoT...

Originally published by Permiso Security. The rise of artificial intelligence (AI) has been nothing short of revolutionary, but with every new frontier comes a unique set of challenges. For many organizations, the promise of AI is tempered by a growing unease about its security...

Written by Chris Goodman, Vali Cyber. Understanding the Risk at the Core of Virtual Infrastructure Hypervisors form the foundation of virtual infrastructure. They orchestrate resources, manage virtual machines (VMs), and enable scalability—but their privileged position...

Seattle, WA — October 23, 2025 — The Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, today announced the official launch of STAR for AI, introducing the first global framework for AI...

In every conversation we have with CISOs, IAM leaders, and security practitioners, the same theme comes up: how can we adopt AI without making security an afterthought? As agentic adoption accelerates, identity security has shifted from an IT challenge to a board-level priority...

Identity Security Posture Management (ISPM) is a top priority in cybersecurity this year and it’s easy to see why. With 80% of data breaches linked to identity-related issues, organizations are stepping up their identity security game by adopting modern solutions to answer cybersecurity...

When did you last explain to your terminal why you were running that command? "Kurt, why did you create this entry in our Airtable?" Two months had passed. I had no memory of it. But Airtable's audit logs showed the entry was created using a token I'd configured for AI tools...

Governing generative and agentic AI while enabling AI innovation at the same time can feel like whiplash. In the upcoming Cloud Security Alliance (CSA) whitepaper, we introduce the Capabilities-Based Risk Assessment (CBRA). This structured methodology for evaluating enterprise...

The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. Created by CSA, the CCM aligns with CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides...

Written by: Ken Huang, Fellow and Co-chair of AI Safety Working Groups, CSA and CEO, DistributedApps.ai Monisha Dhanraj, CEO, Frondeur Labs Chitraksh Singh, AI Security Researcher, Frondeur Labs In this blog, we'll talk about KillChainGraph and what it's trying to...