Compliance | Breaking Cybersecurity News | The Hacker News

AI is changing automation—but not always for the better. That's why we're hosting a new webinar, " Workflow Clarity: Where AI Fits in Modern Automation ," with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hype and building workflows that actually deliver. The rise of AI has changed how organizations think about automation. But here's the reality many teams are quietly wrestling with: AI isn't a silver bullet. Purely human-led workflows buckle under pressure, rigid rules-based automations break the moment reality shifts, and fully autonomous AI agents risk introducing black-box decision-making that's impossible to audit. For cybersecurity and operations leaders, the stakes are even higher. You need workflows that are fast but reliable, powerful but secure, and—above all—explainable. So where does AI really fit in? The Hidden Problem with "All-In" Automation The push to automate everythi...

The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and development to finance and HR. This transformation unlocks innovation and efficiency, but it also introduces new risks. Enterprises must balance the promise of AI with the responsibility to protect their data, maintain compliance, and secure their expanding application supply chain. The New Risk Landscape With AI adoption comes a new set of challenges: AI Sprawl : Employees adopt AI tools independently, often without security oversight, creating blind spots and unmanaged risks. Supply Chain Vulnerabilities : interapplication integrations between AI tools and enterprise resources expand the attack surface and introduce dependencies and access paths enterprises can't easily control. Data Exp...

AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats.  Recent studies show 80% of companies have already experienced unintended AI agent actions, from unauthorized system access to data leaks. These incidents aren't edge cases. They are the inevitable outcome of deploying AI agents at scale without purpose-built security mechanisms. Traditional IAM wasn't designed for this. Agents move too fast, operate 24/7, while relying on non-human identities (NHIs) to define precisely what they can and can't do. How can organizations possibly secure what they cannot see or control? To address this challenge, a new approach is needed—one that enables secure-by-design AI agent deployment across the enterprise. Enter: Astrix's Agent Control Plane (ACP) Astrix's AI Agent Cont...

CISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They understand how to staff out their organization. They understand the intricacies of compliance. They understand what it takes to reduce risk. Yet one question comes up again and again in our conversations with these security leaders: how do I make the impact of risk clear to business decision-makers? Boards want to hear how risk affects revenue, governance, and growth. They have a limited attention span for lists of vulnerabilities or technical details. When the story gets too technical, even urgent initiatives lose traction and fail to get funded. CISOs need to translate technical issues into terms the board understands. Doing so builds trust, garners support and shows how security decisions connect directly to long-term growth. It was the urgent need to bridge the CISO-Board communication gap that led us to create a new paradigm in CISO continu...

Introduction Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the need to work efficiently, deliver consistent results, and scale their offerings. Yet, many service providers still rely on manual processes that slow down delivery, make it harder to maintain consistency across clients, and limit the time teams have to focus on more strategic initiatives. Even experienced service providers can find themselves stretched thin as they try to meet rising client expectations while managing operational complexity. In this environment, automation offers an opportunity to work more effectively and deliver greater value. By streamlining repetitive tasks, improving con...

It's budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you're a CISO or security leader, you've likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they're framed in a way the board can understand and appreciate. According to a Gartner analysis , 88% of Boards see cybersecurity as a business risk, rather than an IT issue, yet many security leaders still struggle to raise the profile of cybersecurity within the organization. For security issues to resonate amongst the Board, you need to speak its language: business continuity, compliance, and cost impact. Below are some strategies to help you frame the conversation, transforming the technical and complex into clear business directives.  Recognize the High Stakes Cyber threats continue to evolve, from ransomware and supply chain attacks to...

In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed "full control over database operations, including the ability to access internal data", Wiz Research stated, with more than a million lines of log streams involved, containing chat history, secret keys and more. Wiz immediately reported the issue to DeepSeek, which quickly secured the exposure. Still, the incident underscored the danger of data leakage. Intentional or unintentional? Data leakage is a broad concept, covering a range of scenarios. As IBM notes, the term in general refers to a scenario where "sensitive information is unintentionally exposed to unauthorized parties" .  It could be intentional or unintentional. On the intentional side...

Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve efficiency across tasks, they also present new data leak prevention for generative AI challenges. Sensitive information may be shared through chat prompts, files uploaded for AI-driven summarization, or browser plugins that bypass familiar security controls. Standard DLP products often fail to register these events. Solutions such as Fidelis Network ® Detection and Response (NDR) introduce network-based data loss prevention that brings AI activity under control. This allows teams to monitor, enforce policies, and audit GenAI use as part of a broader data loss prevention strategy. Why Data Loss Prevention Must Evolve for GenAI Data loss prevention for generative AI requires shifting focus from endpoints and siloed channels to visibility across the entire traffic path. Unlike earlier tools that rely on scanning emails or storage shares, NDR technol...

Every day, businesses, teams, and project managers trust platforms like Trello, Asana, etc., to collaborate and manage tasks. But what happens when that trust is broken? According to a recent report by Statista, the average cost of a data breach worldwide was about $4.88 million. Also, in 2024, the private data of over 15 million Trello user profiles was shared on a popular hacker forum. Yet, most organizations and project managers still assume that their platform's built-in backups are enough until they are not. The next few paragraphs will expose some risks of relying on these platform tools alone and how to better protect yourself and your organization from data loss with cloud backup and recovery . Why are project management tools becoming a prime target for data loss? More than 95% of businesses today rely heavily on project management tools like Trello and Asana to organize tasks, collaborate with teams, and track project milestones. However, as project managers become mor...

Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place. For CISOs and security leaders like you, the challenge is clear: you don't want to slow AI adoption down, but you must make it safe. A policy sent company-wide will not cut it. What's needed are practical principles and technological capabilities that create an innovative environment without an open door for a breach. Here are the five rules you cannot afford to ignore. Rule #1: AI Visibility and Discovery The oldest security truth still applies: you cannot protect what you cannot see. Shadow IT was a headache on its own, but shadow AI is even slipperier. It is not just ChatGPT, it's also the embedded AI features that exist in many SaaS apps and any new AI agents that your employees might be creating. The golden rule: turn on the lights. You need real-time visibi...

Modern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number of risks, along with an increase in their frequency, variety, complexity, severity, and potential business impact. The real question is, "How do you tackle these rising threats?" The answer lies in having a robust BCDR strategy. However, to build a rock-solid BCDR plan, you must first conduct a business impact analysis (BIA). Read on to learn what BIA is and how it forms the foundation of an effective BCDR strategy. What Is a BIA? A BIA is a structured approach to identifying and evaluating the operational impact of disruptions across departments. Disruptive incidents or emergencies can occur due to several factors, such as cyberattacks, natural disasters or supply chain issues. Conducting a BIA helps identify critical functions for a business's operations and survival. Businesses can use insights from BIA to develop strategies to resume th...

We used to think of privacy as a perimeter problem: about walls and locks, permissions, and policies. But in a world where artificial agents are becoming autonomous actors — interacting with data, systems, and humans without constant oversight — privacy is no longer about control. It's about trust. And trust, by definition, is about what happens when you're not looking. Agentic AI — AI that perceives, decides, and acts on behalf of others — isn't theoretical anymore. It's routing our traffic, recommending our treatments, managing our portfolios, and negotiating our digital identity across platforms. These agents don't just handle sensitive data — they interpret it. They make assumptions, act on partial signals, and evolve based on feedback loops. In essence, they build internal models not just of the world, but of us. And that should give us pause. Because once an agent becomes adaptive and semi-autonomous, privacy isn't just about who has access to the data; it's about what the ag...

Google said it's implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishing apps in 15 jurisdictions in order to "ensure a safe and compliant ecosystem for users." The policy applies to markets like Bahrain, Canada, Hong Kong, Indonesia, Israel, Japan, the Philippines, South Africa, South Korea, Switzerland, Thailand, the United Arab Emirates, the United Kingdom, the United States, and the European Union. The changes do not apply to non-custodial wallets. This means developers publishing cryptocurrency exchange and wallet apps have to hold appropriate licences or be registered with relevant authorities like the Financial Conduct Authority (FCA) or Financial Crimes Enforcement Network (FinCEN), or authorized as a crypto-asset service provider (CASP) under the Markets in Crypto-Assets (MiCA) regulation before distribution. "If your targeted location is not on the list, you may continue to p...

As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs. How are service providers scaling to meet this demand? Which business upside can they expect to see? And where does AI fit in? The answers can be found in "The 2025 State of the vCISO Report". This newly-released report offers a deep dive into the vCISO market evolution and the broader shift toward advanced cybersecurity services. The bottom line? What used to be a niche offering is now a foundational service, and AI is transforming how it's delivered. Below, we bring some of the main findings of the report. 319% Growth in vCISO Adoption: MSPs & MSSPs Race to Meet SMB Demand vCISO offerings provid...

Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and security teams are chronically understaffed. Analysts face a daily battle with alert noise, fragmented tools, and incomplete data visibility. At the same time, more vendors are phasing out their on-premises SIEM solutions, encouraging migration to SaaS models. But this transition often amplifies the inherent flaws of traditional SIEM architectures. T he Log Deluge Meets Architectural Limits SIEMs are built to process log data—and the more, the better, or so the theory goes. In modern infrastructures, however, log-centric models are becoming a bottleneck. Cloud systems, OT networks, and dynamic workloads generate exponentially more telemetry, often redundant, unstructured, or in unreadable formats. SaaS-based SIEMs in particular face financial and technical constraints: pricing models based on events per second (EPS) or flows-per-minute (FPM) ca...