Who pays when you gate cyber-capable AI models? 2026-06-22 at 09:00 By Mirko Zorz In this interview with Help Net Security, Jaya Baloo, COO & CISO at Aisle, examines the debate over restricting access to cyber-capable AI models. She lays out the strongest argument for gating these tools, then explains where it breaks down for […]
Who pays when you gate cyber-capable AI models? Read More »
Securing digital keys when your phone unlocks the car 2026-06-18 at 09:00 By Mirko Zorz In this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers. She
Securing digital keys when your phone unlocks the car Read More »
Reachability makes AI threat modeling worth the trust 2026-06-16 at 09:00 By Mirko Zorz In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone walks
Reachability makes AI threat modeling worth the trust Read More »
EU Cybersecurity Act 2.0: When good regulation goes bad 2026-06-16 at 08:30 By Help Net Security Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain attacks targeting our critical infrastructure, that seriousness is welcome. But good intentions and good policy
EU Cybersecurity Act 2.0: When good regulation goes bad Read More »
Onspring CISO on where automated GRC systems fall short 2026-06-15 at 09:00 By Mirko Zorz In this interview with Help Net Security, Nichole Windholz, CISO at Onspring, talks about the limits of automated GRC systems and continuous control monitoring. She explains why color-coded dashboards can hide nuance, how teams can check the data feeding their
Onspring CISO on where automated GRC systems fall short Read More »
How to use NIST and ISO frameworks to govern AI agents 2026-06-12 at 11:07 By Help Net Security Security leaders no longer need convincing that AI agents introduce risk. What’s missing is how to govern them once they move into production and begin operating autonomously across enterprise environments. AI agents already read sensitive documents, invoke
How to use NIST and ISO frameworks to govern AI agents Read More »
The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic 2026-06-09 at 09:42 By Help Net Security The advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism.
Treating AI agents like service accounts for federated query security 2026-06-09 at 08:46 By Mirko Zorz In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than
Treating AI agents like service accounts for federated query security Read More »
June 2026 Patch Tuesday forecast: Where are the CVEs? 2026-06-05 at 10:16 By Help Net Security My forecast from last month was only partly right. After the Anthropic Mythos announcements and the deluge of newly discovered vulnerabilities from vendors like Mozilla, Microsoft’s updates were standard fare, 65 CVEs reported in Windows 11 and 58 in
June 2026 Patch Tuesday forecast: Where are the CVEs? Read More »
AI agent governance gets harder when agents outnumber your people 2026-06-05 at 09:24 By Help Net Security In this Help Net Security video, Amit Gautam, CTO at Abluva, explains the security risks that autonomous AI agents bring into enterprise environments. He opens with a real case: a reconciliation agent at a financial services firm had
AI agent governance gets harder when agents outnumber your people Read More »
The modern-day business can learn a lot about risk from this year’s mega events 2026-06-04 at 13:17 By Help Net Security Every year brings its share of global events, but 2026 is proving to be a banner year for mega-scale entertainment. The year got off to a roaring start with the Winter Olympics, and now
The modern-day business can learn a lot about risk from this year’s mega events Read More »
Spotless compliance evidence can still hide a broken control 2026-06-04 at 09:26 By Mirko Zorz In this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 requirements but miss
Spotless compliance evidence can still hide a broken control Read More »
From critical to controlled: Cutting vulnerabilities in a live manufacturing environment 2026-06-04 at 09:26 By Help Net Security A vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a critical vulnerability. In a normal IT
From critical to controlled: Cutting vulnerabilities in a live manufacturing environment Read More »
Zero trust physical security needs trust decisions at the edge 2026-06-02 at 09:09 By Mirko Zorz In this interview with Help Net Security, Chuck Davis, VP, Global Information Security at Hikvision, explains how zero trust applies to physical security systems like cameras and door controllers. He breaks down how to make trust decisions at the
Zero trust physical security needs trust decisions at the edge Read More »
Data discovery gaps that catch enterprises off guard 2026-06-01 at 11:46 By Mirko Zorz In this interview with Help Net Security, Avani Desai, CEO at Schellman, talks about the gap between what organizations think they know about their data and what discovery scans turn up. She shares stories of shadow data in abandoned cloud storage,
Data discovery gaps that catch enterprises off guard Read More »
Coinflow CISO on crypto payments security under AI pressure 2026-05-27 at 09:24 By Mirko Zorz Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered
Coinflow CISO on crypto payments security under AI pressure Read More »
The alert economy is driving security analyst burnout 2026-05-27 at 09:24 By Help Net Security In this Help Net Security video, Ido Livneh, CEO of Jazz, explains why security analysts burn out and what leaders can do about it. The cause, he argues, is not long hours but meaningless work. Analysts spend their days closing
The alert economy is driving security analyst burnout Read More »
What happens when security teams inherit identity 2026-05-26 at 13:38 By Sinisa Markovic At the Span Cyber Security Arena conference, I sat down with Eric Woodruff, Chief Identity Architect at Semperis, to talk about how organizations perceive identity and the challenges those perceptions create for security. He shared his perspective on where organizations struggle with
What happens when security teams inherit identity Read More »
Manage machine identities: The hidden privileged access layer you need to manage 2026-05-26 at 08:37 By Help Net Security Why are machine identities becoming the majority of “things with access”? Every automation, integration, and workload needs a way to authenticate and the right permissions to act. That quiet requirement has created a massive population of
Manage machine identities: The hidden privileged access layer you need to manage Read More »
Lessons for organizations from the Verizon 2026 Data Breach Investigations Report 2026-05-25 at 08:59 By Help Net Security This is my favourite time of the year, not just because spring is here and the promise of summer is on the way. But also, because one of my must reads each year gets published. There are
Lessons for organizations from the Verizon 2026 Data Breach Investigations Report Read More »