opinion

Why SBOMs, signing, and provenance still don’t tell you if software is safe

Why SBOMs, signing, and provenance still don’t tell you if software is safe 2026-07-13 at 09:30 By Help Net Security We have made real progress in software supply chain security, improving visibility into software components, authenticity and build integrity. Much of this progress traces back to Executive Order 14028, which pushed agencies, contractors and enterprises […]

Why SBOMs, signing, and provenance still don’t tell you if software is safe Read More »

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure 2026-07-08 at 09:00 By Mirko Zorz In this interview with Help Net Security, Miranda Ritchie, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing processes. She explains why a cyber incident in these settings can harm people, equipment and

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure Read More »

Your company already adopted AI and nobody is governing access

Your company already adopted AI and nobody is governing access 2026-07-07 at 08:30 By Help Net Security In this Help Net Security video, Antoine Berton, CTO at Elba Security, breaks down the AI attack surface. Your company already adopted AI, and every adoption creates access that nobody governs. A quick click on a Friday afternoon

Your company already adopted AI and nobody is governing access Read More »

Securing the inbox: Where identity, brand and security meet

Securing the inbox: Where identity, brand and security meet 2026-07-06 at 09:00 By Mirko Zorz Getting a verified logo to appear next to your email has traditionally meant having to work with two separate entities. You have to work with a DMARC partner for setting up DMARC and BIMI, then use a trusted Certificate Authority

Securing the inbox: Where identity, brand and security meet Read More »

Geopolitical cyber threats are turning HR into a security front line

Geopolitical cyber threats are turning HR into a security front line 2026-07-03 at 08:00 By Help Net Security In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and simmering conflicts around the world, attacks can come from actors that

Geopolitical cyber threats are turning HR into a security front line Read More »

The endpoint recovery gap many teams discover during an incident

The endpoint recovery gap many teams discover during an incident 2026-07-02 at 09:00 By Mirko Zorz In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at

The endpoint recovery gap many teams discover during an incident Read More »

Who pays when you gate cyber-capable AI models?

Who pays when you gate cyber-capable AI models? 2026-06-22 at 09:00 By Mirko Zorz In this interview with Help Net Security, Jaya Baloo, COO & CISO at Aisle, examines the debate over restricting access to cyber-capable AI models. She lays out the strongest argument for gating these tools, then explains where it breaks down for

Who pays when you gate cyber-capable AI models? Read More »

Securing digital keys when your phone unlocks the car

Securing digital keys when your phone unlocks the car 2026-06-18 at 09:00 By Mirko Zorz In this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers. She

Securing digital keys when your phone unlocks the car Read More »

Reachability makes AI threat modeling worth the trust

Reachability makes AI threat modeling worth the trust 2026-06-16 at 09:00 By Mirko Zorz In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone walks

Reachability makes AI threat modeling worth the trust Read More »

EU Cybersecurity Act 2.0: When good regulation goes bad

EU Cybersecurity Act 2.0: When good regulation goes bad 2026-06-16 at 08:30 By Help Net Security Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain attacks targeting our critical infrastructure, that seriousness is welcome. But good intentions and good policy

EU Cybersecurity Act 2.0: When good regulation goes bad Read More »

Onspring CISO on where automated GRC systems fall short

Onspring CISO on where automated GRC systems fall short 2026-06-15 at 09:00 By Mirko Zorz In this interview with Help Net Security, Nichole Windholz, CISO at Onspring, talks about the limits of automated GRC systems and continuous control monitoring. She explains why color-coded dashboards can hide nuance, how teams can check the data feeding their

Onspring CISO on where automated GRC systems fall short Read More »

How to use NIST and ISO frameworks to govern AI agents

How to use NIST and ISO frameworks to govern AI agents 2026-06-12 at 11:07 By Help Net Security Security leaders no longer need convincing that AI agents introduce risk. What’s missing is how to govern them once they move into production and begin operating autonomously across enterprise environments. AI agents already read sensitive documents, invoke

How to use NIST and ISO frameworks to govern AI agents Read More »

The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic

The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic 2026-06-09 at 09:42 By Help Net Security The advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism.

The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic Read More »

Treating AI agents like service accounts for federated query security

Treating AI agents like service accounts for federated query security 2026-06-09 at 08:46 By Mirko Zorz In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than

Treating AI agents like service accounts for federated query security Read More »

June 2026 Patch Tuesday forecast: Where are the CVEs?

June 2026 Patch Tuesday forecast: Where are the CVEs? 2026-06-05 at 10:16 By Help Net Security My forecast from last month was only partly right. After the Anthropic Mythos announcements and the deluge of newly discovered vulnerabilities from vendors like Mozilla, Microsoft’s updates were standard fare, 65 CVEs reported in Windows 11 and 58 in

June 2026 Patch Tuesday forecast: Where are the CVEs? Read More »

AI agent governance gets harder when agents outnumber your people

AI agent governance gets harder when agents outnumber your people 2026-06-05 at 09:24 By Help Net Security In this Help Net Security video, Amit Gautam, CTO at Abluva, explains the security risks that autonomous AI agents bring into enterprise environments. He opens with a real case: a reconciliation agent at a financial services firm had

AI agent governance gets harder when agents outnumber your people Read More »

The modern-day business can learn a lot about risk from this year’s mega events

The modern-day business can learn a lot about risk from this year’s mega events 2026-06-04 at 13:17 By Help Net Security Every year brings its share of global events, but 2026 is proving to be a banner year for mega-scale entertainment. The year got off to a roaring start with the Winter Olympics, and now

The modern-day business can learn a lot about risk from this year’s mega events Read More »

Spotless compliance evidence can still hide a broken control

Spotless compliance evidence can still hide a broken control 2026-06-04 at 09:26 By Mirko Zorz In this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 requirements but miss

Spotless compliance evidence can still hide a broken control Read More »

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment 2026-06-04 at 09:26 By Help Net Security A vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a critical vulnerability. In a normal IT

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment Read More »

Zero trust physical security needs trust decisions at the edge

Zero trust physical security needs trust decisions at the edge 2026-06-02 at 09:09 By Mirko Zorz In this interview with Help Net Security, Chuck Davis, VP, Global Information Security at Hikvision, explains how zero trust applies to physical security systems like cameras and door controllers. He breaks down how to make trust decisions at the

Zero trust physical security needs trust decisions at the edge Read More »

Scroll to Top