Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI Agent Governance Part 3 - Runtime Governance: The Hidden Performance Cost of Agentic AI

At the World Economic Forum cyber meeting in Geneva recently, I had an interesting conversation with Vinh Nguyen, who is a strategic security advisor and Senior Fellow for AI at CFR. I wanted to know from him how he sees runtime governance in agentic AI working out practically and what approaches actually work. One of the challenges he mentioned was that yes, we need runtime governance to provide continuous and real time assurance that agents are doing what they are supposed to be doing.

Higher Education Spotlight: Sensitive Data Governance in Decentralized Environments

Higher education faces a unique challenge when it comes to managing sensitive data governance. Unlike a more centralized corporate environment, colleges and universities often operate across many semi-independent schools, departments, research groups, and administrative teams. Each may have its own systems, priorities, workflows, and level of security maturity. That structure is part of what makes higher education work. It supports research, academic flexibility, and departmental independence.

Board committee charters: Your governance playbook decoded

A board committee charter is more than governance paperwork; it’s the rulebook that keeps the board’s engine humming when pressure rises and complexity grows. At its best, a charter makes responsibilities visible, removes guesswork, and creates a predictable rhythm for oversight so directors and management spend less time arguing about who should do what and more time solving the right problems.

The New Vanguard: Strategic Leadership in the Age of Autonomous Threats

The threat landscape of 2026 is no longer defined by the singular hacker or the isolated malware strain. We have entered the era of the "Autonomous Adversary"-a period where AI-driven social engineering, automated vulnerability discovery, and polymorphic code are the standard tools of state-sponsored and criminal actors alike. For the security professional, the traditional defensive perimeter has dissolved. To navigate this complexity, the industry is moving away from purely tactical responses toward a model of "Cyber-Resilience and Strategic Governance.".

8 DSPM Use Cases Every CISO Should Know

Data Security Posture Management has moved from an emerging concept to an operational priority for security leaders. Understanding the most impactful DSPM use cases helps CISOs protect sensitive data across cloud environments, enforce governance policies, and stay ahead of compliance mandates. This guide breaks down eight critical applications every security leader should evaluate.

Understanding Data Governance in the Age of Generative AI

Generative AI is changing how organizations create, process, and distribute information. Tools powered by models from companies like OpenAI and Google can produce content, analyze data, and automate workflows at a scale that wasn't realistic a few years ago. That shift creates opportunity, but it also raises a more grounded concern: how do you control, protect, and manage the data feeding these systems?

The Governance Gap: How the EU AI Act Makes API Security a Compliance Imperative

Your legal team just handed you a 400-page document and said "figure out compliance." The EU AI Act is live, your organization falls under its scope, which is broader than many expect. Even non‑EU companies must comply if their AI systems are used, deployed, or produce effects within the European Union. In practice, that means that global organizations building or integrating AI models cannot treat the Act as a regional regulation.

Best practices to simplify OU structure

Most organizations are still managing Active Directory (AD) in environments designed decades ago – often by people who are no longer with the company. What started as a logical organizational unit (OU) structure has slowly become brittle and feels too risky to change. Even when everyone agrees it’s not ideal, rebuilding your OU’s from the ground up just doesn’t feel realistic. It’s disruptive, time-consuming and carries a high risk of breaking something critical.