Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Privacy Engineering is Dead

In an era where data breaches, privacy violations, and regulatory fines dominate headlines, the need for robust privacy engineering has never been more critical. Yet, despite its growing prominence, privacy engineering is failing to meet the demands of businesses and consumers alike. To understand why, let’s explore what privacy engineering is, the challenges it faces, why its current state is insufficient, and the transformative shift needed to make it truly effective.

Securing Identities in Business Data Flows

In today’s business ecosystem, data exchanges are critical for operations. From APIs to FTP connections, Electronic Data Interchange (EDI), and Virtual Desktop Infrastructure (VDI), data transfers happen continually, each using specific protocols and requiring authentication to ensure security and confidentiality. These interactions rely on a vast array of identities, keys, and credentials that need consistent management and periodic rotation to maintain security.

API, Identities and solving for the biggest challenges

API calls are the backbone of modern software, enabling applications to communicate and share data seamlessly. However, with this integration comes the challenge of understanding and managing the identities used in API calls. These identities, often tied to authentication and authorization mechanisms, are crucial for determining what data is accessed and exchanged.

FedRAMP Certification and Data Security

Federal Risk and Authorization Management Program (FedRAMP) and State Risk and Authorization Management Program (StateRAMP) are pivotal frameworks for securing cloud services used by federal and state governments, respectively. These programs mandate stringent security protocols, emphasizing the need for organizations to manage and disclose third-party involvement in delivering software services to the government.

Investigating iOS 18's AI Capabilities

With the release of iOS 18, Apple has continued to expand its integration of AI technologies, positioning the iPhone as a powerful personal assistant capable of smart recommendations, advanced text and image analysis, and even predictive suggestions. Leveraging on-device machine learning, iOS 18’s AI features tap into user data to provide a personalized experience.

Taking the Pain Out Of Compliance for Legal and GRC Teams

The legal department plays a crucial role in enhancing enterprise security profiles. Historically, legal and cybersecurity departments have been siloed from one another in organizations both large and small. With security now a concern at the Board level, legal’s role in enterprise risk management – advising on threats and potential liability – must include the impact of data security threats.

LLM Prompt Injection 101

Prompt injection attacks exploit vulnerabilities in natural language processing (NLP) models by manipulating the input to influence the model’s behavior. Common prompt injection attack patterns include: 1. Direct Command Injection: Crafting inputs that directly give the model a command, attempting to hijack the intended instruction. 2. Instruction Reversal: Adding instructions that tell the model to ignore or reverse previous commands. 3.

How to Safely Integrate LLMs Into Enterprise Applications and Achieve ISO 42001 Compliance

Enterprise applications, whether on-premise or in the cloud, access LLMs via APIs hosted in public clouds. These applications might be used for content generation, summarization, data analysis, or a plethora of other tasks. Riscosity’s data flow posture management platform protects sensitive data that would otherwise be accessible to LLM integrations.

SEBI's CSCRF Regulation

India's Securities and Exchange Board (SEBI) has introduced a new regulatory framework called the Cyber Security and Cyber Resilience Framework (CSCRF). The regulation aims to tighten cybersecurity and data governance for capital market participants. As cyber threats increase globally, the CSCRF is poised to create a stronger defense line for organizations operating in India’s capital markets.

Introducing The Riscosity AI Governance Suite

Clients can empower their employees to securely leverage any browser-based AI tool. The Riscosity browser extension will scan and block prompts with sensitive information in real time. Admins can use the intuitive Riscosity dashboard to set RBAC rules and keep a pulse on any AI tools being used – including any attempts to share sensitive information. The bottom line… we’re providing an AI firewall for your company, without the headaches of difficult deployment.