Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PwC recently did an AI agent survey where they found the following: This all sounds great, right? For many reasons it is, but agentic AI creates a challenge of visibility for organizations into how AI agents are communicating with each other and external third-party vendors. Imagine a multitude of AI agents autonomously exchanging data across a complex mesh of third-party vendors and applications.

For a AI software company like Riscosity, which helps organizations secure and govern data flows to third parties, compliance is not just a regulatory requirement—it is central to the value proposition. Recognizing this, Riscosity has launched a dedicated Trust Center at trust.riscosity.com, powered by industry leader Vanta, to streamline how it communicates its compliance posture with current and prospective customers.

Historically, software vendors that detect various types of data in customers’ environments have relied heavily on rudimentary methods for identifying that data. One of the most popular methods for identifying the presence of any particular type of data is using regular expressions and, admittedly, Riscosity started off doing the same several years ago.

According to Security Score Card in 2024 35.5% of breaches were related to third party access. Our software is primarily written in Go and we wanted to share how our engineering team approaches managing dependencies.

We’ve been hearing (and using) a lot of acronyms lately. MCP, A2A, ACP… it’s easy to fall behind. Fortunately for our customers, all of these new standards are API based! Since Riscosity is built to discover, monitor, and govern all HTTP-based data flows, it requires no extra integration or setup to handle MCP, A2A, or ACP traffic.

Here at Riscosity, our team is keenly aware of the ongoing rise of AI adoption that is taking the world by the storm. As a company whose mission is to help organizations gain control over their 3rd party data flows, it is only logical that our capabilities support AI as well. What better time than RSA to announce the latest AI-related innovation that Riscosity has released!

MCP, short for Message Communication Protocol, refers to a category of protocols used for exchanging structured messages between systems or applications. It was developed primarily to meet the communication needs of early enterprise systems that required: MCP protocols are often seen in banking, insurance, healthcare, and telecom industries—sectors where many systems were developed before APIs became mainstream.

Riscosity has made it even easier to prioritize issues where data types are being shared by your Applications with 3rd party vendors by adding Confidence Scores to those data types. Users can focus in on the issues with data types that Riscosity had the highest confidence in determining without worrying about false positives.

Riscosity’s web application navigation menus have been redesigned to make common user workflows easier than ever. Users will benefit from the more intuitive layout that will allow them to get to where they need to go seamlessly.

Shadow technology, regardless of name, is a manifestation of the same issue - unmonitored, unauthorized, or hidden technology operating outside official oversight. Over the past ten years, with the adoption of SaaS services, Shadow IT became a significant concern for security teams. With the more recent explosion of AI tools, we’ve started to hear the term Shadow AI being used for the same reasons.