Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Many AI companies are still running at a loss while businesses rush to build critical services on top of them. If compute costs rise and margins collapse, some of those vendors may disappear without warning, taking business critical processes down with them.

Anyone claiming they have fully solved AI governance is getting ahead of reality. AI is moving so fast that by the time many organisations write the rules, the technology, risks and use cases have already changed again.

AI is hitting security teams from three directions at once. Vendors are already using it, other vendors are selling it as the answer to everything, and attackers are using it to move faster than defenders can keep up.

Security questionnaires often fail because they rely on trust, vague answers and people who may not even know the real state of their controls. A simple yes or no response tells you very little when the real question is where those controls exist and whether they work.

A single ransomware attack pushed a 156-year-old logistics company into receivership within 90 days and out of business within five months. The real damage spread far beyond one firm, hitting supply chains, delaying deliveries and costing dependent businesses millions.

AI is disrupting the enterprise software market. James Rees built a fully-functional GRC tool in just two weeks using Codex. No development team needed. No million-pound licensing fee, just AI and subject matter expertise. If a CISO can build what competitors charge hundreds of thousands for in a couple of weeks, what happens to the vendor market? As large language models like Daybreak and Mythos evolve, this problem gets worse for SaaS companies.

Your vendors are adopting AI faster than you can assess them. What does that mean for your third party risk? Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this Spotlight on Technology episode, I'm joined by Jeffrey Wheatman, Senior Vice President and Cyber Risk Strategist at Black Kite. Jeffrey previously spent over a decade as an analyst VP at Gartner, where he launched their third party cyber risk management coverage.

This episode looks at how supplier cyber posture affects your business, why spreadsheets and questionnaires no longer cut it, and how AI is making third party risk harder to see and faster to spread. It covers resilience, shadow AI, vendor collapse, supply chain impact and the reality that you are only as strong as your weakest link.

Government legislation on online safety, age verification and encryption is being written without consulting cybersecurity professionals. The result is legislation that doesn't work and creates massive security risks. Age verification companies are failing spectacularly - people bypass them with smiley faces on thumbs and AI face-meshing. Encryption backdoors don't just let governments in, they let malicious actors in too. VPN age verification is technically impossible. OS-level age verification would require banning Linux, which runs most of the internet.

Should organisations pay ransomware demands? Canvas recently paid after a breach exposed student data. Now US Congress is questioning whether payments should be illegal. In this episode of Razorwire Raw, James Rees tackles the ransomware payment dilemma. Ransomware groups operate like commercial organisations - if they don't honour agreements to delete data after payment, nobody would pay them. Some negotiators have been caught telling attackers what insurance payouts will cover.