|
By Anirban Banerjee
There is an old saying: Trust, but verify. For Third-Party Risk Management auditors in regulated financial institutions, that principle has never been more relevant. Vendor questionnaires, SOC 2 reports, and annual reassessments are no longer enough. Regulators are moving beyond paper-based oversight and toward operational proof. The new expectation is clear: Show where customer data is actually flowing. Prove that you control it.
|
By Anirban Banerjee
This is why platforms like ServiceNow AI Control Tower are showing up in governance roadmaps. Control Tower helps organizations standardize how AI systems are requested, reviewed, cataloged, and managed across their lifecycle. It can bring order to chaos. But there’s a second, equally important reality: the strongest governance workflow in the world can’t govern what it can’t see.
|
By Anirban Banerjee
Artificial intelligence has stormed the enterprise world, and it's not slowing down anytime soon. With thousands of AI-powered applications, from large language models (LLMs) to productivity-boosting copilots, employees are tapping into AI to work smarter and faster. But here’s the rub: while AI can supercharge productivity, it also brings along a Pandora’s box of risks.
|
By Anirban Banerjee
The modern automation stack makes it almost trivial to connect enterprise tools: By combining these, you can create an “AI agent” that reads a message in Slack, uses an LLM to classify or summarize it, and then creates a new ticket in YouTrack—all in minutes.
|
By Jackson Harrower
An AI Bill of Materials (AIBOM) addresses this gap. It is a concise, living profile for every AI capability an organization can invoke—models, agents, SaaS features, plug‑ins, and APIs. Kept in a machine‑readable format, it serves as a practical record that can inform runtime decisions in a control plane. An AIBOM summarizes five things about each AI capability: who provides it, what it can do, what data it sees, where it runs, and how it should be treated.
|
By Anirban Banerjee
The challenge isn’t just that AI agents are new. It’s that they blur traditional boundaries of data control, creating hidden sub-processors and uncontrolled data flows. For CISOs, compliance officers, and security leaders, this presents a fundamental governance problem: if you don’t know which AI services are touching your data, you cannot prove compliance.
|
By Anirban Banerjee
In effect, organizations must now treat sensitive data not only as a privacy concern, but as a national security asset. This is no longer the domain of compliance officers alone—it’s a cross-enterprise challenge that demands executive-level ownership.
|
By Anirban Banerjee
On June 23, 2025, the Federal Trade Commission’s sweeping amendments to the Children’s Online Privacy Protection Rule (COPPA) took effect, ushering in more stringent duties for any operator collecting or using children’s data—whether via websites, services, or AI‑powered agents. Companies must achieve full compliance by April 22, 2026 (Finnegan | Leading IP+ Law Firm, Bass, Berry & Sims PLC).
|
By Anirban Banerjee
AI is moving through enterprises faster than security teams can track. Over the past year, AI privacy incidents have risen 56%, and most of those stem from tools security never knew were in use. 84% of SaaS tools are purchased outside IT, and 62% of CISOs say fewer than a quarter of AI tools in use have been approved through procurement. That means sensitive, regulated, or confidential data is often flowing to AI services invisibly, sometimes across borders, without governance or guardrails.
|
By Christopher Widstrom
Here at Riscosity, we believe in making our users’ lives as easy as possible when using our product. Whether users are running scans, triaging results, or viewing reports, the workflows must be intuitive and a seamless part of users’ own environments. To that end, we have finished rounding out our comprehensive support for ticketing system integrations by adding Asana and Linear into the fold.
|
By Riscosity
Welcome to the fourth installment of Riscosity’s Lightning Interview Series Today we sit down with Microsoft Customer Security Officer Terence Jackson for a conversation on the latest in protecting data in the age of GenAI.
|
By Riscosity
Riscosity is the world's most full featured data governance, security and privacy platform. Understand what data types are being exchanged with AI services and govern them - in minutes, not months.
|
By Riscosity
Welcome to the third installment of Riscosity’s Lightning Interview Series In this episode, we sit down with Barak Engel, founder and CEO at EAmmune, and CISO at MuleSoft, Amplitude, StubHub, BetterUp, and Faire among others. Barak is also the author of Why CISOs Fail, The Security Hippie, and The Crack in the Crystal. Ever wonder how you pentest a novel? Tune in to find out.
|
By Riscosity
Welcome to the second installment of Riscosity’s Lightning Interview Series In this episode, we sit down with Michael Machado, a security industry veteran and former CISO at public and pre-IPO companies including RingCentral, Shippo, and BeyondTrust. Ever wonder the best strategy for gaining meaningful budget increases as a CISO? Tune in to find out.
|
By Riscosity
Welcome to the first installment of Riscosity’s Lightning Interview Series. We'll be sitting down with industry leaders for informative and to-the-point conversations. In this episode, we chat about the present and future of internal audit and data security with Nauzer Gotla, Vice President of Internal Audit at Nextracker (NASDAQ:NXT), a dominant player in solar tracking solutions with revenues north of $2.5B.
|
By Riscosity
In today's ever-evolving digital landscape, teams must have a strong understanding of the security measures that will work best for their environment and how to implement them. During this event, we explore the benefits of utilizing SAST scans and DFPM (Data Flow Posture Management) tools to create robust security guardrails for your organization. Hear from Anirban Banerjee, CEO and Co-founder of Riscosity, and Milan Williams, Sr. Product Manager at Semgrep, as they dive into how teams can approach security investments starting with SAST scans and data flow security.
- February 2026 (1)
- January 2026 (1)
- November 2025 (4)
- September 2025 (3)
- August 2025 (6)
- July 2025 (1)
- June 2025 (1)
- May 2025 (2)
- April 2025 (3)
- February 2025 (15)
- January 2025 (10)
- December 2024 (6)
- November 2024 (9)
- October 2024 (7)
- September 2024 (2)
- August 2024 (5)
- July 2024 (1)
- June 2024 (2)
- May 2024 (1)
- April 2024 (2)
- March 2024 (3)
- February 2024 (3)
- January 2024 (3)
- December 2023 (4)
- November 2023 (4)
- October 2023 (2)
- August 2023 (1)
- June 2023 (3)
- March 2023 (1)
- January 2023 (1)
- October 2022 (3)
- April 2022 (1)
- March 2022 (1)
- February 2022 (5)
- January 2022 (5)
- November 2021 (1)
Riscosity enables full control, visibility, and compliance for data going to third parties and AI tools. Deployed on-prem and in your private cloud.
Riscosity is the data flow security platform that empowers teams to have full visibility of third party data in transit and automate the redaction or redirection of sensitive data simplifying how companies meet security and privacy standards.
How it works:
- Monitor: Track and pinpoint any data being sent to a third party API.
- Track: Easily map data sub processors and the information shared with them.
- Remediate: Automatically replace detected sensitive data with redacted inputs.
- Comply: Continuously monitor and block APIs from sending the wrong data to the wrong place.
Deploy Riscosity in your production or development environment to monitor, identify, redact, and secure all third party APIs.