Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Third-party cyber risk management (TPCRM) has emerged as a critical discipline, moving beyond traditional approaches to address the unique and evolving cyber threats posed by vendor relationships. This post explains the core tenets of TPCRM, outlines key requirements for ideal tools, and suggests implementation strategies for this new, important branch of cybersecurity.

Chroma is an open-source vector store–a database designed to allow LLM chatbots to search for relevant information when answering a user’s question–and one of many technologies that have seen adoption grow with the recent AI boom. Like many databases, Chroma can be configured by end users to lack authentication and authorization mechanisms.

How many times have you experienced this scenario at work? A hot new AI tool emerges, promising game-changing productivity and innovative features. You can’t wait to try it out in your own workflow. But what is often your security team’s first instinct? Block it.

Are you confident your vendors can withstand a cyber attack? If not, you should continuously evaluate your third-party security, especially if you’re sharing sensitive customer data across your vendor ecosystem. In this post, we break down the concepts of third-party security and provide an actionable roadmap for effectively strengthening this essential branch of cybersecurity across your organization.

Your vendors are essential partners, but they could also be your organization's biggest hidden security risk. A robust vendor review process is the key to ensuring onboarded vendors align with your cybersecurity standards and don't increase your likelihood of suffering a data breach. This guide outlines everything you need to know to build a structured, repeatable, and scalable vendor security review process.

The explosion of generative artificial intelligence tools is sparking a wave of enthusiasm in workplaces, with employees eagerly embracing new applications to boost productivity and innovation. However, this adoption often leads to a new phenomenon known as shadow AI—the use of artificial intelligence tools within an organization without explicit approval or oversight from IT and security teams. Unsanctioned use of AI creates significant (and often invisible) security blind spots.

Similar to Ollama and llama.cpp, LlamaIndex provides an application layer for connecting your data to LLMs and interacting with it through a chat interface. While LlamaIndex is an open source project like other LLM application frameworks, LlamaIndex is also a company, with a recent Series A, a commercial offering, and a more polished aesthetic than their strictly DIY counterparts.