In an era of digital innovation and technological advancements, robust application security has never been more crucial. As cyber threats continue to evolve, organizations must stay ahead of the curve to protect their sensitive data and maintain the security of their users. One project that can help in this process is OWASP (Open Web Application Security Project), a globally recognized non-profit organization dedicated to improving application security.

Google Cloud Platform (GCP) is one of the world’s most widely used cloud services. At the heart of this system lies roles, which act as predefined sets of permissions that grant users specific access levels amidst the complexity of credentials, identities, and resources in the cloud environment.

The definition of Artificial Intelligence (AI) has been thrown around whilst it has risen to the top of the tech agenda over the past couple of years. Security professionals have determined AI to be a risk to businesses, and also an opportunity. But could it also be a way to better defend your network against attacks? For many years, AI and Machine Learning have gone hand in hand; with AI used to better determine defensive decisions and cut down on the human element in more basic functions.

Last week’s release of OpenAI’s GPT-4o, along with the story around Slack’s AI training policy, goes to show that AI innovation is happening at a rate where, for most companies, security simply can’t keep up.

Responsible AI Licenses (RAIL) are a class of licenses created with the intention of preventing harmful or unethical uses of artificial intelligence while also allowing for the free and open sharing of models between those who intend to use and improve them for authorized purposes. Anyone can make their own version of RAIL for their model, and in doing so can create more or less restrictions than those detailed in the template licenses.

Large Language Models (LLMs) have become indispensable tools across various sectors, reshaping how we interact with data and driving innovation in sensitive domains. Their profound impact extends to areas such as healthcare, finance, and legal frameworks, where the handling of sensitive information demands heightened security measures.

In the oft-obscure world of Architecture, Engineering, and Construction (AEC), the structures we see reaching for the skyline are not just feats of design and engineering but archives of data, each rivet and beam a data point in a colossal network of information. Yet, with these digital monoliths comes an invisible vulnerability – data control, a challenge that’s upending the AEC industry.

Rego, the policy language of the Open Policy Agent (OPA), is known for its flexibility and power in policy enforcement across various systems. Its declarative syntax and data-centric approach make it versatile for application authorization, infrastructure as code (IaC) authorization, and network policies. To fully appreciate OPA/Rego’s capabilities, it’s helpful to compare it with other policy languages and frameworks like AWS’s Cedar and Google’s Zanzibar.