On AI Security

Good report: Executive Summary: Let's say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don't actually work for measuring AI capabilities even when they are NOT emergent systemic properties like...

What Your Board Gets Wrong About AI Security

Editor's note: This article was originally published by Craig Riddell on LinkedIn. It has been republished here with the author's permission. Boards are giving AI security more airtime than ever. What they're not giving is the right framing. A year or two ago, AI was mostly a question of...

Top Cybersecurity Frameworks Compared

Top Cybersecurity Frameworks Compared: NIST, CIS, and MITRE ATT&CK Security leaders do not need another framework for the sake of paperwork. They need a practical way to decide which cybersecurity frameworks help the business govern risk, harden defenses, and validate whether controls can withsta...

DORA Compliance Cybersecurity Guide for Finance

DORA Compliance Cybersecurity: A Practical Guide for Financial Services Teams DORA compliance cybersecurity is now a board-level priority for banks, insurers, investment firms, payment providers, and the ICT providers that support them. The Digital Operational Resilience Act shifts the conversati...

8 best practices for CISOs conducting risk reviews

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

Top AI-Powered Vendor Risk Management Platforms for SaaS Companies in 2026

Top AI-powered vendor risk platforms for SaaS companies in 2026, compare tools, features, and how to choose the…...

6 Lessons Security Leaders Must Learn About AI and APIs

Most organizations treating AI security as a model problem are defending the wrong layer. Security teams filter prompts, patch jailbreaks, and tune model behavior, which is all necessary work, while the actual attack surface sits largely unexamined underneath. That surface is the API layer: the...

Mitigate or Fail: How Risk Management Shapes Cybersecurity Competency

Contemporary cybersecurity governance assumes that professionals apply risk reasoning. Yet major organisational failures persist despite investment in tools, staffing, and credentials. This study investigates the structural source of that paradox. Cybersecurity speaks the language of risk, but it...

From Incomplete Architecture to Quantified Risk: Multimodal LLM-Driven Security Assessment for Cyber-Physical Systems

Cyber-physical systems often contend with incomplete architectural documentation or outdated information resulting from legacy technologies, knowledge management gaps, and the complexity of integrating diverse subsystems over extended operational lifecycles. This architectural incompleteness...

New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation

As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration. After all, data leaders are aware of the notion that: Your AI is only as good as your data. Organizations are skeptical about AI transformation due to concerns of sensitive data...

Security Considerations for Artificial Intelligence Agents

This article, a lightly adapted version of Perplexity's response to NIST/CAISI Request for Information 2025-0035, details our observations and recommendations concerning the security of frontier AI agents. These insights are informed by Perplexity's experience operating general-purpose agentic...

The Agile FedRAMP Playbook, Part 4: Reactive Risk Management through Enriched Incident Response

In the final part of our series, we explore Reactive Risk Management. Discover how Wiz for U.S. Government transforms cloud detection and response to help satisfy FedRAMP Rev 5 IR controls and FedRAMP 20x detection benchmarks...

The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity

Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring...

6 Ways Agentic AI Changes How Systems Act and Adapt

Learn how agentic AI changes system behavior in production environments through supervised fine-tuning, structured oversight, and lifecycle governance to improve reliability, manage risk, and support accountable deployment...

The Agile FedRAMP Playbook, Part 3: Preventative Risk Management by building Secure by Design

In the third part of our series, we explore Preventative Risk Management. We discuss how shifting security into the development lifecycle helps organizations meet FedRAMP requirements...

Henry IV, Hotspur, Hal, and hallucinations

Welcome to this week's edition of the Threat Source newsletter. " 'Tis dangerous to take a cold, to sleep, to drink; but I tell you, my lord fool, out of this nettle, danger, we pluck this flower, safety." - Hotspur, Shakespeare's Henry IV, Part 1: Act 2 Scene 3 I get it. Hotspur is the...

The Agile FedRAMP Playbook, Part 2: Proactive Risk Management with Continuous Monitoring

In the second part of our series, we dive into Proactive Risk Management. Discover how Wiz for U.S. Government automates visibility and prioritizes risk remediation to meet FedRAMP continuous monitoring requirements without slowing down innovation...

New e-book: Establishing a proactive defense with Microsoft Security Exposure Management

Effective exposure management begins by illuminating and hardening risks across the entire attack surface. Some of the most meaningful shifts in security happen quietly—when teams take a clear look at their exposure landscape and acknowledge the gap between where they stand today and where they...

The Agile FedRAMP Playbook, Part 1: Why Risk is Your Best Starting Point

Compliance shouldn't mean a standstill for innovation. The first of our four-part series explores how Wiz quickly reached FedRAMP High through a "risk-first" philosophy. In parts 2-4 we’ll explore how Wiz helps with FedRAMP requirements through proactive, preventative, and reactive risk managemen...

U.S. Public Sector Under Siege

Discover why Government and Education must prioritize Cyber Risk Management...