Cloud Security Alliance

Agentic AI is a different kind of AI. It’s not like the generative AI everyone’s talking about—the one that stitches together an answer based on what it knows or guesses when it doesn’t. That’s great for content creation, for generating reports, for summarizing data, or for writing code. But that’s not what Agentic AI is here to do. Agentic AI isn’t about crafting answers. It’s about taking action. It’s about getting things done. Think of it as execution-first AI. It doesn’t just sit b…

Over the last six months, the world has gone from zero to 60 mph on agentic AI. I’ve been a fairly avid LLM user (for software development, polishing text, and other needs). However, I’ve barely touched on agentic AI, model context protocol (MCP), and other modern approaches that have popped up recently. For those of you like me who aren’t yet deep into this topic: agentic AI is about giving AI the ability to take action, not just respond to prompts like traditional chatbots. It can p…

CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we’re reflecting on the sixth incident covered in the Deep Dive: Retool 2023.   An unidentified threat actor launched a sophisticated social engineering campaign involving smishing, credential harvesting, and vishing tactics. They took advantage of Retool’s …

Money talks—and cybercriminals are listening. The financial services (FinServ) industry is becoming an increasingly popular target for advanced email attacks, as a single successful breach can unlock millions in assets and compromise the financial security of countless individuals. As artificial intelligence democratizes sophisticated attack techniques and automation scales criminal operations, the stakes have never been higher. From credential phishing that opens the door to account t…

As revealed in Cerby’s 2025 Identity Automation Gap Report, 46% of security and IT leaders say their organization has already experienced a security, compliance, or operational issue directly caused by manual identity workflow execution. Why do manual identity workflows continue to exist, when the consequences of getting them wrong are so serious and when automation tooling is increasingly common? Looking a bit deeper, how do manual identity workflows create or contribute to securit…

Originally published by Reemo.   Virtualization brings undeniable flexibility and scalability to IT infrastructures. However, these advantages come with significant risks if security and management practices are not modernized accordingly.   Virtualized Environments: Specific Risks to Address While traditional security principles remain relevant, virtual environments introduce unique challenges. A compromised hypervisor can endanger all hosted resources. Weak network segm…

The Cloud Security Alliance (CSA) is evolving in how we connect, collaborate, and engage with our community. Over the past few years, our Circle community has served as a central hub for working groups, chapters, and training communities. While it’s been a valuable platform, we’re moving toward a more streamlined experience across our main website and Slack channels.This transition will create clearer pathways to join working groups, connect with local chapters, and engage with train…

Milestone recognizes Google Cloud’s leadership in transparent and trusted cloud computing services SEATTLE – August 4, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, proudly announced today that Google Cloud has become the first organization to earn CSA’s Valid-AI-ted designation, based on CSA’s new AI-powered validation tool for evaluatin…

The SaaS security reality check: What 800+ security leaders revealed about the true state of SaaS risks. At first glance, the SaaS story looks great: Dashboards are green, audits are clean, and executives feel safe. But dig a little deeper, and a different picture emerges. AppOmni’s 2025 State of SaaS Security Report surveyed 803 security leaders worldwide and surfaced a widening chasm between confidence and control. A sharp increase in SaaS security incidents, a rising complexity in …

In our last post, we explored how the governance, risk, and compliance (GRC) landscape is evolving and how AI is reshaping its future. This next phase is what we call GRC 4.0. While Generative AI (GenAI) has been around for years, its widespread accessibility has only taken off recently, especially following advancements in large language models (LLMs) made available to the public. The result? An explosion of AI-powered tools designed to automate repetitive work and support cross-fun…

The rapid proliferation of generative artificial intelligence (GenAI) across enterprise environments has created an unprecedented governance challenge for Chief Information Security Officers (CISOs) and GRC professionals. Traditional cybersecurity frameworks, while foundational, are insufficient to address the unique risks introduced by AI systems, including model manipulation, data poisoning, algorithmic bias, and AI supply chain vulnerabilities. The Cloud Security Alliance’s AI Cont…

At a period when cloud adoption is at an all-time high and the attack surface continues to expand, most organizations still have not turned cybersecurity awareness into action. According to PwC’s 2025 Global Digital Trust Insights, only 2% of businesses have implemented cyber resilience measures across all surveyed areas. And while 42% of executives cite cloud-related threats as their top concern, those same threats are the ones security leaders feel least prepared to defend against. …

Originally published on RiskRubric.ai.   As data science and AI engineering teams mix general purpose LLMs from foundation model developers with dozens of specialist models like Mistral and Qwen, they leave their security leaders asking: “Can I trust this model for my data and my customers?” This question of trust isn’t just academic; it creates daily operational hurdles and tangible business risks. Approval bottlenecks, engineers waiting, and risk decisions becoming guesswo…

Executive Summary The recent Treasury Department breach, caused by unauthorized access privileges, highlights the persistent risks organizations face with identity security and access governance. This breach was not the result of an advanced cyberattack but rather stemmed from simple misconfigurations and gaps in access controls. It underscores the urgency for organizations to rethink their identity security practices—moving from traditional, manual approaches to automated, continuous …

Originally published by Vali Cyber.   As virtualization continues to shape enterprise IT environments, hypervisors have become foundational to infrastructure operations. But their central role also makes them a high-value target for cyber attackers. This blog explores how aligning hypervisor security with System and Organization Controls 2 (SOC 2) can help mitigate these risks—by applying the Trust Services Criteria to strengthen access controls, monitoring, and incident response…

Alright, let’s talk about promises. Infrastructure as Code (IaC) – Terraform, CloudFormation, you name it – promised us the holy grail: consistent, repeatable, controlled environments. And honestly? For the most part, it delivered. We waved goodbye (mostly) to snowflake servers and configuration spaghetti. Life was good. But here’s the dirty little secret of today’s cloud: drift happens. No matter how pristine your IaC templates are, no matter how strict your deployment pipelines seem, …

Originally published by Schellman. Written by Charles Goss, SOC Senior Associate, Schellman.   The use of artificial intelligence is rapidly expanding across businesses and industries, driving innovation, improving efficiency, and unlocking new opportunities. However, as AI systems become more integrated into critical decision-making processes and daily business operations, concerns about their ethical and responsible use also continue to rise. Questions surrounding fair…

CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we’re reflecting on the fifth incident covered in the Deep Dive: Darkbeam 2023.   Bob Diachenko, CEO of SecurityDiscovery, uncovered a public exposure of Darkbeam’s Elasticsearch and Kibana interface. This exposure was the result of human error—a misconfigu…

This weekend, I watched Jurassic Park for the first time, and while most people might walk away from the film seeing it as a cautionary tale about the dangers of unchecked scientific ambition and the unpredictability of life, the cybersecurity professional in me saw something else entirely. I saw a textbook case study in failed Identity and Access Management (IAM).  Let’s be honest, Jurassic Park didn’t fall apart because of dinosaurs. It collapsed because Dennis Nedry had too much …

Originally published by Abnormal. Written by Callie Baron.   Your workforce is your greatest asset, and your vendors are integral to the success of the enterprise. It’s no surprise, then, that cybercriminals are targeting both, exploiting the trust in these partnerships to deceive, defraud, and divert funds. Much like traditional business email compromise (BEC), vendor email compromise (VEC) involves the misuse of a familiar identity. In these attacks, however, the person be…