Cloud Security Alliance

  How AI is blowing cybersecurity apart, taking us back to our beginnings, and reforging our foundations. A star dies slowly. Then all at once. A star lives billions of years in tension. Thermal energy from fusion in its core pushes outward against gravity pulling inward. It burns through its elements from hydrogen to helium, helium to carbon, then neon, oxygen, silicon, and finally iron. But iron does not release energy when fused; it requires it. The core hardens with iron while…

This blog was published on February 19, 2026 with the latest information regarding the release of CCM v4.1. On January 28, CSA released version 4.1 of the Cloud Controls Matrix (CCM), succeeding CCM v4.0.13. This latest version strengthens the framework by incorporating requirements arising from emerging cloud technologies, introducing new and updated controls, and enhancing interoperability and alignment with other leading standards and regulatory frameworks. CCM v4.1 reflects CSA’s c…

Executive Summary This document applies MAESTRO Framework (7-layer Agentic AI Threat Model) to the OpenClaw codebase, identifying specific threats at each layer and detailing mitigation strategies based on the actual implementation.   Layer 1 – Foundation Models Threats Identified in OpenClaw LM-001: Adversarial Prompt Injection via Messaging Channels (Critical, src/channels/) Threat: Attackers send crafted messages through WhatsApp, Telegram, or Discord designed to manipul…

Agentic AI is no longer experimental. It’s already operating inside production environments, automating workflows, moving data, calling APIs, and making decisions at machine speed. For organizations in financial services, healthcare, and cloud-native engineering, this shift is redefining what “security” actually means. The question is no longer if you’re using Agentic AI. It’s whether your security model has caught up.   What Makes Agentic AI Different Agentic AI systems don’t ju…

This is the second blog in a seven-part series on identity security as AI security. TL;DR: A silent breach rippled through the SaaS world in August 2025: demanding no ransomware demand, no splashy defacement. Just stolen credentials, quietly forgotten and dangerously alive. The target was Salesloft Drift, a marketing automation platform that connects the Drift AI chat agent with a Salesforce or Google Workspace instance, among others. Attackers didn’t need brute force; th…

This is the first blog in a seven-part series on identity security as AI security. TL;DR: AI agents can expand an organization’s attack surface by 100 times, not by doing more but by doing it faster. In July 2025, a Replit AI agent deleted 1,206 database records in seconds, ignoring an active code freeze. At 5,000 operations per minute, human oversight collapses. Consent fatigue sets in at the infrastructure level. AI agents are in production in 91% of enterprises, …

India’s banking system is undergoing a critical shift in how digital trust is established. With the rise of phishing, impersonation fraud, and look-alike banking websites, the Reserve Bank of India (RBI) introduced a decisive measure: all banks must migrate customer-facing digital banking services to the exclusive .bank.in domain by October 31, 2025. This move represents a foundational step toward safer digital banking — but it’s important to understand what this mandate solves, w…

Unpack the critical role of privacy within the five SOC 2 trust services criteria (TSC) and how organizations can leverage compliance to build trust and resilience in a data-driven world. In this post, you’ll learn: The pillars of privacy in SOC 2 Key components and requirements Privacy challenges and pitfalls Recommendations for integrating privacy controls   The Pillars of Privacy in SOC 2: Why It Matters for Modern Organizations In today’s digital landscape, the concept …

AI agents are quickly becoming autonomous digital actors embedded in enterprise workflows. Unfortunately, as organizations scale from dozens to hundreds of agents across clouds, platforms, and business units, the identity foundations inherited from human IAM are beginning to strain under new demands. If you’re already experimenting with autonomous AI agents (or your business units are doing it for you), this topic from CSA’s Securing Autonomous AI Agents survey report (commissioned by St…

If your organization is experimenting with AI agents, copilots, or AI services accessed via API, you’ve probably created more identities than you intended. These non-human identities (service accounts and their associated API keys, tokens, etc.) keep modern systems talking to each other. CSA’s new survey report, commissioned by Oasis Security, shows that token sprawl and inadequate rotation of identities have created a persistent blast radius. When AI workflows can create and use creden…

Most of us grew up professionally in a world where “secure access” meant encrypt the tunnel and harden what’s exposed. VPNs, TLS/mTLS, WAFs, EDR, patching, detection, response… the whole modern stack is built around the assumption that the network and its endpoints are visible. Security starts once a connection attempt is already in motion. The problem is that the internet didn’t get that memo. Our core TCP/IP networking systems were designed to facilitate easy connection, rather tha…

Every security team I talk to is having the same conversation right now. Their developers are shipping AI agents — coding assistants, autonomous workflows, LLM-powered tools that can browse the web, execute code, query databases, and send emails on behalf of users. The agents live in production. The threat models are not. This isn’t a knowledge problem. The MAESTRO framework gave us an excellent conceptual map for understanding agentic AI threats. Its seven-layer architecture, from Fo…

Agentic workforce is scaling faster than identity and security frameworks can adapt SEATTLE – Feb. 5, 2026 –The latest survey report from the Cloud Security Alliance (CSA), the world’s leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, has found that while organizations are eager to harness the efficiencies brought about by AI agents, traditional human-centric Identity and Access Management (IAM) architectures aren’t capable of keeping up…

  Introduction Last month’s disclosure of CVE 2025-55812, known as React2Shell, provided a reminder of how quickly modern threat actors can operationalize newly disclosed vulnerabilities, particularly in cloud-hosted environments. The vulnerability was discovered on December 3, 2025, with a patch made available on the same day. Within 30 hours of the patch, a publicly available proof-of-concept emerged that could be used to exploit any vulnerable server. This short timeline mean…

Written by: Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups Hammad Atta, Founder & AI Technology Advisor, Qorvexconsulting Research Dr. Yasir Mehmood, AI 5G & IoT Systems Security        Introduction: The Hidden Risk in Agentic AI Systems As AI agents evolve and become increasingly autonomous, they gain the ability to perform complex tasks without direct human intervention. This capability, however, introduces new and s…

Cloud-first strategies have completely changed how organizations operate. Teams can launch infrastructure in minutes instead of weeks, rely heavily on SaaS applications, and collaborate from anywhere in the world. This flexibility and speed have unlocked enormous business value, but they’ve also quietly reshaped the security landscape. As traditional networks disappear and fixed perimeters fade away, one control has moved to the center of everything: identity. Today, it’s not firewalls o…

This blog post presents the Agentic Trust Framework (ATF), an open governance specification designed specifically for the unique challenges of autonomous AI agents. For security engineers, enterprise architects, and business leaders working with agentic AI systems, ATF provides a structured approach to deploy AI agents that can take meaningful autonomous action while maintaining the governance and controls that enterprises require. The framework applies established Zero Trust principles…

  Introduction Zero Trust security originally focused on people and was designed to protect systems from risky user behavior and compromised devices. Most controls assumed that a human was sitting behind a keyboard and making decisions. Well, that model no longer reflects reality in modern cloud environments. Today, agentic AI pipelines act like real users. These systems can read and identify alerts, analyze problems, and directly interact with production systems. They can modif…

As we move deeper into 2026, we’re officially past the point of asking if AI will transform cybersecurity. The only question now is whether your organization will be ready when it does. 2025 marked the year that AI moved from industry buzzword to active battlefield. Now, the gap between organizations that operationalize AI and those that don’t is about to become painfully visible. All signs point to the same conclusion: 2026 is separating the prepared from the exposed in several key way…

Identity Governance and Administration (IGA) has long been a pillar of access management. It works well for employees and contractors whose identities are anchored in HR systems, follow predictable lifecycles, and change relatively slowly. In those environments, organizations have historically been willing to accept longer deployment timelines and heavier integration work in exchange for centralized control. But the identity landscape has changed. Today, the majority of identities…