Category Archives: Cloud Security Alliance

Category Added in a WPeMatico Campaign

Multimodal AI at Risk: New Report Exposes Critical Risks

Originally published by Enkrypt AI.

Written by Prashanth Harshangi, CTO, Enkrypt AI.

 

Red teaming tests expose major gaps in multimodal AI safety.

 

As generative AI rapidly evolves to process both text and images, a new Multimodal Safety Report released by Enkrypt AI reveals critical risks that threaten the integrity and safety of multimodal systems.

The red teaming exercise was conducted on several multimodal models, and tests across several safety and …

MCP, OAuth 2.1, PKCE, and the Future of AI Authorization

Originally published by Aembit.

Written by Kevin Sapp.

 

How the MCP Authorization Spec reshapes security for LLM-powered autonomous agents.

 

Agentic AI systems – where large language models (LLMs) power autonomous, goal-driven agents – are rapidly transitioning from experimental prototypes to production-ready services. These agents read databases, trigger API calls, write to Software-as-a-Service (SaaS) platforms, and stitch together workflows across systems that weren’t…

Building Retail Trust Through Compliance and Transparency

Written by New Black.

 

Trust matters in retail. Period. The commerce platform you choose should earn your trust through verifiable compliance practices and transparent operations that protect your business and customers. No empty promises—just audited security standards and clear communication.

 

Why Trust Matters

Retail trust isn’t just about good products. It’s about protecting customer data, securing payments, and meeting regulations across all your markets. With today’…

Exploring the Complex Relationship Between Privacy and Cybersecurity

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler.   Cybersecurity and privacy are foundational concerns for most organizations. While these concepts are often discussed together, they are distinct yet interconnected disciplines with unique objectives.     In an era dominated by data-driven decision-making, digital primacy, and evolving threats, cybersecurity and […]

The Hidden Risk in Your Cloud Stack: How Overlooked AWS Resources Become Entry Points for Hackers

Originally published by CheckRed. Written by Amardip Deshpande, Senior Security Researcher, CheckRed.   In February, Angel One, one of India’s leading financial services platforms, disclosed a security breach stemming from unauthorized access to its Amazon Web Services (AWS) infrastructure. While no funds or client credentials were reportedly compromised, personal records of over 8 million users were put […]

CSA Releases Comprehensive EATO Framework to Address Security Challenges for Small Cloud Providers

Written by Jim Reavis, CEO, CSA.   Small and mid-sized cloud service providers often face significant challenges when attempting to meet the rigorous security and compliance requirements set by their enterprise customers, especially those operating within highly regulated industries such as finance, healthcare, energy, and the public sector. These providers struggle with resource constraints, duplicated […]

When AI Breaks Bad: What High-Profile Failures Teach Us About Resilience

Written by Olivia Rempe, Community Engagement Manager, CSA.   In recent years, artificial intelligence has shown extraordinary promise—but also a troubling vulnerability: when it fails, it often fails fast, loud, and in the public eye. The Cloud Security Alliance’s AI Resilience Benchmarking Model introduces a powerful lens for understanding these failures. It breaks resilience down into […]

The Rising Threat of Consent Phishing: How OAuth Abuse Bypasses MFA

Originally published by Valence Security. Written by John Filitz.   A sophisticated attack vector known as “consent phishing” has emerged as a significant SaaS security threat. Unlike traditional phishing that targets credentials directly, consent phishing exploits legitimate authorization protocols that use OAuth 2.0 to gain persistent access to corporate SaaS resources. Late last year it was […]

CISO’s Guide for Defending against the Top 8 Cyber Threats in 2025

Originally published by CXO REvolutionaries. Written by Ben Corll, CISO in Residence, Zscaler.   24 specific things you can do to strengthen your security program against today’s top threats As we move further into 2025, the cyber threat landscape changes continuously and alarmingly. This isn’t anything new for those of us who’ve been around a […]

Implementing CCM: Human Resources Controls

The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. It is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud […]

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies. Click More Info to view Privacy Policy.