The Schellman Blog

Artificial intelligence is reshaping the cyber threat landscape as attackers have already begun weaponizing AI to dramatically accelerate phishing, reconnaissance, payload development, and attack execution.

The long-anticipated Cybersecurity Maturity Model Certification (CMMC) Final Rule, published on September 10, 2025, officially became effective November 10, 2025. This shift from voluntary guidance to mandatory, enforceable contract requirements under the Defense Federal Acquisition Regulation Supplement (DFARS) marks a turning point for every organization that supports the federal defense supply chain. This critical milestone also signifies that full implementation is just beginning.

TAMPA, Fla. and SAN FRANCISCO, February 3, 2026 – Schellman, a leading provider of attestation and compliance services, today becomes the first authorized auditor of AIUC-1, the comprehensive security, safety, and reliability standard for AI agents, marking a significant milestone in AI compliance. As enterprises accelerate AI adoption and systems become more agentic, they face mounting challenges: security leaders confront novel attack vectors, legal teams navigate uncertain liability, and procurement processes slow under bespoke risk assessments. AIUC-1 addresses these challenges with a comprehensive, actionable standard specifically designed for AI agents.

Cloud computing has become foundational for how businesses and governments deliver services, store sensitive data, and scale operations. As organizations increasingly rely on third-party cloud providers, it is critical to have verifiable assurance that these providers implement robust security controls aligned with the sensitivity of the data and workloads they host.

The information in this article was originally presented on January 15, 2026, at a Public Hearing to the New York State Senate Standing Committee on Internet and Technology to discuss risks, solutions, and best practices with respect to the use of artificial intelligence in consequential or high-risk contexts, and related issues.

As the Department of Defense (DoD) continues to accelerate its Zero Trust strategy, organizations supporting national security missions face increasing expectations for how they secure, monitor, and manage sensitive information.

As interest in ISO 42001 certification has surged over the past year, we've heard a steady stream of questions from organizations seeking to build their AI governance strategy and operationalize their Artificial Intelligence Management Systems (AIMS) responsibly. From understanding practical preparation steps to what to expect during the audit, many teams are looking for clearer guidance as they navigate this newer management system standard.

As organizations expand their digital footprints and adopt AI at scale, global privacy expectations are rising worldwide. At the same time, cyber threats are growing more sophisticated, further driving the need for more advanced, resilient privacy programs to meet both regulatory and security demands.