Blog

People interact with Artificial Intelligence (AI) in a number of ways, but notably, written prompts are the main method because basic prompt hacking is understood. Now, let's talk about sophisticated attacks targeting enterprise AI systems. These considerations will explain how an attacker can weaponize AI assistants to extract proprietary data, manipulate business decisions, or pivot through corporate networks.

FedRAMP 20x is progressing quickly, with phase 2 just around the corner. Designed to modernize and streamline the authorization process, FedRAMP 20x is reshaping how cloud service providers (CSPs) achieve and maintain authorization to operate (ATO) in the federal marketplace.

The California Consumer Privacy Act (CCPA) is reminiscent of Michael Meyers, Freddie Krueger, or Ghostface in that no matter how many times you think its presence is done, it keeps coming back with more. While privacy professionals have been tracking the slow rulemaking process for some time, the newly approved regulations may have startled others, fittingly just in time for spooky season.

As organizations continue to transition to PCI DSS v.4.x, they encounter updated requirements for authentication, especially considering the emerging phishing-resistant technologies like passkeys. To help clarify these changes, the PCI Security Standards Council has released two key FAQs: FAQ 1595 and FAQ 1596, offering valuable insights into the use of passkeys, FIDO2-based authentication, and their alignment with multi-factor authentication (MFA) and phishing-resistant protocols.

If you thought developing and implementing your AI system was a challenge, just wait until you attempt to ensure your AI system complies with conflicting international laws simultaneously.

Since the beginning of 2024, FedRAMP Revision 5 has mandated that organizations not only perform traditional penetration tests, but also undergo comprehensive red team engagements. This new requirement reflects a broader emphasis on assessing not just technical vulnerabilities, but also the effectiveness of an organization’s overall security posture, including it’s response to sophisticated and realistic threats. Over the past year, we’ve conducted many red team exercises, each tailored to different organizational environments and threat landscapes. These engagements have varied significantly in scope and complexity, offering us a wealth of insights into both our successes and the challenges we’ve faced.

As artificial intelligence continues to become widely embedded in critical business decisions, strategies, and processes, it increasingly faces growing scrutiny from regulators, customers, and the public. While AI offers unprecedented opportunities for operational enhancements and innovation, it also introduces new risks.

Colorado is leading the charge of U.S. AI policy with the Consumer Protections for Artificial Intelligence (SB24-205) law. This law, commonly referred to as the Colorado AI Act (CO AI Act), is the first enacted comprehensive state law regulating high-risk AI systems. Signed in May 2024, it sets a precedent for balancing innovation with consumer protection through requirements on transparency, accountability, and fairness.