Latest articles for CSO magazine

As gen AI use continues to skyrocket, reports of business benefits are trickling in. But we’re also seeing more cases where the tech can actually…

From prompt injections to model theft, OWASP has identified the most prevalent and impactful vulnerabilities found in AI applications based on large language models (LLMs).

The best way to recover from a ransomware attack is to have a reliable and fast backup process. Here’s how to do it.

In a somewhat chilling revelation, AI agents were able to find and exploit known vulnerabilities, but only under certain conditions, which researchers say indicates they’re…

BAS products simulate attacks to test a company’s defenses against threat vectors. The following guide can help you make the right choice for your organization.

Organizations have started to launch AI certifications in governance and cybersecurity but given how immature the space is and how fast it’s changing, are these…

The ransomware business hit record highs in 2023 despite falling payment rates, as attackers scaled up the number of attacks and new AI weapons were…

Generative AI could be the holy grail of DevSecOps, from writing secure code and documentation to creating tests. But it could be a major point…

By automating repetitive triage and documentation tasks, generative AI systems allow entry-level security analysts to spend more time on investigations, response, and developing core skills.

Risks associated with artificial intelligence have grown with the use of GenAI and companies must first understand their risk to create the best protection plan.

Code vulnerability is not only a risk of open-source code, with many legacy systems still in use — whether out of necessity or lack of…

Businesses are using DLP tools to help secure generative AI and reduce risks of ChatGPT and similar applications.

With growing adoption of zero trust, CISOs must look at all possible blind spots across the organization, be that unmonitored IoT devices or third-party systems,…

For those hoping to avoid the pay-or-not-to-pay ransomware dilemma, there are three things to focus on that can help CISOs: create incident response plans, improve…

Growing use of APIs give attackers more ways to break authentication controls, exfiltrate data, or perform disruptive acts.

Rapid growth and development of AI is pushing the limits of cybersecurity and CISOs must take charge now to be ahead of a range of…

A recent report found that companies with cyber insurance have been hit by ransomware more than those without it, and sometimes more than once. Although…

Siemens us chief cybersecurity officer Helen Negre discusses how the organization is focusing on zero trust to ensure the security of internal systems across its…

How to stay ahead of attacks by learning about the risks of AI-based search engines, what skill sets are needed to defend systems and ensuring…

The Microsoft-backed free chatbot is improving fast and can not only write emails, essays but can also code. ChatGPT is also polyglot and that could…

The virtual representation of objects or systems through digital twins provide organizations greater insight into their assets but it can also invite malicious actors.

Open RAN enables interoperability among hardware, software, and interfaces used in cellular networks but also changes their attack surface.

Mistakes when implementing identity and access management systems, especially during upgrades, can have lasting effects. Here’s how to spot and avoid the worst of them.

Threat actors have several ways to fool or exploit artificial intelligence and machine learning systems and models, but you can defend against their tactics.

Machine learning algorithms will improve security solutions, helping human analysts triage threats and close vulnerabilities quicker. But they are also going to help threat actors…

Managing machine identities can be just as important as managing human identities, especially in a zero-trust environment.

Open source software plays a key role in keeping data centers secure. Here are just a few projects making a difference.

The cyber kill chain describes the phases of a targeted cyberattack where defenders can identify and stop it.

Many of the most popular cyberattacks don’t follow all the steps of the cyber kill chain, but you have other methods to detect threats.

NotPetya proved the effectiveness of an attack on the software supply chain, and attackers are targeting it more now. Here’s advice to reduce risk to…