GRC stories

Experts warn organisations are still exposed as password reuse, phishing and weak access governance persist despite growing push for passkeys and MFA.

Lovelace's Elemental aims to give enterprise AI verifiable evidence, using knowledge graphs and cited outputs for high-stakes decisions.

Cloud Security Alliance deepens agentic AI oversight with catastrophic risk controls, CVE authority and two governance specs.

Cequence Security adds AI Gateway controls to curb autonomous agents' access to enterprise apps and data with persona-based permissions.

SAS has unveiled AI Navigator, a governance service that gives organisations a single view of AI models and agents as scrutiny intensifies.

Avatier unveils offline Identity Challenge Card as firms seek fallback access after Stryker hack exposes MFA weaknesses.

Isaca launches AI risk certification as European research finds many organisations still lack clear ownership, response plans and board oversight.

CrowdStrike unveils AI security coalition with Accenture, EY, IBM Cybersecurity Services, Kroll and OpenAI to spot and fix code flaws faster.

Temenos and Bain warn that banks must modernise core systems, governed data and cloud architecture as AI, stablecoins and personalisation gather pace.

Thrive widens post-Abacode push with managed compliance service for firms facing tougher rules and cyber risk.

Lineaje survey flags a widening governance gap as most firms use AI-generated code, yet few can fully see or track it.

Gigamon rolls out AI traffic intelligence and agentic observability software as IDC sees the network monitoring market reaching USD $4.39 billion by 2029.

LevelBlue says unsanctioned AI agents are slipping into enterprise systems, creating a hidden governance and security blind spot for businesses.

ServiceNow bolsters cyber security push with Armis buyout, adding real-time asset visibility and deepening its platform after Veza.

HackerOne unveils h1 Validation as vulnerability reports surge 76% and AI tools speed up discovery, leaving firms struggling to triage real threats.

CIS, Astrix and Cequence publish AI security guides for large language models, autonomous agents and MCP environments.

Zero Networks adds AI segmentation and compliance controls to help firms block shadow AI, limit agent spread and tighten network access.

AI models that can hunt and chain software flaws are forcing boards to rethink cyber defences, while scrutiny grows over Anthropic's MCP design risks.

CIQ rolls out Enterprise Linux compliance stack as federal cryptography, defence contractor and post-quantum rules tighten from 2026.

Cork Cyber boosts Cork Vantage for MSPs with automated mapping, cutting manual work and improving asset accuracy across client, device and inbox records.