Overview of CSA's AI Security Maturity Model and a scalable Enterprise Membership roadmap turning research into actionable ...

Treat incident response as an engineering system—from asset-aware detection to repeatable analysis and post-incident learning—driving measurable improvements.

Machine identities are the primary attack surface; governance must shift from user-centric models to trust-based, ...

Explore modern identity-based attacks and how to defend against them using Zero Trust. Define and differentiate between ...

Explore how organizations are currently managing AI agent governance. The data reveals widespread shadow AI agents and ...

Explores how AI agents retrieve data with user permissions yet expose outputs to mixed audiences, urging audience-aware authorization.

Retrieval augmented generation (RAG) is an effective technique used by AI engineers to develop large language model (LLM) powered applications. However, the lack of security controls in RAG-based LLM ...

The AI Controls Matrix (AICM) is a first-of-its-kind vendor-agnostic framework for cloud-based AI systems. Organizations can use the AICM to develop, implement, and operate AI technologies in a secure ...

This document contains auditing guidelines for each of the control specifications within the CCM version 4. The CCM is a detailed controls framework aligned with CSA’s Security Guidance for Critical ...

The report presents each security incident as both a detailed narrative and a threat model. This includes an attack-style synopsis with the relevant cloud security risks, CCM controls, and mitigations ...

The use of cloud services has continued to increase over the past decade. Particularly in the wake of the COVID-19 public health crisis, many enterprises’ digital transformations are on an accelerated ...