Cybersecurity for AI

Cybersecurity for AI: How to protect AI systems you use or own

An employee asks if they can deploy their own AI agent to process internal documents. They’ve found one that runs effortlessly via a cloud service and “just needs access to the shared folder.” Sounds convenient, but what if that agent starts leaking sensitive data to third parties? What if the source code or the model … Read more

Zero Trust from conviction

Zero Trust from conviction, not fear

Security isn’t about locking doors after intruders have come and gone. It’s about designing a world where they never get in. Imagine waking up to find someone’s broken into your house. You change the locks, install cameras, maybe even adopt a loud dog. But deep down, you know the truth: you acted too late. That’s … Read more

signed, sealed, subverted.

Signed, Sealed, Subverted: What Broken Cryptography Teaches Us About Trust

The Trusted Signature You’re alone in a quiet gallery of the Rijksmuseum, the soft hum of security systems barely audible beneath the air conditioning. A dim spotlight falls on a delicate sketch, its ink lines sharp against aged parchment. The plaque reads: Rembrandt van Rijn, ca. 1640. Experts have certified it. It’s catalogued, insured, cited. … Read more

CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect

Palo Alto Networks published vulnerability CVE-2024-3400 that allows unauthenticated command injection (RCE) in the GlobalProtect feature of Palo Alto Networks PAN-OS software. Specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.