#governance
12 stories taggedgovernance.

Your AI Coding Bots Are Running Unsupervised and Nobody Knows What They Did Last Night
AI agents inside software development teams can write, test, and deploy code on their own, often with no human checking what they did. Most companies have no way to answer a simple question: who authorised that change?

AI Is Making Decisions at Work. Most Companies Have No Rules for That.
Security expert Stephen Wilson says businesses are handing AI tools more and more independence, but treating them with the same loose oversight they used when AI just answered questions.

The Cybersecurity Skills Gap Is Real. But We're Measuring the Wrong Thing.
Companies keep buying courses and certifications. Breaches keep happening anyway. The problem is not a shortage of trained people. It is a shortage of people who have actually practised under fire.

RSnake's Case for a CISO Code of Ethics
Robert Hansen argues that kickbacks, no-show jobs, and shelfware deals aren't just embarrassing — they're a national security problem.

When Legacy Infrastructure Becomes the Soft Underbelly of Your AI Agent Stack
Governance frameworks like NIST AI RMF and the EU AI Act assume the pipes under the model are secure. They often aren't.

CISOs Are Being Handed the Business Risk Portfolio. Most Aren't Ready.
Security chiefs at Appfire, JumpCloud, and BECU describe how they're learning to own risks that finance and operations used to call their own.

Old Risk Frameworks Can't Handle AI. Here Are the New Ones That Try.
From ISO 42001 to NIST's AI RMF and ENISA's layered playbook, a clutch of frameworks is competing to define how organizations govern AI risk — each targeting a different gap.

Knowingly Shipping Vulnerable Code Has Become Standard Practice, Survey Finds
A Checkmarx survey of 2,350 security leaders finds nearly half of production code is AI-generated — and enterprises are deploying it despite knowing it carries unresolved flaws.

What S&P 200 CISOs Are Actually Telling the SEC About Cybersecurity
A fresh read of 2024–2025 10-K Section 1.C filings shows NIST CSF dominance, audit committee capture, and a suspicious abundance of 'no material impact' disclosures.

Geordie Lands $30M to Tackle AI Security and Governance
Balderton Capital leads a Series A into the AI governance startup, joined by Crosspoint Capital and returning backers General Catalyst and Ten Eleven Ventures.

You Can't Audit What You Can't See: The Agent Governance Hole Nobody Wants to Talk About
Enterprises are shipping AI agents into production without inventories, without trace pipelines, and without a coherent answer to a basic question: what is this thing actually doing?

Shadow AI Is Now a Compliance Problem, Not Just an IT One
Employees are running unsanctioned AI assistants by the handful. Regulators are starting to ask who approved them, and under which control framework.