#policy
26 stories taggedpolicy · page 2 of 2.

Feds Pull the Plug on CFAKE and SOCFAKE in First TAKE IT DOWN Act Domain Grab
DOJ seizes two deepfake nude sites that pulled tens of millions of visits a month, marking the first public test of the new federal statute.

Voluntary AI Security Rules: The Industry Already Knows What That Means
Trump's AI cybersecurity executive order drew polite applause from vendors and quiet skepticism from practitioners. The gap between those two reactions is where the real story lives.

Executive Order Mandates AI Security Vetting
Federal directive requires AI models to undergo national security risk assessments before release.

The Pentagon Wants Battlefield AI. Not Everyone With Stars on Their Collar Agrees.
The White House sees AI as a defining American military edge. Some of the generals and admirals who would actually deploy it aren't so sure.

India Sets a 12-Hour Clock on Exploited Vulnerabilities. Can Enterprises Actually Do It?
CERT-In's new AI-threat framework resets expectations around patch velocity — but the real test is whether organizations even know what's exposed.

California Sues 23andMe's Bankruptcy Successor Over 2023 Data Breach
AG Rob Bonta is going after Chrome Holding Co. — the shell 23andMe rebranded into after its bankruptcy — arguing the company failed to adequately protect the genetic and personal data of millions of users.

What S&P 200 CISOs Are Actually Telling the SEC About Cybersecurity
A fresh read of 2024–2025 10-K Section 1.C filings shows NIST CSF dominance, audit committee capture, and a suspicious abundance of 'no material impact' disclosures.

CERT-In Tightens the Clock: Patch Internet-Facing Bugs in 12 Hours
India's national CERT cites AI-assisted exploit development as the reason small teams now have less than a working day to close exposed holes.

More Than Half of CISOs Would Pay a Ransomware Demand. The Maths Are Not Flattering.
A survey of 750 CISOs in the US and UK finds 58% would hand over money to ransomware operators — despite law enforcement advice, incomplete decryption rates, and the lingering question of whether the data stays exclusive.

Agentic AI Quietly Rewrites the NDR Pitch, But Procurement Rules Have Not Caught Up
Network detection vendors say autonomous triage is thinning the alert queue. Buyers are now asking what regulators will let those agents actually do.

Twelve Hours, or Else: India's New Patch Clock Starts Ticking
CERT-In tells operators of internet-facing systems to close critical flaws within half a day, citing AI-assisted exploit chains that compress the attacker's runway to minutes.