Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Third-party cyber risk management (TPCRM) has emerged as a critical discipline, moving beyond traditional approaches to address the unique and evolving cyber threats posed by vendor relationships. This post explains the core tenets of TPCRM, outlines key requirements for ideal tools, and suggests implementation strategies for this new, important branch of cybersecurity.

Chroma is an open-source vector store–a database designed to allow LLM chatbots to search for relevant information when answering a user’s question–and one of many technologies that have seen adoption grow with the recent AI boom. Like many databases, Chroma can be configured by end users to lack authentication and authorization mechanisms.

How many times have you experienced this scenario at work? A hot new AI tool emerges, promising game-changing productivity and innovative features. You can’t wait to try it out in your own workflow. But what is often your security team’s first instinct? Block it.

Are you confident your vendors can withstand a cyber attack? If not, you should continuously evaluate your third-party security, especially if you’re sharing sensitive customer data across your vendor ecosystem. In this post, we break down the concepts of third-party security and provide an actionable roadmap for effectively strengthening this essential branch of cybersecurity across your organization.

Your vendors are essential partners, but they could also be your organization's biggest hidden security risk. A robust vendor review process is the key to ensuring onboarded vendors align with your cybersecurity standards and don't increase your likelihood of suffering a data breach. This guide outlines everything you need to know to build a structured, repeatable, and scalable vendor security review process.

The explosion of generative artificial intelligence tools is sparking a wave of enthusiasm in workplaces, with employees eagerly embracing new applications to boost productivity and innovation. However, this adoption often leads to a new phenomenon known as shadow AI—the use of artificial intelligence tools within an organization without explicit approval or oversight from IT and security teams. Unsanctioned use of AI creates significant (and often invisible) security blind spots.

Similar to Ollama and llama.cpp, LlamaIndex provides an application layer for connecting your data to LLMs and interacting with it through a chat interface. While LlamaIndex is an open source project like other LLM application frameworks, LlamaIndex is also a company, with a recent Series A, a commercial offering, and a more polished aesthetic than their strictly DIY counterparts.

Today, the average employee juggles dozens of SaaS apps—each requesting access with a quick click. But how many employees check whether those permissions (granted in moments to boost productivity) might be unlocking sensitive company data? While businesses thrive on the agility and collaboration SaaS tools provide, this convenience can create a frequently overlooked web of user-granted permissions.

Organizations are still struggling to manage vendor-related cyber risk effectively. According to a recent study by Imprivata and the Ponemon Institute, nearly half of organizations fall victim to data breaches involving third-party network access. This isn't just another statistic. It's a critical cybersecurity issue hinting at broader limitations of traditional TPRM programs.

By now we’re all familiar with the capabilities of generative AI for creating images. For some tasks, like casting an existing image in a recognizable art style, it works well. Much more than that and it encounters limitations: complex prompts often don’t return exactly what you imagined and iterating on a failed prompt can quickly become time-consuming.