Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A risk register is a GRC tool used by teams to identify, assess, and manage various risks within an organization. It acts as a centralized repository and looks at the impact and probability of a risk to prioritize its management. In cyber security, a risk register helps maintain compliance with various standards like the ISO 27001 Information Security Management System (ISMS), NIST SP800-30 Guide for Conducting Risk Assessments, or the new European NIS 2 directive.

Bitsight customers and their third-party partners are well on their way to gaining faster clarity on how their remediation efforts impact their Bitsight Security Ratings. In an effort to support organizations that use Bitsight to prioritize internal security work, we started a phased rollout of Dynamic Remediation, a new initiative that accelerates the rating refresh process and makes it more responsive to meaningful security remediations.

Autonomous AI agents - known as Computer-Using Agents (CUAs) - are no longer science fiction! These systems can browse websites, interact with applications, and carry out tasks on their own. While intended to increase productivity, they can already be repurposed by threat actors for malicious use.

One of the confidentiality concerns associated with AI is that third parties will use your data inputs to train their models. When companies use inputs for training, the inputs may later become or inform outputs, potentially exposing confidential information to other people.

Artificial intelligence isn’t just a buzzword in cybersecurity—it’s rapidly becoming the backbone of both offense and defense in the digital battlefield. From hyper-realistic deepfakes to machine learning-powered threat detection, AI is fundamentally changing how we manage cyber exposure.

‍Cybersecurity governance, risk, and compliance (GRC) programs today serve as the backbone of enterprise security, helping organizations holistically manage threats, enforce policies, and maintain regulatory compliance, all while advancing the business mission.

The proliferation of AI has rapidly introduced many new software technologies, each with its own potential misconfigurations that can compromise information security. Thus the mission of UpGuard Research: discover the vectors particular to a new technology and measure its cyber risk. This investigation looks at llama.cpp, an open-source framework for using large language models (LLMs).

You’ve done the work—mapped the risks, built the roadmap, secured the right tools. But when it’s time to face the board, the conversation stalls. Not because you’re wrong. Because you’re speaking a different language. Boards don’t operate in threat models and tech stacks. They operate in risk, revenue, and accountability. And if you want their support, you need to meet them there.