Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Shadow AI Is Not a People Problem. It's a Governance Problem

Most organizations responded to shadow AI the way they responded to shadow IT a decade ago: awareness campaigns, acceptable use policies, and training programs. The assumption was that if employees understood the risk, they would stop using unsanctioned tools. That approach did not work for shadow IT, and it won't work for shadow AI. The key difference is governance architecture.

The CIO's AI Security Checklist: 10 Questions Before Deploying Agents

You approved the AI tools. You funded the infrastructure. Now your teams want to deploy AI agents, and the ask sounds reasonable: automate the research workflow, connect the agent to the CRM, let it draft and send. The productivity case is clear. What is less clear is who owns the security exposure when that agent starts moving data across systems it was never explicitly authorized to touch. The answer, increasingly, is you.

Cyberhaven Selected for Anthropic's Cyber Verification Program to Advance Defensive AI Security Research

Anthropic has selected Cyberhaven for its Cyber Verification Program, an application-based program that supports legitimate defensive cybersecurity work involving advanced AI capabilities. The approval gives designated Cyberhaven teams access to advanced AI capabilities with fewer interruptions from default safeguards for certain high-risk, dual-use cybersecurity tasks, subject to Anthropic's applicable policies and program requirements.

Preventing IP Theft and Trade Secret Loss in Manufacturing

A manufacturer's most valuable assets rarely sit in a vault. They live in CAD files, chemical formulations, process parameters, supplier contracts, and tooling specifications that move every day between engineers, plants, partners, and contractors. That movement is what makes the business run, and it is also what makes trade secrets easy to lose. A departing engineer copies a design folder. A contractor forwards a spec sheet to a personal account.

AI Security for Autonomous Agents | Cyberhaven Product Launch (Part 1 of 4)

Autonomous AI agents are running on enterprise endpoints right now, accessing files, processing sensitive data, and executing actions outside the visibility of most security programs. This is Part 1 of Cyberhaven's four-part AI Security product launch series. What this video covers: Most AI security tools were built for browsers and SaaS apps. They cannot see agents operating at the OS level, coding assistants running in IDEs and CLIs, or MCP servers executing in the background. Cyberhaven's AI Security platform was built to close that gap.

Shadow AI Discovery: How to Find Every AI Agent in Your Environment | Cyberhaven (Part 2 of 4)

Security teams cannot govern what they cannot see. This is Part 2 of Cyberhaven's four-part AI Security product launch series, focused on Shadow AI Discovery and how Cyberhaven automatically inventories every AI app and agent running across your organization.

Real-Time AI Enforcement Powered by Data Lineage | Cyberhaven (Part 4 of 4)

Visibility without enforcement is just an alert backlog. This is Part 4 of Cyberhaven's four-part AI Security product launch series, covering how Cyberhaven enforces risk-based controls at the data level, not the tool level, using Data Lineage as the foundation.

Agentic AI Visibility and Risk Scoring: What Cyberhaven Sees That Others Miss | (Part 3 of 4)

Knowing an AI tool exists is not the same as knowing what it did with your data. This is Part 3 of Cyberhaven's 4-part AI Security product launch series, covering Agentic AI Visibility and AI Risk IQ, Cyberhaven's evidence-based risk scoring system for every AI app and agent in your environment.

How DSPM Detects Insider Threats Using Data Lineage

Most insider risk programs stall at the same place: they can see what data exists, but not what users are doing with it. Data security posture management (DSPM) tools catalog sensitive files, flag misconfigured permissions, and surface overexposed repositories. What they often cannot communicate is whether that overexposed file was accessed, copied, renamed, and uploaded to a personal cloud account by an employee who put in their resignation last week.

How to Use DLP and DSPM to Support SOC 2 Compliance

SOC 2 audits are won or lost on evidence. When an auditor asks how an organization controls access to sensitive data, prevents unauthorized exfiltration, and monitors for anomalous behavior, the answer has to be documented and defensible. For most security and GRC teams, that answer depends heavily on whether their data security tooling is configured to produce audit-ready outputs, not just enforce policies.