CloudSecurityAlliance

Renting a venue doesn't make the venue responsible for what happens inside — that's still on you. Cloud infrastructure works the same way: the provider locks the building, but everything you run on top of it is your responsibility to secure. Most breaches don't beat the provider. They exploit the gap that belongs to you. That's the foundation CCSK is built on. cloudsecurityalliance.org/education/ccsk

Most AI security reviews end with: "the vendor completed our questionnaire." That questionnaire was written in an afternoon, probably by someone who'd never threat-modeled an LLM. 243 control objectives across 18 domains exist so you don't have to start from scratch. #AIControls cloudsecurityalliance.org/artifacts/ai-c…

An SSRF bug in your EC2 app can turn into full IAM credential theft in a single HTTP request. IMDSv1 — still enabled on many older instances — lets any internal redirect reach 169.254.169.254 and pull your instance role's access keys. No special exploit, just a misconfigured hop. IMDSv2 blocks this by requiring a session preflight token that SSRF can't forge. It's available on all current instances but not enforced by default on older ones. Check your fleet. cloudsecurityalliance.org/research/publi… #CloudSecurity

Ask your IAM vendor how they handle an agent that mints three child identities mid-task, delegates scoped permissions to each, then completes — with no human-initiated offboarding trigger. That silence is the gap. Agent identity governance isn't an IAM extension — it's a new domain. csai.foundation #AgentSecurity

Common assumption: if you're compliant, you're secure. The reality is that compliance measures a point in time — cloud drift, misconfiguration, and over-permissioned access don't wait for your next audit cycle. That gap is foundational to understand. CCSK is where it starts. cloudsecurityalliance.org/education/ccsk

"Shared responsibility" sounds clear until someone asks what your half actually requires. Cloud providers define theirs. CCM defines yours — 207 controls across 17 domains, mapped to what you're actually accountable for in cloud environments. Free, vendor-neutral, and built for the question every auditor eventually asks. cloudsecurityalliance.org/research/cloud… #CloudSecurity

Your GitHub Actions workflows probably pin to tags: `uses: actions/checkout@v4`. Tags are mutable. A compromised upstream repo silently redirects that tag to malicious code — which then runs in your pipeline with your cloud credentials, signing keys, and deploy tokens loaded. Pin to a commit SHA instead. `actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683` cannot be moved. The tag can. One config change. Immutable by design. cloudsecurityalliance.org/research/publi… #SupplyChain

An agent takes an action that violates a customer contract. Security gets the ticket. Legal gets the call. IT gets blamed. Engineering explains the prompt chain. Four teams, four conversations, zero clear owner. Org charts were drawn before agents existed. The accountability gap isn't coming — it's already open. csai.foundation #AIGovernance

Between login and logout, how much of what happens inside your environment is genuinely being verified — and how much is just assumed safe because the initial authentication checked out? That's the gap Zero Trust architecture is built to close. CCZT 🔐 cloudsecurityalliance.org/education/cczt

The moment you give an LLM access to internal tools, it's operating inside your trust boundary — with the implicit trust of an insider. Zero trust was built to eliminate exactly that kind of implicit access. CSA's Zero Trust guidance for LLM environments maps out what enforcement actually looks like when the requestor is a model, not a human. cloudsecurityalliance.org/research/publi…

Zero Trust's hardest problem isn't authenticating users — it's machine-to-machine traffic. Service accounts, workload identities, and API tokens outnumber human accounts in most cloud environments, and they rarely get the same continuous verification treatment. Start there: inventory every non-human identity, what it can access, and whether that access is scoped or perpetual. cloudsecurityalliance.org/research/publi… #ZeroTrust

'We already have Zero Trust' is becoming the AI security equivalent of 'we have a firewall.' Zero Trust assumed identities were stable and access patterns were predictable. Agents are neither — they re-scope mid-task, spawn sub-identities, and operate continuously. That's not a Zero Trust gap. It's a Zero Trust rearchitecture. csai.foundation

Something I've been noticing: teams that are completely fluent in on-prem security go quiet when the same questions come up about their cloud environment. Same threats, different architecture — and somehow the mental model doesn't always transfer. That gap is exactly what CCSK addresses. cloudsecurityalliance.org/education/ccsk

Your security architect is asked to sign off on a multi-agent deployment. She opens the threat modeling playbook — STRIDE, attack trees, PASTA — and realizes none of them were designed for a system that reasons, delegates, and acts autonomously. MAESTRO was built for exactly that gap. cloudsecurityalliance.org/research/publi… #ThreatModeling

Expectation: "Kubernetes Secrets" keeps your credentials protected. Reality: by default they're base64-encoded and stored in plaintext in etcd. Anyone who reaches that datastore reads them directly — no decryption step needed. Encrypting secrets at rest requires explicit EncryptionConfiguration setup that most clusters never enable. Before you trust your cluster with API keys and certs, verify that step was taken. cloudsecurityalliance.org/research/publi… #Kubernetes

Trace a privilege escalation through a multi-agent workflow and you often find this: the offending action happened three hops from anyone's blast radius estimate. Nobody designed the risk there — it emerged from the composition of systems that each looked safe in isolation. That gap has no owner yet. csai.foundation #AIRisk

Friday security confession: I just realized the "temporary" IAM role I set up in January has been sitting there ever since — full permissions, zero review. Named it "temp-test-delete-me." It's April. The fundamentals aren't complicated. They just require actually following through. CCSK 📋 cloudsecurityalliance.org/education/ccsk

Your team is mid-migration from on-prem to cloud. Three engineers, three different opinions on IAM design, encryption strategy, and API exposure. Everyone's citing a different vendor blog. Security Guidance v5 is the reference that settles arguments like these — vendor-neutral, practitioner-built, covering everything from governance to incident response. cloudsecurityalliance.org/research/guida… #CloudSecurity

Your system prompt is a reconnaissance goldmine. Adversaries don't always need a jailbreak to extract it — careful output probing, role-play framings, or just asking directly often works. That prompt tells them what tools your model can call, what data it touches, and exactly where your guardrails sit. Treat system prompts like secrets, not config. Redact them from outputs, monitor for extraction attempts, and rotate them when exposed. cloudsecurityalliance.org/research/publi… #LLMSecurity

Your change management process didn't flag it. Your SIEM didn't alert on it. Nothing in your environment changed — except the model your agent calls was silently retrained by the provider. Different data. Different alignment tuning. Same API endpoint. Same agent. Different behavior. AI supply chain risk lives in that gap — and most security teams have no control objective for it yet. csai.foundation