CloudSecurityAlliance

Your GitHub Actions workflows probably pin to tags: `uses: actions/checkout@v4`. Tags are mutable. A compromised upstream repo silently redirects that tag to malicious code — which then runs in your pipeline with your cloud credentials, signing keys, and deploy tokens loaded. Pin to a commit SHA instead. `actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683` cannot be moved. The tag can. One config change. Immutable by design. cloudsecurityalliance.org/research/publi… #SupplyChain

An agent takes an action that violates a customer contract. Security gets the ticket. Legal gets the call. IT gets blamed. Engineering explains the prompt chain. Four teams, four conversations, zero clear owner. Org charts were drawn before agents existed. The accountability gap isn't coming — it's already open. csai.foundation #AIGovernance

Between login and logout, how much of what happens inside your environment is genuinely being verified — and how much is just assumed safe because the initial authentication checked out? That's the gap Zero Trust architecture is built to close. CCZT 🔐 cloudsecurityalliance.org/education/cczt

The moment you give an LLM access to internal tools, it's operating inside your trust boundary — with the implicit trust of an insider. Zero trust was built to eliminate exactly that kind of implicit access. CSA's Zero Trust guidance for LLM environments maps out what enforcement actually looks like when the requestor is a model, not a human. cloudsecurityalliance.org/research/publi…

Zero Trust's hardest problem isn't authenticating users — it's machine-to-machine traffic. Service accounts, workload identities, and API tokens outnumber human accounts in most cloud environments, and they rarely get the same continuous verification treatment. Start there: inventory every non-human identity, what it can access, and whether that access is scoped or perpetual. cloudsecurityalliance.org/research/publi… #ZeroTrust

'We already have Zero Trust' is becoming the AI security equivalent of 'we have a firewall.' Zero Trust assumed identities were stable and access patterns were predictable. Agents are neither — they re-scope mid-task, spawn sub-identities, and operate continuously. That's not a Zero Trust gap. It's a Zero Trust rearchitecture. csai.foundation

Something I've been noticing: teams that are completely fluent in on-prem security go quiet when the same questions come up about their cloud environment. Same threats, different architecture — and somehow the mental model doesn't always transfer. That gap is exactly what CCSK addresses. cloudsecurityalliance.org/education/ccsk

Your security architect is asked to sign off on a multi-agent deployment. She opens the threat modeling playbook — STRIDE, attack trees, PASTA — and realizes none of them were designed for a system that reasons, delegates, and acts autonomously. MAESTRO was built for exactly that gap. cloudsecurityalliance.org/research/publi… #ThreatModeling

Expectation: "Kubernetes Secrets" keeps your credentials protected. Reality: by default they're base64-encoded and stored in plaintext in etcd. Anyone who reaches that datastore reads them directly — no decryption step needed. Encrypting secrets at rest requires explicit EncryptionConfiguration setup that most clusters never enable. Before you trust your cluster with API keys and certs, verify that step was taken. cloudsecurityalliance.org/research/publi… #Kubernetes

Trace a privilege escalation through a multi-agent workflow and you often find this: the offending action happened three hops from anyone's blast radius estimate. Nobody designed the risk there — it emerged from the composition of systems that each looked safe in isolation. That gap has no owner yet. csai.foundation #AIRisk

Friday security confession: I just realized the "temporary" IAM role I set up in January has been sitting there ever since — full permissions, zero review. Named it "temp-test-delete-me." It's April. The fundamentals aren't complicated. They just require actually following through. CCSK 📋 cloudsecurityalliance.org/education/ccsk

Your team is mid-migration from on-prem to cloud. Three engineers, three different opinions on IAM design, encryption strategy, and API exposure. Everyone's citing a different vendor blog. Security Guidance v5 is the reference that settles arguments like these — vendor-neutral, practitioner-built, covering everything from governance to incident response. cloudsecurityalliance.org/research/guida… #CloudSecurity

Your system prompt is a reconnaissance goldmine. Adversaries don't always need a jailbreak to extract it — careful output probing, role-play framings, or just asking directly often works. That prompt tells them what tools your model can call, what data it touches, and exactly where your guardrails sit. Treat system prompts like secrets, not config. Redact them from outputs, monitor for extraction attempts, and rotate them when exposed. cloudsecurityalliance.org/research/publi… #LLMSecurity

Your change management process didn't flag it. Your SIEM didn't alert on it. Nothing in your environment changed — except the model your agent calls was silently retrained by the provider. Different data. Different alignment tuning. Same API endpoint. Same agent. Different behavior. AI supply chain risk lives in that gap — and most security teams have no control objective for it yet. csai.foundation

Zero Trust has quietly become the industry's favorite rebrand. Slap MFA on a flat network, update the slide deck, ship it. The real work — micro-segmentation, continuous verification, least-privilege enforcement — rarely survives budget season. That's exactly what CCZT is built to change. cloudsecurityalliance.org/education/cczt

Securing AI models is a solved conversation. Securing the systems that orchestrate them isn't. When your AI agents spawn sub-agents, call external APIs, and make decisions without human approval, the attack surface isn't the model — it's the control plane. That's what CSAI Foundation is addressing. csai.foundation #AgenticAI

The SEC's 4-day cyber incident disclosure rule has a built-in escape hatch: the clock starts when you *determine* materiality, not when the breach occurs. That materiality determination is a judgment call with no fixed deadline. Organizations without a documented assessment process are creating liability while thinking they're managing it. cloudsecurityalliance.org/research/publi… #SEC

We cracked identity governance for employees, then extended it to service accounts and IoT. Every model assumed the inventory was stable. Agents break that assumption. They spawn sub-agents, inherit permissions mid-task, and disappear without offboarding triggers. Your identity count from this morning is already wrong. Runtime behavior monitoring isn't optional when the inventory is dynamic. csai.foundation #NHI

When did you last audit what your AI tools are actually permitted to access — not what you intended, but what the permissions literally say? Most teams configure once and move on. The gap between intent and configuration is where AI risk quietly grows. TAISE closes that gap. 🔐 cloudsecurityalliance.org/education/taise

Not all cloud security certifications are equal. A vendor self-assessment carries different weight than a third-party audit — but most procurement checklists treat them the same. The STAR Registry distinguishes them: three tiers of assurance, publicly searchable across hundreds of cloud providers. Do your homework before you sign. cloudsecurityalliance.org/star #CloudSecurity