by Gary Zimmerman | Jul 7, 2026 | AI, Cybersecurity, Governance
On December 23, 2025, the FDA cleared a software medical device called UpDoc under 510(k) number K253281. The clearance got relatively little attention when it was issued. When UpDoc announced $18 million in seed financing on June 25, 2026 — alongside initial...
by Gary Zimmerman | Jun 29, 2026 | AI, Cybersecurity, Governance
On April 17, 2026, the Federal Reserve, OCC, and FDIC issued SR 26-2 — the first rewrite of model risk management guidance since SR 11-7 in 2011. It superseded fifteen years of supervisory expectations. It clarified scope. It introduced a risk-based, proportional...
by Gary Zimmerman | Jun 22, 2026 | AI, Governance, Identity
The CISO role has always carried accountability that outpaced authority. What changed in 2026 is that the accountability became legally enforceable, personally, and the regulatory mechanisms to enforce it are no longer on the horizon. They are active. Splunk’s 2026...
by Gary Zimmerman | Jun 15, 2026 | AI, Cybersecurity, Identity
Your identity governance program almost certainly has a blind spot. It is not a configuration error or a policy gap. It is architectural. The IGA platforms most enterprises run were designed when “identity” meant a person. Joiner-mover-leaver workflows, access...
by Gary Zimmerman | Jun 8, 2026 | AI, Cybersecurity, Governance
Here is the problem with banning shadow AI: the people most likely to ignore the ban are your most senior decision-makers. According to TrustedTech’s Shadow AI in the Workplace report, published in May 2026, 65% of decision-makers use unapproved AI tools — compared...
by Gary Zimmerman | Jun 2, 2026 | AI, Cybersecurity, Identity
The question we keep getting from security architects right now is some version of the same thing: “We have a zero trust program. We have identity governance. We have PAM. Why does none of it cover our AI agents?” The honest answer is that it was never designed to....
by Gary Zimmerman | Mar 20, 2026 | AI, Cybersecurity, Governance
LLM red teaming, GenAI governance, EU AI Act timelines, and the AppSec integration most programs are missing. This week’s newsletter covers the AI security operational layer most programs haven’t built yet: how to test the LLMs already operating, how to govern GenAI...
by Kevin Kampman | Feb 27, 2026 | AI, Cybersecurity, Governance
AI isn’t just a tool—it’s an accelerant for human ingenuity. But as CISOs and IT leaders, we’ve been conditioned to see technology adoption through an IT-centric lens: control first, innovation second. AI governance flips that script. It’s governance foremost—rooted...
by Gary Zimmerman | Feb 27, 2026 | AI, Cybersecurity
The enterprises that safely scale AI into their core operations will win the next decade. The ones that don’t govern the basics—like model drift—will watch AI silently reverse course, turning their greatest advantage into their biggest vulnerability. In 2026, AI...
by Gary Zimmerman | Feb 20, 2026 | AI, Cybersecurity, Governance, Identity
Credential stuffing used to be a volume game. Spray billions of stolen username-password pairs at login pages, get a 0.1% hit rate, move on. In 2026, it’s surgical. And your board is going to ask you about it. Here’s what changed: AI-powered attackers aren’t just...
Recent Comments