DISC Infosec blog

LinkedIn Job Scams Are Surging: Why Your Hiring Pipeline Is Now an Attack Surface

disc7 — Wed, 06 May 2026 20:25:38 +0000

LinkedIn has become the world’s default professional identity layer—but it’s now equally a high-value attack surface. The latest report highlights a sharp rise in job scams, with recruiter impersonation and fake roles eroding trust across the hiring ecosystem. When over a third of recruiters themselves report impersonation and candidates increasingly demand verification, we’re no longer […]

The post LinkedIn Job Scams Are Surging: Why Your Hiring Pipeline Is Now an Attack Surface appeared first on DISC InfoSec blog.

AI Governance by Default, Not by Design: Who Actually Owns It in Your Organization?

disc7 — Tue, 05 May 2026 16:16:43 +0000

Who Actually Owns AI Governance? An InfoSec & AI Governance Reading of the IAPP Conversation The IAPP’s Ashley Casovan, in a recent AdExchanger interview, surfaces what is quickly becoming the most uncomfortable question inside enterprise compliance functions: when an AI tool is deployed, who actually owns the governance of it? Privacy teams have spent years […]

The post AI Governance by Default, Not by Design: Who Actually Owns It in Your Organization? appeared first on DISC InfoSec blog.

The Adversary Already Adopted AI. Did Your Defense?

disc7 — Mon, 04 May 2026 21:02:29 +0000

Defenders Coordinate Slowly. Adversaries Move at Machine Speed. Microsoft just confirmed what every CISO has been quietly bracing for: Nation-state cyber programs are now running on AI — and they’re moving at machine speed. In a sharp new interview with Help Net Security, Microsoft’s Kaja Ciglic (Senior Director, Cybersecurity Policy & Diplomacy) lays out the […]

The post The Adversary Already Adopted AI. Did Your Defense? appeared first on DISC InfoSec blog.

When the Most Safety-Focused AI Company Misses the Basics: A Governance Wake-Up Call

disc7 — Mon, 04 May 2026 17:09:13 +0000

When the Most Safety-Focused AI Company Misses the Basics: A Governance Wake-Up Call In the span of a single week, Anthropic — arguably the most safety-conscious AI company in the industry — experienced two back-to-back operational governance failures. Neither was a sophisticated breach. The first involved draft materials for an unreleased model (now public as […]

The post When the Most Safety-Focused AI Company Misses the Basics: A Governance Wake-Up Call appeared first on DISC InfoSec blog.

Claude Security Goes Public: A Turning Point for AI-Driven DevSecOps—and a New Governance Challenge

disc7 — Mon, 04 May 2026 16:31:46 +0000

Anthropic has expanded access to its AI-driven security capability, Claude Security, moving it into a broader public beta for enterprise users. The solution is designed to help organizations identify vulnerabilities in their codebases and automatically generate remediation fixes, signaling a shift toward AI-assisted secure software development at scale. At its core, Claude Security applies advanced […]

The post Claude Security Goes Public: A Turning Point for AI-Driven DevSecOps—and a New Governance Challenge appeared first on DISC InfoSec blog.

The AI Oversight Gap: When Confidence Outpaces Control

disc7 — Thu, 30 Apr 2026 17:24:07 +0000

The AI Oversight Gap: When Adoption Outpaces Governance AI has quietly graduated from pilot project to production infrastructure. It’s writing code, drafting contracts, screening candidates, and processing customer data across functions most organizations couldn’t fully map if asked. The technology has scaled. The governance hasn’t. New research spanning more than 800 GRC, audit, and IT […]

The post The AI Oversight Gap: When Confidence Outpaces Control appeared first on DISC InfoSec blog.

The AI Governance Quick-Start: Defensible in 10 Days, Not 4 Quarters

disc7 — Wed, 29 Apr 2026 17:52:09 +0000

The AI Governance Quick-Start: Defensible in 10 Days, Not 4 Quarters AI governance doesn’t fail because of frameworks—it fails because it never starts. The AI Governance Quick-Start changes that. In just 7–10 business days, you move from uncertainty to a defensible position aligned with NIST AI Risk Management Framework, EU AI Act, and ISO/IEC 42001—without […]

The post The AI Governance Quick-Start: Defensible in 10 Days, Not 4 Quarters appeared first on DISC InfoSec blog.

AI Security Tool Evaluation: A Reality Check for CISOs

disc7 — Tue, 28 Apr 2026 16:15:43 +0000

AI Security Tool Evaluation: A Reality Check for CISOs Artificial intelligence is fundamentally reshaping how applications are built, deployed, and attacked. Unlike traditional systems, AI introduces a dynamic and unpredictable attack surface—especially with the rise of agentic AI that can act autonomously. This shift demands a completely new approach to security evaluation. Most organizations are […]

The post AI Security Tool Evaluation: A Reality Check for CISOs appeared first on DISC InfoSec blog.

How to Answer AI Questions on Your Vendor Assessment (Without Stalling the Deal)

disc7 — Tue, 28 Apr 2026 02:24:54 +0000

How to Answer AI Questions on Your Vendor Assessment (Without Stalling the Deal) Eighteen months ago, “Do you use AI?” was a footnote on a vendor questionnaire. Today it is a deal-blocker. Procurement teams at banks, healthcare systems, and even mid-market SaaS buyers now routinely send 40 to 80 AI-specific questions before signing a contract. […]

The post How to Answer AI Questions on Your Vendor Assessment (Without Stalling the Deal) appeared first on DISC InfoSec blog.

Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out.

disc7 — Mon, 27 Apr 2026 20:26:52 +0000

Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out. An effective CISO-grade scorecard that puts your AI security tool through the questions an assessor will actually ask — and maps every gap to NIST AI RMF and ISO 42001. Walk into any AI security vendor demo and the choreography […]

The post Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out. appeared first on DISC InfoSec blog.

Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out.

disc7 — Mon, 27 Apr 2026 15:37:40 +0000

Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out. A free CISO-grade scorecard that puts your AI security tool through the questions an assessor will actually ask — and maps every gap to NIST AI RMF and ISO 42001. Walk into any AI security vendor demo and the choreography […]

The post Most AI Security Tools Won’t Pass an Audit. Here’s a 15-Minute Way to Find Out. appeared first on DISC InfoSec blog.

AI Governance in the Age of Mythos: Why Small Business Owners Can’t Afford to Wait

disc7 — Mon, 27 Apr 2026 14:30:27 +0000

AI Governance in the Age of Mythos: Why Small Business Owners Can’t Afford to Wait We are living in the age of mythos. Every week brings a new AI story: the tool that will replace your accountant, the chatbot that cost a company $10,000 in refunds, the startup that 10x’d its revenue with a single […]

The post AI Governance in the Age of Mythos: Why Small Business Owners Can’t Afford to Wait appeared first on DISC InfoSec blog.

Why ISO 27701 Is No Longer Optional: A Privacy Wake-Up Call for U.S. Small Business Owners

disc7 — Sun, 26 Apr 2026 18:28:50 +0000

Why ISO 27701 Is No Longer Optional: A Privacy Wake-Up Call for U.S. Small Business Owners By DISC InfoSec | Privacy & AI Governance Practitioners We are living in the age of AI, where every customer interaction generates data, every SaaS tool ingests it, and every chatbot, CRM, and marketing automation platform processes it in […]

The post Why ISO 27701 Is No Longer Optional: A Privacy Wake-Up Call for U.S. Small Business Owners appeared first on DISC InfoSec blog.

AI Governance That Works: From Frameworks to Audit-Ready Controls with DISC

disc7 — Thu, 23 Apr 2026 20:08:49 +0000

The executive AI governance positions AI not just as a technology shift, but as a strategic business transformation that requires structured oversight. It emphasizes that organizations must balance innovation with risk by embedding governance into how AI is designed, deployed, and monitored—not as an afterthought, but as a core operating principle. At its foundation, the […]

The post AI Governance That Works: From Frameworks to Audit-Ready Controls with DISC appeared first on DISC InfoSec blog.

The 2026 AI Compliance Checklist: 60 Controls Across 10 Domains

disc7 — Thu, 23 Apr 2026 17:27:32 +0000

Published by DISC InfoSec · AI Governance & Cybersecurity The 2026 AI Compliance Checklist: 60 Controls Across 10 Domains If you run security, compliance, or AI at a B2B SaaS or financial services company, you have probably noticed something uncomfortable in the last six months: every framework you used to live by has grown an […]

The post The 2026 AI Compliance Checklist: 60 Controls Across 10 Domains appeared first on DISC InfoSec blog.