DISC Infosec blog

METATRON: Open-Source, Air-Gapped, Audit-Ready AI Pentesting

disc7 — Sat, 16 May 2026 18:06:16 +0000

METATRON: The First Practical Glimpse of Local-AI Penetration Testing — And Why AI Governance Teams Should Care An InfoSec, compliance, and AI governance perspective from DISC InfoSec In our recent post “Why Run LLMs Locally? The Future of Private Enterprise AI”, we made the case that the next phase of enterprise AI maturity will be […]

The post METATRON: Open-Source, Air-Gapped, Audit-Ready AI Pentesting appeared first on DISC InfoSec blog.

AI Governance and Cybersecurity: Designing for the Inevitable Attack

disc7 — Fri, 15 May 2026 16:39:46 +0000

In today’s cybersecurity and AI governance landscape, resilience is not built on optimism — it is built on preparedness. A core principle echoed throughout modern security frameworks is that organizations should never rely on the assumption that threats will not materialize. Instead, they must invest in the readiness, controls, and governance structures necessary to withstand […]

The post AI Governance and Cybersecurity: Designing for the Inevitable Attack appeared first on DISC InfoSec blog.

Why Run LLMs Locally? The Future of Private Enterprise AI

disc7 — Thu, 14 May 2026 14:36:49 +0000

Why Local LLMs Matter for Security, Privacy, and AI Governance – Make sure to check out METATRON in the final thoughts section. Artificial Intelligence is rapidly becoming part of everyday business operations. From drafting policies and summarizing meetings to analyzing contracts and automating workflows, Large Language Models (LLMs) are now embedded into enterprise decision-making. But […]

The post Why Run LLMs Locally? The Future of Private Enterprise AI appeared first on DISC InfoSec blog.

AI Model Risk Management Is Becoming the Foundation of Enterprise AI Governance

disc7 — Wed, 13 May 2026 16:42:02 +0000

As enterprise AI adoption accelerates, AI Model Risk Management is rapidly becoming one of the most important disciplines in modern governance, risk, and compliance programs. Organizations are no longer experimenting with isolated AI models — they are deploying AI across critical business operations, customer interactions, analytics, automation, and decision-making systems. With that scale comes a […]

The post AI Model Risk Management Is Becoming the Foundation of Enterprise AI Governance appeared first on DISC InfoSec blog.

Sun Tzu for the AI Governance Era: 7 Strategic Rules for InfoSec and Compliance Leaders

disc7 — Tue, 12 May 2026 16:49:34 +0000

Sun Tzu for the AI Governance Era: 7 Strategic Rules for InfoSec and Compliance Leaders Most people treat strategy as a deliverable. A roadmap, a Gantt chart, a board slide with quarterly milestones. Sun Tzu would have laughed. Twenty-five centuries ago he understood what we keep forgetting: strategy isn’t the plan — it’s how you […]

The post Sun Tzu for the AI Governance Era: 7 Strategic Rules for InfoSec and Compliance Leaders appeared first on DISC InfoSec blog.

Your Shadow AI Inventory Is Wrong. Here’s a Free Way to Fix It.

disc7 — Mon, 11 May 2026 21:33:45 +0000

Your Shadow AI Inventory Is Wrong. Here’s a Free Way to Fix It. If I asked your CISO or DPO today, “What’s the complete list of AI tools touching company or customer data?” — what would they hand you? In most B2B SaaS and financial services orgs I work with, the answer is a stale […]

The post Your Shadow AI Inventory Is Wrong. Here’s a Free Way to Fix It. appeared first on DISC InfoSec blog.

The AI Agent Identity Crisis Has Already Started

disc7 — Mon, 11 May 2026 15:30:36 +0000

The AI Agent Identity Crisis Has Already Started The enterprise AI security problem is no longer theoretical — it is already unfolding inside organizations at a much faster pace than governance teams can control. A recent discussion featuring Slavik Markovich and Rishi Bhargava from Descope highlighted a real-world example that perfectly captures the emerging risks […]

The post The AI Agent Identity Crisis Has Already Started appeared first on DISC InfoSec blog.

OWASP 2026 GenAI Risk Catalogue Signals a New Era of AI Security Governance

disc7 — Sun, 10 May 2026 17:18:31 +0000

The newly released 2026 OWASP catalogue on GenAI data security risks highlights how rapidly the security landscape is evolving for organizations deploying LLMs, RAG pipelines, and agentic AI systems. Unlike traditional application security frameworks, this catalogue focuses specifically on the unique ways AI systems process, store, retrieve, and expose data across increasingly autonomous workflows. The […]

The post OWASP 2026 GenAI Risk Catalogue Signals a New Era of AI Security Governance appeared first on DISC InfoSec blog.

Dirty Frag Explained: Chained Linux Kernel Flaws Deliver Root Access

disc7 — Fri, 08 May 2026 16:47:23 +0000

Dirty Frag: A Second Linux Privilege Escalation Crisis in Two Weeks Barely a week after the Copy Fail disclosure rattled Linux administrators, the kernel community is contending with another local privilege escalation chain — this one branded “Dirty Frag.” The disclosure landed on May 8, 2026, alongside a working proof-of-concept exploit, and it represents two […]

The post Dirty Frag Explained: Chained Linux Kernel Flaws Deliver Root Access appeared first on DISC InfoSec blog.

The AI Governance Triad: Why ISO 42001, NIST AI RMF, and the EU AI Act Are No Longer Optional

disc7 — Thu, 07 May 2026 17:15:28 +0000

The AI Governance Triad: Why ISO 42001, NIST AI RMF, and the EU AI Act Are No Longer Optional Three frameworks, one imperative — and a closing window for organizations that want to lead rather than catch up. AI is being deployed inside enterprises faster than any technology in the last twenty years. Procurement is […]

The post The AI Governance Triad: Why ISO 42001, NIST AI RMF, and the EU AI Act Are No Longer Optional appeared first on DISC InfoSec blog.

LinkedIn Job Scams Are Surging: Why Your Hiring Pipeline Is Now an Attack Surface

disc7 — Wed, 06 May 2026 20:25:38 +0000

LinkedIn has become the world’s default professional identity layer—but it’s now equally a high-value attack surface. The latest report highlights a sharp rise in job scams, with recruiter impersonation and fake roles eroding trust across the hiring ecosystem. When over a third of recruiters themselves report impersonation and candidates increasingly demand verification, we’re no longer […]

The post LinkedIn Job Scams Are Surging: Why Your Hiring Pipeline Is Now an Attack Surface appeared first on DISC InfoSec blog.

AI Governance by Default, Not by Design: Who Actually Owns It in Your Organization?

disc7 — Tue, 05 May 2026 16:16:43 +0000

Who Actually Owns AI Governance? An InfoSec & AI Governance Reading of the IAPP Conversation The IAPP’s Ashley Casovan, in a recent AdExchanger interview, surfaces what is quickly becoming the most uncomfortable question inside enterprise compliance functions: when an AI tool is deployed, who actually owns the governance of it? Privacy teams have spent years […]

The post AI Governance by Default, Not by Design: Who Actually Owns It in Your Organization? appeared first on DISC InfoSec blog.

The Adversary Already Adopted AI. Did Your Defense?

disc7 — Mon, 04 May 2026 21:02:29 +0000

Defenders Coordinate Slowly. Adversaries Move at Machine Speed. Microsoft just confirmed what every CISO has been quietly bracing for: Nation-state cyber programs are now running on AI — and they’re moving at machine speed. In a sharp new interview with Help Net Security, Microsoft’s Kaja Ciglic (Senior Director, Cybersecurity Policy & Diplomacy) lays out the […]

The post The Adversary Already Adopted AI. Did Your Defense? appeared first on DISC InfoSec blog.

When the Most Safety-Focused AI Company Misses the Basics: A Governance Wake-Up Call

disc7 — Mon, 04 May 2026 17:09:13 +0000

When the Most Safety-Focused AI Company Misses the Basics: A Governance Wake-Up Call In the span of a single week, Anthropic — arguably the most safety-conscious AI company in the industry — experienced two back-to-back operational governance failures. Neither was a sophisticated breach. The first involved draft materials for an unreleased model (now public as […]

The post When the Most Safety-Focused AI Company Misses the Basics: A Governance Wake-Up Call appeared first on DISC InfoSec blog.

Claude Security Goes Public: A Turning Point for AI-Driven DevSecOps—and a New Governance Challenge

disc7 — Mon, 04 May 2026 16:31:46 +0000

Anthropic has expanded access to its AI-driven security capability, Claude Security, moving it into a broader public beta for enterprise users. The solution is designed to help organizations identify vulnerabilities in their codebases and automatically generate remediation fixes, signaling a shift toward AI-assisted secure software development at scale. At its core, Claude Security applies advanced […]

The post Claude Security Goes Public: A Turning Point for AI-Driven DevSecOps—and a New Governance Challenge appeared first on DISC InfoSec blog.