Latest

The Docket: The SEC's CAT Review Is Really About Privacy, Security, and Market Surveillance

The SEC's CAT review turns market infrastructure into a governance fight over privacy, surveillance scale, retention, and security.

AI Agent Liability: When Your AI Acts Autonomously, Who Pays?

Your AI agent just booked a flight, sent an email, or deleted a database. It did what you told it to do, except it didn't. Who's liable when AI goes from assistant to autonomous actor?

The Docket: Operation PowerOFF Turned DDoS Customers Into the Next Enforcement Surface

Operation PowerOFF shows DDoS enforcement shifting from infrastructure takedowns toward customer identification, warning campaigns, and demand-side deterrence.

Explain This: The EDPB's DPIA Template Is an Attempt to Standardize Proof

The EDPB's DPIA template matters because it tries to turn fragmented privacy risk assessments into a more uniform evidence standard.

The Docket: Europe Just Turned Privacy Notices Into an Enforcement Target

The EDPB's 2026 transparency sweep turns privacy notices from stale boilerplate into audit evidence that regulators can test across Europe.

The Docket: The UK's Cyber Resilience Bill Is Not Just NIS2 in a Different Accent

The UK's Cyber Security and Resilience Bill matters because it appears to widen the cyber risk perimeter beyond obvious critical infrastructure operators.

Explain This: Why Router DNS Hijacks Become Identity Incidents Fast

The DOJ router disruption matters because DNS hijacks are not just network events. They are quiet identity incidents with ugly evidence problems.

Explain This: Stop Building AI Security Reading Lists and Start Building Decision Lists

Most AI security source lists fail because they optimize for volume, not decisions. Good intake maps each source to a decision, an owner, and a trigger.

Explain This: CVE Instability Exposes the Limits of ID-Based Triage

The CVE funding scare matters because too many security programs still treat a CVE ID as the work, not the starting point.

Explain This: AI Security News Needs Buckets Before It Needs More Sources

Most teams do not need more AI security news. They need a simple way to sort product risk, supply chain risk, fraud, and governance signal before reacting.

Explain This: AI security intake needs an evidence ladder, not a feed

If your team is triaging AI security from a social feed, you need an evidence ladder before noise hardens into policy.

Breach Autopsy: Hasbro and the Weeks-Long Recovery Problem

Hasbro's cyber incident matters because a weeks-long recovery window usually points to deeper resilience failures, not just one bad day.

Explain This: Build an AI security source stack before hype becomes policy

AI security coverage is noisy. Here is a simple intake model that helps teams separate operator signal from recycled hype.

Exhibit A(I): 500 zero-days is not a governance strategy

A headline about 500 zero-days sounds dramatic. The real governance question is whether your team knows how to validate, prioritize, and act before the number turns into theater.