Cloud Security Alliance

Bridging the Gap Between Cloud Security Controls and Adversary Behaviors: A CSA–MITRE Collaboration

As the cloud threat landscape evolves, so too must the methodologies we use to defend against it. By bridging the gap between ...
Cloud Security Alliance

The Agentic Trust Framework: Zero Trust Governance for AI Agents

Overview of the Agentic Trust Framework (ATF), an open governance spec applying Zero Trust to autonomous AI agents, with ...
Cloud Security Alliance

Leveling Up Autonomy in Agentic AI

Explores a six-level autonomy taxonomy for agentic AI, governance, and risk-aligned controls to safely deploy autonomous ...
Cloud Security Alliance

AI Governance Framework Adoption in Cloud-Native AI Systems: Phased Approach and Considerations

A phased guide to AI governance in cloud-native systems, aligning ISO 42001:2023 and NIST AI-RMF with lifecycle controls, ...
Cloud Security Alliance

The Breach That Did Not Need a Hacker: How Ordinary Identity Gaps Create Extraordinary Damage

FinWise shows how ordinary identity gaps, not hackers, can trigger data breaches; learn identity governance and offboarding ...
Cloud Security Alliance

Agentic AI Pen Testing: Speed at Scale, Certainty with Humans

AI-first, human-validated pen testing accelerates coverage and reduces cycle time, while humans validate and translate findings into real business risk.
Cloud Security Alliance

Zero Trust in the Cloud: Designing Security Assurance at the Control Plane

Written by Moses Ashang, Senior Cloud Engineer, Verint. The way cloud systems are designed has quietly changed. What we used to view as a collection of servers and networks is now shaped by decisions ...
Cloud Security Alliance

Agentic AI Red Teaming Guide

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, ...
Cloud Security Alliance

The State of Non-Human Identity and AI Security

Learn the core concepts, best practices and recommendation for securing an organization on the cloud regardless of the provider or platform. Covering all 14 domains from the CSA Security Guidance v4, ...