The Vercel incident was very simple. An employee connected an external AI tool to the company's Google Workspace through OAuth, and an attacker took over the account. From there, he had access to any internal data not marked as sensitive.
Clearly, this is not a real hack or a notorious zero-day exploitation. Eventually, someone, legitimately, connected an AI tool and clicked "Allow". That's it. The game is over.
I mean, let's be honest. Everyone at least once, connected a new AI tool, downloaded an Add-on, or used an unknown app "just to try it", didn't you? And in many cases, we linked it to our Google Workspace or GitHub. Did anyone connect it to production? Raise your hand.
With AI evolving, these controls are no longer an edge case.
The entire AI revolution relies on countless numbers of tools with connectivity and broad access. The downside is that we help attackers by making their attack path easier. Once they are in, everything is accessible, making the above recommendations the norm and even the default.
If you want to ensure the trustworthiness of your environment, you need to review and control the “mess” that AI tools create.
You probably cannot avoid it, but if you oversee and govern it, you can keep it trustworthy.
Not sure how to start maintaining your environment trustworthy?
The Vercel incident was very simple. An employee connected an external AI tool to the company's Google Workspace through OAuth, and an attacker took over the account. From there, he had access to any internal data not marked as sensitive. Clearly, this is not a real hack or a notorious zero-day exploitation. Eventually, someone, legitimately, […]
Today, many organizations invest in their cloud infrastructure projects, standards and regulatory compliance projects, and of course, there are dozens if not hundreds of AI projects. But most of these projects miss the point. They try to "go live" without creating real organizational capabilities. You can see the same pattern repeatedly. A cloud project with no […]
The shift has begun. Over the past year, a profound transformation has taken place in enterprise technology. We’re moving from AI tools to AI agents. Instead of merely generating text or summarizing data, AI agents are making decisions, trigger actions, and autonomously collaborate with other systems. These agents are not futuristic concepts. They are being […]
How critical is it to develop AI governance? Every aspect of our lives is being influenced by artificial intelligence systems. AI became our best friend. We use it everywhere. Business progress, presentations, ways to engage with others and of course, in our personal life and the decisions that we take. However, it is important to […]
With the rise of agent-based artificial intelligence, executive roles are being reshaped like never before. The skills, responsibilities, and challenges are completely different from those of the past. What’s even more amazing is that this transformation is still in its infancy. Can you see the change? We are transforming into reality where AI agents are […]
Do teeth brushing and cloud security correlate? Can teeth brushing save us money? Hey everybody. I'm Yoav and this the last and not least of our cyber hygiene post serious. This one is on implementing cyber hygiene on cloud environments. On our previous post “cyber hygiene – actions” we learned how good security practices and […]
Hey you all, Its, Yoav. Thank you for coming back. On this post I will tell you how simple hygiene actions (with no additional tools required) can be implemented within your network, preventing digital illness and unnecessary disruption exposure. On our previous post, Cyber Hygiene basics, we saw the similarity between body hygiene and network […]
Can you see the connection between personal body cleanse and computer network weaknesses? To my eyes, the connection is based on the term “Cyber Hygiene”. Does it ring a bell? What is Cyber Hygiene? to understand the meaning of this term, I want you to imagine... Imagine the world when people did not care of personal […]
In the just ended decade cyberspace has change the way we live and operate. However, with so many cyber incidents and data breaches that impacted global business economy, the market understands that cybersecurity is a vital investment for businesses that wants to sustain their success. With this conclusion the cybersecurity realm received an enormous burst […]
Hello all, Welcome to our website blog. In this blog, we care to share our thoughts and insights on Cyber Security processes and business outputs, as we believe that governing your cyber defense operations will give your organization the highest value regardless of your tools and solutions. Our moto "protecting what matters", reflects the need […]
In the past two weeks, all we hear are #WannaCry, #WannaCrypt, and the world’s biggest cyberattack. However, eventually, protecting against these and other malware, is still a good Patch Management process. Nothing more. No extra security tools and no extra cost investments. So with no further due, just invest in good practices. Govern your IT and […]
Humbly and with respect, I admit that 2018 was very good for us @ CST-360.We had some new fascinating engagements that started and will continue into the new year with new technologies, new business models and above all new BUSINESS RISKS to address. What should we expect of coming 2019? Here are the three bullets […]
